Tuesday, January 31, 2023

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...
Security Affairs

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
The Register

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.

Cybercrime Ecosystem Spawns Lucrative Underground Gig Economy

The complex nature of cyberattacks has increased demand for software developers, reverse engineers, and offensive specialists — attracting workers facing financial insecurity.
The Register

The wages of sin aren’t that great if you’re a developer choosing the dark side

Salary report shows OKish pay, plus the possibility of getting ripped off and the whole prison thing Malware developers and penetration testers are in high demand across dark web job posting sites, with a few astonishing - but mostly...

10M JD Sports Customers' Info Exposed in Data Breach

UK sportswear retailer asks exposed customers to stay "vigilant" against phishing attempts following cyberattack.

IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance

New research from Drata shows compliance remains a business challenge for many organizations.

Make Developers the Driver of Software Security Excellence

Those who are wrangling code every day could fuel a genuinely transformational approach to security — if they are adequately upskilled.
The Register

Gootloader malware updated with PowerShell, sneaky JavaScript

Perhaps a good time to check for unwelcome visitors The operators behind Gootloader, a crew dubbed UNC2565, have upgraded the code in cunning ways to make it more intrusive and harder to find.…

Facebook Bug Allows 2FA Bypass Via Instagram

The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports.

BrandPost: What’s Next in Securing Healthcare

Over the last decade, healthcare has offered new lines of services such as telehealth and remote patient monitoring, expanded accessibility and ease for both patients and healthcare professionals, and supported innovations that measurably improve patient outcomes. It’s a profound...
Infosecurity Magazine

JD Sports Confirms Breach Affected 10 Million Customers

The cyber-attack hit the company between November 2018 and October 2020

Serious Security: The Samba logon bug caused by outdated crypto

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Fake Texts From the Boss, Bogus Job Postings and Frankenstein Shoppers — Oh My!

Experian’s annual Future of Fraud Forecast highlights five fraud threats facing businesses and consumers in 2023.

Massive Yandex code leak reveals Russian search engine’s ranking factors

Enlarge / The Russian logo of Yandex, the country's largest search engine and a tech company with many divisions, inside the company's headquarters. (credit: SOPA Images / Getty Images) Nearly...
Tenable

[R1] Tenable Plugin Feed ID #202212212055 Fixes Privilege Escalation Vulnerability

Tenable Plugin Feed ID #202212212055 Fixes Privilege Escalation Vulnerability Arnie Cabral Mon, 01/30/2023 - 11:18 As part of our Security Development Lifecycle, a potential privilege escalation issue was identified...
Apple

Apple Security Advisory 2023-01-24-1

Apple Security Advisory 2023-01-24-1 - tvOS 16.3 addresses bypass, code execution, and information leakage vulnerabilities.
MSRC

Congratulations to the Top MSRC 2022 Q4 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2022 Q4 Security Researcher Leaderboard...