Hackers Exploiting Follina Bug to Deploy Rozena Backdoor

2022-07-12 - A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as CVE-2022-30190, the

Source: Tweakers.net, Ravie Lakshmanan

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

2022-07-12 - The $540 million hack of Axie Infinity's Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged.  According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing

Source: Tweakers.net, Ravie Lakshmanan

Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs

2022-07-12 - GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an organization's pipelines and automation by maliciously downloading and installing their own cryptocurrency

Source: Tweakers.net, Ravie Lakshmanan

What It Takes to Tackle Your SaaS Security

2022-07-11 - It's not a new concept that Office 365, Salesforce, Slack, Google Workspace or Zoom, etc., are amazing for enabling the hybrid workforce and hyper-productivity in businesses today. However, there are three main challenges that have arisen stemming from this evolution: (1) While SaaS apps include a host of native security settings, they need to be hardened by the security team of the organization

Source: Tweakers.net, The Hacker News

PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects

2022-07-11 - The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication (2FA) condition for projects deemed "critical." "We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index (PyPI) said in a tweet last week. "Any maintainer of a

Source: Tweakers.net, Ravie Lakshmanan

Ett stort företag börjar från små.
Grundades 2015
let's talk about your project

Innehållet i detta e-postmeddelande är konfidentiellt och avsett endast för den mottagare som anges i meddelandet.