January 17, 2024 at 08:30AM GitHub rotated credentials and addressed a vulnerability impacting GitHub.com and GitHub Enterprise Server after receiving a vulnerability report. The security defect allowed access to credentials within a production container but had minimal impact. GitHub resolved the flaw and released patches for GitHub Enterprise Server, also rotating the private GitHub GPG … Read more
November 21, 2023 at 11:38AM Sumo Logic has confirmed that no customer data was compromised in a potential security breach. The company discovered unauthorized access to one of its AWS accounts but quickly secured the infrastructure and rotated customer credentials as a precaution. Sumo Logic will undertake further evaluation to prevent future incidents. Key takeaways … Read more
November 14, 2023 at 07:09AM Code security firm GitGuardian has discovered thousands of hardcoded credentials in Python code committed to PyPI packages. Over 4,000 unique secrets were found in nearly 3,000 packages, with more than 760 of them being valid. The leaked secrets included keys and credentials for popular services such as AWS, Azure AD, … Read more
October 11, 2023 at 11:41AM Attackers are using a new method of certificate abuse to spread info-stealing malware, including stealing cryptocurrency from Windows systems. The campaign involves search engine optimization poisoning to deliver malicious pages promoting illegal software downloads. The malware uses special certificates with long strings of non-English characters, making them difficult to detect. … Read more
October 11, 2023 at 09:59AM Hackers are exploiting LinkedIn Smart Links in phishing attacks to steal Microsoft account credentials. The Smart Links, used for marketing and tracking, appear to come from a trustworthy source and bypass email protections. The recent attacks targeted a range of sectors, including finance, manufacturing, energy, construction, and healthcare. The phishing … Read more