ZDNet
The Alpha and Omega of software supply chain security | ZDNet
The Alpha-Omega Project will improve open-source software's security. While it's a good start, it may not be enough.
CSO
Alpha-Omega Project takes a human-centered approach to open-source software security
The Linux Foundation and OpenSSF project, with backing from Microsoft and Google, aims to improve security of 10,000 open-source projects.
Bleeping Computer
Alpha ransomware linked to NetWalker operation dismantled in 2021
Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation.
Infosecurity News
Alpha Ransomware Group Launches Data Leak Site on the Dark Web
Netenrich analyzed the ransom note pattern saying the group is refining their messages to victims
Bleeping Computer
Watch out for new malware campaign’s 'Windows 11 Alpha' attachment
Relying on a simple recipe that has proved successful time and time again, threat actors have deployed a malware campaign recently that used a Windows 11 theme to lure recipients into activating malicious code placed inside Microsoft Word documents.
Security Affairs
Anonymous leaked data stolen from Russian pipeline company Transneft
Anonymous hacked Omega Company, the in-house R&D unit of Transneft, the Russian oil pipeline giant, and leaked stolen data. Anonymous collective claims it has hacked Omega Company, which is the in-house R&D unit of Transneft, the Russia-based state-controlled oil pipeline company. Transneft is the largest oil pipeline company in the world, the hacktivists have stolen […]
SecurityWeek
Rust Gets a Dedicated Security Team
The non-profit Rust Foundation has scored funding to build a dedicated security team to proactively address security defects in the popular Rust programming language.
ZDNet
Open-source security: It's too easy to upload 'devastating' malicious packages, warns Google | ZDNet
The Google and OpenSSF Package Analysis project aims to reduce security risks created by developers' crazy package-updating schedules.
SecurityWeek
Open Source Security Foundation Now Counts 60 Members
OpenSSF announces that 19 more organizations have joined the initiative, which now has a total of 60 members.
SecurityWeek
Legit Security Raises $30M to Tackle Supply Chain Security
Bessemer Ventures pours $30 million into Legit Security, an early-stage software supply chain security startup.
SecurityWeek
Akeyless Raises $65 Million for Secrets Management Tech
Investors pour $65 million into an early-stage Israeli startup building technology to help businesses manage secrets like credentials, certificates and keys.
SecurityWeek
'Secrets Sprawl' Haunts Software Supply Chain Security
A cybersecurity startup is warning of a major, unattended weak link in the software supply chain: the vexing problem of secrets sprawl -- API keys, usernames and passwords, and security certificates -- exposing weaknesses in the software supply chain.
ZDNet
Kubernetes taps Sigstore to thwart open-source software supply chain attacks | ZDNet
The Kubernetes project takes a step forward in shielding users from supply chain attacks on its users.
SecurityWeek
Checkmarx Finds Threat Actor 'Fully Automating' NPM Supply Chain Attacks
Threat hunters at Checkmarx raises an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious packages" into the NPM ecosystem.
SecurityWeek
In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility
Noteworthy stories that might have slipped under the radar: Google AI bug bounties, font vulnerabilities, IBM opens new training facility.
The Record
Researchers stop ‘credible takeover attempt’ similar to XZ Utils backdoor incident
The thwarted social engineering attempts highlight the urgent need to address weaknesses in the management of open source software.
Cyber Security News
First Ever SaaS Ransomware Attack Leveraged SharePoint Online
The hackers stealthily exploited a Microsoft Global SaaS admin account in a departure from the standard compromised endpoint route.
ZDNet
The top 1,000 open-source libraries | ZDNet
The Linux Foundation and Harvard's Lab for Innovation Science list the most important open-source application libraries.
DataBreaches
Russian pipeline company Transneft hit by data leak dedicated to Hillary Clinton
Corin Faife reports: As the Russian invasion of Ukraine moves into its third week, unconventional actors continue to target Russian state-backed businesses...
ZDNet
Google: Here comes our 'Open Source Maintenance Crew' | ZDNet
The Google Open Source Maintenance Crew will support under-resourced critical open-source products to fix security issues.
Ars Technica
How much detail is too much? Midjourney v6 attempts to find out
As Midjourney rolls out new features, it continues to make some artists furious.
Ars Technica
Dropbox spooks users by sending data to OpenAI for AI search features
Feature turned on by default bothers users who like to keep their files private
.jpg)
Cyber Security News
Google Chrome 100 released - Security Fixes, New Logo & More
After 1 month of the previous chrome version 99, Google has announced the release of chrome version 100. Google also said that this version has an extended stable channel for Mac and Windows. The new chrome 100.0.4896.60 has a lot of bugs fixed from the previous versions. Features about the new version of both chrome […]
Cyber Security News
PyScript Let Users to Run Python Programs in the Browser
The Founder of Anaconda, Peter Wang revealed a new project “PyScript” at PyCon US 2022. Specifically, this project facilitates Python to take a serious step towards making programming and data science more accessible to everyone.
