Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. The issue was discovered by Mandiant, who was investigating a recent exposure of Amazon Web Services (AWS) secrets that threat actors used to gain access to AWS. Although the issue was discovered in the context of an investigation, it illustrates how data previously…

Read More

Western Sydney University (WSU) has notified students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment. WSU is an educational institute in Australia offering a wide range of undergraduate, postgraduate, and research programs across various disciplines. It has 47,000 students and over 4,500 regular and seasonal staff, and it…

Read More

‘We want to inspire you to reimagine organizations for artificial intelligence. And we want to encourage you to act fast,’ Michael Dell tells the crowd at Dell Technologies World. Dell Technologies’ much-promised blizzard of AI announcements fell on Las Vegas Monday with each one leaving partners a path to add value for the millions of…

Read More

Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. The issue was discovered by Mandiant, who was investigating a recent exposure of Amazon Web Services (AWS) secrets that threat actors used to gain access to AWS. Although the issue was discovered in the context of an investigation, it illustrates how data previously…

Read More

The arrival of new AI-powered capabilities and technologies such as XDR have the potential to enable faster detection of threats than was previously possible, according to executives from both companies. Cisco and Palo Alto Networks may have an intensifying rivalry in the market for security operations tools, but executives from both companies agree on this:…

Read More

Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. Network defenders should never configure such devices to allow remote connections from systems outside the local network. By taking them offline, they can drastically reduce their organizations’ attack surface. This…

Read More

May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. “On instances that use…

Read More

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers from digital impersonation fraud, released its inaugural 2024 State of Website Impersonation Scams report. Notably, Memcyco’s research indicates that the majority of companies do not have adequate solutions to counter digital impersonation fraud, and that most only learn about attacks from…

Read More

US businesses are believed to have recruited thousands of North Korean IT workers, sending earnings (and potentially data) to North Korea. This week, an American woman named Christina Marie Chapman was arrested in Arizona. She is accused of being part of an elaborate scheme that generated almost US $7 million in funds for North Korea,…

Read More

Image: Shutterstock. Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally —…

Read More