Security News

Bad actors put a new twist on an existing piece of malware to steal private keys for cryptocurrency accounts and other account credentials, according to analysis from Trend Micro. Panda Stealer uses a fileless approach and looks for private keys and records of previous transactions from cryptocurrency wallets including Dash, Bytecoin, Litecoin and Ethereum, according to Trend Micro.

Whilst continuing its focus on strong and sustainable organic growth, Kerv will also look at acquiring businesses which add new capabilities to further enhance its cloud and digital credentials and/or bring new vertical opportunities. "Explaining the rationale behind the deal, Alastair Mills, executive chairman at Kerv, said:"This acquisition is a significant step for Kerv and a major investment in the rapidly growing digital transformation market.

Expert discusses the importance of keeping internal computer credentials as safe as your passwords. TechRepublic's Karen Roby spoke with Robert Haynes of Checkmarx, a software security solution, about World Password Day, May 6, 2021.

HID Global announced the general availability WorkforceID Authentication, the latest addition to its cloud platform for creating a seamless, effortless experience for issuing, managing and using identity credentials in physical and digital workplaces. "A person's identity has become the new security perimeter in a hybrid workplace that now extends from home to the office and everywhere in between," said Julian Lovelock, VP Global Business Segment, IAM, with HID Global.

Codecov, makers of a code coverage tool used by over 29,000 customers, has warned that a compromised script may have stolen credentials over a period of two months, before it was discovered a few weeks ago. Codecov is a cloud-based tool which integrates with GitHub, GitLab, Atlassian Bitbucket, or any Git-based repository.

Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration environment. Codecov provides tools that help developers measure how much of the source code executes during testing, a process known as code coverage, which indicates the potential for undetected bugs being present in the code.

Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots. Email remains the preferred method to exfiltrate stolen info but these channels foreshadow a new trend in the evolution of phishing kits.

Socure announced the company will provide identity verification services for remote onboarding for individuals accessing decentralized IDs as part of the new Microsoft Azure Active Directory verifiable credentials feature in public preview. Once verified, these credentials can be used to prove an identity across different organizations to accelerate onboarding of users and enable a more trustworthy credential recovery experience.

Onfido announced it has been selected by Microsoft to enable fast and secure identity verification and onboarding for its Azure Active Directory verifiable credentials. Once a person's real identity is bound to their digital identity using Onfido's document plus selfie verification, end-users are onboarded to Azure AD and have complete control over their identity from their smartphone, being able to provision its reuse to access additional services.

VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers. vRealize Operations is an AI-powered and "Self-driving" IT operations management for private, hybrid, and multi-cloud environments, available as an on-premises or SaaS solution.