Python GitHub token leak shows binary files can burn developers too
A personal GitHub access token with administrative privileges to the official repositories for the Python programming language and the Python Package Index (PyPI) was exposed for over a year. The...
View Article6 tips for consolidating your IT security tool set
Organizations have been on a spending spree when it comes to cybersecurity tools and services, as they look for ways to defend themselves against an ever-growing array of threats. This means many...
View ArticleHackers steal data of 200k Lulu customers in an alleged breach
Lulu Hypermarket, a prominent retail chain headquartered in Abu Dhabi, UAE, has allegedly experienced a significant data breach involving the personal details of at least 196,000 customers. The...
View ArticleJapan aerospace agency provides details of October data breach
The Japan Aerospace Exploration Agency (JAXA) has updated details about its October 2023 data breach and has confirmed that those attacking JAXA leveraged VPN and Microsoft 365 security holes. But the...
View ArticleRansomware attackers exploit year-old backup vulnerability
Security intelligence firm Group-IB reports that attackers from a recently created ransomware group – EstateRansomware – exploited a year old vulnerability (CVE-2023-27532) in backup software from...
View ArticleCisco Talos analyzes attack chains, network ransomware tactics
As ransomware continues to be the scourge of enterprise security teams, Cisco’s Talos security intelligence group recently analyzed ransomware groups to identify common techniques and offer...
View ArticleWhat is the CIA triad? A principled framework for defining infosec policies
What is the CIA triad? The CIA triad components, defined The CIA triad, which stands for confidentiality, integrity, and availability,is a widely used information security model for guiding an...
View ArticleTop 10 open source software security risks — and how to mitigate them
Calls for a critical look at how open-source software (OSS) is secured and used have been increasing after a number of recent scares exposed vulnerabilities and risks, in particular the XZ Utils...
View ArticleKnown SSH-Snake bites more victims with multiple OSS exploitation
CRYSTALRAY, a threat actor known to have used Secure Shell (SSH) based malware to gain access into victim systems in the past, has scaled operations to over 1,500 victims using multiple open source...
View ArticleMobile surveillance software firm mSpy suffers data breach
Mobile surveillance software firm mSpy has suffered a breach that exposed sensitive information from millions of users. Customer support tickets dating back around 10 years were hacked and leaked by...
View ArticleAT&T confirms arrest in data breach of more than 110 million customers
When confirming details of a massive data breach of about 110 million customers, AT&T on Friday also revealed that it became apparently the first enterprise to be given permission to initially...
View ArticleHacker was allegedly paid $370,000 ransom to delete stolen AT&T data
AT&T reportedly paid hackers over $370,000 to delete sensitive data stolen in a breach the telecom giant disclosed on July 12 that compromised call records of tens of millions of its customers....
View ArticleClik here to view.
How cybercriminals recruit insiders for malicious acts
The road to a successful cyberattack often leads through an organization’s employees. After all, they already have authenticated access, sometimes to highly sensitive data, as well as intimate...
View ArticleWhat savvy hiring execs look for in a CISO today
Few business challenges today are greater than serving as an enterprise CISO, with its demands to deliver cybersecurity perfection in an environment that rules such possibilities out. Today’s CISO...
View ArticleDisney suffers massive internal communications data leak after cyberattack
Walt Disney’s internal communications on Slack have been leaked online, exposing sensitive details about ad campaigns, studio technology, and interview candidates, according to a Wall Street Journal...
View ArticleCIO POV: Building resilience in a complex threat landscape
As a CIO, I often wish for a world where the threat landscape is less expansive and complicated than it is today. Unfortunately, the reality is quite different. This month, I find myself particularly...
View ArticleKaspersky Lab shuts down US operations in wake of national security ban
Russian security firm Kaspersky Lab has informed its employees in the United States that the company will begin winding down its US operations starting July 20, according to a report from Zero Day....
View ArticleSometimes the cybersecurity tech industry is its own worst enemy
One of the fundamental infosec problems facing most organizations is that strong cybersecurity depends on an army of disconnected tools and technologies. That’s nothing new — we’ve been talking about...
View ArticleAPT exploits Windows zero-day to launch zombie IE attack
An APT group has been exploiting a Windows vulnerability patched last week to trick users into downloading malicious files by unwittingly opening URLs in the retired Internet Explorer browser. The...
View ArticleBaffle to offer tenant-level data encryption to AWS users
SaaS applications running on AWS can now provide tenant-level data protection as data security provider Baffle announces new integration with AWS Server Side Encryption (SSE). AWS’ SSE feature, aimed...
View Article