Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials
The same attack that allowed a threat actor to steal data from private Heroku GitHub repositories also resulted in the…
Heroku admits that customer credentials were stolen in cyberattack
Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal…
Sen. Menendez has message for Biden admin on Iran: ‘No deal is better than a bad deal’
Sen. Bob Menendez, D-N.J., wants the Biden administration to make sure Iran cannot obtain nuclear weapons, but warned that any…
Open source ‘Package Analysis’ tool finds malicious npm, PyPI packages
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis'…
We are all ‘token’ leaders
Share and speak up for justice, law & order… There is nothing more insulting than...
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week…
Exploring Biometrics and Trust at the Corporate Level
Biometric measurements should be part of any multifactor authentication (MFA) strategy, but choose your methods carefully: Some only establish trust…