October 21, 2024 at 04:17PM The Internet Archive faces renewed security issues after a hacker allegedly accessed Zendesk tokens, sending a mass email revealing vulnerabilities in its systems. Despite previous data breaches, the archive reportedly failed to rotate exposed API keys, raising concerns about proactive security measures. The organization has not commented on the situation. … Read more
October 20, 2024 at 09:36PM The Internet Archive faces ongoing issues following a recent infosec breach, with unknown parties allegedly sending mass emails using stolen Zendesk tokens. The emails claimed access to sensitive user data, raising concerns about security. Despite the Archive’s outreach for donations, many are wary about sharing personal information amidst these vulnerabilities. … Read more
October 20, 2024 at 10:50AM The Internet Archive suffered a security breach on its Zendesk support platform, leading to the exposure of over 800,000 support tickets and a stolen user database of 33 million individuals. Despite prior warnings about exposed GitLab tokens, security measures were not implemented, allowing the breach to occur for notoriety among … Read more
September 3, 2024 at 03:42AM Summary: Secrets, like API keys and passwords, pose a significant risk when accidentally shared in collaboration tools. Machine identities now outnumber human identities, and secrets are found not only in code but also in tools like Slack and Jira. Integrating platforms like GitGuardian for real-time monitoring and training teams on … Read more
July 31, 2024 at 07:40AM Clutch Security offers a Universal Non-Human Identity (NHI) Security platform to help enterprises manage non-human identities like API keys, tokens, and service accounts. The platform provides visibility into these identities, identifies associated risks, and offers tailored remediation advice. The company also announced an $8.5 million seed funding round led by … Read more
May 2, 2024 at 02:36PM Dropbox alerts customers of a data breach in its cloud-based service, exposing customer credentials and authentication data. Unauthorized access to the Dropbox Sign production environment compromised customer database, exposing emails, usernames, and hashed passwords. Dropbox took immediate mitigation steps, including password resets and restricting certain functionalities, while continuing to investigate … Read more
May 1, 2024 at 06:24PM Hackers breached Dropbox Sign’s production systems, accessing authentication tokens, MFA keys, hashed passwords, and customer data. The company detected unauthorized access on April 24 and found that threat actors gained access to an automated system configuration tool, allowing them to access the customer database. Dropbox reset all users’ passwords and … Read more
April 11, 2024 at 06:19PM The US federal government warned customers of Sisense, a business analytics platform, about a password compromise. The Cybersecurity and Infrastructure Security Agency advised users to reset credentials and passwords for sensitive data. The platform, which serves over 2,000 companies, including Air Canada and Nasdaq, is an attractive target for supply … Read more
March 13, 2024 at 07:03AM Cybercriminals are increasingly targeting identities within SaaS applications, including human and non-human accounts, leading to data breaches and financial losses. While measures like multi-factor authentication protect human identities, safeguarding non-human identities requires advanced tactics like monitoring tools and automated security checks. Join the webinar to learn about defending SaaS environments … Read more
March 8, 2024 at 06:09AM In the cybersecurity realm, secrets management is essential in safeguarding sensitive data. This involves avoiding common mistakes such as hard coding secrets, inadequate key rotation, public storage, and over-provisioning of privileges. Additional pitfalls include improper lifecycle management, lack of audit trails, and failure to encrypt Kubernetes secrets. Strategies for remedying … Read more