2023-02-27
Based on the overwhelming influx of tips from Dish employees, from some being asked to do overtime to make up for “lost productivity,” to others sharing inside info about the cyber attack, it seems a lot are unhappy at their workplace 😬🥲
BleepingComputer
Sources: the cyberattack on Dish Network was “by an outside bad actor, a known threat agent” and the company is working with an external vendor to fix the issue
2023-02-26
Based on the overwhelming influx of tips from Dish employees, from some being asked to do overtime to make up for “lost productivity,” to others sharing inside info about the cyber attack, it seems a lot are unhappy at their workplace 😬🥲
BleepingComputer
Sources: Dish Network has been hit by a cyberattack “by an outside bad actor” and the company is working with an external vendor to resolve the issue
American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours.
2023-02-25
TELUS, Canada's second-largest telco, is investigating a potential #databreach after sample sets of company's employee data, payroll records, and private GitHub repos appeared on a data breach forum this week. https://www.bleepingcomputer.com/ ...
BleepingComputer
Canada's second-largest telecom TELUS is investigating a potential data breach after a hacker put up private GitHub repositories and payroll records for sale
a threat actor shared samples online of what appears to be employee data. They subsequently posted screenshots that apparently show private source code repositories & payroll reco...
⚠️ Dish Network 📡 OUTAGE: Websites and Dish Anywhere app down for days with no explanation. Employees seem to be clueless too. https://www.theverge.com/... cc @DISHNews @Dish https://twitter.com/...
The Verge
A major outage has taken down Dish Network's websites, apps, and customer support systems; remote employees have been cut off from accessing their work systems
Since Thursday morning, Dish Network has been experiencing a major outage that's taken down the company's main websites, apps …
2023-02-18
“While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to random domains, the attackers had access to the company's network for multiple years.” 😬 via @serghei https://www.bleepingcomputer.com/ ...
BleepingComputer
GoDaddy discovered a multiyear security breach in early December 2022 in which unknown attackers stole some source code and installed malware on its servers
Web hosting giant GoDaddy says they suffered a breach where unknown attackers have stolen source code and installed malware …
2023-02-07
This adds to a series of chaotic developments at Royal Mail—from the ongoing CWU strikes from workers, to multiple IT outages of last year, at least one of which led to Tracking services being unavailable for days.
BleepingComputer
The LockBit ransomware gang claims responsibility for an attack on the UK's Royal Mail that halted international shipping, contradicting an earlier statement
The LockBit ransomware operation has claimed the cyberattack on UK's leading mail delivery service Royal Mail that forced the company …
LockBit had earlier denied being behind the cyber attack and blamed the mishap on an affiliate. LockBit is now, however, threatening to leak the allegedly stolen data on its leak site. Like earlier, they still haven't explained exactly what data was stolen, if any. https://twitter.com/...
BleepingComputer
The LockBit ransomware gang claims responsibility for an attack on the UK's Royal Mail that halted international shipping, contradicting an earlier statement
The LockBit ransomware operation has claimed the cyberattack on UK's leading mail delivery service Royal Mail that forced the company …
2023-01-10
🤯 Could have retrieved anyone's report all this time by simply changing the last bit of the URL and Experian goes silent. Threat actors apparently already exploited the bug. Great work by @briankrebs and Jenya Kushnir! https://krebsonsecurity.com/ ...
Krebs on Security
Up until late December 2022, hackers were using a flaw in Experian's site to get anyone's entire credit report using only their name, address, birthday, and SSN
2023-01-05
CircleCI discloses security incident: Ironically, the wording suggests that CircleCI was breached on December 21st—the same day it published a “reliability update” reinforcing its commitment to bettering its services. https://www.bleepingcomputer.com/ ... #databreach
BleepingComputer
CI/CD service CircleCI says it is investigating “a security incident” and “out of an abundance of caution” all customers should “rotate any and all secrets”
CircleCI, a software development service has disclosed a security incident and is urging users to rotate their secrets.
2023-01-03
They further state that they'd deleted the data they received and reported the flaw to Facebook/Meta AI, who is PyTorch's original developer prior to PyTorch's disclosure (which btw, clearly calls the attack “malicious")
BleepingComputer
PyTorch identifies a malicious dependency using its “torchtriton” library name, warning nightly version users to uninstall; the hacker claims ethical research
JUST IN: In a statement, the creator of counterfeit ‘torchtriton’ has apologized and stressed that their intent wasn't malicious. They claim collecting sensitive data, including keys and secrets—which they call a “wrong decision,” was to better identify victims. https://twitter.com/...
