Author Archives: eturner@hitechlives.com

Hacker News, News

Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Posted on by eturner@hitechlives.com
Google has disclosed details of a financially motivated threat cluster that it said “specialises” in voice phishing (aka vishing) campaigns designed to breach organizations’ Salesforce instances for large-scale data theft and subsequent extortion.
The tech giant’s threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with
Continue reading
Hacker News, News

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

Posted on by eturner@hitechlives.com
Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems.
According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments.
“Chaos RAT is an open-source RAT written in
Continue reading
Hacker News, News

Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era

Posted on by eturner@hitechlives.com
Traditional data leakage prevention (DLP) tools aren’t keeping pace with the realities of how modern businesses use SaaS applications.
Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks
Continue reading
Cloud Security Alliance, News

4 Mindset Shifts for Making Zero Trust Work in the Real World

Posted on by eturner@hitechlives.com
Originally published by Cerby.

Written by John Kindervag.

 

Zero Trust has become one of the cybersecurity world’s most misunderstood buzzwords. In theory, it’s simple: never trust, always verify. In practice, it’s often reduced to a check-the-box product deployment or a single vendor’s promise to “solve” it for you. 

But Zero Trust is not something you can buy, deploy, and move on from. Zero Trust is a journey, not a project.

Zero Trust is a security strategy. It is a…

Continue reading
Hacker News, News

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Posted on by eturner@hitechlives.com
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.
The findings come from multiple reports published by Checkmarx,
Continue reading
This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies. Click More Info to view Privacy Policy.
More info Accept