Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories. With more than 15 million Docker downloads, 16,200 GitHub stars, 7 million GitHub downloads, thousands of weekly…
Tag: EN
New ransomware, infostealers pose growing risk in 2024
BlackBerry detected and stopped 3.1 million cyberattacks (37,000 per day) in the first quarter of 2024. Between January and March 2024, BlackBerry detected 630,000 malicious hashes, representing a 40% increase from its previous reporting period. 60% of attacks targeting industry…
75% of new vulnerabilities exploited within 19 days
Last year alone, over 30,000 new vulnerabilities were published, with a new vulnerability emerging approximately every 17 minutes — averaging 600 new vulnerabilities per week, according to Skybox Security. The report highlights a critical gap in remediation efforts, with the…
Exploit Attempts Recorded Against New MOVEit Transfer Vulnerability – Patch ASAP!
A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass…
Google Chrome Users at Risk: Study Reveals Dangerous Extensions Affecting 280 Million
A recent study has unveiled a critical security threat impacting approximately 280 million Google Chrome users who have installed dangerous browser extensions. These extensions, often masquerading as useful tools, can lead to severe security risks such as data theft,…
Enterprises increasingly turn to cloud and AI for database management
Across various tasks, from predictive analytics to code generation, organizations in all sectors are exploring how AI can add value and increase efficiency. In this Help Net Security video, Ryan Booz, PostgreSQL Advocate at Redgate, discusses the key findings of…
ISC Stormcast For Thursday, June 27th, 2024 https://isc.sans.edu/podcastdetail/9038, (Thu, Jun 27th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, June 27th, 2024…
BSNL Data Breach Exposes Millions of Users to Fraud and Security Risks
Bharat Sanchar Nigam Limited (BSNL), India’s state-owned telecommunications provider, has suffered a major data breach orchestrated by a threat actor known as “kiberphant0m”. The cyberattack has compromised over 278GB of sensitive data, putting millions of users at risk of SIM…
Korean telco allegedly infected its P2P users with malware
KT may have had an entire team dedicated to infecting its own customers A South Korean media outlet has alleged that local telco KT deliberately infected some customers with malware due to their excessive use of peer-to-peer (P2P) downloading tools.……
WhisperGate suspect indicted as US offers a $10M bounty for his capture
Russian national accused of attacks in lead-up to the Ukraine war The US Department of Justice has indicted a 22-year-old Russian for allegedly attacking Ukrainian government computers and destroying critical infrastructure systems in the so-called “WhisperGate” wiper attack that preceded…
Hack of Age Verification Company Shows Privacy Danger of Social Media Laws
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> We’ve said it before: online age verification is incompatible with privacy. Companies responsible for storing or processing sensitive documents like drivers’ licenses are likely to encounter data breaches, potentially exposing not…
How NinjaOne’s New MDM Capabilities Transform IT Management
IT security teams are tasked with protecting an increasingly mobile work environment—managing a myriad of devices efficiently and securely. Addressing this need, NinjaOne has launched its new Mobile Device Management (MDM) capabilities, marking a significant milestone in their mission to…
Chinese Espionage Group “ChamelGang” Uses Attacks for Disruption and Data Theft
Beware! Chinese cyberespionage group ChamelGang targets critical infrastructure like aviation and government systems. SentinelOne report reveals potential attacks across Asia. Learn more about ChamelGang’s cyberespionage activities. This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking…
LockBit claim about hacking U.S. Federal Reserve fizzles
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Security Resources and Information from TechTarget Read the original article: LockBit claim about hacking U.S. Federal Reserve…
US charges Russian civilian for allegedly helping GRU spies target Ukrainian government systems with data-destroying malware
U.S. prosecutors say the WhisperGate cyberattack was designed to “sow concern” among Ukrainian civil society ahead of Russia’s invasion. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read…
Leverage Platformization – Strengthen, Unify and Simplify Cybersecurity Tools
This platformization series expands on the complexities of different cybersecurity tools and how unifying into one simplifies operations. The post Leverage Platformization – Strengthen, Unify and Simplify Cybersecurity Tools appeared first on Palo Alto Networks Blog. This article has been…
What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary], (Wed, Jun 26th)
[This is a Guest Diary by Kelly Fiocchi-Tapani, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: What Setting Live Traps for Cybercriminals…
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack
On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. Upon further investigation, our team quickly identified 4 additional affected plugins through our internal…
Feds put $5M bounty on ‘CryptoQueen’ Ruja Ignatova
OneCoin co-founder allegedly bilked investors out of $4B in digicash Uncle Sam has put a $5 million bounty on any information leading to the arrest or conviction of self-titled “CryptoQueen” Ruja Ignatova, who is wanted in the US for apparently…
US charges Russian for allegedly helping GRU spies target Ukrainian government systems with data-destroying malware
U.S. prosecutors say the WhisperGate cyberattack was designed to “sow concern” among Ukrainian civil society ahead of Russia’s invasion. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read…