Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Guacamaya group is a fairly new hacktivist group based in Latin America. The group was first seen around March 2022 as they released sensitive data of several companies based in Chile, Ecuador, Brazil and Colombia. As mentioned, the group is mainly focusing on LATAM but dabbles every now and then with campaigns in Russia. The group is defined as a data leakage threat group, which means they do not encrypt but only leak the stolen data, often they do it for free.

Read also: Apple fixes yet another iOS zero-day, Iranian atomic energy agency hit by hackers, and more.

On October 5, a cyber incident disrupted the availability of three state government websites. The Russian-speaking KillNet group claimed responsibility. As discussed in previous SecurityScorecard research, KillNet began as a financially-motivated operation offering a botnet for hire. It has since remodeled to a hacktivist collective, conducting a series of relatively low-sophistication DDoS attacks against targets linked to entities perceived to oppose the Russian invasion of Ukraine.

Cross-site scripting has been at the top of the OWASP Top 10 for nearly a decade. In this article, we'll explore everything you need to know about XSS, the associated risks, and countermeasures you can take.

CrowdStrike has identified a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure. Called “Kiss-a-dog,” the campaign targets Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools.

If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive information that’s appealing to bad actors — and they’re often much less equipped to protect that data.

I was speaking with an Active Directory security engineer at a global pharmaceutical company recently, and I asked him the most classic question in the product management handbook: “What keeps you up at night?” So cliché (I know), but sometimes instead of an eye roll, you get a real gem, which is exactly what happened.

The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation in which a threat actor is using some of the largest cloud and continuous integration and deployment (CI/CD) service providers; including GitHub, Heroku, Buddy.works, and others to build, run, scale, and operate their massive cloud operation. Because no one has yet reported on this activity and its techniques, we are going to refer to this cluster of activity as PURPLEURCHIN.

Welcome to the first post of the malicious software packages series for the DevOps and DevSecOps community. Each Monday, this technical series will focus on various malicious packages and their effects on the software supply chain, all published over the next four weeks. We’ll dive deeper into malicious packages in each post, including Here we go. Let’s discuss malicious software packages in your software supply chain.

An impersonation attack is a type of targeted phishing attack where a malicious actor pretends to be someone else or other entities to steal sensitive data from unsuspecting employees using social engineering tactics. Hackers attempt to trick the victim into transferring money, giving up sensitive information, or providing business login credentials to leverage cyberattacks and gain unauthorized access to systems and networks.