Malware

The way build artifacts are stored by the GitHub Actions platform could enable attackers to inject malicious code into software projects with CI/CD (continuous integration and continuous delivery) workflows that don’t perform sufficient filtering when downloading artifacts. Cybersecurity researchers have identified several popular artifacts download scripts used by thousands of repositories that are vulnerable to this issue. “We have discovered that when transferring artifacts between different workflows, there is a major risk for artifact poisoning…

Read More

2022 has been a heavy year for layoffs in the technology sector. Whether due to budget restraints, mergers and acquisitions, streamlining, or economic reasons, TrueUp’s tech layoff tracker has recorded over 1000 rounds of layoffs at tech companies globally so far, affecting more than 182,000 people. Some of the biggest tech companies in the world have announced significant staff cuts, including Amazon, Twitter, Meta, and Salesforce. Although perhaps less severely affected, cybersecurity vendors haven’t been…

Read More

Cloud security vendor Fortanix has updated its Data Security Manager to incorporate support for AWS’ external encryption key store system, adding another major public cloud vendor to the list of those supported for the company’s key management system. With this week’s update, Fortanix, which already supports this type of cloud key management system in Azure and Google Cloud, is trying to solve one of the major security and regulatory problems posed by multicloud environments. Every…

Read More

Amazon Web Services has announced AWS Lambda serverless function support for its automated vulnerability management service, Amazon Inspector, and a new automated sensitive data discovery capability in its machine learning security and privacy service, Amazon Macie. Both announcements were made during the AWS Re:Invent 2022 conference in Las Vegas this week. They follow other security-focused AWS releases including the launch of Wickr, a new encrypted messaging service for enterprises and Amazon Security Lake, which centralizes…

Read More

Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account, the company said in a statement.  “Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources…

Read More

Ransomware and data breaches pose a massive risk to organizations, resulting in loss of customer trust and shareholder value, reputation damage, hefty fines, and penalties. Cyber risk is a top concern in US corporate boardrooms, elevating the role of the chief information security officer to rapid prominence. More than half (61%) of CISOs report to a board and board members are increasingly interested in what CISOs have to say. But technical skills alone won’t suffice…

Read More

Ransom Cartel, a ransomware-as-a-service (RaaS) operation, has stepped up its attacks over the past year after the disbanding of prominent gangs such as REvil and Conti. Believed to have launched in December 2021, Ransom Cartel has made victims of organizations from among the education, manufacturing, utilities, and energy sectors with aggressive malware and tactics that resemble those used by REvil. The group employs double extortion, combining data encryption with data theft and subsequent threats to…

Read More