Custom search

PoC Published for Critical Fortra Code Execution Vulnerability

A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution.

ZDNet

Gretel goes GA with privacy engineering developer stack | ZDNet

Startup's services remove privacy bottlenecks for numerous development and workflow processes that prevent data sharing and stifle innovation.

SC Magazine

Google supply chain bug patched in code-testing tool Bazel

A GitHub Actions workflow could have been used for a command injection vulnerability in Bazel, which had the potential for threat actors to add malicious code into the production environment for projects using the Google open-source product.

DarkReading

1-Click Takeover Bug in AWS Apache Airflow Reveals Larger Risk

A bug exposed users of an AWS workflow management service to cookie tossing. Behind the scenes lies an even deeper issue across all of the top cloud services.

SecurityWeek

Seemplicity Launches With Cybersecurity Productivity Platform, $32 Million in Funding

Cybersecurity workflow and productivity startup Seemplicity has emerged from stealth mode after raising a total of $32 million in seed and Series A funding.

Bleeping Computer

Misconfigured Apache Airflow servers leak thousands of credentials

Researchers discovered many misconfigured or outdated Apache Airflow instances over the web leaking sensitive information, including credentials, from well-known tech companies. Apache Airflow is a popular open-source workflow management platform for organizing and managing tasks.

Cyber Security News

Google's Open-source Tool Bazel Flaw Let Attackers Insert Malicious Code

Bazel, an open-source software used for automation of building and testing has been discovered with a critical supply chain vulnerability.

Infosecurity News

Google’s Bazel Exposed to Command Injection Threat

Cycode stressed securing software supply chains amid complex dependencies and third-party actions

CSO

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.

Cyber Security News

PoC Published for Critical RCE Vulnerability in Fortra FileCatalyst

A proof of Concept (PoC) has been published for a critical RCE vulnerability identified in Fortra's FileCatalyst software.

SecurityWeek

10 months ago

Silk Security Emerges from Stealth With $12.5 Million Seed Funding

Silk Security raised $12.5 million in seed funding and is on a mission to break down silos between security and development with an integrated ‘find and fix’ platform.

The Hacker News

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Vulnerabilities found in TensorFlow CI/CD pipeline allow malware upload and token theft.

SC Magazine

Fortra FileCatalyst RCE bug disclosed; full PoC exploit available

First patched in August, the critical vulnerability enables unauthenticated web shell deployment.

The Hacker News

4 Places to Supercharge Your SOC with Automation

Automation is changing the game in SOCs. Embrace the shift and supercharge your team's capabilities.

DarkReading

Fortra Releases Update on Critical Severity RCE Flaw

The flaw has a CVSS rating of 9.8, and the company recommends product upgrades to fix the issue.

Bleeping Computer

3 years ago

Microsoft Edge 91 brings new bugs and annoying popup messages

Microsoft released Microsoft Edge 91 yesterday, and since then, users have been reporting constant nag screens, bugs, and problems using the new version of the web browser.

The Hacker News

How to Automate Offboarding to Keep Your Company Safe

The Hacker News

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Fortra patches critical flaw in FileCatalyst transfer tool. Vulnerability allows remote code execution via directory traversal.

Cyber Security News

10 months ago

New Jailbreak Attacks Uncovered in LLM chatbots like ChatGPT

LLMs have reshaped content generation, making understanding jailbreak attacks and prevention techniques challenging.

Security Affairs

PoC exploit for critical RCE in Fortra FileCatalyst tool released

Fortra addressed a critical remote code execution vulnerability impacting its FileCatalyst file transfer product.

Cyber Security News

6 months ago

Google Calendar RAT Abusing Calendar Events to Create Red Teaming Infrastructure

Google Calendar RAT is a proof of concept for Command & Control . It's useful when setting up a full red teaming infrastructure.

DarkReading

Home Depot Hammered in Supply Chain Breach

SaaS vendor to blame for exposing employee data leaked on Dark Web forum, according to the home improvement retailer.

Cyber Security News

RustBucket - A macOS Malware Attack Mac Users Via PDF Viewer App

The new malware family has been tracked as "RustBucket," which downloads and executes several types of payloads.

Bleeping Computer

Need to Know: Key Takeaways from the Latest Phishing Attacks

This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company.

SecurityWeek

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise

Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners.

The Hacker News

Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

Multiple malware campaigns discovered targeting Python and JavaScript developers via the official PyPI and npm repositories

DarkReading

Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines

A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure software pipelines pose.

SecurityWeek

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack

Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.

