Tag: attackers

—

by

Source URL: https://www.theregister.com/2024/12/05/solana_javascript_sdk_compromised/ Source: The Register Title: Solana blockchain’s popular web3.js npm package backdoored to steal keys, funds Feedly Summary: Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project…

Slashdot: Backdoor in Compromised Solana Code Library Drains $184,000 from Digital Wallets

—

by

Source URL: https://news.slashdot.org/story/24/12/05/1848223/backdoor-in-compromised-solana-code-library-drains-184000-from-digital-wallets?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Backdoor in Compromised Solana Code Library Drains $184,000 from Digital Wallets Feedly Summary: AI Summary and Description: Yes Summary: The Solana JavaScript SDK experienced a supply chain attack where malicious code was injected to steal cryptocurrency private keys. This incident highlights the vulnerabilities associated with software supply chains in…

Cloud Blog: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing/ Source: Cloud Blog Title: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing Feedly Summary: Written by: Ilyass El Hadi, Louis Dion-Marcil, Charles Prevost Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and…

The Register: BT Group confirms attackers tried to break into Conferencing division

—

by

Source URL: https://www.theregister.com/2024/12/05/bt_group_confirms_attempted_attack/ Source: The Register Title: BT Group confirms attackers tried to break into Conferencing division Feedly Summary: Sensitive data allegedly stolen from US subsidiary following Black Basta post BT Group confirmed it is dealing with an attempted attack on one of its legacy business units after the Black Basta ransomware group claimed they…

The Register: T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’

—

by

Source URL: https://www.theregister.com/2024/12/05/tmobile_cso_telecom_attack/ Source: The Register Title: T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’ Feedly Summary: Security chief talks to El Reg as Feds urge everyone to use encrypted chat interview While Chinese-government-backed spies maintained access to US telecommunications providers’ networks for months…

Cloud Blog: (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments

Dec 4, 2024

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/ Source: Cloud Blog Title: (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments Feedly Summary: Written by: Thibault Van Geluwe de Berlaere Executive Summary Browser isolation is a security technology where web browsing activity is separated from the user’s local device by running the browser in a secure environment,…

CSA: Why Are Government Email Attacks Increasing?

Dec 4, 2024

—

by

Source URL: https://abnormalsecurity.com/blog/state-and-local-government-email-attack-trends Source: CSA Title: Why Are Government Email Attacks Increasing? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the alarming rise in email-related cyber threats, particularly targeting state and local government entities. Notably, it highlights the surge in phishing attacks, business email compromises, and account takeovers, emphasizing the vulnerability of…

CSA: What 2024’s SaaS Breaches Mean for 2025 Cybersecurity

Dec 3, 2024

—

by

Source URL: https://cloudsecurityalliance.org/articles/what-2024-s-saas-breaches-mean-for-2025-cybersecurity Source: CSA Title: What 2024’s SaaS Breaches Mean for 2025 Cybersecurity Feedly Summary: AI Summary and Description: Yes Summary: The text outlines the evolving landscape of SaaS security, driven by an increase in sophisticated attacks and the integration of AI tools by threat actors. It emphasizes the importance of Zero Trust architectures…

The Register: Severity of the risk facing the UK is widely underestimated, NCSC annual review warns

Dec 3, 2024

—

by