October 1, 2024 at 10:09AM The integration of software development, deployment, and operations into DevOps teams promises increased efficiency and better application quality, but complex infrastructure has led to a growing attack surface. Organizations struggle with numerous programming languages, new packages, and security concerns. Cybersecurity professionals need to focus on securing the entire DevOps pipeline … Read more
September 27, 2024 at 12:42PM Progress Software has addressed six security flaws in WhatsUp Gold, including two critical vulnerabilities, through updates in version 24.0.1. The CVE identifiers for the flaws and their respective CVSS scores have been listed. Security researcher Sina Kheirkhah and others have been credited with discovering and reporting the flaws. Users are … Read more
September 23, 2024 at 03:30AM Threat actors linked to North Korea have been using poisoned Python packages to distribute a new malware called PondRAT, part of an ongoing campaign. The attacks are part of an operation known as Operation Dream Job and aim to compromise supply chain vendors and their customers. The attackers have been … Read more
September 17, 2024 at 10:21AM RunSafe Security secured $12 million in Series B funding led by Critical Ventures and SineWave Venture Partners, with participation from several notable investors, bringing their total raised funds to $26.4 million. The McLean-based company plans to use the investment to expand their market in EMEA and APAC and improve their … Read more
September 6, 2024 at 11:45AM Threat actors use typosquatting to deceive users into accessing malicious sites or downloading compromised software. They exploit typing errors in open-source repositories like PyPI, npm, and GitHub Actions to introduce supply chain attacks. Cloud security firm Orca’s findings reveal the vulnerability of even trusted platforms like GitHub Actions. Users are … Read more
September 5, 2024 at 01:09PM Veeam has released security updates to fix 18 flaws, including 5 critical vulnerabilities allowing remote code execution in products such as Veeam Backup & Replication and Veeam ONE. The updates also address 13 other high-severity issues, and users are advised to update to the latest versions promptly to mitigate potential … Read more
August 30, 2024 at 02:42AM Threat actors linked to North Korea are targeting developers with malware to steal cryptocurrency assets. The campaign involves publishing malicious packages to the npm registry. The attackers use various tactics, including fake job interviews and obfuscated JavaScript, to deploy malware and exfiltrate sensitive data. CrowdStrike has linked the group to … Read more
August 27, 2024 at 04:11PM Intel’s SGX security system vulnerability has been highlighted, allowing an attacker full access to secure enclaves due to a coding error. Although Intel claims physical access is required, and prior vulnerabilities need exploiting, the risk remains significant. The issue lies in SGX software, potentially compromising trusted enclaves. This poses a … Read more
August 19, 2024 at 10:07AM Cyberattacks have become the biggest threat to businesses, despite significant consequences. The human tendency to procrastinate, known as temporal discounting, leads to the delay in adopting modern security practices. Governments can combat this by enforcing penalties and regulations, similar to the automotive and food safety industries. Furthermore, guidance like automatic … Read more
August 16, 2024 at 03:15AM Dormant software in certain Google Pixel devices presents a vulnerability, allowing potential nefarious attacks and malware delivery. The issue stems from a pre-installed Android app with extensive system privileges, leaving devices susceptible to remote code execution. Despite being non-malicious, the app’s potential exploitation prompted Google to remove it from supported … Read more