More results...
Elastic Security Labs has uncovered a sophisticated malware campaign, dubbed REF8685, targeting the Iraqi telecommunications sector. The campaign utilizes a novel malware family called SHELBY, which abuses GitHub for command-and-control (C2) operations…
OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access. By tightly integrating with identity providers …
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1,2] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2019-9875 (CVSS score of 8.8) is a Deserialization of Untrusted Data in the anti […]
A recent discovery has revealed a potential supply chain attack vulnerability in GitHub’s CodeQL repositories, which could have led to wide-ranging consequences for hundreds of thousands of GitHub users. The exploit hinges on a publicly exposed s…
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Hetty: Open-source HTTP toolkit for security research Hetty is an open-source HTTP toolkit desi…
Malwoverview is an open-source threat hunting tool designed for the initial triage of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes. “Malwoverview is simple and direct, integrating multiple public sandboxes to r…
Researchers has discovered a sophisticated malware operation that poses as a fake coding challenge and targets Polish-speaking professionals. This campaign, known as “FizzBuzz to FogDoor,” exploits job seekers by disguising malware as legit…
Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys. Use cases include: Identifying the blast radius of specific KMS keys and the resources they…
Recent research by Trend Micro has uncovered a significant evolution in the Albabat ransomware, which now targets not only Windows but also Linux and macOS systems. This expansion highlights the increasing sophistication of ransomware groups in exploit…
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.