Credit to Author: Paul Ducklin| Date: Wed, 03 Aug 2022 23:06:28 +0000
If you spew projects laced with hidden malware into an open source repository, don’t waste your time telling us “no harm done” afterwards.
Read more
Credit to Author: Paul Ducklin| Date: Thu, 05 May 2022 14:16:18 +0000
Latest episode – listen now!
Read more
Credit to Author: Paul Ducklin| Date: Fri, 29 Apr 2022 16:15:20 +0000
Learn how to find out which apps you’ve given access rights to, and how to revoke those rights immediately in an emergency.
Read moreCredit to Author: Malwarebytes Labs| Date: Fri, 29 Apr 2022 08:01:46 +0000
We can’t tell which party made the first move, but both the pro-Ukraine and Russian sides have been exchanging DDoS attacks.
The post Ukraine government and pro-Ukrainian sites hit by DDoS attacks appeared first on Malwarebytes Labs.
Read more
Credit to Author: BrianKrebs| Date: Wed, 27 Apr 2022 14:27:35 +0000
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don’t tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests — in part by assigning trustworthiness or “credit ratings” to law enforcement authorities worldwide.
Read more
Credit to Author: BrianKrebs| Date: Thu, 17 Mar 2022 22:33:21 +0000
Researchers are tracking a number of open-source “protestware” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.
Read more
Credit to Author: Paul Ducklin| Date: Mon, 07 Mar 2022 12:47:44 +0000
Training data stashed in GitHub by mistake… unfortunately, it was *real* data
Read moreCredit to Author: Threat Intelligence Team| Date: Thu, 27 Jan 2022 16:20:16 +0000
 | |
| How one of North Korea’s most sophisticated APTs tries to avoid detection by using legitiate tools during its attacks. Categories: Threat Intelligence |
The post North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign appeared first on Malwarebytes Labs.
Read more
Credit to Author: John E Dunn| Date: Mon, 18 Nov 2019 11:24:32 +0000
The idea is simple – create a global platform for reporting and fixing vulnerabilities in open source projects before they do damage.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/pPayEpWTksQ” height=”1″ width=”1″ alt=””/>
Read more
Credit to Author: BrianKrebs| Date: Mon, 11 Nov 2019 17:33:27 +0000
Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was inadvertent, and that many of the credentials were already expired.
Read more