GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover

/in

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations’ cloud environments.
“A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume,

The Hacker News – ​Read More

New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data

/in

A previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data.
The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diplomats. The activity is being tracked under the moniker Actor240524.
“Actor240524 possesses the ability to steal secrets

The Hacker News – ​Read More

New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining

/in

Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that’s targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power.
This indicates that the “IoT botnet is targeting more robust servers running on cloud native environments,” Aqua Security researcher Assaf Morag said in a Wednesday analysis.

The Hacker News – ​Read More

Cisco Cuts Thousands of Jobs, 7% of Workforce, As It Shifts Focus to AI, Cybersecurity

/in

Cisco had 84,900 employees as of July 2023. Based on that figure, the number of jobs cut would be about 5,900.

The post Cisco Cuts Thousands of Jobs, 7% of Workforce, As It Shifts Focus to AI, Cybersecurity appeared first on SecurityWeek.

SecurityWeek – ​Read More

Ransomware Group Behind Major Indonesian Attack Wears Many Masks

/in

Brain Cipher made a loud entry to the ransomware scene, but it doesn’t seem to be quite as sophisticated as its accomplishment would suggest.

darkreading – ​Read More

A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says

/in

APT42, which is believed to work for Iran’s Revolutionary Guard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s Threat Analysis Group.

Security Latest – ​Read More

Risk Management Strategies: Incorporating Cloud WAFs into Your Plan

/in

In today’s digital world, protecting your online assets is more critical than ever. As cyber threats grow increasingly…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

‘EastWind’ Cyber-Spy Campaign Combines Various Chinese APT Tools

/in

The likely China-linked campaign is deploying CloudSorcerer and other proprietary binaries belonging to known state-sponsored groups, showing how advanced persistent threat groups often collaborate with each other.

darkreading – ​Read More

CBA’s x15ventures Set to Lead in Fintech AI Innovation

/in

CBA’s x15ventures is transforming fintech AI with its Xccelerate program, boosting innovation and setting new industry benchmarks in AI technology.

Security | TechRepublic – ​Read More

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

/in

Patch Tuesday brought updates for 90 security vulnerabilities, including patching severe remote code execution vulnerabilities and closing some doors in Chromium.

Security | TechRepublic – ​Read More