TLDR: Researchers have warned application developers about three potential threats to their software development process. Firstly, the abuse of GitHub’s platform by threat actors is increasing, with malware being left by actors hoping developers will download infected code snippets. Second, a report by security researcher John Stawinksi shows how platforms, such as GitHub and AWS, can be manipulated, highlighting the need for developers to carefully vet and secure their software supply chains. Finally, developers using the GitLab DevOps software have been urged to update to the latest version, as there are two critical vulnerabilities that can be exploited to gain unauthorized account access. In other news, Framework, a modular laptop manufacturer, has notified customers of a data breach caused by an employee who fell for a phishing attack. The breach resulted in the theft of customer information. Singing River Health System has also announced a data theft incident that occurred during a ransomware attack last year, compromising the personal data of over 250,000 individuals. American actuarial firm Milliman Inc. has increased the number of people affected by a recent data breach to over 56,000. Ukrainian police have arrested a suspect believed to be behind a cryptojacking scheme that mined over $2 million in cryptocurrencies by compromising servers of an American cloud provider. Digital currency trading company Genesis Global Trading will pay an $8 million penalty for violating New York State’s virtual currency and cybersecurity regulations. Additionally, researchers at Forescout have challenged the notion that Russia’s Sandworm hacking group was behind a cyber attack in Denmark last year, suggesting it was a mass exploitation of a vulnerability rather than a targeted attack by the group.
Hot off the press Cyber Security Today: 3 app warnings
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-124.png)
Latest from News
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-121-720x480.png)
OpenStack Nova flaw lets hackers infiltrate cloud servers without permission
TLDR: A vulnerability in OpenStack’s Nova component, tracked as CVE-2024-40767, allows hackers to gain unauthorized access to cloud servers. The vulnerability affects multiple versions
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-40-720x480.jpg)
CrowdStrike alert: New phishing scam targets German customers
TLDR: – CrowdStrike warns of a new phishing scam targeting German customers. – Malicious installers distributed via a fake website impersonating a German entity.
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-36-720x480.jpg)
Beware: NKorea Cyber Op Targets Military, Nuclear Secrets in UK, US, SKorea
Article Summary TLDR: UK, US, and S. Korea issued a warning about a North Korea-backed cyber espionage campaign The group Andariel has been targeting
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-24-720x480.jpg)
Security leaders weigh in on SEC cyber disclosure ruling one year later
TLDR: One year after the SEC cyber disclosure ruling, security leaders weigh in on its impact. Security professionals reflect on the lack of significant
![](https://cybersecuritypeek.com/wp-content/uploads/2024/01/cybersecurity-images-33-720x480.jpg)
Viettel Cyber Security and Banbros Commercial Inc tackle emerging cyber threats
TLDR: Viettel Cyber Security and Banbros Commercial Inc. addressed emerging cyber threats in the Philippines at a launching event. The event focused on discussing