Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts

/in

A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications.
“Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence

The Hacker News – ​Read More

Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data

/in

Users of Oracle’s ERP for Web storefronts might not be aware of a misconfiguration which could put customer data at risk of exposure.

darkreading – ​Read More

Report: 56% of Security Professionals Worry About AI-Powered Threats

/in

AI professionals have concerns about their jobs being replaced by AI tools, with 56% of security professionals worried about AI-powered threats, as reported by Pluralsight.

Cyware News – Latest Cyber News – ​Read More

Security Experts Welcome NIST’s New Encryption Standards For Quantum Computers

/in

Although quantum computing is not yet widespread, current encryption methods pose a significant risk of cyberattacks, the agency said.

Security | TechRepublic – ​Read More

A ‘very large percentage’ of Pixel phones have a hidden security vulnerability

/in

An app for store employees to show off devices had privileges it didn’t need. A fix is on the way.

Latest stories for ZDNET in Security – ​Read More

Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web

/in

A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp.
Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to

The Hacker News – ​Read More

The AI Balancing Act: Unlocking Potential, Dealing with Security Issues, Complexity

/in

Many organizations struggle with AI literacy, cautious adoption, and risks of immature implementation, leading to disruptions in security, including data threats and AI misuse.

Cyware News – Latest Cyber News – ​Read More

Report: Ransomware Gangs Rake in More Than $450 Million in First Half of 2024

/in

Ransomware groups have earned over $450 million in H1 2024 by extorting victims through cryptocurrency payments, according to a report by Chainalysis. It has risen from the previous year, with a record ransom payment of $75 million reported.

Cyware News – Latest Cyber News – ​Read More

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

/in

Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC.
The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users into downloading the

The Hacker News – ​Read More

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign

/in

Security researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables.

The post Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign appeared first on SecurityWeek.

SecurityWeek – ​Read More