Apr 11, 2024The Hacker NewsSoftware Security / Programming GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets […]
Apr 11, 2024NewsroomEndpoint Security / Ransomware A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. “This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors,” Proofpoint said. “Additionally, […]
Google is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced. What does the feature do? Google Workspace (formerly G Suite) is a cloud-based set of productivity and collaboration tools/services aimed at enterprise audiences. The (optional) multi-party approvals feature is one of many that were announced by […]
Cloud Security , Security Operations Buying CDR Startup Gem Will Help Wiz Address Needs of SecOps, Incident Responders Michael Novinson (MichaelNovinson) • April 10, 2024 Arie Zilberstein, co-founder and CEO, Gem Security (Image: Adi Lamm) Wiz purchased a cloud detection and response startup founded by a longtime Israeli Military Intelligence leader to address […]
In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously crafted repositories to distribute malware. Key Points GitHub search manipulation: Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users. Malicious code is often hidden […]
Artificial intelligence continues to be a big threat, but it’s also a huge promise in the world of cybersecurity. Today, one of the startups tackling both the opportunity and the challenge is announcing a major round of funding. Cyera has built an AI-based platform to help organizations understand the location and movement of all the […]
The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.
First identified in late 2021, Raspberry Robin is a Windows worm initially seen targeting technology and manufacturing organizations. It has since grown to become one of the most prevalent threats facing enterprises. In March, the HP Threat Research team identified a change in the way cybercriminals are spreading Raspberry Robin. The malware is now being […]
Only three critical vulnerabilities were fixed as part of the April 2024 Patch Tuesday updates, but there are over 67 remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.