Bleeping Computer

What the Latest Ransomware Attacks Teach About Defending Networks

Recent ransomware attacks have shared valuable lessons on how to limit risk to your own networks. Learn from Blink Ops about how organizations can limit their ransomware risk.

Bleeping Computer

Cyberspies use Google Chrome extension to steal emails undetected

A North Korean-backed threat group tracked as Kimsuky is stealing emails from Google Chrome or Microsoft Edge users browsing their webmail accounts using a malicious browser extension.

Bleeping Computer

11 months ago

Blink Copilot Brings Generative AI to Security Automation

Blink Copilot - a true no-code platform for automating security and IT operations workflows. It is now possible for any security professional to generate automated workflows by just typing a prompt.

The Hacker News

LimeRAT Malware Analysis: Extracting the Config

ANY.RUN researchers recently analyzed a LimeRAT sample and extracted its configuration. Check out their detailed breakdown of the decryption algorithm

Trend Micro

Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines

We investigate cloud-based cryptocurrency miners that leverage GitHub Actions and Azure virtual machines, including the cloud infrastructure and vulnerabilities that malicious actors exploit for easy monetary gain.

DarkReading

Microsoft Azure HDInsight Bugs Expose Big Data to Breaches

Security holes in a big data tool can open the door to big data compromises.

CSO

Trulioo launches end-to-end identity platform

The new Trulioo platform will combine all existing Trulioo products into a single platform, allowing the ID verification firm to target global enterprise customers.

The Hacker News

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Did you know? Implementing JIT privileged access can drastically cut down the risk of privilege misuse! Learn how to secure your systems with JIT stra

The Cyber Express

ODIN Rolls Out JSON File Download Feature, Making Analysis of IPs and CVEs Even Easier

Cyble, a trailblazer in the cybersecurity domain, has taken a significant leap forward with its ODIN platform. Aiming to streamline

Trend Micro

Massive Phishing Campaigns Target India Banks’ Clients

We found five banking malware families targeting customers of seven banks in India to steal personal and credit card information via phishing campaigns.

CSO

Descope launches authentication and user management SaaS

Descope’s first product allows developers to build authentication and user management functions in applications.

SecurityWeek

BalkanID Adds $2.3M to Seed Funding Round

Texas startup BalkanID scores additional financing for technology in the Identity Governance and Administration (IGA) space.

Trend Micro

Importance of Scanning Files on Uploader Applications

Delve into the crucial practice of file scanning within uploader applications, and learn defensive measures to safeguards against malicious threats like malware.

CyberSecurity Dive

6 months ago

4 data-driven priorities for security leaders in 2024

According to a new report, security teams are struggling amid relentless cyberattacks and limited resources. What can leaders do to set their teams up for a more stable 2024?

The Hacker News

Integrating Live Patching in SecDevOps Workflows

SecDevOps translates into a more secure environment over the entire lifecycle of a system.

The Hacker News

How to Use Tines's SOC Automation Capability Matrix

SOC Automation Capability Matrix revolutionizes how teams respond to incidents. Discover a new era of cybersecurity! Dive in for a transformative appr

CSO

Attackers create 130K fake accounts to abuse limited-time cloud computing resources

Cybercriminal group Automated Libra's PurpleUrchin campaign uses the fake accounts for cryptomining operations.

The Hacker News

Syxsense Platform: Unified Security and Endpoint Management

As threats grow and attack surfaces get more complex, it's crucial for companies to have a clear view of their devices and security posture.

SecurityWeek

Endpoint Security Firm ThreatLocker Raises $115 Million in Series D Funding

Zero trust endpoint security company ThreatLocker has announced a $115 million Series D funding round that brings the total to $240 million.

The Hacker News

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

GitHub replaces RSA SSH host key after brief exposure in public repository to prevent any bad actor from impersonating the service or eavesdropping on

Bleeping Computer

Windows 11 KB5013943 update fixes screen flickers and .NET app issues

Microsoft has released the Windows 11 KB5013943 cumulative update with security updates, improvements, and fixes for screen flickers in Safe Mode and a bug causing some NET 3.5 apps not to open.

SecurityWeek

Astrix Security Nabs $15M to Tackle Attack Surface Sprawl

Israeli startup Astrix Security has banked $15 million to build technology to help organizations secure third-party app integrations.

