Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. The cybersecurity landscape continues to face significant challenges as malicious…
Read More
The seemingly legitimate online marketplace Huione Guarantee is being used as a platform for laundering money from online scams, especially “pig butchering” investment fraud, researchers say. In a pig butchering scam, the victim is tricked into gradually investing money on bogus websites that display high investment returns. The fraud becomes apparent when victims try to…
Read More
‘The timing was right because the IPO market has obviously been slower for a lot of tech companies. It also helps us build some brand cachet when companies like Vista, KKR, and TCV are backing us as a growth-stage company. Sometimes customers or channel partners want to know that there’s people behind you. And that…
Read More
GitLab warned today that a critical vulnerability in its product’s GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. The GitLab DevSecOps platform has over 30 million registered users and is used by over 50% of Fortune 100 companies, including T-Mobile, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, and UBS.…
Read More
‘Microsoft’s playbook of paying off complainants rather than addressing the substance of their complaint hurts businesses and shouldn’t fool anyone,’ said Google Cloud top executive Amit Zavery, following the results of a European antitrust complaint ruling today. Google Cloud is slamming rival Microsoft after the company secured a multimillion-dollar deal to settle a European antitrust…
Read More
The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. CLR is a key component of Microsoft’s .NET Framework, serving as the execution engine and runtime environment for .NET applications. ViperSoftX uses CLR to load code within AutoIt, a…
Read More
‘This workforce reduction is aimed at further driving operational efficiency and customer centricity,’ according to a UiPath regulatory filing. About a month after changing CEOs, business automation platform provider UiPath revealed plans to cut 10 percent of its employee base – about 4,200 employees. The New York-based vendor said in a regulatory filing that most…
Read More
The number of persons affected by a recent data breach at Evolve Bank & Trust exceeds 7.64 million, a document submitted to the Office of the Maine Attorney General this week by the law firm representing the financial services organization reveals. According to the document, the breach occurred on February 9, but was not discovered…
Read More
CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping. The advisory was released in response to recent attacks that exploited multiple OS command injection security flaws (CVE-2024-20399, CVE-2024-3400, and CVE-2024-21887) to compromise Cisco, Palo Alto, and Ivanti network edge devices. Velvet Ant,…
Read MoreToday, CISA and FBI are releasing their newest Secure by Design Alert in the series, Eliminating OS Command Injection Vulnerabilities, in response to recent well-publicized threat actor campaigns that exploited OS command injection defects in network edge devices (CVE-2024-20399, CVE-2024-3400, CVE-2024-21887) to target and compromise users. These vulnerabilities allowed unauthenticated malicious actors to remotely execute code on network…
Read More