Millions of GitHub repositories are vulnerable to a repository renaming flaw that could enable supply chain attacks, a new report by security firm Aqua said. It found 36,983 GitHub repositories vulnerable to repo jacking attacks, including Google and Lyft.
A federal appeals court affirmed that Synopsys didn't steal trade secrets from Risk Based Security by creating its own database of open-source code vulnerabilities. The data was not ruled a trade secret because Risk Based Security doesn't derive "independent economic value" from keeping it secret.
Search engine optimization poisoning attacks, which involve intentionally manipulating search results to lead users onto malware-laced websites, are on the rise in the healthcare sector, U.S. federal regulators warn. Users should watch for typosquatting, keyword stuffing, meta tagging and cloaking.
Microsoft discovered hackers targeting internet-facing Linux systems and IoT devices to steal IT resources for cryptocurrency mining operations. The campaign begins by brute-forcing target systems and devices and then uses a backdoor to deploy open-source tools such as rootkits and an IRC bot.
Europe's continued efforts to control its data will not stifle competition and are not an act of "protectionism," a top European Union official said amid growing criticism of the EU's legislative proposal to introduce stringent data-sharing requirements for businesses.
The number of victims affected by a campaign that targeted a zero-day vulnerability in Progress Software's MOVEit file transfer product continued to grow as insurer Genworth Financial reported that up to 2.7 million of its customers and agents appear to have been affected by the breach.
In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Weldon Dodd of Kandji discusses the evolution of Apple's security and privacy practices and how mobile device management can help achieve a balance between user privacy and corporate control.
Every week, ISMG rounds up cybersecurity incidents around the world. This week, attackers hit European Investment Bank; a California pension fund suffered a cyberattack related to MOVEit; UPS Canada disclosed a data breach; and a new Android malware campaign spread GravityRAT spyware.
The top French privacy regulator has imposed a fine of 40 million euros against a Parisian advertising technology company for its use of website tracking cookies and failure to process users' personal data in compliance with privacy laws under the General Data Protection Regulation.
A proposed federal class action lawsuit alleges that patient debt collection software firm Intellihartx was negligent in its handling of third-party risk, contributing to a breach affecting nearly 490,000 individuals and involving a recent hack on its file transfer software vendor Fortra.
British law firms are at increased risk of being hacked due to a growing number of cybercrime-as-a-service groups, the country's top cybersecurity agency warned in a new advisory. Lawyer are under attack from cybercriminals, nation-state groups and ransomware gangs.
Apple has fixed multiple zero-days that were actively being exploited since 2019 and infect several iOS devices with a spyware implant dubbed TriangleDB via zero-click iMessage exploits. The tech giant said the vulnerabilities actively exploited iOS versions released before iOS 15.7.
Fallout for Progress Software continues as hundreds of private and public sector organizations that use its MOVEit file transfer software face data breaches due to a zero-day attack. Some victims have filed a proposed class action suit in federal court, alleging poor security controls at Progress.
The security benefits of public cloud outweigh the drawbacks since cyber controls can be applied much earlier in the application development life cycle. Palo Alto Networks founder and Chief Technology Officer Nir Zuk said development procedures in traditional data centers are "a complete mess."
Operational technologies straddle both IT and production systems, which means multiple people need to own OT security risk. Security programs must heavily involve engineers in OT security and assign different security roles across the enterprise, said AJ Eserjose, Regional Director of OT-ISAC.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.