TLDR: Researchers have warned application developers about three potential threats to their software development process. Firstly, the abuse of GitHub’s platform by threat actors is increasing, with malware being left by actors hoping developers will download infected code snippets. Second, a report by security researcher John Stawinksi shows how platforms, such as GitHub and AWS, can be manipulated, highlighting the need for developers to carefully vet and secure their software supply chains. Finally, developers using the GitLab DevOps software have been urged to update to the latest version, as there are two critical vulnerabilities that can be exploited to gain unauthorized account access. In other news, Framework, a modular laptop manufacturer, has notified customers of a data breach caused by an employee who fell for a phishing attack. The breach resulted in the theft of customer information. Singing River Health System has also announced a data theft incident that occurred during a ransomware attack last year, compromising the personal data of over 250,000 individuals. American actuarial firm Milliman Inc. has increased the number of people affected by a recent data breach to over 56,000. Ukrainian police have arrested a suspect believed to be behind a cryptojacking scheme that mined over $2 million in cryptocurrencies by compromising servers of an American cloud provider. Digital currency trading company Genesis Global Trading will pay an $8 million penalty for violating New York State’s virtual currency and cybersecurity regulations. Additionally, researchers at Forescout have challenged the notion that Russia’s Sandworm hacking group was behind a cyber attack in Denmark last year, suggesting it was a mass exploitation of a vulnerability rather than a targeted attack by the group.
Hot off the press Cyber Security Today: 3 app warnings
Latest from News
CISA alert: Watch your credentials in FY23 risk assessment
TLDR: CISA warns about the risk of credential access in FY23 risk & vulnerability assessment IBM’s X-Force Threat Intelligence Index 2024 also identifies credential
Stay safe online AARP Virginia Fraud Alert: Cyber Security Awareness
TLDR: Key Points: October is National Cybersecurity Awareness Month Important tips to stay safe online include using strong passwords, enabling multi-factor authentication, updating software,
Aussie Cyber Pros Reveal Rising Stress Levels
TLDR: Australian cybersecurity professionals are facing increased job stress due to a complex threat landscape, low budgets, and hiring challenges. The industry prefers candidates
Proxy statements: Boards’ AI and cyber-security oversight, forecasting ahead
TLDR: Proxy statements have evolved from compliance documents to key tools for communicating with shareholders. Ron Schneider from Donnelley Financial Solutions discusses best practices
Businesses taking action against cyber threats: PwC shows readiness
TLDR: Organisations are taking action towards cyber resilience, with 77% expecting their cyber budget to increase over the coming year. PwC’s survey highlighted that