Welcome to another Lunch Time breakout:
Slack’s private GitHub code repositories stolen over holidays
Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. […]
Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code.
“An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP
CircleCI Urges Customers to Rotate Secrets Following Security Incident
DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident.
The company said an investigation is currently ongoing, but emphasized that “there are no unauthorized actors active in our systems.” Additional details are expected to be shared in the coming days.
“Immediately rotate any and all secrets stored in CircleCI,”
The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server.
“When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated,” AhnLab Security Emergency Response Center (ASEC) disclosed in a
SpyNote Strikes Again: Android Spyware Targeting Financial Institutions
Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022.
“The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public,” ThreatFabric said in a report shared with The Hacker News. “This has helped other actors [in] developing and distributing the
Mitigate the LastPass Attack Surface in Your Environment with this Free Tool
The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on the one hand, as LastPass has noted, users who followed LastPass best practices would be exposed to practically zero to extremely low risk. However, to say that password best practices are not followed is a wild understatement. The reality is that there
Bluebottle hackers used signed Windows driver in attacks on banks
A signed Windows driver has been used in attacks on banks in French-speaking countries, likely from a threat actor that stole more than $11 million from various banks. […]
Follow for more…