BleepingComputer
PyTorch identifies a malicious dependency using its “torchtriton” library name, warning nightly version users to uninstall; the hacker claims ethical research
PyTorch reveals malicious dependency chain compromise between Dec 25th & 30th. The counterfeit ‘tortchtrion’ stole SSH keys, first 1000 files in $HOME, .gitconfig and other secrets. 2,300+ downloads seen so far on PyPI. Uninstall now 👇👇👇 https://www.bleepingcomputer.com/ ... #opensource
BleepingComputer
PyTorch identifies a malicious dependency using its “torchtriton” library name, warning nightly version users to uninstall; the hacker claims ethical research
2023-01-02
PyTorch reveals malicious dependency chain compromise between Dec 25th & 30th. The counterfeit ‘tortchtrion’ stole SSH keys, first 1000 files in $HOME, .gitconfig and other secrets. 2,300+ downloads seen so far on PyPI. Uninstall now 👇👇👇 https://www.bleepingcomputer.com/ ... #opensource
BleepingComputer
PyTorch identifies a malicious dependency that uses its “torchtriton” library name, warning users to uninstall the framework; the hacker claims ethical research
PyTorch has identified a malicious dependency with the same name as the framework's ‘torchtriton’ library.
JUST IN: In a statement, the creator of counterfeit ‘torchtriton’ has apologized and stressed that their intent wasn't malicious. They claim collecting sensitive data, including keys and secrets—which they call a “wrong decision,” was to better identify victims. https://twitter.com/...
BleepingComputer
PyTorch identifies a malicious dependency that uses its “torchtriton” library name, warning users to uninstall the framework; the hacker claims ethical research
PyTorch has identified a malicious dependency with the same name as the framework's ‘torchtriton’ library.
2022-12-22
EXCLUSIVE: #Okta says its GitHub source code repositories were stolen this December in a ‘confidential’ security notification sent to ‘security contacts’ that include IT managers at various organizations. https://twitter.com/...
BleepingComputer
Okta tells customers that hackers breached its GitHub repositories in December and stole its source code but that they did not access service or customer data
Ax Sharma / BleepingComputer :
2022-12-21
“Upon investigation, we have concluded that such access was used to copy Okta code repositories,” writes David Bradbury, the company's Chief Security Officer (CSO) in the email. https://www.bleepingcomputer.com/ ...
BleepingComputer
Okta tells customers its GitHub repositories were hacked this month and its source code was stolen, but says hackers did not access service or customer data
Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub …
At the time of writing our report, the impact appears to be relevant to Okta Workforce Identity Cloud (WIC) code repositories, but not Auth0 Customer Identity Cloud product. This is based on the wording in the email. Okta plans on publishing a statement on blog today. https://twitter.com/...
BleepingComputer
Okta tells customers its GitHub repositories were hacked this month and its source code was stolen, but says hackers did not access service or customer data
Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub …
EXCLUSIVE: #Okta says its GitHub source code repositories were stolen this December in a ‘confidential’ security notification sent to ‘security contacts’ that include IT managers at various organizations. https://twitter.com/...
BleepingComputer
Okta tells customers its GitHub repositories were hacked this month and its source code was stolen, but says hackers did not access service or customer data
Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub …
2022-11-24
NEW: Chrome extension ‘SearchBlox’ installed by 200,000+ Roblox users appears to have been compromised. #Backdoor attempts to steal Roblox creds and Rolimons assets. https://www.bleepingcomputer.com/ ... #malware #opensource https://twitter.com/...
BleepingComputer
Google blocklisted two Chrome “SearchBlox” extensions with 200K+ installs, after discovery of a backdoor that can be used to steal Roblox credentials and assets
Ax Sharma / BleepingComputer :
2022-07-28
From this month's ‘atomicwrites’ incident to cases of colors, faker, node-ipc, styled-components,.. Protestware has become a recurring theme as devs start harnessing the power they always possessed: to change their code as they please. https://techcrunch.com/... #opensource
TechCrunch
A look at the recent rise of protestware, where developers deliberately sabotage their own software libraries as a means of protest for a cause they believe in
Ax Sharma / TechCrunch : Tweets: @haje Tweets: @haje : I loved this piece from @Ax_Sharma (making his @TechCrunch contributor debut) today, delving into how and why #OpenSource de...