Cyber Security News
Five Families - Hackers Collaborate to Launch Notorious Cyber Attack
The Five Families unites the underground internet world, adopting the name of the 1950s-60s New York mafia's Italian-American clans.
Security Affairs
ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web
ALPHV/BlackCat ransomware group began publishing victims’ data on the clear web to increase the pressure on them and force them to pay the ransom. ALPHV/BlackCat ransomware group has adopted a new strategy to force victims into paying the ransom, the gang began publishing victims’ data on the clear web to increase the pressure. Publishing data online will […]
Bleeping Computer
Google fixes exploited Chrome zero-day dropped on Twitter last week
Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser.
The Hacker News
W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack
Researchers warn about hackers who are constantly distributing new malicious Python packages in an ongoing supply chain attack to spread W4SP stealer
SecurityWeek
Hacktivists Leak Data Allegedly Stolen From Russian Energy Giant Transneft
Roughly 79 Gb of emails allegedly stolen from Russian state-controlled oil pipeline company Transneft emerged on a known leaks hosting website.
Security Affairs
Mar 20- Mar 26 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. March 25 – Anonymous leaked 28GB of data stolen from the Central Bank of Russia Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank […]
Ars Technica
“Too easy“—Midjourney tests dramatic new version of its AI image generator
Version 4 offers greater detail and better compositions from simple prompts.
SecurityWeek
Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104
Google has paid out $90,000 for the vulnerabilities patched with the release of Chrome 104.
SecurityWeek
Cloud Security Startup JupiterOne Lands $70 Million at 'Unicorn' Valuation
Attack surface management startup JupiterOne has raised $70 million in a new round of financing that values the company north of $1 billion.
The Record
Iran, Venezuela accused of coordinating influence campaign to free Colombian businessman: report
Iran and Venezuela are accused of orchestrating a years-long influence campaign to free Colombian businessman Alex Saab.
CyberNews
DeFying scammers: what are the main issues facing DeFi in 2021?
Certain disadvantages have come to challenge DeFi’s status quo, posing questions as to whether the system is as secure as we imagine it to be.
CyberSecurity Dive
2 years on, Log4j still haunts the security community
Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions.
CyberSecurity Dive
MOVEit vulnerability snags almost 200 victims, more expected
The education sector has been hit particularly hard as many widely used vendors in the space confirm impacts linked to the mass exploited vulnerability.
Bleeping Computer
Google launches new Bug Hunters vulnerability rewards platform
Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof.
SecurityWeek
Ransomware Attacks on Industrial Organizations Doubled in Past Year: Report
The number of ransomware attacks targeting industrial organizations and infrastructure has doubled since the second quarter of 2022
Bleeping Computer
Google launches Android Enterprise bug bounty program
Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000.
SecurityWeek
CISA Seeks Public Opinion on Google Workspace Secure Configuration Baselines
CISA is asking for public opinion on SCuBA secure configuration baselines for nine Google Workspace services.
Infosecurity News
Government Publishes Playbook to Enhance Smart City Security
Resources are designed to help local authorities mitigate risk
Cyber Security News
Hackers Hide Information-Stealing Malware in PNG Files Using Steganography
Experts at Avast, who built on the discoveries of ESET, the first to notice and report on the threat group known as “Worok”, conceals malware within PNG images to silently infect victims' computers with information-stealing malware.
Bleeping Computer
FBI seizes stolen credentials market Genesis in Operation Cookie Monster
The domains for Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were seized by law enforcement earlier this week as part of Operation Cookie Monster.
The Record
BitMart loses $150 million in the second-largest crypto-heist of the year
Cryptocurrency exchange BitMart said on Saturday that it was hacked for $150 million in what was the third hack of a cryptocurrency exchange of last week and the second-largest crypto-heist of the year.
HACKRead
Dark Web Drug Lord Pleads Guilty, Forfeits $150M Cryptocurrency
Banmeet Singh, an Indian national, was arrested in London, England, on April 26, 2019, and extradited to the United States on March 19, 2023.
The Hacker News
SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store
A fake Android antivirus application distributed through the Google Play Store was found to have infected devices with SharkBot banking malware.
Security Affairs
Ongoing supply chain attack targets Python developers with WASP Stealer
A threat actor tracked as WASP is behind an ongoing supply chain attack targeting Python developers with the WASP Stealer. Checkmarx researchers uncovered an ongoing supply chain attack conducted by a threat actor they tracked as WASP that is targeting Python developers. The attackers are using Python packages to distribute a polymorphic malware called W4SP […]
SecurityWeek
Reken Emerges From Stealth With $10 Million Seed Funding
Reken, an AI-defense cybersecurity firm founded in January 2024, emerged from stealth with an oversubscribed $10 million seed round.
