Software-Container Supply Chain Sees Spike in Attacks
Attackers target companies' container supply chain, driving a sixfold increase in a year, aiming to steal processing time for cryptomining and compromise cloud infrastructure.Typosquatting and credential stuffing are two...
4 Habits of Highly Effective Security Operators
These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.For many of us, a habit...
This Week in Database Leaks: Cognyte, CVS, Wegmans
Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.Unsecured cloud-based databases continue to threaten corporate and consumer data, as...
Google Launches SLSA, a New Framework for Supply Chain Integrity
The "Supply chain Levels for Software Artifacts" aims to ensure the integrity of components throughout the software supply chain.Google this week introduced Supply chain Levels for Software Artifacts (SLSA),...
Carnival Cruise Line Reports Security Breach
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2021-21257PUBLISHED: 2021-06-18
Contiki-NG is an open-source, cross-platform operating system for internet of things devices. The RPL-Classic and RPL-Lite implementations in the Contiki-NG operating system versions...
One in Five Manufacturing Firms Targeted by Cyberattacks
Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.Cybercriminals and attack groups continue to target manufacturers, with...
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Attackers had used the cloud-based infrastructure to target mailboxes and add forwarding rules to learn about financial transactions.Microsoft has disclosed the details of how it disrupted a large-scale business...
Security Flaw Discovered In Peloton Equipment
The vulnerability could give attackers remote root access to the bike's tablet, researchers report.A vulnerability in the Peloton Bike+ could have allowed an attacker to remotely spy on users, McAfee's...
Andariel Group Targets South Korean Entities in New Campaign
Andariel, designated as a sub-group of the Lazarus Group APT, has historically targeted South Korean organzations.Andariel, a subdivision of the Lazarus Group APT associated with North Korea, is behind...
‘Fancy Lazarus’ Criminal Group Launches DDoS Extortion Campaign
The group has re-emerged after a brief hiatus with a new email campaign threatening a DDoS attack against businesses that don't pay ransom.A cybercriminal group with a rotating list...
