A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, creating backdoors and automated workflows.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Iranian hackers linked to Iran’s Ministry of Intelligence and Security were responsible for the Los Angeles transit system breach that disrupted online services.
The back-and-forth over public disclosure policy does have substantial "gray area" and nuance. As Microsoft points out, the zero-day vulnerabilities that Chaotic Eclipse provided a "road map" to threat actors and some were almost immediately put to use in real-world attacks. On the other side of the coin, security researchers have long complained of unresponsive and heavy-handed communications from Microsoft.
The European Central Bank (ECB) has concluded a weeks-long inspection of Euro banks with a warning: preparedness for the AI security risk is not adequate, and more spending on cybersecurity will be required to get up to speed.
Boards are starting to ask the right question about AI risk. Unfortunately, many organizations still don’t have a credible answer.
American convenience store chain 7-Eleven has confirmed a data breach claimed by the notorious ransomware gang ShinyHunters, which leaked personal data and corporate information.
On May 19 GitHub confirmed the security breach across its social media channels, verifying that there was unauthorized access to internal repositories and stating that it was monitoring the situation for further activity. It also said that it had no evidence that information stored in customer repositories or internal information about customers was compromised.
For the first time in its publication history of nearly 20 years, Verizon's annual Data Breach Investigations Report (DBIR) is tracking vulnerability exploitation as the leading initial access method for attackers. Stolen credentials had been the #1 method for the entirety of the report's history up to this year.
One of the world’s largest electronics manufacturers, Foxconn, has experienced a cyber attack on its North American operation by the Ransomware-as-a-Service Nitrogen cybercrime gang.
The U.K.’s Information Commissioner’s Office has fined a South Staffordshire water supplier $1.3 million, following a multi-year data breach that affected more than 630,000 people.