Latest Hacking News

24 days ago

Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native Search

Hunters, the pioneer in modern SOC platforms, today announced its full adoption of the Open Cybersecurity Schema Framework (OCSF), coupled with the launch of groundbreaking OCSF-native Search capability. This strategic advancement underscores Hunters’ commitment to

CSO

Google’s Security Command Center Enterprise fills gaps across cloud security lifecycle

Google Cloud's SCC Enterprise aims to streamline response to threats and misconfigurations across IaaS platforms, including AWS and Azure.

HACKRead

24 days ago

Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native Search

San Francisco, United States, May 7th, 2024, CyberNewsWire

Cyber Security News

24 days ago

Hunters Announces Full Adoption of OCSF and Introduces OCSF-Native Search

Hunters, the pioneer in modern SOC platforms, today announced its full adoption of the Open Cybersecurity Schema Framework (OCSF), coupled with the launch of groundbreaking OCSF-native Search capability. This strategic advancement underscores Hunters’ commitment to standardizing and enhancing cybersecurity operations through open, integrated data sharing frameworks. Uri May, CEO of Hunters, explained the strategic significance […]

Cyber Security News

Wireshark 4.2.4 Released : What’s New!

Wireshark remains the go-to choice for both professionals and enthusiasts due to its unmatched capabilities in packet capturing and analysis.

Infosecurity News

DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000

Victims were redirected to a fake landing page to exfiltrate their Proofpoint credentials

Infosecurity News

GitHub Adds Features to Automate Vulnerability Code Scanning

Called “default setup,” the novel capability simplifies starting code scanning on repositories

CyberNews

5 months ago

Nine in ten energy firms suffered supplier data breach

Revelation comes in wake of this year's MOVEit third-party cyberattack, which led to hundreds of organizations being hacked.

SecurityWeek

11 months ago

Cyware Snags $30M for Threat Intel Infrastructure Tech

New York startup $30 million in new financing to fuel plans to take advantage of the demand for AI-powered threat-intel security tools.

Bleeping Computer

Microsoft: Windows 11 KB5012643 update will break some apps

Microsoft has warned Windows 11 users that they might experience issues launching and using some .NET Framework 3.5 applications.

Bleeping Computer

Start a six-figure career with this $40 project management bundle

Featuring 41 hours of content, The 2021 All Access Project Management Professional Certification Bundle provides all the necessary training. It's worth $2,400, but you can get it today for only $39.99.

Security Affairs

Dependency Review GitHub Action prevents adding known flaws in the code

Dependency Review GitHub Action scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws. GitHub announced Dependency Review GitHub Action which scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws that can be exploited in supply […]

Bleeping Computer

7 months ago

3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability.

Bleeping Computer

Microsoft will add secure preview for Office 365 quarantined emails

Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails.

DarkReading

Patch ASAP: Max-Critical Atlassian Bug Allows Unauthenticated RCE

Rated at a CVSS score of 10, the bug is as bad as it gets, allowing remote cyberattackers unfettered access to corporate environments.

Bleeping Computer

Learn how to code almost anything with Java with this $40 training

Learn Java Programming: From Beginner to Advanced Bundle is a collection of eight courses that will help you master the language from scratch. The training is worth $359, but it's currently available now for just $39.99.

Bleeping Computer

The highly-rated Pagico task manager is 57% off ahead of Black Friday

It's normally priced at $50. However, in the pre-Black Friday sale at Bleeping Computer Deals, you can get it today for only $21.24 with the 15% discount code SAVE15NOV.

Bleeping Computer

Learn web development with this 3-year SitePoint deal

SitePoint Premium Membership gives you unlimited access to this incredible collection, with fresh content added every week. Right now, you can join and get a three-year membership for only $59.99.

Bleeping Computer

3 years ago

Launch your coding career with this bundle of 27 top-rated courses

The Premium Learn to Code 2021 Certification Bundle brings together 27 courses from top-rated instructors, covering the most popular programming languages and frameworks in use today. It's worth $4,056 in total, but you can get the bundle today for only $59.99.

SecurityWeek

8 months ago

SecurityWeek to Host Cyber AI & Automation Summit

Cyber AI Summit will explore cybersecurity use-cases for artificial intelligence (AI) technology and the race to protect LLM algorithms from adversarial use.

Bleeping Computer

Master Microsoft 365 with over $200 off this 9-hour certified course

The Microsoft 365 Certified - Fundamentals (MS-900) course from iCollege helps you master the platform, with nine hours of lessons working towards an official exam. You can get it today for just $24.99.

