PRIVACY PRIVACY Salesforce-owned PaaS vendor Heroku and GitHub have both warned that compromised OAuth user tokens were likely used to download private data from organizations using Heroku and continuous integration and testing service Travis CI, according to statements issued late last week. It’s unlikely that GitHub itself was compromised, according to the ubiquitous source code…

Read More

PRIVACY PRIVACY As an avid internet surfer, you’ve most likely heard of cookies. No, we’re not talking about the ones filled with chocolate chips. We’re talking about the ones that allow you to log in to your favorite websites. Cookies may impact your online security, so check out these tips to manage them and keep…

Read More

PRIVACY PRIVACY This blog was written by an independent guest blogger. In mid-March, Microsoft released a free, open-source tool that can be used to secure MikroTik routers. The tool, RouterOS Scanner, has its source code available on GitHub. It is designed to analyze routers for Indicators of Compromise (IoCs) associated with Trickbot. This article will…

Read More

PRIVACY PRIVACY On the surface, the case of Racho Jordanov, CEO of JHL Biotech (Eden Biologics), and COO Rose Lin seemed like another case of corporate espionage. They targeted a technology they needed and then set out to acquire the technology. For many years they were successfully stealing Genentech’s secrets.   That is until the…

Read More

PRIVACY PRIVACY With more than two decades of enterprise security experience, Daniel Schwalbe has seen both how the profession has changed and how the structure of security teams has evolved. He recounts, for example, how his former security department reported to network operations when he first started there in the late 1990s. Buried deep in…

Read More

PRIVACY PRIVACY Beautiful video shot off the California coast. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Read More

Read More

PRIVACY PRIVACY An analysis of the cryptocurrency wallets tied to the Karakurt hacker group, combined with their particular methodology for data theft, suggests that the group’s membership overlaps with two other prominent hacking crews, according to an analysis published by cybersecurity firm Tetra Defense. Tetra’s report details the experience of a client company that was…

Read More

PRIVACY PRIVACY Cybersecurity software maker Bitdefender threw its hat into the extended detection and response (XDR) ring Thursday with a native offering it’s calling GravityZone XDR. The product is designed to get security teams up and running out of the box, with features that include: Rapid, cross-correlation threat detection, which uses leading-edge mathematics and threat…

Read More

PRIVACY PRIVACY Among the over 100 vulnerabilities fixed by Microsoft this week during its monthly patch cycle is one that has the security community very worried. It’s a critical remote code execution (RCE) vulnerability located in the Windows Remote Procedure Call (RPC) runtime. The flaw, tracked as CVE-2022-26809, can be exploited over the network with…

Read More

PRIVACY PRIVACY In March 2022, the Top 10 stayed consistent with the previous month with malware changing spots in the Top 10. Read More

Read More