Doenerium: When Stealing from Thieves Is Also a Crime
By Igal Lytzki, Incident Response Analyst, Perception Point Over the past few weeks our team of ‘white hat’ cyber threat…
Thinking of Hiring or Running a Booter Service? Think Again.
Most people who operate DDoS-for-hire services attempt to hide their true identities and location. Proprietors of these so-called “booter” or…
Secrets Rotation Recommended After CircleCI Security Incident
Companies are being urged to update 0Auth, runner, and project API tokens, along with other secrets stashed with CircleCI.
Hackers can use GitHub Codespaces to host and deliver malware
GitHub Codespaces, a cloud-hosted integrated development environment (IDE), has a port forwarding feature that malicious actors can abuse to host…
Nissan North America data breach caused by vendor-exposed database
Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that…
CircleCI’s hack caused by malware stealing engineer’s 2FA-backed session
Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing…
Malware Comes Standard With This Android TV Box on Amazon
The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box…
CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools
High-profile software provider compromises in the past few months show that threat actors are actively targeting the services underpinning corporate…
Software Supply Chain Security Needs a Bigger Picture
SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the…
Android TV box on Amazon came pre-installed with malware
A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked…