Detecting attackers obfuscating their IP address inside AWS

Security researchers have documented an attack technique that may allow attackers to leverage a legitimate Amazon VPC feature to mask their use of stolen API credentials inside AWS. The feature and its exploitation potential “Amazon Virtual Priva… Continue reading Detecting attackers obfuscating their IP address inside AWS

MFA spending on the rise, but organizations still unclear on best practices

While MFA adoption and spending is on the rise, organizations are still unclear on best practices and methodologies, Yubico and 451 Research reveal. The findings show that MFA adoption and spending has increased within the enterprise due to a confluenc… Continue reading MFA spending on the rise, but organizations still unclear on best practices

Backdoor Found in Codecov Bash Uploader

Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there.

Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the company warned.

Codecov’s Bash Uploader is also used in several uploaders — Codecov-actions uploader for Github, the Codecov CircleCl Orb, and the Codecov Bitrise Step — and the company says these uploaders were also impacted by the breach…

Continue reading Backdoor Found in Codecov Bash Uploader

Facebook Messenger users targeted by a large-scale scam

A large-scale scam campaign targeting Facebook Messenger users all over the world has been detected by Group-IB. Digital Risk Protection (DRP) analysts have found evidence proving that users in over 80 countries in Europe, Asia, the MEA region, North a… Continue reading Facebook Messenger users targeted by a large-scale scam

Bad bot traffic reaching an all-time high over the past year

In 2020, Imperva saw the highest percentage of bad bot traffic (25.6%) since 2014, while traffic from humans fell by 5.7%. More than 40% of all web traffic requests originated from a bot last year, suggesting the growing scale and widespread impact of … Continue reading Bad bot traffic reaching an all-time high over the past year