Recent Security News
-
Microsoft confirms Russian spies stole source code, accessed internal systems
March 8, 2024 at 12:04PM Russian cyberspies breached Microsoft executive email accounts, stealing source code and accessing internal systems. The intrusion by Kremlin-backed “Midnight Blizzard” was initially disclosed in January, with recent evidence showing further unauthorized access. Microsoft reassures no customer systems were compromised. The ongoing investigation reports a significant, sustained threat by the attackers.…
-
Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory
March 8, 2024 at 11:56AM New proof-of-concept exploits are targeting the Atlassian Confluence Data Center and Confluence Server flaw, allowing attackers to execute code within Confluence’s memory without leaving a trace on the file system. Vulnerability CVE-2023-22527 has become a hub of malicious activity, with 30 unique in-the-wild exploits, including the use of the “infamous”…
-
How to Ensure Open-Source Packages Are Not Landmines
March 8, 2024 at 11:49AM Open-source repositories are essential for modern applications, but can harbor security risks. A new framework from CISA and OpenSSF suggests controls like multi-factor authentication and security reporting to reduce malicious code exposure. However, the security of repositories varies, with potential for accidental inclusion of malicious packages. The risk of namesquatting…
-
Creating Security Through Randomness
March 8, 2024 at 11:41AM Cloudflare’s San Francisco office features a wall of 100 lava lamps, known as the Wall of Entropy, used to generate randomness for encrypting internet traffic. The lamps’ changing patterns provide physical entropy, enhanced by human movement and changing light conditions. This initiative is part of the League of Entropy, a…