A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository that are designed to drop malware on compromised developer systems. The packages – named colorslib (versions 4.6.11 and 4.6.12), httpslib (versions 4.6.9 and 4.6.11), and libhttps (version 4.6.12) –…
(ISC)² Top-Ranked Webinars of 2022 by Region
From fighting the ever-present ransomware threat to securing cloud infrastructures to honing identity management practices, the past year’s showcase of (ISC)² webinar topics was wide-ranging and thought-provoking. A cursory look at the topics we tackled throughout 2022 provides a reflection of…
Crypto exchanges freeze accounts tied to North Korea’s notorious Lazarus Group
Well whaddya know, the crypto ecosystem did the right thing by stiffing the WannaCry bandits Two cryptocurrency exchanges have frozen accounts identified as having been used by North Korea’s notorious Lazarus Group.… This article has been indexed from The Register…
Datadog Changes RPM Signing Key Exposed in CircleCI Hack
Datadog, a cloud security company, reports that a recent CircleCI security incident exposed one of its RPM GPG signing keys and its passphrase. The business has yet to discover proof that this key has been compromised or misused. Datadog stated…
How to succeed in cyber crisis management and avoid a Tower of Babel
Although cyberattacks have become more common, handling them remains extremely challenging for organizations. Even if things go well on the technical level, incident response (IR) is still a stressful and hectic process across the company; this is the reality of…
Cyber Attack news headlines trending on Google
First, is the news that the Indian government has launched its own Mobile Operating systems that have capabilities to take on international rivals like iOS and Android. Within the next few weeks, the government of the sub-continent is preparing to…
Tencent fired 100 people for corruption during 2022
A couple have already been jailed, others shown the door for embezzling or arranging sham contracts Chinese web and gaming giant Tencent has admitted it fired more than 100 people in 2022 for various forms of corruption – some so…
Training, endpoint management reduce remote working cybersecurity risks
33% of companies are not providing any cybersecurity awareness training to users who work remotely, according to Hornetsecurity. The study also revealed that nearly 74% of remote staff have access to critical data, which is creating more risk for companies…
Threats that will dominate headlines in 2023
In this Help Net Security video, MacKenzie Jackson, Developer Advocate at GitGuardian, offers his cybersecurity predictions for 2032. These include: Developers will be a priority target for hacking campaigns Doubling down on MFA bypass Source code security More efforts to…
5 Updates to Secure Data as Workers Return to Work
According to an Adastra survey, more than 77% of IT decision-makers in the U.S. and Canada estimate their organizations will likely experience a data breach over the next three years. Employees should be aware of data security practices since the…
Hybrid commerce: Blurring the lines between business and pleasure
It is now acceptable to find a job on a dating app! The post Hybrid commerce: Blurring the lines between business and pleasure appeared first on WeLiveSecurity This article has been indexed from WeLiveSecurity Read the original article: Hybrid commerce:…
Is the FSI innovation rush leaving your data and application security controls behind?
Fuelled by rising consumer expectations for innovative services and easy real-time access to financial products and information, financial services industries (FSI) and fintech organizations are racing to out-innovate each other and capture market share. The sizeable growth of investments into…
Google to support the use of Rust in Chromium
Categories: News Tags: Google Tags: Chromium Tags: Rust Tags: memory safety Tags: rule of two Google has announced that it will support the use of third-party Rust libraries in Chromium which is a step forward in memory safety for the…
Law enforcement app SweepWizard leaks data on crime suspects
Categories: News Tags: Erik McCauley Tags: SweetWizard Tags: law enforcement app Tags: ODIN Intelligence Tags: Wired SweepWizard, an app designed to assist law enforcement is causing a bit of trouble, was found inadvertently leaking sweeping data for years. (Read more…)…
Accountant ordered to pay ex-employer after bossware shows “time theft”
Categories: News Tags: Karlee Besse Tags: Reach CPA Tags: time theft Tags: bossware Tags: TimeCamp Tags: Court Order Interest Act Tags: COIA Tags: Civil Resolution Tribunal Tags: CRT Bossware helped an employer fire an accountant for not working during work…
TikTok dances to the tune of $5.4m cookie fine
Categories: News Tags: tiktok Tags: fine Tags: cookie Tags: consent Tags: opt out Tags: France Tags: CNIL We take a look at the latest fine hitting a social media network, this time over the issue of cookie consent. (Read more…)…
“Untraceable” surveillance firm sued for scraping Facebook and Instagram data
Categories: News Tags: Voyager Labs Tags: Facebook Tags: Instagram Tags: Meta Tags: surveillance tool Tags: data scraping Voyager Labs, a surveillance firm, allegedly created thousands of Facebook and Instagram accounts so it could use its scraping tool to steal data.…
Fighting technology’s gender gap with TracketPacer: Lock and Code S04E02
Categories: Podcast This week on Lock and Code, we speak with Lexie Cooper, the owner behind the TikTok account TrackerPacer, about the vitriol she faced online after talking about the gender gap in technology. (Read more…) The post Fighting technology’s…
Australian law firms team up to seek compensation for Medibank data breach
Maurice Blackburn Lawyers, Bannister Law Class Actions, and Centennial Lawyers are joining forces to run a “landmark” data breach complaint against Medibank, seeking compensation for “tens of thousands” affected customers already registered with the law firms. This article has been…
Researchers: Brace for Zoho ManageEngine ‘Spray and Pray’ Attacks
Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet. read more This article has been indexed from SecurityWeek RSS Feed Read the…
Hacktivists Leak 1.7TB of Cellebrite, 103GB of MSAB Data
By Waqas The data is now available for download on DDoSecrets and the official website Enlace Hacktivista. This is a post from HackRead.com Read the original post: Hacktivists Leak 1.7TB of Cellebrite, 103GB of MSAB Data This article has been…
The 4 best VPN services for torrenting in 2023
There can be legal issues with torrenting and P2P file sharing, but for legitimate users, these torrenting VPNs are best for supporting secure downloads. This article has been indexed from Latest stories for ZDNET in Security Read the original article:…
US to Launch Third Iteration of ‘Hack the Pentagon’ Bug Bounty Program
Cybersecurity researchers will try and find vulnerabilities in the government’s FRCS network This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: US to Launch Third Iteration of ‘Hack the Pentagon’ Bug Bounty Program
It’s Copyright Week 2023: Join Us in the Fight for Better Copyright Law and Policy
We’re taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of copyright law and policy, and addressing what’s at…
Predictions 2023, Part 1: What will the new year bring for the InfoSec Community?
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP In recent years, we have seen the threat landscape become increasingly complex as threat actors use sophisticated techniques to exploit vulnerabilities of weak passwords, missing patches and antiquated software, thus gaining access to…
Multi-million investment scammers busted in four-country Europol raid
216 questioned, 15 arrested, 4 fake call centres searched, millions seized… This article has been indexed from Naked Security – Sophos Read the original article: Multi-million investment scammers busted in four-country Europol raid
CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop
According to CTO Rob Zuber, the malware was not detected by the CircleCI antivirus program This article has been indexed from http://www.infosecurity-magazine.com/rss/news/76/application-security/ Read the original article: CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop