Androxgh0st botnet steals AWS and Microsoft credentials
CISA and the FBI warn of a campaign aiming to steal cloud credentials. Cybercriminals are attempting to use the Androxgh0st malware to create a botnet that steals credentials from cloud services. This data is then used to deliver malicious payloads.
Androxgh0st is known as an "SMTP cracker," whi... Read more
Publicly accessible code is often full of credentials
Publicly accessible programming code is still often riddled with certain credentials that can give anyone a peek into underlying databases or (cloud) services. This is what security specialist GitGuardian recently found in a survey of 450,000 Python projects.
Developers still cannot keep their c... Read more
Login credentials are the main entry point for hackers into your cloud
In the spring, hackers broke into companies' cloud services primarily through employee login credentials. So IT teams better make it a priority to strengthen authentication methods and follow up on data breaches.
Hackers were able to enter enterprise cloud environments most often by misusing lo... Read more
GitHub introduces free secret scanning for all repositories
The new service allows developers to find exposed secrets and credentials.
In a move to secure the global software supply chain, GitHub plans to allow developers to scan their repositories for exposed secrets and credentials for free. The new service was announced in a Tweet this week.
Mariam... Read more
Hackers attempt to crack LastPass accounts with credential stuffing
Password manager LastPass is under fire. In recent days, hackers made several attempts to break into the password vaults of LastPass users. According to the password manager, credential stuffing is at the base of the attacks.
Users of LastPass reported break-in attempts into the digital safes de... Read more