Welcome to another Lunch Time breakout:
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions
A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks.
The technique “could act as an entry point for an attack on many organizations,” Aqua security researcher Ilay Goldman said in a report published last week.
VS Code extensions,
Top SaaS Cybersecurity Threats in 2023: Are You Ready?
Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses
Web applications are at the core of what SaaS companies do and how they operate, and they can store some of
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.
The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles.
The malicious code, as is increasingly
Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners.
The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in
Follow for more…