Nov 01, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and … [Read more...] about Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned
private
Australian Defence Force Private and Husband Charged with Espionage for Russia
Jul 12, 2024NewsroomCyber Crime / Online Safety Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media … [Read more...] about Australian Defence Force Private and Husband Charged with Espionage for Russia
Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM
Jun 18, 2024NewsroomPrivacy / Encryption A controversial proposal put forth by the European Union to scan users' private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service of the same name. "Mandating … [Read more...] about Signal Foundation Warns Against EU’s Plan to Scan Private Messages for CSAM
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
Nov 27, 2023NewsroomServer Security / Encryption A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell (SSH) protocol is a method for securely transmitting … [Read more...] about Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
ChatGPT and Elasticsearch: OpenAI meets private data
In recent months, there has been a surge of excitement around ChatGPT, a groundbreaking AI model created by OpenAI. But what exactly is ChatGPT? Based on the powerful GPT architecture, ChatGPT is designed to understand and generate human-like responses to text inputs. GPT stands for "Generative Pre-trained Transformer.” The Transformer is a cutting-edge model architecture that … [Read more...] about ChatGPT and Elasticsearch: OpenAI meets private data
Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons
Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases Chrome 98 and Chrome 101 scheduled in the coming months via a newly implemented W3C … [Read more...] about Chrome Limits Websites’ Direct Access to Private Networks for Security Reasons
Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses
A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields … [Read more...] about Apple’s New iCloud Private Relay Service Leaks Users’ Real IP Addresses
Future Focused: A Safer Way to Expose Private Server Names
Shrink the DNS attack surface with Auth-DoH Imagine you could keep your building location private by making employees invisible as they traveled from home to office. (My inspiration: Loki, the Marvel superhero.) Nobody can see the employee’s destination. There’s a hitch, though. Before opening the door, you’ll need to make sure the person is authorized to enter—not some random … [Read more...] about Future Focused: A Safer Way to Expose Private Server Names
A Google Docs Bug Could Have Allowed Hackers See Your Private Documents
Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward … [Read more...] about A Google Docs Bug Could Have Allowed Hackers See Your Private Documents
PoetRAT: Malware targeting public and private sector in Azerbaijan evolves
Cisco Blogs / Security / Threat Research / PoetRAT: Malware targeting public and private sector in Azerbaijan evolves Cisco Talos discovered PoetRAT earlier this year. We have continued to monitor this actor and their behavior over the preceding months. We have observed multiple new campaigns indicating a change in the actor’s capabilities and showing their … [Read more...] about PoetRAT: Malware targeting public and private sector in Azerbaijan evolves