My Shared Links — Week 01/2023
Collection of the {cyber,info}security resources and links I have found insightful and shared during week #01 of 2023.
Slack’s private GitHub code repositories stolen over holidays
Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories.
The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world.
The incident involves threat actors gaining access to Slack’s externally hosted GitHub repositories via a “limited” number of Slack employee tokens that were stolen.
While some of Slack’s private code repositories were breached, Slack’s primary codebase and customer data remains unaffected, according to the company.
Hacker Selling Data Allegedly Stolen From Volvo Cars Following Ransomware Attack
A hacker is offering to sell data allegedly stolen from Swedish vehicle manufacturer Volvo Cars following a ransomware attack carried out in late December.
The Volvo data offered for sale allegedly includes information on existing and future vehicle models, databases, development systems, and employee information.
PyTorch dependency poisoned with malicious code
An unknown attacker used the PyPI code repository to get developers to download a compromised PyTorch dependency that included malicious code designed to steal system data.
2023 Will See Renewed Focus on Quantum Computing
2023 may be the year when quantum finally steps into the limelight with organizations preparing to begin the process of implementing quantum computing technologies into existing systems. It will also be the year to start paying attention to quantum computing-based attacks.
Outrageous Stories From Three Cyber Incident Responders
IBM Security commissioned a study from Morning Consult that surveyed over 1,100 cybersecurity incident responders across ten countries. Unsurprisingly, over two-thirds of respondents experienced daily stress or anxiety due to the pressures of responding to a cyber incident. Despite the challenges, responders are willing to take on the IR role because of their exemplary sense of duty.
But perhaps one of the underrated perks of working in incident response is the ability to tell outrageous true stories.
WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws
WordPress sites are being targeted by a previously unknown strain of Linux malware that exploits flaws in over two dozen plugins and themes to compromise vulnerable systems.