Sep 12, 2023THNSoftware Security / Vulnerability A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw “could allow an attacker to exploit a race condition within GitHub’s repository creation and username renaming operations,” Checkmarx security researcher Elad Rapoport said in a technical report […]
Hospitality and entertainment giant MGM Resorts on Monday said a “cybersecurity issue” forced the shutdown of certain computer systems, including the websites for some of the biggest Las Vegas and New York properties. A brief note posted to X (the website formerly known as Twitter) said external cybersecurity experts and law enforcement are involved in […]
SaaS applications are the backbone of modern businesses, constituting a staggering 70% of total software usage. Applications like Box, Google Workplace, and Microsoft 365 are integral to daily operations. This widespread adoption has transformed them into potential breeding grounds for cyber threats. Each SaaS application presents unique security challenges, and the landscape constantly evolves as […]
Google has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user’s interests from third-party cookies to the Chrome browser.
Sep 12, 2023THNCritical Infrastructure Security A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. “The attackers managed to steal credentials and compromise multiple computers on the […]
Investigations have begun into a massive ransomware attack that has affected Sri Lanka’s government cloud system, Lanka Government Cloud (LGC). The investigation is being conducted by the Sri Lanka Computer Emergency Readiness Team and Coordination Center (CERT|CC). Sri Lanka’s Information and Communication Technology Agency (ICTA) confirmed the attack to several local news outlets on September […]
Sep 12, 2023THNEndpoint Security / Malware A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and OriginBotnet, to gather a wide range of information from compromised Windows machines. “A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image […]
British authorities have arrested a man who reportedly spied for China at the heart of the government in London, sparking fresh fears over how Beijing gathers intelligence. The incident follows allegations earlier this year that China flew a surveillance balloon over the United States, causing a diplomatic furore. Here are some of the ways China has worked to […]
Google on Monday released an emergency Chrome 116 security update to patch the fourth zero-day vulnerability discovered in the browser in 2023. Tracked as CVE-2023-4863 and rated ‘critical severity’, the bug is described as a heap buffer overflow issue in the WebP component. WebP is an image format that provides improved compression and quality compared […]