42 matches found
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper , to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the repository has...
Apache NimBLE 安全漏洞
Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. A security vulnerability exists in Apache NimBLE versions 1.8.0 and earlier, whi...
EUVD-2021-23365
Malware in sbrugna...
EUVD-2022-50690
Malicious code in bioql PyPI...
CVE-2023-21242
In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-47976
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections...
Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome
Welcome to this week's edition of the Threat Source newsletter. Hello again my friends! Geez, it's been a year am I right? Lemons its February you say?! Oof. Imposter syndrome. You've heard the term I'm sure, but what is it? Basically: imposter syndrome is the persistent feeling of self-doubt and...
Take Command of Your Career: Practicing Self-Advocacy as a Woman in Tech
As the year draws to a close, it’s essential—and often expected—to reflect on our achievements and lessons learned in preparation for annual performance reviews and setting future goals.For women in tech, this reflection period can be an especially powerful tool. The industry often demands that...
AI Granny Daisy takes up scammers’ time so they can’t bother you
A mobile network operator has called in the help of Artificial Intelligence AI in the battle against phone scammers. Virgin Media O2 in the UK has built an AI persona called Daisy with the sole purpose of keeping scammers occupied for as long as possible. Basically, until the scammers give up,...
Imposter syndrome in cyber security
TL;DR Imposter syndrome is the belief that you are undeserving of your achievements Anyone can be affected by it There are ways to cope What is imposter syndrome? Imposter syndrome is the psychological pattern in which a person downplays their achievements and believes that they are secretly a...
CVE-2023-21242
In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21242
In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21242
In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Malicious code in imposter-pkg-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e5127f46671b090bf9ac113a3ff87f19d522e0ec80dda844332b9625b30ecf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-521 Malicious code in imposter-pkg-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e5127f46671b090bf9ac113a3ff87f19d522e0ec80dda844332b9625b30ecf1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
US Facebook users can now claim Cambridge Analytica settlement cash
US-based Facebook users can now claim a piece of the enormous settlement payment by Meta, Facebook's parent company, over the Cambridge Analytica scandal. This news follows Meta agreeing to pay $725 million in December 2022 to settle the longstanding class action lawsuit filed by Lauren Price in...
Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index PyPI repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib...
Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index PyPI repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib...
SUSE CVE-2021-36781
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1...
CVE-2022-47976
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections...