Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world. The hack occurred four months ago but was only discovered in the wild by a Codecov customer on the morning of April 1, 2021, the company said in a note acknowledging the severity of the breach. READ MORE...
Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack. Today, Celsius CEO Alex Mashinsky stated that Celsius' third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list. "An unauthorized party managed to gain access to a back-up third-party email distribution system which had connections to a partial customer email list. READ MORE...
More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure, which handles the distribution of vaccines and their storage at the required temperatures. Following an initial report in December 2020, IBM Security X-Force now reveals that the number of affected organizations is higher compared to the previous assessment. A total of 44 organizations in 14 countries were targeted. READ MORE...
Another UK institution topples at the hands of miscreants. The University of Hertfordshire has fallen victim to a cyber attack that has resulted in the establishment pulling all its systems offline to deal with the situation. The result has been a suspension of all online teaching today and in-person, on-campus teaching only happening if computer access is not required. The university's Wi-Fi is down and there is no student access (either in-person or remote) to its computer facilities. READ MORE...
This month, Mozilla has announced plans to phase out support for the Firefox web browser app on the Amazon Fire TV product line. Amazon Fire TV exists both as an app and a physical stick that TV owners can install on their television sets to access a plethora of streaming services. Although Firefox will be no longer supported on Fire TV effective at the end of this month, Amazon Silk web browser app remains available to Fire TV users. Mozilla Firefox support to end on Amazon Fire TV. READ MORE...
Nothing attracts a scammer more than money, and with the NFT craze generating a ton of sales, threat actors are trying to capitalize on it. An NFT, or Non-Fungible Token, is data stored on a cryptocurrency blockchain that a digital certificate has signed to prove that it is unique and cannot be copied. ver the past year, NFTs have reached mainstream attention as artists sell their digital art for cryptocurrency at popular websites such as Rarible and OpenSea. READ MORE...
The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. According to Bloomberg, Biden administration has a plan to dramatically improve how power utilities defend themselves against attacks from countries considered to be adversaries in cyberspace - such as Russia, Iran, North Korea, and China. The six-page draft plan, drawn up by the National Security Council, is said to provide incentives for electricity companies. READ MORE...
U.S. motorists worry about the cybersecurity of their connected vehicles, according to a survey by HSB, part of Munich Re. Some even believe a hacker could confront them over their car audio systems or disable automotive safety features. Connected vehicles and cybersecurity. The HSB poll by Zogby Analytics found that 37 percent of consumers who responded were somewhat or very concerned about the cyber security and safety of connected and automated vehicles. READ MORE...
IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out. Patching security vulnerabilities has always been the most important security activity an IT team does. For the 25+ years I've spent in security, keeping systems up to date with security patches has been recommendation No. 1 in any set of IT best practices. And during most of this time, we have had the luxury of patching at our own pace. READ MORE...
Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne. Following a three-year private bug bounty program on HackerOne, which has resulted in over $140,000 being awarded in bug bounties for 300 vulnerability reports focusing on reddit.com, the program is going public with an expanded scope. The purpose of the program, Reddit notes, is to keep users' accounts, identities, and private data protected, including chats, messages... READ MORE...