Data Vigilante Exposes 8 Million Employee Records in MOVEit Vulnerability Breach In a significant breach linked to the vulnerabilities of the MOVEit file transfer software, a self-styled “Data Vigilante” identified as Nam3L3ss has leaked approximately 8 million employee records from prominent corporations, including Amazon, 3M, HP, and Delta. The MOVEit…
Recent MOVEit Data Breach Exposes Sensitive Information of Major Corporations A significant new wave of data breaches has emerged, linked to the well-known MOVEit vulnerability, shaking the cybersecurity community. This incident, distinct from the Cl0p ransomware attacks of the previous year, is attributed to a different threat actor known as…
Security Operations Developers’ Credentials Compromised Through Typosquatted ‘Fabric’ Library Prajeet Nair (@prajeetspeaks) • November 11, 2024 Image: Shutterstock A deceptive Python package, masquerading as a popular SSH automation library, has been active on the PyPi repository since 2021. This malicious package is designed to distribute payloads that compromise user credentials…
Cloud Security: The Imperative of Penetration Testing "Defenders think in lists, attackers think in graphs," remarked John Lambert from Microsoft, encapsulating the contrasting mindsets of cybersecurity defenders and attackers. This fundamental difference underscores the need for organizations to adopt an attacker’s viewpoint in bolstering their cybersecurity measures. While traditional defense…
New Cyberattack Technique Exploits Stolen Cloud Credentials to Target LLM Services Cybersecurity researchers have recently uncovered a sophisticated attack that leverages stolen cloud credentials to infiltrate cloud-hosted large language model (LLM) services. This technique, dubbed LLMjacking by the Sysdig Threat Research Team, poses a significant threat as attackers aim to…
The cyber threat actor known as Muddled Libra has been identified as actively targeting software-as-a-service (SaaS) applications and cloud service providers (CSPs) with the intent to exfiltrate confidential information. This malicious activity underscores an increasing trend where organizations store diverse sets of data within SaaS platforms and leverage CSP services,…
A new cyber threat has emerged, identified as “Cuttlefish,” specifically targeting small office and home office (SOHO) routers. This sophisticated malware aims to covertly monitor all traffic traversing these devices while collecting authentication data from HTTP GET and POST requests. According to a recent report from the Black Lotus Labs…
New Trends in Cyber Security: The Rising Threat of Non-Human Access As we navigate through 2023, numerous cyber attacks have highlighted a disturbing trend: non-human access is becoming a prevalent attack vector that poses significant security risks to organizations. Recent reports indicate that there have been "11 high-profile attacks in…
Socure to Acquire Effectiv: A $136 Million Investment to Enhance Identity Verification Solutions In a strategic move aimed at bolstering its identity verification capabilities, Socure, based in the Lake Tahoe region of Nevada, has announced plans to acquire Effectiv, a startup specializing in risk decisioning. The acquisition, valued at $136…