Cyber Security News
Vigil: Open-source Security Scanner for LLM Models Like ChatGPT
To analyze the LLM model like ChatGPT open-source, introduced the ‘Vigil’ is a Python module and REST API for security scanner.
Security Affairs
Google fixed a new Chrome Zero-Day actively exploited in the wild
Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity zero-day flaw in the wild. The actively exploited flaw, tracked as CVE-2022-2856, is an Insufficient validation […]
CyberNews
Dark web drug vendor pleads guilty after forfeiting $150 million in crypto
The single largest cryptocurrency and cash seizure in DEA’s history took down a multi-million dollar drug enterprise orchestrated by one man from India.
SecurityWeek
Cybersecurity M&A Roundup: 41 Deals Announced in August 2022
Forty-one cybersecurity-related M&A deals were announced in August 2022.
Bleeping Computer
The Week in Ransomware - February 2nd 2024 - No honor among thieves
Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks.
The Hacker News
'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan
Active Android spyware campaign 'eXotic Visit' targeting users in India and Pakistan.
Bleeping Computer
Fake 'Cthulhu World' P2E project used to push info-stealing malware
Hackers have created a fake 'Cthulhu World' play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.
Bleeping Computer
Signal tests usernames that keep your phone number private
Signal is now testing public usernames that allow users to conceal the phone numbers linked to their accounts while communicating with others.
The Hacker News
CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability
A critical vulnerability (CVE-2020-3259) in Cisco ASA and FTD software has been added to CISA's KEV catalog.
The Cyber Express
Vet Chain CVS Group Hit by Cyberattack, UK Operations Disrupted
CVS Group, one of the UK's major veterinary groups, has reported a cyberattack that poses potential risks to personal information.
Bleeping Computer
Genesis Market infrastructure and inventory sold on hacker forum
The administrators of the Genesis Market for stolen credentials announced on a hacker forum that they sold the store and a new owner would get the reins "next month."
Security Affairs
SharkBot, the new generation banking Trojan distributed via Play Store
SharkBot banking malware was able to evade Google Play Store security checks masqueraded as an antivirus app. SharkBot is a banking trojan that has been active since October 2021, it allows to steal banking account credentials and bypass multi-factor authentication mechanisms. The malware was spotted at the end of October by researchers from cyber security firms […]
Ars Technica
AI imager Midjourney v5 stuns with photorealistic images—and 5-fingered hands
"Lack of dopamine hits, because the results are too perfect every time."
ZDNet
Austrac outlines how to spot ransomware and detect abuse of digital currencies | ZDNet
Austrac listed a range of behavioural and financial indicators to look out for.
The Hacker News
14 Kubernetes and Cloud Security Challenges and How to Solve Them
From supply chain security to confidential computing, Uptycs addresses the evolving landscape of cloud security
Ars Technica
Matrix multiplication breakthrough could lead to faster, more efficient AI models
At the heart of AI, matrix math has just seen its biggest boost "in more than a decade.”
Bleeping Computer
Windows Copilot: Your new AI assistant for Windows 11
In a significant development for the PC platform, Microsoft has introduced Windows Copilot, marking a milestone as the first PC platform to offer unified AI assistance for consumers.
SC Magazine
No confirmation on rumored ALPHV/BlackCat site takedown by law enforcement
While one research group maintains the leak site outage by the ransomware group was law enforcement-related, there’s still no official word from the FBI.
Ars Technica
Charter loses home Internet customers, blames end of COVID subsidy program
After loss of 42,000 customers, Charter pins growth hopes on new federal funding.
Bleeping Computer
Phishing attack's unusual file attachment is a double-edged sword
A threat actor uses an unusual attachment to bypass security software that is a double-edged sword that may work against them.
Ars Technica
With Koe Recast, you can change your voice as easily as your clothing
New AI tool alters the style and timbre of your voice, concealing your vocal identity.
The Record
More than $625 million stolen in DeFi hack of Ronin Network
The Ronin Network announced on Tuesday that hackers have stolen more than $600 million worth of Ethereum (173,600 ETH) and $25.5 million of US dollar-pegged stablecoin USDC, making it one of the largest decentralized finance (DeFi) hacks to date.
Infosecurity News
New Android Espionage Campaign Spotted in India and Pakistan
A new cyber espionage campaign, called ‘eXotic Visit,’ targeted Android users in South Asia via seemingly legitimate messaging apps
CSO
UnitedHealth hack may impact a third of US citizens: CEO testimony
Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online.
The Hacker News
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw
A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015 (CVE-2015-2051).
Ars Technica
Netflix loses 970,000 subscribers, says ads and new fees are key to recovery
Subscribers fell in consecutive quarters, but Netflix had expected a bigger drop.
