GitHub: Hackers Stole OAuth Access Tokens to Target Dozens of Firms

GitHub has revealed that attackers have abused OAuth user tokens issued to Heroku and Travis-CI, popular third-party OAuth integrators. GitHub revealed on Friday about receiving evidence of an unidentified adversary…

White House hosts open-source software security summit in light of expansive Log4j flaw

Written by Tim Starks Jan 13, 2022 | CYBERSCOOP Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to…

Avast Finds Backdoor on US Government Commission Network

Avast –  Avast –  We have found a new targeted attack against a small, lesser-known U.S. federal government commission associated with international rights. Despite repeated attempts through multiple channels over…

NPK: Free tool to crack password hashes with AWS

The NPK tool is an open-source password cracking tool developed by the Coalfire Labs Research and Development team. The initials NPK are inspired by the atomic elements contained within farm…

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality. SAP has…

A List of Vulnerable Products to the Log4j Vulnerability

Two days ago, we wrote a post about the Log4j vulnerability that is currently wreaking havoc on the cyberthreat landscape. The flaw stands for an open-source Java logging library. By…

Malware analysis arsenal: Top 15 tools

We live in an era where digital transformation is part of our lives. With this, malware has become a critical and huge threat to organizations and people around the globe…

Log4j flaw: Now state-backed hackers are using bug as part of attacks, warns Microsoft

State-sponsored hackers from China, Iran, North Korea and Turkey have started testing, exploiting and using the Log4j bug to deploy malware, including ransomware, according to Microsoft.    As predicted by…

CISA probes scope, potential fallout of Log4j vulnerability

Written by Tim Starks Dec 14, 2021 | CYBERSCOOP A top government cyber official said Tuesday that the Cybersecurity and Infrastructure Security Agency hasn’t seen hackers compromise federal agencies by…

In 2022, Expect More Supply Chain Pain and Changing Security Roles

If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was…