Recent Security News
-
FBI: Beware of thieves building Androxgh0st botnets using stolen creds
January 16, 2024 at 08:36PM The FBI and CISA warn that cybercriminals are leveraging old vulnerabilities to deploy Androxgh0st malware, targeting .env files containing user credentials for AWS, Microsoft Office 365, SendGrid, and Twilio. The malware can be used to steal data, execute code remotely, and create new AWS users and instances. Mitigations include updating…
-
Effective Incident Response Relies on Internal and External Partnerships
January 16, 2024 at 07:10PM Security teams increasingly collaborate with internal and external partners for incident response, recognizing the importance of coordination. 63% coordinate with internal communications, 44% know whom to contact in HR, and 39% have dedicated resources for external communications. Cross-functional collaboration is crucial due to the wide-reaching impact of security breaches. Also,…
-
Accenture and SandboxAQ Collaborate to Help Organizations Protect Data
January 16, 2024 at 05:44PM Accenture and SandboxAQ are partnering to offer AI and quantum computing solutions for cybersecurity vulnerabilities. The collaboration aims to help organizations identify and mitigate threats posed by AI-enabled cyberattacks and quantum computing-based decryption. Accenture will leverage SandboxAQ’s Security Suite to provide comprehensive AI-enabled cryptographic management. The partnership will also develop…
-
GitHub rotates keys to mitigate impact of credential-exposing flaw
January 16, 2024 at 05:23PM GitHub resolved vulnerabilities enabling attackers to access credentials in production containers by patching CVE-2024-0200. The update applies to GitHub Enterprise Server versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. While potential exploitation requires an organization owner role, GitHub rotated exposed credentials and urges swift security update installation. Additionally, a command injection vulnerability…
-
MacOS info-stealers quickly evolve to evade XProtect detection
January 16, 2024 at 04:34PM The macOS platform faces persistent challenges with information stealers evading detection, as highlighted in a report by SentinelOne that presents three malware examples circumventing XProtect. KeySteal, Atomic Stealer, and CherryPie showcase the ability of malware to evolve and avoid detection, emphasizing the need for advanced security measures beyond static detection.…