GitGuardian’s 2024 Report Highlights Significant Security Concerns in Open Source Repositories GitGuardian, a notable player in the cybersecurity industry, has released its annual report titled the "State of Secrets Sprawl." The 2023 edition revealed a staggering number of over 10 million exposed credentials, including passwords and API keys, discovered within…
Title: LUCR-3 Threat Actor Targets Fortune 2000 Companies Through Identity Provider Exploitation A recent analysis has unveiled the activities of a financially motivated threat actor known as LUCR-3, which has been linked to a series of cyberattacks targeting high-profile organizations across various sectors. This actor exploits vulnerabilities within Identity Providers…
GitHub has recently implemented critical fixes to address a severe security vulnerability in its GitHub Enterprise Server (GHES), potentially allowing attackers to circumvent authentication safeguards. This issue, rated at the maximum severity level and tracked as CVE-2024-4985, carries a CVSS score of 10.0, indicating a high level of risk for…
The Increasing Importance of Securing SaaS Data Backups In today’s digital landscape, discussions about data security often center around three pivotal concerns: protecting data stored in on-premises systems or the cloud, identifying reliable strategies and tools for backing up and restoring data, and assessing the financial and operational impacts of…
The Importance of Effective Offboarding Practices in Mitigating Insider Risks A recent analysis by Wing Security has revealed a concerning trend in corporate data security: approximately 63% of businesses might have former employees still authorized to access sensitive organizational data. This statistic underscores the pressing need for businesses to automate…
New Trends in Cyber Security: The Rising Threat of Non-Human Access As we navigate through 2023, numerous cyber attacks have highlighted a disturbing trend: non-human access is becoming a prevalent attack vector that poses significant security risks to organizations. Recent reports indicate that there have been "11 high-profile attacks in…
Stargazer Goblin Exploits GitHub for Malware Distribution An ongoing cyber threat has emerged from a group known as Stargazer Goblin, which has established an extensive network of fraudulent GitHub accounts for the distribution of various types of information-stealing malware. Over the past year, this operation is estimated to have generated…
Internet Archive Faces Repeated Cybersecurity Challenges Amid Major Breaches In October 2024, the Internet Archive, a non-profit organization founded by Brewster Kahle to safeguard the digital history of the internet, encountered significant security setbacks resulting in multiple data breaches. The first incident, occurring on October 9, involved both a data…
The Internet Archive has recently experienced another cyber intrusion, marking the third significant security breach in October 2024. On October 20, threat actors managed to exploit unrotated API tokens, gaining unauthorized access to the organization’s Zendesk support platform and potentially exposing sensitive user information. This breach follows two earlier attacks…
