Did you download Warbeast2000 or Kodiak2k from npm? If so, your SSH keys might be compromised! These packages steal keys & upload them to GitHub.
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.
Spy agency argues the practice is entirely legal — until a US court says otherwise
Two fake-audio experts say that the deepfake robocall of President Biden received by some voters last week was likely created with technology from Silicon Valley’s favorite voice-cloning startup.
As we move further into 2024, we must be cautious (maybe even fearful!) of ransomware cases increasing even more than in previous years. Though governments around the world are taking more interest in the worldwide threat, we can see from the increase of cases that our actions have not been enough to thwart the ransomware threat. As new groups continue to form, former groups continue to evolve into new brands, and the big players continue to ramp up their efforts, we must remain vigilant and focus on our preparation and early detection capabilities.
A Russian developer of Trickbot malware has been sentenced to five years and four months in prison, the U.S. Department of Justice said on Thursday.
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.
Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.
#23andMe #Breach #Computer #Credential #DNA #Data #Genetics #Health #InfoSec #Leak #Security #Stuffing
A wide-spanning investigation by 404 Media reveals more details about a secretive spy tool that can tracks billions of phone profiles through the advertising industry called Patternz. Google has taken action in response to 404 Media's inquiries.
Fake sexually explicit images of Taylor Swift have been circulating on X over the last day in the latest example of the proliferation of AI-generated pornography.
Moscow-backed Cozy Bear may have had access to the green rectangular email cloud for six months
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
NCSC says generative AI tools will soon allow amateur cybercriminals to launch sophisticated phishing attacks
An “unauthorized party” hijacked the cell phone number of the person running the SEC’s X account before taking over the social media feed and posting messages.
In a statement on Monday, an SEC spokesperson explained that two days after the January 9 account takeover, the government agency spoke to its telecom carrier and discovered that someone “obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”
On 1/22/24, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1.
An info-stealing PyPI malware author was identified discreetly uploading malicious packages.
If you're still running a vulnerable instance then 'assume a breach'
Majority of public-facing devices still unpatched against critical vulns from as far back as 2022
Two bugs in Citrix technology are drawing serious attention this week from the Cybersecurity and Infrastructure Security Agency.
CISA says federal agencies much patch one of the vulnerabilities — tagged as CVE-2023-6548 — by January 24. It’s one of the rare times the cyber agency has put a remediation date of less than three weeks on a vulnerability.
CISA did not respond to requests for comment about why the remediation timeline was shorter than most.
The other bug — listed as CVE-2023-6548 — must be fixed by February 7. CISA’s alerts are aimed at federal agencies but often serve as general warnings for the public.
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.
