Gravy Analytics, a data broker, has reported a significant data breach that occurred earlier this month, compromising the exact location data of millions of users of both iPhone and Android devices. This incident arose from unauthorized access to the AWS cloud storage environment of its parent company, Unacast, as indicated…
Alert on EC2 Grouper: Exploiting AWS Credentials Through Unique Patterns Recent research from Fortinet’s FortiGuard Labs has identified a concerning threat actor known as "EC2 Grouper," which is exploiting AWS credentials and tools in a highly distinguishable manner. This group primarily uses naming conventions akin to “ec2group12345” to set up…
Volkswagen Suffers Major Data Breach Affecting 800,000 EV Owners Volkswagen (VW), the globally recognized automotive manufacturer, has experienced a significant data breach that has compromised the personal information of over 800,000 electric vehicle (EV) owners. This incident, which raises alarms about data privacy, has exposed sensitive information including geographic location…
Mike Mahoney, a prominent figure in the field of product marketing, currently serves as the Senior Director of Product Marketing for Technology Alliances at Tanium, where he plays a pivotal role in shaping the company’s marketing strategy and guiding its global partnerships. With a rich career spanning over twenty years,…
Data Vigilante Exposes 8 Million Employee Records in MOVEit Vulnerability Breach In a significant breach linked to the vulnerabilities of the MOVEit file transfer software, a self-styled “Data Vigilante” identified as Nam3L3ss has leaked approximately 8 million employee records from prominent corporations, including Amazon, 3M, HP, and Delta. The MOVEit…
Recent MOVEit Data Breach Exposes Sensitive Information of Major Corporations A significant new wave of data breaches has emerged, linked to the well-known MOVEit vulnerability, shaking the cybersecurity community. This incident, distinct from the Cl0p ransomware attacks of the previous year, is attributed to a different threat actor known as…
Security Operations Developers’ Credentials Compromised Through Typosquatted ‘Fabric’ Library Prajeet Nair (@prajeetspeaks) • November 11, 2024 Image: Shutterstock A deceptive Python package, masquerading as a popular SSH automation library, has been active on the PyPi repository since 2021. This malicious package is designed to distribute payloads that compromise user credentials…
Cloud Security: The Imperative of Penetration Testing "Defenders think in lists, attackers think in graphs," remarked John Lambert from Microsoft, encapsulating the contrasting mindsets of cybersecurity defenders and attackers. This fundamental difference underscores the need for organizations to adopt an attacker’s viewpoint in bolstering their cybersecurity measures. While traditional defense…
New Cyberattack Technique Exploits Stolen Cloud Credentials to Target LLM Services Cybersecurity researchers have recently uncovered a sophisticated attack that leverages stolen cloud credentials to infiltrate cloud-hosted large language model (LLM) services. This technique, dubbed LLMjacking by the Sysdig Threat Research Team, poses a significant threat as attackers aim to…
