CloudSEK Identifies Major Data Exposure from Postman Workspaces, Putting Sensitive Information at Risk CloudSEK’s TRIAD team recently uncovered a significant security threat involving the exposure of over 30,000 public workspaces on Postman, a widely used cloud-based API development platform. This alarming discovery, confirmed on December 23, 2024, indicates extensive data…
UnitedHealthcare has yet to respond to inquiries from WIRED regarding a recent incident, though a spokesperson released a statement to other media outlets expressing hope that certain developments may offer some solace to those impacted by a tragic event. The spokesperson extended gratitude to law enforcement and highlighted the importance…
In this week’s Cybersecurity Newsletter, we delve into recent developments that raise critical concerns for business owners navigating the digital security landscape. As the cyber threat environment evolves rapidly, it is essential to stay informed about the latest vulnerabilities, breaches, and data security threats impacting organizations worldwide. The newsletter covers…
A recent phishing campaign has come to light, actively distributing remote access trojans (RATs) dubbed VCURMS and STRRAT through a malicious Java-based downloader. This attempt highlights a troubling trend in cybercrime, where attackers strategically utilize accessible cloud platforms, such as Amazon Web Services and GitHub, to host malicious content while…
Increasingly sophisticated phishing-as-a-service (PhaaS) toolkits, particularly one known as EvilProxy, are being employed by threat actors to execute account takeover attacks targeting senior executives within major corporations. This trend underscores a growing vulnerability among high-ranking officials in the corporate landscape, particularly as the proliferation of remote work and digital transactions…
GitGuardian’s 2024 Report Highlights Significant Security Concerns in Open Source Repositories GitGuardian, a notable player in the cybersecurity industry, has released its annual report titled the "State of Secrets Sprawl." The 2023 edition revealed a staggering number of over 10 million exposed credentials, including passwords and API keys, discovered within…
Title: LUCR-3 Threat Actor Targets Fortune 2000 Companies Through Identity Provider Exploitation A recent analysis has unveiled the activities of a financially motivated threat actor known as LUCR-3, which has been linked to a series of cyberattacks targeting high-profile organizations across various sectors. This actor exploits vulnerabilities within Identity Providers…
GitHub has recently implemented critical fixes to address a severe security vulnerability in its GitHub Enterprise Server (GHES), potentially allowing attackers to circumvent authentication safeguards. This issue, rated at the maximum severity level and tracked as CVE-2024-4985, carries a CVSS score of 10.0, indicating a high level of risk for…
The Increasing Importance of Securing SaaS Data Backups In today’s digital landscape, discussions about data security often center around three pivotal concerns: protecting data stored in on-premises systems or the cloud, identifying reliable strategies and tools for backing up and restoring data, and assessing the financial and operational impacts of…
