Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks.
The findings were presented by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week.
The 11 vulnerabilities allow “remote code execution and

from The Hacker News https://ift.tt/iCF572A
via IFTTT

A new phishing-as-a-service (PhaaS or PaaS) platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks.
“Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates

from The Hacker News https://ift.tt/uVLyMSv
via IFTTT

GitHub has announced the general availability of a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code.
The Microsoft-owned cloud-based repository hosting platform, which began testing the feature a year ago, said it’s also extending push protection to all public repositories at no extra cost.
The

from The Hacker News https://ift.tt/P8ry1Ks
via IFTTT

A few weeks ago, the 32nd edition of RSA, one of the world’s largest cybersecurity conferences, wrapped up in San Francisco. Among the highlights, Kevin Mandia, CEO of Mandiant at Google Cloud, presented a retrospective on the state of cybersecurity. During his keynote, Mandia stated:
“There are clear steps organizations can take beyond common safeguards and security tools to strengthen their

from The Hacker News https://ift.tt/me5EBQN
via IFTTT