BleepingComputer reports that Ethereum blockchain analytics firm Nansen has disclosed that its third-party authentication provider was impacted by a data breach, which resulted in the compromise of data from 6.8% of its user base over a 48-hour period.
Infiltrating the vendor enabled attackers to access an admin panel involved in Nansen customer access, resulting in the exposure of users' email addresses, as well as password hashes and blockchain addresses for a smaller portion of users, according to Nansen. Immediate password resets for impacted individuals have been urged by Nansen, which noted that brute-force attacks could be launched by threat actors to pry encrypted passwords.
While no wallet funds were affected by the third-party breach, users should be vigilant against phishing attempts, said Nansen CEO Alex Svanevik in the company's data breach notice. "We are working closely with the vendor, our external legal advisors, and cybersecurity experts to conduct a full investigation," said Svanevik.
Open-source artificial intelligence compute framework Ray has been found to be impacted by a critical vulnerability, tracked as CVE-2023-48023, which could be exploited to facilitate unauthorized node access, according to SecurityWeek.
Exposed Kubernetes secrets pose significant supply chain threat Numerous organizations and open-source projects could be impacted by a supply chain attack stemming from publicly exposed Kubernetes secrets enabling access to sensitive Software Development Life Cycle environments, according to SecurityWeek.
Partner or Problem? Securing third-party relations in the age of supply-chain attacks
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news