Security News

Cybersecurity researchers have discovered a malicious package on the Python Package Index repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims. The package, named "Lr-utils-lib," attracted a total of 59 downloads before it was taken down.

Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. In a Google Workspace incident report, the company says the issue affected approximately 2% of all Windows users who had already upgraded to Chrome 127, the browser's latest version.

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. On July 10, 2024, ServiceNow made hotfixes available for CVE-2024-4879, a critical input validation flaw enabling unauthenticated users to perform remote code execution on multiple versions of the Now Platform.

A Latin America-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. The campaign involved the use of Google Cloud container URLs to host credential phishing pages with the aim of harvesting login information associated with Mercado Pago, an online payments platform popular in the LATAM region.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

We have a collective unaddressed weakness when it comes to basic cybersecurity. Out of the many reports circulating in the news today, many statistics revolve around the number of detected breaches.

Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics. To be clear, this new feature does not protect against information-stealing malware but rather prevents people with physical or remote access to the device from using the stored credentials without first authenticating with the device.

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps that display convincing corporate login forms to steal credentials. D0x demonstrates how to create PWA apps to display corporate login forms, even with a fake address bar showing the normal corporate login URL to make it look more convincing.

A new trove of 361 million email addresses has been added to Have I Been Pwned?, the free online service through which users can check whether their account credentials and other data has been compromised in one or more data breaches. The data includes lists of credentials for accounts grouped either by service or country.

Cloud computing and analytics company Snowflake said a "limited number" of its customers have been singled out as part of a targeted campaign. "We have not identified evidence suggesting this...