Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack

22/06/2023 0 Comments 0 tags

Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study has revealed. This includes repositories from organizations such as Google, Lyft, and several

Generative-AI apps & ChatGPT: Potential risks and mitigation strategies

22/06/2023 0 Comments 0 tags

Losing sleep over Generative-AI apps? You’re not alone or wrong. According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

22/06/2023 0 Comments 0 tags

A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. “The attack chain ends with

Alert! Hackers Exploiting Critical Vulnerability in VMware’s Aria Operations Networks

22/06/2023 0 Comments 0 tags

VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw,

New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks

22/06/2023 0 Comments 0 tags

A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the

Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor

22/06/2023 0 Comments 0 tags

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber

Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover

22/06/2023 0 Comments 0 tags

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service

Startup Security Tactics: Friction Surveys

22/06/2023 0 Comments 0 tags

When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta’s information security program Reduce the friction

New Report Exposes Operation Triangulation’s Spyware Implant Targeting iOS Devices

22/06/2023 0 Comments 0 tags

More details have emerged about the spyware implant that’s delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets

ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks

22/06/2023 0 Comments 0 tags

The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits