Millions of GitHub repositories are vulnerable to a repository renaming flaw that could enable supply chain attacks, a new report by security firm Aqua said. It found 36,983 GitHub repositories vulnerable to repo jacking attacks, including Google and Lyft.
A federal appeals court affirmed that Synopsys didn't steal trade secrets from Risk Based Security by creating its own database of open-source code vulnerabilities. The data was not ruled a trade secret because Risk Based Security doesn't derive "independent economic value" from keeping it secret.
Search engine optimization poisoning attacks, which involve intentionally manipulating search results to lead users onto malware-laced websites, are on the rise in the healthcare sector, U.S. federal regulators warn. Users should watch for typosquatting, keyword stuffing, meta tagging and cloaking.
Microsoft discovered hackers targeting internet-facing Linux systems and IoT devices to steal IT resources for cryptocurrency mining operations. The campaign begins by brute-forcing target systems and devices and then uses a backdoor to deploy open-source tools such as rootkits and an IRC bot.
Europe's continued efforts to control its data will not stifle competition and are not an act of "protectionism," a top European Union official said amid growing criticism of the EU's legislative proposal to introduce stringent data-sharing requirements for businesses.
The number of victims affected by a campaign that targeted a zero-day vulnerability in Progress Software's MOVEit file transfer product continued to grow as insurer Genworth Financial reported that up to 2.7 million of its customers and agents appear to have been affected by the breach.
The National Security Agency has released mitigation advice for locking down Windows and Linux environments against powerful BlackLotus malware, warning organizations against having "a false sense of security" since patching alone will not stop the bootkit.
In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Weldon Dodd of Kandji discusses the evolution of Apple's security and privacy practices and how mobile device management can help achieve a balance between user privacy and corporate control.
Every week, ISMG rounds up cybersecurity incidents around the world. This week, attackers hit European Investment Bank; a California pension fund suffered a cyberattack related to MOVEit; UPS Canada disclosed a data breach; and a new Android malware campaign spread GravityRAT spyware.
British law firms are at increased risk of being hacked due to a growing number of cybercrime-as-a-service groups, the country's top cybersecurity agency warned in a new advisory. Lawyer are under attack from cybercriminals, nation-state groups and ransomware gangs.
Researchers at AhnLab Security Emergency Response Center observed APT37 target South Korean individuals with spear-phishing emails to inject wiretapping malware. The state-backed cybercrime group primarily employs spear-phishing to compromise the devices of victims.
Apple has fixed multiple zero-days that were actively being exploited since 2019 and infect several iOS devices with a spyware implant dubbed TriangleDB via zero-click iMessage exploits. The tech giant said the vulnerabilities actively exploited iOS versions released before iOS 15.7.
Fallout for Progress Software continues as hundreds of private and public sector organizations that use its MOVEit file transfer software face data breaches due to a zero-day attack. Some victims have filed a proposed class action suit in federal court, alleging poor security controls at Progress.
Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. This week: Sam Bankman-Fried is set to face two criminal trials instead of one, Binance is sinking deeper into regulatory quicksand, and the Mango Markets hacker is expected to be tried on Dec. 4.
The first step in managing risk is recognizing it as a boardroom matter, and it demands that directors be prepared to understand and discuss the cyber issue and strategically guide C-level executives on this complex topic. It requires cyber competence in the boardroom, said CISO Marco Túlio Moraes.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.