The increasing problem of leaked credentials is becoming a critical issue for businesses, particularly with non-human identities (NHIs) like microservices and Kubernetes workloads, which now outnumber human identities 45:1. Research by GitGuardian and CyberArk reveals that 79% of IT decision-makers have experienced secrets leaks, with over 12.7 million hardcoded credentials …
A recent report from cybersecurity firm Infoblox highlights a long-standing yet underappreciated threat: Sitting Ducks attacks. Over the past five years, tens of thousands of domains, including those belonging to well-known brands, non-profits, and government entities, have been hijacked due to vulnerabilities in DNS ownership verification. Alarmingly, this issue has …
The city of Sheboygan, Wisconsin, is grappling with a significant cybersecurity incident after hackers demanded a ransom following unauthorized access to its network. This cyberattack, which began in late October, has led to widespread technology outages impacting city operations. City officials have isolated parts of the network and are collaborating …
The cybersecurity agencies within the Five Eyes alliance — the U.S., U.K., Australia, Canada, and New Zealand — have issued an urgent advisory on a troubling trend: cyber actors are now more frequently exploiting zero-day vulnerabilities to penetrate networks. This marks a shift from recent years when attackers predominantly targeted …
Cybercriminals are now leveraging ZIP file concatenation to deliver malware undetected, exploiting the way ZIP parsers process these combined files. This tactic, identified by researchers at Perception Point, was used in a phishing scheme where hackers hid a trojan within a seemingly harmless compressed file attachment. How ZIP File Concatenation …
Recent research has uncovered critical vulnerabilities in Mazda’s infotainment system, Mazda Connect, posing potential security risks for vehicles. Trend Micro’s Zero Day Initiative (ZDI) has identified multiple flaws within Mazda Connect’s Connectivity Master Unit (CMU), which could allow attackers to execute unauthorized code with root access, thereby taking over the …
This week, the SonicWall Capture Labs threat research team uncovered a new ransomware strain named GoZone, which employs particularly coercive tactics to extract payments from its victims. Unlike traditional ransomware that merely encrypts files, GoZone takes a more sinister approach by accusing victims of possessing explicit content on their computers. It …
Over 200,000 SelectBlinds customers who shopped for blinds or window treatments in 2023 may have had their personal and payment information stolen in a recent cyber attack. Hackers embedded malware on the retailer’s website, allowing them to scrape sensitive data from the checkout page, including usernames, passwords, addresses, emails, phone …
Security researchers at Palo Alto Networks uncovered a large-scale extortion campaign exploiting misconfigured cloud environments. Attackers targeted over 110,000 domains by accessing exposed .env files, which contained sensitive information like AWS IAM keys, SaaS API keys, and database logins. These misconfigurations allowed attackers to infiltrate cloud environments, exfiltrate data, and …
There were no email addresses in the social security number files. If you find yourself in this data breach via HIBP, there’s no evidence your SSN was leaked, and if you’re in the same boat as me, the data next to your record may not even be correct.
