GitHub has recently implemented critical fixes to address a severe security vulnerability in its GitHub Enterprise Server (GHES), potentially allowing attackers to circumvent authentication safeguards. This issue, rated at the maximum severity level and tracked as CVE-2024-4985, carries a CVSS score of 10.0, indicating a high level of risk for…
The Increasing Importance of Securing SaaS Data Backups In today’s digital landscape, discussions about data security often center around three pivotal concerns: protecting data stored in on-premises systems or the cloud, identifying reliable strategies and tools for backing up and restoring data, and assessing the financial and operational impacts of…
The Importance of Effective Offboarding Practices in Mitigating Insider Risks A recent analysis by Wing Security has revealed a concerning trend in corporate data security: approximately 63% of businesses might have former employees still authorized to access sensitive organizational data. This statistic underscores the pressing need for businesses to automate…
New Trends in Cyber Security: The Rising Threat of Non-Human Access As we navigate through 2023, numerous cyber attacks have highlighted a disturbing trend: non-human access is becoming a prevalent attack vector that poses significant security risks to organizations. Recent reports indicate that there have been "11 high-profile attacks in…
Stargazer Goblin Exploits GitHub for Malware Distribution An ongoing cyber threat has emerged from a group known as Stargazer Goblin, which has established an extensive network of fraudulent GitHub accounts for the distribution of various types of information-stealing malware. Over the past year, this operation is estimated to have generated…
Internet Archive Faces Repeated Cybersecurity Challenges Amid Major Breaches In October 2024, the Internet Archive, a non-profit organization founded by Brewster Kahle to safeguard the digital history of the internet, encountered significant security setbacks resulting in multiple data breaches. The first incident, occurring on October 9, involved both a data…
The Internet Archive has recently experienced another cyber intrusion, marking the third significant security breach in October 2024. On October 20, threat actors managed to exploit unrotated API tokens, gaining unauthorized access to the organization’s Zendesk support platform and potentially exposing sensitive user information. This breach follows two earlier attacks…
Two individuals from Sudan have been indicted by federal authorities for orchestrating a series of extensive distributed denial of service (DDoS) attacks that targeted prominent technology firms as well as critical infrastructure and governmental entities around the globe. The operation, identified as Anonymous Sudan, is alleged to have launched tens…
A prominent data leaker has claimed to have successfully infiltrated Cisco, a leading networking technology firm, and exfiltrated sensitive company data. This discovery has prompted Cisco to initiate an investigation into the incident. Earlier this week, a cybercriminal operating under the alias IntelBroker took to BreachForums, a well-known hacking marketplace,…
