IconBurst: NPM software supply chain attack grabs data from apps, websites ReversingLabs researchers recently discovered evidence of a widespread software supply chain Iconburst attack involving malicious Javascript packages offered via the NPM package manager. Researchers at ReversingLabs identified more than two dozen NPM packages, dating back six months, that …
Staffing Firm Robert Half Says Hackers Targeted Over 1,000 Customer Accounts HR consulting firm Robert Half has started informing customers that their personal and financial information might have been compromised (password stuffing) after hackers targeted their RobertHalf.com accounts. Information provided by the company to the Maine Attorney General shows …
SRHD Apologizes and Commits to Corrective Actions Spokane Regional Health District (SRHD) confirmed personal data may have been disclosed after the discovery of an unauthorized breach of personal health information via a phishing email, occurring on February 24, 2022.
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers …
What is SQL Injection? SQL Injection is a web security vulnerability that allows an attack to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other …
Log4j Vulnerability Explained The Log4j vulnerability allows malicious attackers to execute code remotely on any targeted computer. What is Log4j: Log4j an open-source software, a logging library for Java, is widely used by businesses and web portals. Earlier this month, this open-source software was in the news for its vulnerabilities. …
Meeting security requirements to grow your business Maintaining cybersecurity and regulatory compliance for data privacy is of the utmost importance for businesses in almost every field—but doing it effectively is a moving target. Hackers are continually seeking new ways to gain unauthorized access to your systems, so the external threats …
Maintaining cybersecurity and regulatory compliance for data privacy is of the utmost importance for businesses in almost every field—but doing it effectively is a moving target. Hackers are continually seeking new ways to gain unauthorized access to your systems, so the external threats you need to guard against are constantly …
During a customary search for vulnerable databases, the team at Comparitech discovered a vulnerable and unprotected MongoDB database belonging to FarFaira, a website designed to promote literacy for children as young as 2 years old. The information on this database includes user sign-in information, email addresses, and social media tokens. …
When men and women leave the armed services, their next career steps may not be immediately obvious to them. Despite the skills they gain in their time serving the nation, military veterans are 37% more likely to be underemployed than nonveterans, according to The New York Times [i]. Whether this is due …
