EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

Oct 30, 2023NewsroomCloud Security / Cryptocurrency A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities. “As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations,” Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said in a technical report shared with The Hacker News.…
Read more

ServiceNow Data Exposure: A Wake-Up Call for Companies

Oct 30, 2023The Hacker NewsSaaS Security / Data Security Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in “unintended access” to sensitive data. For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of sensitive corporate data.…
Read more

New Webinar: 5 Must-Know Trends Impacting AppSec

Oct 30, 2023The Hacker NewsWebinar / Web App Security Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it’s almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other persistent threats.…
Read more

Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware

Oct 30, 2023NewsroomCyber War / Malware A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed BiBi-Linux Wiper, targeting Israeli entities amidst the ongoing Israeli-Hamas war. “This malware is an x64 ELF executable, lacking obfuscation or protective measures,” Security Joes said in a new report published today.…
Read more

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Oct 30, 2023NewsroomKubernetes / Server Security Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows – CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043 (CVSS score: 7.6) – Ingress-nginx annotation injection causes arbitrary command execution CVE-2023-5044 (CVSS score: 7.6) – Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation “These vulnerabilities enable an attacker who can control the configuration of the Ingress object to steal secret credentials from the cluster,” Ben Hirschberg, CTO and co-founder of Kubernetes security platform ARMO, said of CVE-2023-5043 and CVE-2023-5044.…
Read more

N. Korean Lazarus Group Targets Software Vendor Using Known Flaws

Oct 27, 2023NewsroomCyber Attack / Malware The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for victim profiling and payload delivery.…
Read more

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

Oct 27, 2023NewsroomArtificial Intelligence / Vulnerability Google has announced that it’s expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security. “Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or misinterpretations of data (hallucinations),” Google’s Laurie Richardson and Royal Hansen said.…
Read more

Unique Visitors
» 1,816 Today
» 20,900 Yesterday
» 22,716 This Week
» 672,755 This Month
» 1,578,595 This Year
» 17,813,690 Total (since 2019-12-11)
» Record: 205,757 (2023-08-13)
Counter by DarkWeb.Solutions