While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.
Data centre access credentials from some of the world's biggest companies, including financial organisations and tech vendors, have been leaked on the dark web, according to Resecurity.
The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about stepped-up Russian 'disruptive' actions right after Ukraine detected a cyberattack on government websites.
Almost all applications contain at least some open source code, and 48% of code bases contained high-risk vulnerabilities.
The new V3G4 variant of Mirai, which creates botnets for DDoS attacks, exploited 13 different vulnerabilities in three campaigns over a six-month period, Palo Alto Network’s Unit 42 team reports.
Cyberthreat group DEV-0147 is deploying the ShadowPad RAT to hit diplomatic targets in South America, expanding from its traditional attack turf in Asia and Europe, Microsoft says.
The stolen information includes personal information of employees, including financial account information, state and federal government-issued ID numbers, driver’s license numbers, ID cards, social security numbers, and digital signatures.
Cyber security agencies globally, including in Singapore, have issued alerts about a ransomware attack targeting the VMware ESXi hypervisor.Aourva.
Coalition predicts that the 1,900 CVEs would include 270 high-severity and 155 critical-severity vulnerabilities. The predictions are based on data collected over the last ten years.
About 87 per cent of container images include a high or critical vulnerability, while 90 per cent of granted permissions are not used, according to Sysdig.
FBI covertly infiltrated the Hive network, which has targeted more than 1,500 victims in over 80 countries around the world, and thwarting over $130 million in ransom demands.
The number of attacks targeting the government sector increased by 95 per cent worldwide in the second half of 2022 compared to the same period in 2021.
The group is seen using SparkRAT, a multi-platform remote access trojan, to target firms in Singapore, Hong Kong, Taiwan and China.
The networks of four Iranian government organisations including Iran’s Ministry of Foreign Affairs, have likely been compromised.
The Scattered Spider cyber crime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD).
