InfoSec News 20240411
Top News
-
Python's PyPI Reveals Its Secrets
"GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI."
TLP1 : Green
-
Trump Media director accused of ‘hacking’ files in attempted corporate ‘coup’: Lawsuit
"Investment firms led by the former CEO of the SPAC that merged with Donald Trump’s media company allege that their files were hacked and stolen by a current member of the media company’s board of directors."
TLP1 : Green
-
Mysterious Index Bug Haunts a Tech Company’s Search Engine Project
"A mysterious bug has plagued a major tech company’s search engine project since February, randomly failing the index construction process. The issue is related to the code that merges partial indices during index building."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer
"A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign."
TLP1 : Green
-
Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks
"Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks."
TLP1 : Green
-
Police employee accused of hacking computer, selling info to stalker
"A Queensland Police Service employee has allegedly been paid to access information and release it to a domestic violence perpetrator, who then went on to stalk someone."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
AT&T Breach Update: 51 Million Customers’ Data Exposed
"A significant data breach has been uncovered in recent times, following a series of investigations and reports. The scale of the cybersecurity incident was gradually revealed, making it one of the most substantial breaches in recent years."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability
"Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution."
TLP1 : Green
-
Multiple Palo Alto Networks Firewall Flaws Let Attackers Cause Disruption
"Palo Alto Networks has recently disclosed four high-severity vulnerabilities in its firewall products."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Cypago Announces New Automation Support for AI Security and Governance
"Cyber GRC software company Cypago has announced a new automation solution for artificial intelligence (AI) governance, risk management and compliance. This includes implementation of NIST AI RMF and ISO/IEC 42001, the newest AI security and governance frameworks. With more and more companies integrating new AI tools into their business processes, daily operations, and customer-facing products and services, safe and compliant use of AI has become a pivotal challenge."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
APKDeepLens - Android Security Insights In Full Spectrum
"APKDeepLens is a Python based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration testers, and security researchers to assess the security posture of Android apps."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.