Recent Security News
-
Millions of Malicious Repositories Flood GitHub
March 4, 2024 at 08:31AM Cyberattackers have created over 100,000 malicious repositories on GitHub, with some estimates reaching over a million. They use automation to copy, infect, and reupload existing repositories, tricking developers into downloading malware. GitHub’s security mechanisms remove most fakes, but some still slip through. Organizations need policies to protect against these attacks.…
-
FCC Employees Targeted in Sophisticated Phishing Attacks
March 4, 2024 at 07:18AM Cybersecurity firm Lookout warns of novel mobile device phishing attacks targeting FCC employees and cryptocurrency platforms. Attackers create replicas of single sign-on pages to trick victims into sharing login credentials using email, SMS, and vishing. The phishing kit can impersonate multiple brands and has successfully targeted hundreds of individuals in…
-
Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers
March 4, 2024 at 07:18AM A team of Georgia Tech researchers developed web-based PLC malware, IronSpider, targeting modern PLCs such as Wago, Siemens, and others. This malware exploits web APIs, can persist through updates and hardware replacements, and has potential for real-time data exfiltration and destruction of industrial processes. The researchers also proposed a vendor-agnostic…
-
From 500 to 5000 Employees – Securing 3rd Party App-Usage in Mid-Market Companies
March 4, 2024 at 06:48AM The text discusses the unique security needs and challenges faced by mid-market companies in managing SaaS applications. It highlights the risks associated with third-party SaaS applications and emphasizes the necessity of implementing tailored SaaS security solutions that are both effective and scalable. The article also introduces Wing Security’s tiered product…
-
Over 100 Malicious AI/ML Models Found on Hugging Face Platform
March 4, 2024 at 04:54AM Security researchers have discovered around 100 malicious AI/ML models on the Hugging Face platform. These models pose a significant security threat, potentially allowing attackers to gain control over machines, leading to data breaches and corporate espionage. Furthermore, researchers have developed techniques to manipulate large-language models (LLMs) for harmful purposes, demonstrating…