GitHub Says Attacker Stole Encrypted Code-Signing Certificates for Desktop and Atom
GitHub is urging customers to update their installations of GitHub Desktop after an attacker stole three encrypted code-signing certificates that the company used to sign several versions of Desktop for Mac as well as a couple of versions of its now-retired Atom text editor. The attacker gained access to the certificates after cloning some GitHub-owned repositories on Dec. 6 through the …
A North Korean threat group whose activity overlaps with the prolific Lazarus Group has changed up its tactics recent weeks, moving to new file types in phishing emails, and trying out new payloads in what could be an effort to lure potential victims who have become wary of the more common tactics and techniques used by the group and similar adversaries. …
Yahoo Suddenly Rises in Popularity in Q4 to Become the Most Impersonated Brand in Phishing Attacks
Completely absent from the top 10 brands for more than two years, Yahoo’s impersonation may indicate that scammers are looking for new attack angles using lesser-used brands.
Ticketmaster Says Bot Attack Is To Blame for the Misfortunes of Taylor Swift Fans
Ticketmaster executives have been brought in front of a Senate Judiciary Committee and claims now that a bot army were both purchasing tickets and attempting to breach the servers simultaneously.
IT leaders are fearful that ChatGPT, the instantly famous AI-powered chatbot, is already being used by state-sponsored threat actors when crafting cyberattacks. A report from BlackBerry, which polled 500 IT decision-makers in the UK on their views of the revolutionary tech, found over three-quarters (76%) believe foreign states are already using ChatGPT in their cyber-warfare campaigns against other nations. Almost half …
The Russia-linked LockBit ransomware group claims to be behind the attack that fouled automated transactions for dozens of clients of financial technology firm ION Group.
Hornetsecurity Combats QR Code Phishing With Launch of New Technology
Post Content Source: Read More
The group’s wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.
The new campaign highlighted several “noteworthy developments” in TTPs
Post Content Source: Read More
The total number of 61,000 open vulnerabilities, including 1,700 critical ones that have been open for 180+ days, exposes businesses to potential attacks.
Current and former cybersecurity leaders from Microsoft, Google, GitLab, Check Point, OWASP, Fortinet and others have already joined the open framework initiative, which is being led by OX Security.