How Secrets Lurking in Source Code Lead to Major Breaches
By: The Hacker News
If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: "supply chain attack".
A software supply chain attack happens...
Indian Govt Orders Organizations to Report Security Breaches Within 6 Hours to CERT-In
By: Ravie Lakshmanan
India's computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centers, and government entities to compulsorily report cybersecurity incidents,...
T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
By: Ravie Lakshmanan
Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to...
Okta Says Security Breach by Lapsus$ Hackers Impacted Only Two of Its Customers
By: Ravie Lakshmanan
Identity and access management provider Okta on Tuesday said it concluded its probe into the breach of a third-party vendor in late January 2022 by the LAPSUS$...
GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens
By: Ravie Lakshmanan
GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of...
GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens
By: Ravie Lakshmanan
Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data...
Block Admits Data Breach Involving Cash App Data Accessed by Former Employee
By: Ravie Lakshmanan
Block, the company formerly known as Square, has disclosed a data breach that involved a former employee downloading unspecified reports pertaining to its Cash App Investing that...
Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England
By: Ravie Lakshmanan
Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$...
Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group
By: Ravie Lakshmanan
Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of...
Ukraine Secret Service Arrests Hacker Helping Russian Invaders
By: Ravie Lakshmanan
The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside...
