Massachusetts experienced a two-hour statewide 911 outage caused by an errant firewall installed by vendor Comtech to prevent cyberattacks. The firewall blocked calls from reaching dispatch centers. No emergencies were reportedly impacted, as dispatch centers could identify and return unsuccessful calls.
Crypto exchange Kraken disclosed a critical zero-day flaw exploited by a security researcher to steal $3 million in digital assets. The vulnerability allowed artificial balance inflation by initiating deposits without completion. Kraken fixed the issue within 47 minutes and has stated that no client assets were at risk.
Amtrak has disclosed a data breach that affects users of the Guest Rewards program. It determined that there was no breach of its systems and that accounts were accessed via credentials leaked in previous breaches. Stolen information included names, contact information, rewards account numbers, partial credit card data, dates of birth, and transaction/trip information.
This article discusses a novel attack technique that utilizes developer access to a lower privilege GitHub repository to escalate privileges to a total compromise of all GitHub Actions pipelines in the organization. The attack makes use of a command injection vulnerability caused by utilizing the branch name directly in a command run on a self-hosted runner. This access is then used to register a new runner with the ubuntu-latest tag that will be used for any actions trying to use the GitHub hosted ubuntu-latest runner.
This post explores what Cloud Detection and Response tools are and provides some insight into the vendor landscape. CDR tools tie together logs from the Kubernetes control plane, containers, and cloud events into a single timeline for analysts along with response and remediation actions. The post concludes with an overview of the landscape, highlighting Upwind and Sweet as vendors capable of typing cloud and Kubernetes events together.
Proofpoint analysts have identified three attack chains that seek to social engineer users into running malicious Powershell scripts. The first two attack chains load a script hosted on Binance's chain which shows the user a fake Google Chrome error and prompts them to βinstall a root certificateβ by copying a Powershell script into an admin Powershell console. The third attack chain sends an email resembling Microsoft Word documents and prompts users to install a Word Online extension which then prompts the user to βfixβ the document by running a Powershell script or downloading and executing a file.
Pomerium offers a unified access control solution that prioritizes access over restriction, dynamically verifying user identities and context to improve security.
Netfetch is a tool that scans Kubernetes networks to identify whether any pods are running without a network policy. The tool provides a CLI and dashboard for visualization.
The US government has expanded its ban on Kaspersky software due to national security concerns, preventing the company from providing updates to customers in the U.S. This ban will impact the ability of Kaspersky software to detect threats on American systems over time. Existing Kaspersky customers in the U.S. have until September 29 to find alternative antivirus software.
This post provides a list of questions to ask when interviewing for an AppSec role. The questions aim to understand the culture of the team, interactions with other teams, and what your work would look like. An explanation of why each question should be asked is provided.
This blog post goes into detail about performance reviews, career ladders, and career growth strategies. Career growth is something that employees should be thinking about year-round. ICs can use hype lists to jot down what they worked on, the impact it made, and any notes they had. They should utilize this list in performance reviews in addition to making sure that their work is visible throughout the company.
Microsoft patched a critical vulnerability in Windows 10 and 11 that could allow hackers to remotely access devices on public Wi-Fi networks without user interaction.
Curated news π°, research π§βπ¬, and tools π for information security professionals