Security Highlights: New CWE Rankings, Software Supply Chains, and Side-Channel Attacks
MITRE Releases 2022 CWE Top 25 The popular CWE Top 25 list, which ranks the most dangerous software vulnerabilities, has been updated for 2022. The…
Month: April 2023
Core Values at Detectify: Turning problems into opportunities
At Detectify, we like to approach problems as opportunities for improvement. In the last couple of months, we’ve faced two challenges where we have taken…
Indian ICICI Bank data breach exposes 3.8 million customer information
ICICI Bank, an Indian bank with a business presence in over 15 countries, has become a victim of a data breach, leaking information of more…
Prepare for hybrid cloud headaches
The major cloud providers generally support on-premise workloads, with some offering IT admins a way to manage multiple public clouds from one place, but IT…
NO. 361 | GPT++, Apple Security, CISA Cuba…
Exploring the intersection of security, technology, and society—and what might be coming next… Standard Web Edition | December 12, 2022 SECURITY NEWS South Korean authorities…
Kubernetes RBAC abused to create persistent cluster backdoors
Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining.…
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
Apr 21, 2023Ravie LakshmananKubernetes / Cryptocurrency A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create…
Running a free Twitter bot on AWS Lambda
If you read About time, you’ll know that I’m a big believer in spending time now on building things that save time in the future.…
Google Releases Assured OSS For Free to Detect Vulnerabilities
Google Cloud is making it’s Assured Open Source Software (Assured OSS) service available for Java and Python ecosystems without charge in response to the rising…
American Bar Association data breach hits 1.4 million members
The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members. The…
Hackers Use Abandoned WordPress Plugins to Backdoor Websites
Threat actors have discovered a new technique to insert malicious code into websites. They are currently utilizing Eval PHP, an abandoned WordPress plugin. Mostly, website backdoors…
UK biometrics watchdog questions police cloud deployments
UK policing and justice bodies must be able to prove that their increasing use of public cloud infrastructure is compliant with law enforcement-specific data protection…