Security News > 2022 > April
GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning.
GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning.
Companies are struggling to retain employees and hire new ones as workers seek new opportunities elsewhere. Ransomware thieves have been caught approaching employees to help infect their employer's systems, while some workers take it upon themselves to pilfer company data.
Cloudflare sees signs of Russians increasingly turning to Western news sources to get accurate information about the situation in Ukraine. A new blog post published today by Cloudflare presents statistical evidence that the netizens of Russia are adopting blockage circumvention tools pretty aggressively to access British, American, and French news sites.
"The Borat RAT provides a dashboard to Threat Actors to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim's machine," the researchers wrote in a blog post, noting the malware is being made available for sale to hackers. Borat - named after the character made famous by actor Sacha Baron Cohen in two comedy films - comes with the standard requisite of RAT features in a package that includes such functions as builder binary, server certificate and supporting modules.
VMware has published security updates for the critical remote code execution vulnerability known as Spring4Shell, which impacts several of its cloud computing and virtualization products. A list of VMware products affected by Spring4Shell is available in an adivsory from the company.
Open your web browser and head to the Google My Activity site. Once you've verified it's you, you should see the full My Activity page, where you can begin managing your activity.
Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. In an email to BleepingComputer, MailChimp has confirmed that the breach was more significant than just Trezor's account being accessed by threat actors.
A rich new set of FIN7 indicators of compromise based on the analysis of novel malware samples has been published by researchers at Mandiant, who continue to observe and track the group's operations. In some intrusions, FIN7 was observed tweaking the functionality and adding new features to PowerPlant, and deploying the new version in the middle of the operation.
Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it. In case you’re wondering, no, that is...