April 9, 2022

Snap-on Discloses Data Breach Claimed by Conti Ransomware Gang Yesterday, Snap-on disclosed a data breach after they detected suspicious activity in their network, which led to them shutting down all of their systems. “In early March, Snap-on detected unusual activity in some areas of its information technology environment. We quickly Read more…

GitHub can now Alert of Supply-chain Bugs in New Dependencies GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. This is achieved by adding the new Dependency Review GitHub Action to an existing workflow in one of your projects. You can do Read more…

Mirai Malware Now Delivered Using Spring4Shell Exploits The Mirai malware is now leveraging the Spring4Shell exploit to infect vulnerable web servers and recruit them for DDoS (distributed denial of service) attacks. Spring4Shell is a critical remote code execution (RCE) vulnerability tracked as CVE-2022-22965, affecting Spring Framework, a widely used enterprise-level Java app development Read more…

US Eases Sanctions that may Lead to Russia’s Internet Isolation Today, the U.S. has announced exemptions on previously imposed sanctions on Russia related to telecommunications and internet-based communications, likely to prevent Russians from being isolated from Western news sources. This move comes amid successive announcements of additional sanctions against key Read more…

Raspberry Pi Removes Default User to Hinder Brute-force Attacks An update to Raspberry Pi OS Bullseye has removed the default ‘pi’ user to make it harder for attackers to find and compromise Internet-exposed Raspberry Pi devices using default credentials. Starting with this latest release, when installing the OS, you will Read more…