Cyber Defense Advisors

Month: December 2022

Home / News / 2022 / December / Page 65
  • by
  • December 1, 2022

Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions

The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery) workflows that don’t perform sufficient filtering when downloading artifacts. Cybersecurity researchers have identified several popular artifacts download scripts used by thousands of repositories that are vulnerable to […]

Cyber News, Cyber Threat Trends
  • by
  • December 1, 2022

Scheduling Meetings with Amazon Chime

Getting started with Amazon Chime In my last post I wrote a summary of my posts on AWS Security. In this post I’ll explain how to use Amazon Chime, which I was using to host an online class recently. I’ve been using Chime successfully for a long time but this post might help people understand a […]

Cyber News, Cyber Threat Trends
  • by
  • December 1, 2022

What Developers Need to Fight the Battle Against Common Vulnerabilities

Today’s threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals – like the finance industry, for example – have been subject to regulatory and compliance requirements for some time, we are seeing a steady […]

Cyber News, Cyber Threat Trends
  • by
  • December 1, 2022

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. “The vulnerability is found in the Dev UI Config Editor, which is vulnerable […]

Cyber News, Cyber Threat Trends
  • by
  • December 1, 2022

Hackers Leak Another Set of Medibank Customer Data on the Dark Web

Medibank on Thursday confirmed that the threat actors behind the devastating cyber attack have posted another dump of data stolen from its systems on the dark web after its refusal to pay a ransom. “We are in the process of analyzing the data, but the data released appears to be the data we believed the criminal stole,” […]

Cyber News, Cyber Threat Trends

Test post delete – 1-12-2022

Lorem ipsum dolor sit amet.. Lorem ipsum dolor sit amet.. Lorem ipsum dolor sit amet.. Lorem ipsum dolor sit amet.. Lorem ipsum dolor sit amet.. Lorem ipsum dolor sit amet.. Lorem ipsum dolor sit amet..   Sending out The Network password ~!@#$%^&*()_+{}|:”<>?[];’,./   The post Test post delete – 1-12-2022 appeared first on McAfee Blog.

Cyber News, Cyber Threat Trends
  • by
  • December 1, 2022

LastPass Suffers Another Security Breach; Exposed Some Customers Information

Popular password management service LastPass said it’s investigating a second security incident that involved attackers accessing some of its customer information. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo,” LastPass CEO Karim Toubba said. GoTo, formerly called LogMeIn, acquired LastPass

Cyber News, Cyber Threat Trends
  • by
  • December 1, 2022

Researchers ‘Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Network

An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down. KmsdBot, as christened by the Akamai Security Intelligence Response Team (SIRT), came to light mid-November 2022 for its ability to brute-force systems with weak SSH credentials. The botnet strikes both Windows and Linux devices spanning a wide range of

Cyber News, Cyber Threat Trends
  • by
  • December 1, 2022

8 things to consider amid cybersecurity vendor layoffs

2022 has been a heavy year for layoffs in the technology sector. Whether due to budget restraints, mergers and acquisitions, streamlining, or economic reasons, TrueUp’s tech layoff tracker has recorded over 1000 rounds of layoffs at tech companies globally so far, affecting more than 182,000 people. Some of the biggest tech companies in the world […]

Cyber News, Cyber Threat Trends