Codecov Affected by Supply-Chain Attack; Notifies Customers
Microsoft Warns of 25 Critical Memory-Allocation Vulnerabilities in IoT Devices
Babuk Gang to Focus on Data-Theft Extortion instead of Ransomware
Information of 22 Million ParkMobile Customers Released for Free on Hacking Forum
Musical Instrument Marketplace Reverb Discloses Data Breach
Code coverage and software auditing company Codecov recently suffered a supply-chain attack where a threat actor gained access to its Bash Uploader script, altering it to exfiltrate sensitive information from customer environments. Threat actors gained credentials to modify the script by taking advantage of weaknesses in Codecov’s Docker image creation process.
Codecov discovered the compromise on April 1 and began notifying affected customers and providing IOCs on April 30. However, investigation shows the attack first began unnoticed in late January. U.S. federal authorities have also now joined the investigation. Hundreds of cust
DoD needs data management change for zero trust security Egon Rinderer Getty Images The increasing complexity of current and emerging cloud, multicloud and hybrid network environments combined with the rapidly escalating and evolving nature of adversary threats has exposed vulnerability gaps within traditional cybersecurity protections. Over the past several months, we have seen continued efforts by the Department of Defense to take new approaches to strengthen defenses. During the Cyberspace Solarium Commission in March, for example, federal lawmakers and outside experts recommended the National Guard and National Reserve have an increased role in combating catastrophic cyber scenarios, with the idea being to establish a special cyber reserve force that could take advantage of Guard members’ cyber expertise.
minute read
Share this article:
Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.
Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash.
Dubbing the newly discovered family of vulnerabilities “BadAlloc,” Microsoft’s Section 52 which is the Azure Defender for IoT security research group–said the flaws have the potential to affect a wide range of domains, from consumer and medical IoT devices to industry IoT, operational technology, and industrial control systems, according to a report published online Thursday by the Microsoft Security Response Center (MSRC).
BOSTON (AP) â The sprawling hacking campaign deemed a grave threat to U.S. national security came to be known as SolarWinds, for the company whose software update was seeded by Russian intelligence agents with malware to penetrate sensitive government and private networks.
Yet it was Microsoft whose code the cyber spies persistently abused in the campaign s second stage, rifling through emails and other files of such high-value targets as then-acting Homeland Security chief Chad Wolf â and hopping undetected among victim networks.
This has put the worldâs third-most valuable company in the hot seat. Because its products are a de facto monoculture in government and industry â with more than 85% market share â federal lawmakers are insisting that Microsoft swiftly upgrade security to what they say it should have provided in the first place, and without fleecing taxpayers.
Associated Press
BOSTON (AP) The sprawling, monthslong hacking campaign deemed a grave threat to U.S. national security came to be known as SolarWinds for the company whose software update Russian intelligence agents stealthily seeded with malware to penetrate sensitive government and private networks.
Yet it was Microsoft whose code the cyber spies persistently abused in the campaign’s second stage, rifling through emails and other files of such high-value targets as then-acting Homeland Security chief Chad Wolf and hopping undetected among victim networks.
This has put the world’s third-most valuable company in the hot seat. Because its products are a de facto monoculture in government and industry with more than 85 percent market share federal lawmakers are insisting that Microsoft swiftly upgrade security to what they say it should have provided in the first place, and without fleecing taxpayers.