ZDNet
SunVia bets that controlling your own identity will make the metaverse successful | ZDNet
There's a battle raging over data privacy. SunVia's solution gives control to the individual and creates a more ethical relationship between consumers and corporations.
CyberNews
It’s a wrap: EU states finally find compromise on AI Act
With Germany, France and Italy lifting reservations, EU votes in favor of the final compromise text of the AI Act.
Ars Technica
Stability AI launches StableLM, an open source ChatGPT alternative
StableLM's 3B and 7B models are available now on GitHub under CC 4.0 license.
DarkReading
'MichaelKors' Showcases Ransomware's Fashionable VMware ESXi Hypervisor Trend
Wide use and lack of support for malware detection technologies has made VMware's virtualization technology a prime target for cyberattackers.
ZDNet
Best cybersecurity schools and programs | ZDNet
Explore the best cybersecurity schools and programs that outrank the competition with acceptance rates, graduation rate performance, and graduation and retention rates.
The Cyber Express
World Cybercon 3.0 META Awards Celebrate Champions of Cybersecurity in the Middle East
The Cyber Express World CyberCon 3.0 META cybersecurity conference in Dubai was a standout event, showcasing significant achievements in cybersecurity
ZDNet
73% of consumers trust what generative AI wants us to see
Eager to use generative artificial intelligence to save effort and time, most consumers trust content created by such tools, including ChatGPT.
Security Affairs
ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.
The ALPHV/BlackCat ransomware gang claims to have breached the European gas pipeline Creos Luxembourg S.A. The ALPHV/BlackCat ransomware gang claims to have hacked the European gas pipeline Creos Luxembourg S.A. Creos Luxembourg S.A. owns and manages electricity networks and natural gas pipelines in the Grand Duchy of Luxembourg. In this capacity, the company plans, constructs […]
Naked Security
OpenSSL fixes High Severity data-stealing bug – patch now!
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English…
CyberNews
AI Act gets final nod in European Parliament: does it go far enough?
The European Parliament passed the AI Act, with the landmark ruling setting the standards for AI governance in the EU. But does it go too far, or not far enough?
DarkReading
Anti-Fraud Project Boosts Security of African, Asian Financial Systems
Working with countries and organizations in Africa, Asia, and the Middle East, Tazama aims to add affordable security and trust to the financial infrastructure.
The Record
Ransomware attacks on industrial infrastructure doubled in 2022: Dragos
The number of ransomware attacks on industrial infrastructure grew significantly in 2022, according to cybersecurity firm Dragos.
Ars Technica
Comcast stock falls as company fails to add Internet users for first time ever
Comcast started and ended Q2 with 32.2 million broadband subscribers.
Ars Technica
ChatGPT update enables its AI to “see, hear, and speak,“ according to OpenAI
Image recognition and voice features aim to make the AI bot's interface more intuitive.
Ars Technica
Google’s Android and Chrome extensions are a very sad place. Here’s why
It was a bad week for millions of people who rely on Google for apps and Chrome extensions.
DarkReading
Operation Behind Predator Mobile Spyware Is 'Industrial Scale'
The Intellexa alliance has been using a range of tools for intercepting and subverting mobile and Wi-Fi technologies to deploy its surveillance tools, according to an investigation by Amnesty International and others.
Ars Technica
ChatGPT gets “eyes and ears” with plugins that can interface AI with the world
Plugins allow ChatGPT to book a flight, order food, send email, execute code (and more).
Ars Technica
Viral Instagram photographer has a confession: His photos are AI-generated
Artist with 26K followers wants to "come clean" and highlight a new media process.
CyberNews
Crypto boom: what you need to know before diving in
While you might be looking for the biggest gains in the crypto market, security experts warn that fraudsters are just around the corner.
Bleeping Computer
The Week in Ransomware - March 1st 2024 - Healthcare under siege
Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA.
Naked Security
FBI warns about scams that lure you in as a mobile beta-tester
Apps on your iPhone must come from the App Store. Except when they don’t… we explain what to look out for.
Naked Security
S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]
Listen now – you’ll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)
DataBreaches
Another plastic surgery practice appears to have been hit — this time by Hunters International (5)
On October 17, the FBI issued a Public Service Announcement, Cybercriminals are Targeting Plastic Surgery Offices and Patients. Five days later, DataBreaches...
The Record
Detained execs, a bold escape, and tax evasion charges: Nigeria takes aim at Binance
A standoff between the world's biggest cryptocurrency platform and the Nigerian government has disrupted lives and raised new questions for foreign operations there.
CyberSecurity Dive
MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims
The slow-moving disaster has ensnared some of the world's largest enterprises. Cybersecurity experts expect further damage to come.
Loading more articles....