Dec 12, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, … [Read more...] about Credentials and API Keys Leaking Online
keys
Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
Aug 11, 2024Ravie LakshmananSupply Chain / Software Security Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets. "The legitimate Solana Python API project is known as 'solana-py' on GitHub, but simply … [Read more...] about Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys
LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released
Feb 20, 2024NewsroomRansomware / Data Protection The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat … [Read more...] about LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
Nov 27, 2023NewsroomServer Security / Encryption A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell (SSH) protocol is a method for securely transmitting … [Read more...] about Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left
As cloud applications are built, tested and updated, they wind their way through an ever-complex series of different tools and teams. Across hundreds or even thousands of technologies that make up the patchwork quilt of development and cloud environments, security processes are all too often applied in only the final phases of software development. Placing security at the very … [Read more...] about The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left
3 Keys to Maximizing SIEM Value
SIEM has been a crucial component of security systems for nearly two decades. While there’s ample information on operating SIEM solutions out there, guidance on evaluating and managing them effectively is lacking.We’ve noticed many SIEM vendors are taking advantage of this dearth of knowledge and not providing customers with needed value for what they’re buying. With that in … [Read more...] about 3 Keys to Maximizing SIEM Value
Safeguards against firmware signed with stolen MSI keys
What could be worse than a ransomware attack on your company? Only an incident that hits your company’s clients, I guess. Well, that’s exactly what happened to MSI — the large Taiwanese manufacturer of laptops, video adapters and motherboards. In the beginning of April, word got out that the company was attacked by a new ransomware gang called Money Message; a while later the … [Read more...] about Safeguards against firmware signed with stolen MSI keys
4 Keys to Selecting a Cloud Workload Protection Platform
Security budgets are not infinite. Every dollar spent must produce a return on investment (ROI) in the form of better detection or prevention. Getting the highest ROI for security purchases is a key consideration for any IT leader. But the path to achieving that goal is not always easy to find. It is tempting for CISOs and CIOs to succumb to “shiny toy” syndrome: to buy the … [Read more...] about 4 Keys to Selecting a Cloud Workload Protection Platform
4 Keys to Create a Thriving Cybersecurity Team for Long-Term Success
There has never been a more important time to listen. “Seek first to understand,” is a lesson I picked up early in my career that has generally proved effective in many situations as a leader, colleague and employee. (Not to mention at home as a partner, father, and friend; it’s a versatile maxim.) Eighteen months into this pandemic, given that the experience and effects of … [Read more...] about 4 Keys to Create a Thriving Cybersecurity Team for Long-Term Success
New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
Hardware security keys—such as those from Google and Yubico—are considered the most secure means to protect accounts from phishing and takeover attacks. But a new research published on Thursday demonstrates how an adversary in possession of such a two-factor authentication (2FA) device can clone it by exploiting an electromagnetic side-channel in the chip embedded in it. The … [Read more...] about New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys