Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack
Jun 22, 2023Ravie LakshmananSupply Chain / Software Security Millions of software repositories on GitHub are likely vulnerable to an attack called RepoJacking, a new study…
Category: TheHackerNews
Potential risks and mitigation strategies
Jun 22, 2023The Hacker News Losing sleep over Generative-AI apps? You’re not alone or wrong. According to the Astrix Security Research Group, mid size organizations…
Identifying Data Exfiltration with Machine Learning
Jun 22, 2023The Hacker NewsNetwork Security / Machine Learning Why Data Exfiltration Detection is Paramount? The world is witnessing an exponential rise in ransomware and…
Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites
Jun 22, 2023Ravie LakshmananWebsite Security / WordPress A critical security flaw has been disclosed in the WordPress “Abandoned Cart Lite for WooCommerce” plugin that’s installed…
Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari
Jun 22, 2023Ravie LakshmananVulnerability / Endpoint Security Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address…
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks
Jun 21, 2023Ravie LakshmananCyber Threat / Privacy The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented…
Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover
Jun 21, 2023Ravie LakshmananAuthentication / Vulnerability A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve…
New Report Exposes Operation Triangulation’s Spyware Implant Targeting iOS Devices
Jun 21, 2023Ravie LakshmananMobile Security / Spyware More details have emerged about the spyware implant that’s delivered to iOS devices as part of a campaign…
Startup Security Tactics: Friction Surveys
Jun 21, 2023The Hacker NewsCybersecurity When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security…
Chinese Hacker Group ‘Flea’ Targets American Ministries with Graphican Backdoor
Jun 21, 2023Ravie LakshmananCyber Threat / APT Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part…
Alert! Hackers Exploiting Critical Vulnerability in VMware’s Aria Operations Networks
Jun 21, 2023Ravie LakshmananVulnerability / Network Security VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize…
New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
Jun 21, 2023Ravie LakshmananNetwork Security / Botnet A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi…