Several Cyber Attacks Observed Leveraging IPFS Decentralized Network
By: Ravie Lakshmanan
A number of phishing campaigns are leveraging the decentralized Interplanetary Filesystem (IPFS) network to host malware, phishing kit infrastructure, and facilitate other attacks.
"Multiple malware families are currently...
APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network
By: Ravie Lakshmanan
The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming as part of its attack against an unnamed European diplomatic entity.
"The...
Cloud9 Malware Offers a Paradise of Cyberattack Methods
A malicious browser extension that works on both Google Chrome and Microsoft Edge allows attackers to remotely take over someone's browser session and carry out a full range of...
Rezilion expands SBOM to support Windows environments
Software security platform Rezilion has expanded its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments. The firm said the move will provide organizations with the tools...
GitHub releases new SDLC security features including private vulnerability reporting
GitHub has announced new security features across its platform to help protect the software development lifecycle (SDLC). These include private vulnerability reporting, CodeQL vulnerability scanning support for the Ruby...
Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday
Microsoft finally patched the publicly known "ProxyNotShell" and Mark of the Web (MotW) security vulnerabilities in its penultimate monthly security update for 2022 — two of six zero-day bugs...
6 Key Kubernetes DevSecOps Principles: People, Processes, Technology
Container-based application deployment is at its peak, as is the popularity of orchestration platforms like Kubernetes that form the underlying infrastructure for containerized applications. Because of its ability to...
Retail Sector Prepares for Annual Holiday Cybercrime Onslaught
For companies in the retail and hospitality sector, the holiday shopping season represents their busiest time of year, both for sales and fighting cybercrime threats.
This year is no different, with companies...
Report: GALA token exploit resulted from public leak of private key on GitHub
According to a new post by blockchain security firm SlowMist on Nov. 7, it appears that the last week’s token exploit affecting GameFi project Gala Games resulted from a public...
SolarWinds Faces Potential SEC Enforcement Act Over Orion Breach
The US Securities and Exchange Commission (SEC) appears poised to take enforcement action against SolarWinds for the enterprise software company's alleged violation of federal securities laws when making statements...
