Tag: security
FBI and CISA issue warning about dangerous new ransomware strain
The U.S. Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a security advisory warning organizations about the Snatch ransomware operation. The advisory is part of the pairs #StopRansomware campaign, in which the two detail the tactics, techniques, and procedures (TTP), as well as indicators…
Read More
GitLab users told to install emergency security fix immediately
GitLab has released a fix for a newly discovered security flaw, and is urging its users to install immediately as it addresses a high-severity vulnerability that can cause all sorts of trouble. In a security bulletin, GitLab said an attacker could abuse scan execution policies to run pipelines (a series…
Read More
TransUnion’s data stolen in major data breach
A hacker has posted a stolen database on the dark web alleging it contains sensitive data stolen from credit agency TransUnion. However, the company says there is no evidence of any compromise or data exfiltration, and argues that whatever data was taken – must have been stolen from a third…
Read More
Thousands of Juniper firewalls are open to serious attack
A month after a patch was released, an overwhelming majority of Juniper’s SRX firewalls and EX Series switches remain vulnerable to a group of flaws which, when combined, can result in remote code execution, according to threat intelligence platform provider, VulnCheck. In its findings, The Register reports, VulnCheck says that…
Read More
Bad news – Microsoft employees leaked 38TB worth of private data, including Teams chats
Cybersecurity researchers from Wiz have discovered a huge, unlocked Microsoft Azure cloud storage database, hosting sensitive information on hundreds of people, including private keys and passwords. The database, as it turned out, belonged to Microsoft’s researchers working on Artificial Intelligence (AI). The good news is that the database was locked…
Read More
New cryptojacking attacks target uncommon AWS instances
Cybersecurity researchers from Sysdig recently uncovered a new cryptojacking campaign that targeted uncommon Amazon Web Services (AWS) services. Cryptojacking is a type of cyberattack in which the threat actor secretly installs a cryptocurrency miner on a target endpoint. While not malicious per se, miners bring profit to their owners, while…
Read More