NATO is investigating an alleged data-theft hack on its Communities of Interest (COI) Cooperation Portal by a hacktivist group called SiegedSec, which claims to have exfiltrated sensitive information from the portal, including names, company affiliations, business emails, addresses, and photos from 31 NATO member nations, in protest of NATO member countries’ attacks on human rights.
Security researchers have discovered two high-severity vulnerabilities in the OverlayFS module of Ubuntu Linux, allowing attackers to execute code with root privileges on approximately 40% of Ubuntu Linux cloud workloads.
Vitalii Chychasov, a Ukrainian man, has pleaded guilty to charges related to his role as an administrator of the cybercrime marketplace SSNDOB, while another administrator, Sergey Pugach, was also arrested.
Porsche’s website and GraphQL API were found to have a security vulnerability that allowed for data exfiltration through a Cross-Site Scripting (XSS) attack.
The Nitrogen malvertising campaign is using Google and Bing ads to infiltrate enterprise networks, primarily targeting technology and non-profit organizations in North America, and tricking users into downloading trojanized installers through pay-per-click advertisements.
Implementing shift-left security can be challenging for organizations, but by aligning and communicating with both security and development teams, measuring progress against security goals, enforcing and automating security practices, and sharing and improving security knowledge, organizations can successfully integrate security into the early stages of software development and reduce the risk of costly security issues.
