breach
-
HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains
Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security…
Read More » -
Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers
A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal…
Read More » -
Researchers Uncover Ways to Break the Encryption of ‘MEGA’ Cloud Storage Service
A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the…
Read More » -
Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity
A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos’ firewall product that came to…
Read More » -
Difference Between Agent-Based and Network-Based Internal Vulnerability Scanning
For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in…
Read More » -
Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens
An unpatched security issue in the Travis CI API has left tens of thousands of developers’ user tokens exposed to…
Read More » -
U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers
U.S. cybersecurity and intelligence agencies have warned about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private…
Read More » -
Hacking Scenarios: How Hackers Choose Their Victims
Enforcing the “double-extortion” technique aka pay-now-or-get-breached emerged as a head-turner last year. May 6th, 2022 is a recent example. The…
Read More » -
Be Proactive! Shift Security Validation Left
“Shifting (security)” left approach in Software Development Life Cycle (SDLC) means starting security earlier in the process. As organizations realized…
Read More »