Mar 09, 2024NewsroomCyber Attack / Threat Intelligence Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is … [Read more...] about Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
secrets
Secrets Sensei: Conquering Secrets Management Challenges
Mar 08, 2024The Hacker NewsSecrets Management / Access Control In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's dispense … [Read more...] about Secrets Sensei: Conquering Secrets Management Challenges
NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers
Jan 22, 2024NewsroomBrowser Security / Cyber Threat Cybersecurity researchers have discovered a new Java-based "sophisticated" information stealer that uses a Discord bot to exfiltrate sensitive data from compromised hosts. The malware, named NS-STEALER, is propagated via ZIP archives masquerading as cracked software, Trellix security researcher Gurumoorthi Ramanathan said in … [Read more...] about NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers
Exposed Secrets are Everywhere. Here’s How to Tackle Them
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, … [Read more...] about Exposed Secrets are Everywhere. Here’s How to Tackle Them
Tell Me Your Secrets Without Telling Me Your Secrets
Nov 24, 2023The Hacker NewsDeveloper Tools / API Security The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their new HasMySecretLeaked service. They wanted to help developers find out if their secrets (passwords, API keys, private keys, cryptographic … [Read more...] about Tell Me Your Secrets Without Telling Me Your Secrets
Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone
Secrets are meant to be hidden or, at the very least, only known to a specific and limited set of individuals (or systems). Otherwise, they aren't really secrets. In personal life, a secret revealed can damage relationships, lead to social stigma, or, at the very least, be embarrassing. In a developer's or application security engineer's professional life, the consequences of … [Read more...] about Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone
Secrets to successful engineering leadership from Elastic’s Simona Posea
For Simona Posea, visualizing a career in technology came easily.“My mother was a role model, as she’s been working with computers since punch cards were a thing,” Simona laughs. “We had our first PC when I was six years old, and she taught us how to operate it. At the time, I would use it to play games.”This early interest in technology was further reinforced when Simona took … [Read more...] about Secrets to successful engineering leadership from Elastic’s Simona Posea
Former CIA Engineer Convicted of Leaking ‘Vault 7’ Hacking Secrets to Wikileaks
Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed Vault 7 to WikiLeaks. The 33-year-old engineer had been charged in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also faces a separate trial on … [Read more...] about Former CIA Engineer Convicted of Leaking ‘Vault 7’ Hacking Secrets to Wikileaks
Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized access and plunder of secret environment data associated with a public open-source … [Read more...] about Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects
Microsoft Edge Bug Could’ve Let Hackers Steal Your Secrets for Any Site
Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that's triggered when … [Read more...] about Microsoft Edge Bug Could’ve Let Hackers Steal Your Secrets for Any Site