Typosquatting Threatens Developers: Malicious Code in GitHub Actions
Watch the Typo: Our PoC Exploit for Typosquatting in GitHub Actions A new report from cloud security firm Orca warns developers about a concerning security risk – typosquatting in GitHub Actions. This technique leverages developers’ typos to trick them into...Cyberattack Disrupts Transport for London Services
https://tfl.gov.uk/campaign/cyber-security-incident Transport for London (TfL) has been impacted by a cyberattack, causing disruptions to staff systems and limited availability of services for passengers. The attack occurred on Sunday, prompting TfL to implement...
5 Steps for Securing Your Software Supply Chain
Most modern applications are assembled from open-source components with developers typically writing less than 15% of the code for their application. As the demand for open-source software grows, there’s also an increase in the number of available open-source...AI-Powered Voice Cloning Scams on the Rise
https://www.sans.org/newsletters/ouch/phantom-voices-defend-against-voice-cloning-attacks A disturbing new trend has emerged in the world of scams – the use of artificial intelligence (AI) to clone voices and deceive unsuspecting victims. Margaret, a retired teacher,...Critical Vulnerability Found in Airport Security System
https://ian.sh/tsa A significant security flaw has been discovered in FlyCASS, a web-based service used by some airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). The vulnerability could have potentially allowed...FIDO Security Token YubiKey 5 Vulnerable to Cloning Attacks
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf A new side-channel vulnerability has been discovered in the YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard. This vulnerability allows attackers...Banks Under Fire for Inadequate Scam Protection as Victims Suffer
https://www.smh.com.au/money/saving/carol-completely-trusted-these-people-then-her-life-savings-disappeared-20240830-p5k6mi.html Scams continue to plague Australians, with victims often left devastated and facing challenges in recovering their lost funds. Despite the...Critical Infrastructure Under Threat: Zero-Day Vulnerability Exploited to Spread Mirai Botnet
https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt A critical zero-day vulnerability in AVTECH IP cameras is being weaponized to spread the notorious Mirai botnet, posing a serious threat to industrial control systems and...