Bad actors can abuse GitHub Codespaces feature to deliver malware
Researchers from Trend Micro have discovered a way for bad actors to abuse a GitHub Codespaces feature to deliver malware.
Researchers from Trend Micro have discovered a way for bad actors to abuse a GitHub Codespaces feature to deliver malware.
The Microsoft Detection and Response Team (DART) has spotted an increase in attackers using token theft in the cloud to compromise corporate systems while bypassing multi-factor authentication (MFA) and other authentication controls.
Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.
Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.
Uber provided new details regarding a cybersecurity incident that resulted in a data breach of its network systems.
Researchers from Trend Micro have discovered cybercriminal group TeamTNT leaking credentials from two of their attacker-controlled accounts via exposed Docker REST APIs.
Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.
Varonis Threat Labs has discovered a multi-factor authentication (MFA) bypass vulnerability for Box accounts that use an SMS code for login verification.
Cisco has fixed a Critical authentication bypass vulnerability CVE-2021-34746 in NFV Infrastructure Software (NFVIS) TACACS+ authentication, authorization and accounting (AAA) feature.
A security researcher has discovered a seven-year old polkit privileged escalation vulnerability CVE-2021-3560 that could allow a remote attacker root shell access on Linux systems.