GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular […]
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. “In recent weeks, we have seen evidence that Midnight Blizzard is using information […]
The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while covertly working for two China-based tech companies. Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, “transferred sensitive Google trade secrets and […]
Last year, the Open Worldwide Application Security Project (OWASP) published multiple versions of the “OWASP Top 10 For Large Language Models,” reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models, but the evolving ways in which they can be […]
Cybersecurity researchers have discovered a new Java-based “sophisticated” information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in an analysis published last week. The ZIP file contains within it a rogue […]
Picture this: you stumble upon a concealed secret within your company’s source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute […]
The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian’s engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets (passwords, API keys, private keys, cryptographic certificates, etc.) had found their way […]
Software development and testing platform Travis CI confirmed the second incident of exposing its users’ data in less than a year. On this occasion, the compromised records include authentication tokens that would allow access to platforms such as AWS, GitHub, and Docker Hub. According to a report prepared by the firm Aqua Security, tens of […]
If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: “supply chain attack”. A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the ‘downstream’ applications that use them. In 2021, we have seen a dramatic rise in such attacks: high […]
The clearnet and dark web payment portals operated by the Conti ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang’s inner workings and its members were made public. According to MalwareHunterTeam, “while both the clearweb and Tor domains of the leak site […]
Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) […]
REvil ransomware operators disclosed that they have information related to some of Apple’s upcoming releases, and even threaten to disclose it if their economic demands are not met. According to subsequent reports, this information was obtained after a cyberattack against Quanta, a hardware manufacturer that has established itself as one of Apple’s leading business partners. […]
Scanning APK file for URIs, endpoints & secrets. Installation To install apkLeaks, simply: $ git clone https://github.com/dwisiswant0/apkleaks $ cd apkleaks/ $ pip install -r requirements.txt Or download at release tab. Dependencies This package works in Python2 (not Python3). Install global packages: Linux $ sudo apt-get install libssl-dev swig -y OSX $ brew install openssl […]
ESET researchers uncover a new APT group that has been stealing sensitive documents from several governments in Eastern Europe and the Balkans since 2011
Currently any company can become a victim of a cyberattack. According to cybersecurity specialists, automobile company BMW detected and monitored a hacker group that managed to infiltrate its networks for almost a year. Apparently, the German company’s security team detected the presence of hackers after an instance of Cobalt Strike, a legitimate penetration testing tool, […]
Use regular expressions to get sensitive information from a given repository (GitHub, pip or npm). Dependencies You only need to have python 3.6 or higher installed to launch this script. In addition you must have installed in the system git, pip and npm. How to use It’s very easy to use, just run the […]
Various attempts are made on a regular basis to break the tight security that’s used to protect political leaders and steal their personal data. It wouldn’t be surprising to hear that US President Donald Trump is a common target of mischievous and evil minds. But this time, it’s not about someone breaking into his Twitter […]
Edward Snowden, the former CIA agent and NSA contractor who leaked troves of secret documents in 2013, has written a memoir that is expected to be released on September 17. Although multiple books and films based on Snowden’s story have been released to date, this one is special because it comes from the whistleblower himself. […]
When it comes to whether or not a user is being tracked on the web, the answer is yes, and this even includes the various pornographic websites a user visits. According to a study, various major tech companies such as Google, Facebook, and Oracle can track users when they visit a porn website, even if such […]
One of the perks of having a Pixel device is that you can upload unlimited photos and videos to Google’s cloud via Google Photos. But, you can also upload unlimited photos from any other Android device, even iOS for that matter. So, how these two options differ from each other — let’s find out. Google […]
Steganography is common term which is used in hiding or encrypting any personal information. The information can be anything which you don’t want to share. The art of hiding personal data, mention cyber forensics experts. Today most of the companies use this techniques to hide sensitive content inside an image. There are various ways of […]