Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

Cybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code.
The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket,

The Hacker News – ​Read More

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks.
The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers.
“Active since at least 2021, Storm-0940 obtains initial access

The Hacker News – ​Read More

Passkeys are more popular than ever. This research explains why

Some 57% of people surveyed this year for a FIDO Alliance report are aware of passkeys, up from 39% just two years ago.

Latest stories for ZDNET in Security – ​Read More

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.

Security Latest – ​Read More

Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets

LottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft.

The post Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets appeared first on SecurityWeek.

SecurityWeek – ​Read More

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns

Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it’s taking the time to improve the experience.
The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October.
“We are committed to delivering a secure and trusted experience with Recall,” the

The Hacker News – ​Read More

Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital

Bugcrowd has secured $50 million in growth capital facility from Silicon Valley Bank for expansion and innovation.

The post Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital appeared first on SecurityWeek.

SecurityWeek – ​Read More

Major Security Update: Chrome Patches Critical Out-of-Bounds Vulnerability

Not too long ago, we discovered a critical security flaw in Firefox. This week, Chrome is addressing fixes for yet more critical vulnerabilities. Google recently patched vulnerabilities in its Chrome browser, one of which was marked as critical, tracked as CVE-2024-10487. The vulnerability allowed remote attackers to perform out-of-bounds memory access via a crafted HTML page.

Source

TechSplicer – ​Read More

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024.
Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services

The Hacker News – ​Read More

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day.
These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage.
Cybersecurity and IT

The Hacker News – ​Read More