Security News

To help organizations protect against ransomware attacks and recover from them if they happen, NIST has published an infographic offering a series of simple tips and tactics. Collaboration between network access brokers and ransomware actors deepensIn this Help Net Security podcast, Brandon Hoffman, CISO at Intel 471, discusses about the increased collaboration between network access brokers and ransomware operators, and how they funcion it today's threat landscape.

Akamai published a report that provides an analysis of both global and financial services-specific web application and credential stuffing attack traffic, revealing significant increases across the attack surfaces year over year from 2019 to 2020. In 2020, there were 193 billion credential stuffing attacks globally, with 3.4 billion hitting financial services organizations specifically - an increase of more than 45% year-over-year in the sector.

US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular Codecov code coverage tool. Only internal credentials and tooling source code accessed.

Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users' credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called "TeaBot", the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late March 2021, followed by a rash of infections in the first week of May against Belgium and Netherlands banks.

Bad actors put a new twist on an existing piece of malware to steal private keys for cryptocurrency accounts and other account credentials, according to analysis from Trend Micro. Panda Stealer uses a fileless approach and looks for private keys and records of previous transactions from cryptocurrency wallets including Dash, Bytecoin, Litecoin and Ethereum, according to Trend Micro.

Whilst continuing its focus on strong and sustainable organic growth, Kerv will also look at acquiring businesses which add new capabilities to further enhance its cloud and digital credentials and/or bring new vertical opportunities. "Explaining the rationale behind the deal, Alastair Mills, executive chairman at Kerv, said:"This acquisition is a significant step for Kerv and a major investment in the rapidly growing digital transformation market.

Expert discusses the importance of keeping internal computer credentials as safe as your passwords. TechRepublic's Karen Roby spoke with Robert Haynes of Checkmarx, a software security solution, about World Password Day, May 6, 2021.

HID Global announced the general availability WorkforceID Authentication, the latest addition to its cloud platform for creating a seamless, effortless experience for issuing, managing and using identity credentials in physical and digital workplaces. "A person's identity has become the new security perimeter in a hybrid workplace that now extends from home to the office and everywhere in between," said Julian Lovelock, VP Global Business Segment, IAM, with HID Global.

Codecov, makers of a code coverage tool used by over 29,000 customers, has warned that a compromised script may have stolen credentials over a period of two months, before it was discovered a few weeks ago. Codecov is a cloud-based tool which integrates with GitHub, GitLab, Atlassian Bitbucket, or any Git-based repository.

Codecov online platform for hosted code testing reports and statistics announced on Thursday that a threat actor had modified its Bash Uploader script, exposing sensitive information in customers' continuous integration environment. Codecov provides tools that help developers measure how much of the source code executes during testing, a process known as code coverage, which indicates the potential for undetected bugs being present in the code.