Bleeping Computer

15 days ago

Create up-to-date visualizations with $230 off Microsoft Visio 2021

Turning your data into floor plans, diagrams, flow charts, and other visualizations should be an efficient process. This Microsoft Visio 2021 Professional instant download for Windows gives you all the tools you need for $19.97, $230 off the $250 MSRP now through the end of May 22nd.

Cyber Security News

KernelGPT: Automated Analysis of Kernel Components to Detect Vulnerabilities

A new research paper has been proposed that integrates LLMs (Large Language Models) and Syskaller specifications named as “KernelGPT”.

Bleeping Computer

Improve your business intelligence skills with this Microsoft Excel training

The 2021 Ultimate Microsoft Excel Business Intelligence Certification Bundle helps you become a genuine expert, with 12 full-length video courses. You can get it today for just $44.99.

SecurityWeek

BalkanID Raises $6M for Intelligent IGA Technology

Texas startup Balkan ID banks $5.75 million in seed funding to help organizations find and remediate risky privileges across SaaS and public cloud infrastructure.

Bleeping Computer

Seamlessly run Windows software on your Mac for $25 with Parallels Pro

For a limited time, this collection of five top productivity apps is currently just $25 when you use the promo code ALLSTARMAC at Bleeping Computer Deals.

Bleeping Computer

These Ethical Hacking courses help you get a job in cybersecurity

The All-In-One 2021 Super-Sized Ethical Hacking Bundle helps you explore this topic and get certified, with 18 courses covering a wide variety of skills. You can get the bundle today for only $42.99.

ZDNet

Stop using your browser's built-in password manager. Here's why

The choice between a browser password manager and a real password manager is clear.

The Hacker News

Cyolo Product Overview: Secure Remote Access to All Environments

Operational technology (OT) cybersecurity is more important than ever. Cyolo introduces a zero-trust access platform.

The Cyber Express

11 days ago

“Incognito Market” Operator Arrested for Running $100M Narcotics Marketplace

The U.S. law enforcement has arrested an alleged operator of "Incognito Market," a major online dark web narcotics marketplace that

DarkReading

5 Lessons Learned From Hundreds of Penetration Tests

Developers must balance creativity with security frameworks to keep applications safe. Correlating business logic with security logic will pay in safety dividends.

Computerworld

8 months ago

ServiceNow embeds AI-powered customer-assist features throughout products

ServiceNow's new chatbot works across applications and can summarize customer service interactions and perform case, incident, and agent chat summarizations; act as a virtual agent; and perform search functions.

Cyber Security News

Vice Society Ransomware Uses PowerShell Script to Automate Steal Data

The ransomware gang Vice Society has stolen data from the victim network with the help of a custom-built Microsoft Powershell script.

Bleeping Computer

Make better diagrams with Microsoft Visio 2021 Pro for only $29.99

It's normally priced at $249.99, but you can get a lifetime license on Windows today for only $29.99 in a special price drop through StackCommerce.

Infosecurity News

5 months ago

Ninety Percent of Energy Companies Suffer Supplier Data Breach

Forty-three of the world’s 48 largest energy companies were hit by a third-party data breach over the past year

Bleeping Computer

GitHub can now alert of supply-chain bugs in new dependencies

GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities.

Bleeping Computer

Microsoft: Windows 365 to get Offline, Boot to Cloud PC features

Microsoft has revealed that Window 365, the company's virtualized desktop service, will get support for new features to make it easier to use log into and work with Cloud PCs from any device.

Infosecurity News

Uber Drivers' Data Exposed in Breach of Law Firm's Servers

New Jersey-based Genova Burns disclosed the breach in an email to customers

ZDNet

Google acquires Israeli cybersecurity company Siemplify for $500 million | ZDNet

Google will be integrating Siemplify's security orchestration, automation and response (SOAR) platform into their cloud systems.

Bleeping Computer

16 days ago

Save $170 on 1TB of high-speed file storage with FolderFort

As our gadgets multiply and our jobs grow in complexity, we need file storage that's friendly on the wallet and easy to use. Get 1TB of fast file storage with FolderFort for $79.99, $171 off the $251 MSRP.

ZDNet

Google acquires Israeli cybersecurity company Siemplify | ZDNet

Google will be integrating Siemplify's security orchestration, automation and response (SOAR) platform into their cloud systems.

Infosecurity News

GitHub Now Supports Private Vulnerability Reporting For Public Repositories

The feature needs to be manually enabled by repository maintainers

SecurityWeek

Cybersecurity M&A Roundup for December 1-15, 2022

A dozen cybersecurity-related merger and acquisition (M&A) deals were announced in the first half of December 2022.

The Hacker News