GitHub says hackers cloned code-signing certificates in breached repository
It remains unclear how the threat actor compromised access token used in the breach. Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates.....»»
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has con.....»»
Shorter TLS certificate lifespans expected to complicate management efforts
76% of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security, according to Venafi. However, many feel unprepared to take action, with 77% saying the shift to 90-day certificates will mean more outag.....»»
Bacteria encode hidden genes outside their genome; do we?
Since the genetic code was first deciphered in the 1960s, our genes have seemed like an open book. By reading and decoding our chromosomes as linear strings of letters, like sentences in a novel, we can identify the genes in our genome and learn why.....»»
5G network flaws could be abused to let hackers spy on your phone
Researchers have developed a tool to sniff out 5G vulnerabilities, and even gain access to a victim's device......»»
An 18-year-old Safari loophole exploited by hackers is finally being fixed by Apple
There’s a pesky loophole lurking in every major browser, including Apple’s Safari, Google Chrome, and Mozilla Firefox, that hackers have been exploiting for the past … The post An 18-year-old Safari loophole exploited by hackers is.....»»
macOS Sequoia to fix exploit that lets hackers access internal networks
Apple and other tech companies are constantly looking for ways to improve the security of their operating systems. Even so, some things go unnoticed. An exploit from 18 years ago is still being actively used by hackers to access internal networks, bu.....»»
Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise
Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io. DevSecOps The possibility to integrate.....»»
Mac and Windows users infected by software updates delivered over hacked ISP
DNS poisoning attack worked even when targets used DNS from Google and Cloudflare. Enlarge (credit: Marco Verch Professional Photographer and Speaker) Hackers delivered malware to Windows and Mac users by compromising th.....»»
Hacked ISP infects users receiving unsecure software updates
DNS poisoning attack worked even when targets used DNS from Google and Cloudflare. Enlarge (credit: Marco Verch Professional Photographer and Speaker) Hackers delivered malware to Windows and Mac users by compromising th.....»»
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is.....»»
Chinese hackers hijacked an ISP software update to spread malware
StormBamboo used DNS poisoning to successfully attack organizations using insecure updates......»»
Chinese hackers compromised an ISP to deliver malicious software updates
APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasi.....»»
Who are the two major hackers Russia just received in a prisoner swap?
Both men committed major financial crimes—and had powerful friends. Enlarge (credit: Getty Images) As part of today’s blockbuster prisoner swap between the US and Russia, which freed the journalist Evan Gershkovich a.....»»
The Sims 5: rumors, leaks, release date speculation, and more
The Sims 5 is currently being worked on under the code name Project Rene. Here's everything you need to know about your next life-sim obsession ahead of launch......»»
Innovative approach promises faster bug fixes
Modern software applications usually consist of numerous files and several million lines of code. Due to the sheer quantity, finding and correcting faults, known as debugging, is difficult. In many software companies, developers still search for faul.....»»
Slew of new iPhone, Mac and iPad models identified in Apple"s beta code
Slew of new iPhone, Mac and iPad models identified in Apple"s beta code.....»»
Hackers exploit VMware vulnerability that gives them hypervisor admin
Create new group called "ESX Admins" and ESXi automatically gives it admin rights. Enlarge (credit: Getty Images) Microsoft is urging users of VMware’s ESXi hypervisor to take immediate action to ward off ongoing attac.....»»
Hackers can now even use your PC’s HDMI cable to steal data
Hackers have found a new use for AI to get their hands on critical data using leaked electromagnetic radiation fro your HDMI cable......»»
New infosec products of the week: July 26, 2024
Here’s a look at the most interesting products from the past week, featuring releases from GitGuardian, LOKKER, Permit.io, Secure Code Warrior, and Strata Identity. GitGuardian’s tool helps companies discover developer leaks on GitHub GitGuardian.....»»
"Miracle" filter turns store-bought LEDs into spintronic devices
Traditional electronics use semiconductors to transmit data through bursts of charged carriers (electrons or holes) to convey messages in "1s" and "0s." Spintronic devices can process an order of magnitude more information by assigning binary code to.....»»