Sourcegraph website breached using leaked admin access token
AI-powered coding platform Sourcegraph revealed that its website was breached this week using a site-admin access token accidentally leaked online on July 14th. An attacker…
Month: August 2023
Cisco Unified Communications Products Flaw
A recent discovery has highlighted a privilege escalation vulnerability within Cisco Unified Communications Products. This vulnerability was found during internal security testing. Cisco Unified Communications…
Hackers Launch MiTM Attack to Bypass VMware Tools SAML
VMware has been reported with a SAML token signature bypass vulnerability, which a threat actor can exploit to perform VMware Guest operations. CVE ID has…
Apple’s Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy
In December, Apple said that it was killing an effort to design a privacy-preserving iCloud photo-scanning tool for detecting child sexual abuse material (CSAM) on…
LogicMonitor customers hacked in reported ransomware attacks
Network monitoring company LogicMonitor confirmed today that certain customers of its SaaS platform have fallen victim to cyberattacks linked to ransomware. The company says that…
North Korean hackers behind malicious VMConnect PyPI campaign
North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI (Python Package Index) repository malicious packages, one of them mimicking the…
Assessing Generative AI’s Impact on Cyber Risk
By David Hoelzer, Fellow at The SANS Institute The rise of ChatGPT and generative AI has ushered in an extensive range of new opportunities seemingly…
Deploying AI Code: Safety Goggles Needed
Pieter Adieux Co-Founder and CEO, Secure Code Warrior The possibilities of generative AI (GAI) technology have had both developers and non-developers wide-eyed with excitement, particularly…
Why You’re Doing Pentesting Wrong (And 2 Ways to Fix It)
Pentesting has been around for decades, but it hasn’t undergone the revolution that other security practices have. Organizations tend to rely on pentesting as a…
Hackers Exploit Adobe ColdFusion Vulnerabilities to Deploy Malware
Remote attackers can exploit pre-authentication RCE vulnerabilities in Adobe ColdFusion 2021 to seize control of affected systems. Adobe has released security patches to address these…
Free Key Group ransomware decryptor helps victims recover data
Researchers took advantage of a weakness in the encryption scheme of Key Group ransomware and developed a decryption tool that lets some victims to recover…
Securing the smart cities of tomorrow: Cybersecurity challenges and solutions
[ This article was originally published here ] The content of this post is solely the responsibility of the author. AT&T does not adopt or…