Spanish fashion retailer MANGO is sending notices of a data breach to its customers, warning that its marketing vendor suffered a compromise exposing personal data. […]
F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data
F5 has not shared too much information on the threat actor, but the attack profile seems to point to China.
The post F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data appeared first on SecurityWeek.
Webinar Today: Fact vs. Fiction – The Truth About API Security
Get practical guidance to protect APIs against the threats attackers are using right now.
The post Webinar Today: Fact vs. Fiction – The Truth About API Security appeared first on SecurityWeek.
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk.
“A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,”
“A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,”
How to spot dark web threats on your network using NDR
Dark web activity can hide in plain sight within everyday network traffic. Corelight’s NDR platform brings deep visibility, AI-driven detection, and behavioral analytics to uncover hidden threats across your network. […]
F5 says hackers stole undisclosed BIG-IP flaws, source code
U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. […]
Customer Service Firm 5CA Denies Responsibility for Discord Data Breach
After being named by Discord as the third-party responsible for the breach, 5CA said none of its systems were involved.
The post Customer Service Firm 5CA Denies Responsibility for Discord Data Breach appeared first on SecurityWeek.
CISA Issues Emergency Directive to Address Critical Vulnerabilities in F5 Devices
How Attackers Bypass Synced Passkeys
TLDR
Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys.
Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys.
Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure.
Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong
ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact
Over 20 advisories have been published by industrial giants this Patch Tuesday.
The post ICS Patch Tuesday: Fixes Announced by Siemens, Schneider, Rockwell, ABB, Phoenix Contact appeared first on SecurityWeek.