The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.
Follow Dark Reading:
 September 02, 2022
LATEST SECURITY NEWS & COMMENTARY
Code-Injection Bugs Bite Google, Apache Open Source GitHub Projects
The insecurities exist in CI/CD pipelines and can be used by attackers to subvert modern development and roll out malicious code at deployment.
Apple Quietly Releases Another Patch for Zero-Day RCE Bug
Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices.
Threat Actor Phishing PyPI Users Identified
"JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.
Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams
The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices.
Neopets Hackers Had Network Access for 18 Months
Neopets has confirmed that its IT systems were compromised from January 2021 through July 2022, exposing 69 million user accounts and source code.
Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation
Cloud breaches are inevitable — and so is cloud ransomware. (Second of two parts.)
MORE NEWS / MORE COMMENTARY
HOT TOPICS
Phishing Campaign Targets PyPI Users to Distribute Malicious Code
The first-of-its-kind campaign threatens to remove code packages if developers don’t submit their code to a "validation" process.

The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks
While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. (First of two parts.)

Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack
The ongoing campaign is spreading worldwide, using the lure of a fully functional Google Translate application for desktops that has helped the threat stay undetected for months.

MORE
EDITORS' CHOICE
Google Fixes 24 Vulnerabilities With New Chrome Update
But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome.
LATEST FROM THE EDGE

Ghost Data Increases Enterprise Business Risk
IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organization's cloud attack surface.
LATEST FROM DR TECHNOLOGY

New Guidelines Spell Out How to Test IoT Security Products
The proposed AMTSO guidelines offer a roadmap for comprehensive testing of IoT security products.
WEBINARS
  • Emerging Cyber Vulnerabilities That Every Enterprise Should Know About

    Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest-and potentially most impactful-vulnerabilities that have been discovered/...

  • Using Identity & Access Management to Improve Cyber Defense

    End user credentials have become a central target for online attackers, enabling them to navigate your enterprise systems as trusted users. As online attackers target these credentials and end users seek to gain access to a wider variety of applications ...
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
PRODUCTS & RELEASES
(ISC)² Launches 'Certified in Cybersecurity' Entry-Level Certification to Address Global Workforce Gap
(ISC)² Opens Global Enrollment for '1 Million Certified in Cybersecurity' Initiative
SecureAuth Announces General Availability of Arculix, Its Next-Gen Passwordless, Continuous-Authentication Platform
MORE PRODUCTS & RELEASES
CURRENT ISSUE

Ransomware Resilience and Response: The Next-Generation
DOWNLOAD THIS ISSUE
VIEW BACK ISSUES
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2022  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us