Recent Security News
-
Human vs. Non-Human Identity in SaaS
March 7, 2024 at 06:27AM In today’s SaaS environment, security efforts primarily focus on human users, using tools like MFA and RBAC. However, non-human access from apps and integrations poses a security challenge. Managing non-human accounts varies across apps and SaaS platforms, requiring specific security measures and continuous monitoring to detect anomalies and prevent unauthorized…
-
Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure
March 7, 2024 at 06:27AM In March, JetBrains announced patches for two critical vulnerabilities in TeamCity, leading to immediate exploitation attempts due to miscommunication between Rapid7 and JetBrains. Rapid7 disclosed the flaws to prevent silent patching, while JetBrains wanted customers to install patches first. Exploitation attempts were seen from numerous IPs, highlighting the urgency of…
-
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
March 7, 2024 at 05:37AM A targeted cyber-attack linked to the Evasive Panda hacking team infected visitors to a Buddhism festival website and users of a Tibetan language translation app. The group’s campaign affected systems in India, Taiwan, Australia, the United States, and Hong Kong. Evasive Panda is known for supply chain attacks and has…
-
Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China
March 7, 2024 at 05:33AM The U.S. Department of Justice indicted a Chinese national and California resident for stealing Google’s proprietary info and passing it to Chinese tech firms. Linwei Ding, a former Google engineer, siphoned over 500 confidential files on AI trade secrets. He concealed theft and faced a maximum 10-year prison sentence if…