Browsing tag
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. “The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials,” Sysdig said in a new report. The advanced cloud attack also […]
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The company blamed it on a “sophisticated and highly-targeted phishing attack” that took place on February 5, 2023, aimed at […]
The maintainers of the Git source code version control system have released updates to remediate two critical vulnerabilities that could be exploited by a malicious actor to achieve remote code execution. The flaws, tracked as CVE-2022-23521 and CVE-2022-41903, impacts the following versions of Git: v2.30.6, v2.31.5, v2.32.4, v2.33.5, v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.2, and v2.39.0. […]
If one word could sum up the 2021 infosecurity year (well, actually three), it would be these: “supply chain attack”. A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the ‘downstream’ applications that use them. In 2021, we have seen a dramatic rise in such attacks: high […]
All a user required was to open Gumtree’s website and press the F12 button on Chrome or Firefox browsers to view users’ personal data. A UK-based classified site and used goods marketplace, Gumtree, exposed the home addresses of its users in its webpages source code. Gumtree is among the top 30 sites in Britain, and […]
A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that’s semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed “Trojan Source attacks,” the technique “exploits subtleties in text-encoding standards such as […]
Interactive livestreaming platform Twitch acknowledged a “breach” after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools. The Amazon-owned service said it’s “working with urgency to understand the extent of this,” adding […]
Hackers leave no chance of obtaining the source codes of popular apps as they aren’t public. However, in a recent incident, someone has archived Snapchat’s source code and posted it on Github. The incident was confirmed by the social networking app to Motherboard on Tuesday. The hackers got hold of the code after the app […]
Short Bytes: Due to a single-letter typo bug in Zerocoin’s source code, the hackers were able to exploit the platform and steal Zerocoins worth about $592,000. Zerocoin is a Bitcoin-based cryptocurrency protocol for anonymous trading. The developers are working to push an update soon to resume the trading. In the past, we’ve seen multiple examples of how small programming errors […]
The source code that powers the “Internet of Things” (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable […]