Apr 16, 2024NewsroomCloud Security / DevSecOps New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. “Some commands on Azure CLI, AWS CLI, and […]
Second album is collaration with former Monkeys bassist Andy Nicholson aka Gold Teeth Good Cop Bad Cop’s Joe Carnell is a long-time darling of the Sheffield music scene, starting life in the band Milburn. Having initally teamed up with Arctic Monkeys drummer Matt Helders to form Good Cop Bad Cop and release an eponymous debut […]
Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, according to new data from Check Point. This is an increase on the proportion of brand phishing attempts impersonating the tech giant compared to Q4 2023, when it made up 33% of cases. Google was the second most impersonated brand in Q1 […]
Apr 16, 2024NewsroomSupply Chain / Software Security Security researchers have uncovered a “credible” takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. “The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names […]
Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets Pierluigi Paganini April 15, 2024 The Ukrainian hacking group Blackjack used a destructive ICS malware dubbed Fuxnet in attacks against Russian infrastructure. Industrial and enterprise IoT cybersecurity firm Claroty reported that the Ukrainian Blackjack hacking group claims to have damaged emergency detection and response capabilities […]
Healthcare , Industry Specific , Legislation & Litigation Orrick Herrington Cyberattack Compromised Clients’ Data, Affected Nearly 638,000 Marianne Kolbasuk McGee (HealthInfoSec) • April 15, 2024 Image: Orrick A global law firm that provides data breach legal services has agreed to an $8 million settlement to resolve a proposed class action lawsuit filed against […]
The attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.
Apr 16, 2024NewsroomEncryption / Network Security The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the […]
Apr 16, 2024NewsroomThreat Intelligence / Endpoint Security The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. “The group made extensive use of steganography by sending VBSs, PowerShell […]