Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

Deepfake Scams Are Distorting Reality Itself

The easy access that scammers have to sophisticated AI tools means everything from emails to video calls can’t be trusted.

Wired
Open in Source
#sap#wifi
Scammers are constantly changing the game, but so are we. Introducing Malwarebytes Scam Guard

As scammers develop new ways of exploiting unsuspecting users, Malwarebytes is introducing Scam Guard to combat this new wave of threats.

US Sanctions Philippines’ Funnull Technology Over $200M Crypto Scam

The US Department of the Treasury has taken action against Funnull Technology Inc. for enabling massive pig butchering…

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend

'Everest Group' Extorts Global Orgs via SAP's HR Tool

In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.

A new author has appeared

Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers.

GHSA-phf6-hm3h-x8qp: Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`

### Summary Using `Issue_comment` on `.github/workflows/scalafmt-fix.yml` an attacker can inject malicious code using `github.event.comment.body`. By exploiting the vulnerability, it is possible to exfiltrate high privileged `GITHUB_TOKEN` which can be used to completely overtake the repo since the token has content privileges. In addition ,it is possible to exfiltrate also the secret: - `BROADBOT_GITHUB_TOKEN ` ### Details The `Issue_comment` in GitHub Actions might be an injection path if the variable isn't handle as it should. In the following step it's vulnerable because it directly interpolates untrusted user input into a shell script. ``` - name: Check for ScalaFmt Comment id: check-comment run: | if [[ "${{ github.event_name }}" == "issue_comment" && "${{ github.event.comment.body }}" == *"scalafmt"* ]]; then echo "::set-output name=comment-triggered::true" else echo "::set-output name=comment-triggered::false" ...

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive apps designed to steal personal information to fraudulent payment schemes that attempt to exploit

The US Is Building a One-Stop Shop for Buying Your Data

Plus: A mysterious hacking group’s secret client is exposed, Signal takes a swipe at Microsoft Recall, Russian hackers target security cameras to spy on aid to Ukraine, and more.