Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned – OfficialSarkar

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned – OfficialSarkar

Nov 01, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket…

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft – OfficialSarkar

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft – OfficialSarkar

Nov 01, 2024Ravie LakshmananThreat Intelligence / Network Security Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple…

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns – OfficialSarkar

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns – OfficialSarkar

Nov 01, 2024Ravie LakshmananData Security / Artificial Intelligence Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it’s taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October. “We…

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites – OfficialSarkar

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites – OfficialSarkar

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a…

Learn Key Identity Security Tactics in This Expert Webinar – OfficialSarkar

Learn Key Identity Security Tactics in This Expert Webinar – OfficialSarkar

Nov 01, 2024The Hacker NewsSaaS Security / Identity Security Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to…

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics – OfficialSarkar

New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics – OfficialSarkar

Oct 31, 2024Ravie LakshmananSpyware / Mobile Security Cybersecurity researchers have discovered an improved version of an Apple iOS spyware called LightSpy that not only expands on its functionality, but also incorporates destructive capabilities to prevent the compromised device from booting up. “While the iOS implant delivery method closely mirrors that of the macOS version, the…

LottieFiles Issues Warning About Compromised “lottie-player” npm Package – OfficialSarkar

LottieFiles Issues Warning About Compromised “lottie-player” npm Package – OfficialSarkar

Oct 31, 2024Ravie LakshmananCryptocurrency / Software Development LottieFiles has revealed that its npm package “lottie-player” was compromised as part of a supply chain attack, prompting it to release an updated version of the library. “On October 30th ~6:20 PM UTC – LottieFiles were notified that our popular open source npm package for the web player…

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites – OfficialSarkar

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites – OfficialSarkar

Oct 31, 2024Ravie LakshmananVulnerability / Website Security A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions. The vulnerability, tracked as CVE-2024-50550 (CVSS score: 8.1), has been addressed in version 6.5.2 of the plugin. “The plugin…

Unveiling Hidden Threats to Corporate Identities – OfficialSarkar

Unveiling Hidden Threats to Corporate Identities – OfficialSarkar

Oct 31, 2024The Hacker NewsIdentity Security / Browser Security In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as “the new perimeter”, the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities…

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack – OfficialSarkar

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack – OfficialSarkar

Oct 30, 2024Ravie LakshmananRansomware / Threat Intelligence Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as…