Search the Community

Production companies such as Amazon, HBO Max and the BBC may be using North Korean labor to produce a number of popular shows, according to the discovery of in-progress animation work on an unsecured cloud server in 2023. Per The Register, Nick Roy, the lead author of blog NK Internet, discovered the server’s existence, although analysis from 38 North, a publication from think tank The Stimson Center covering events and policy in the North Korean region, suggests that the server is no longer in use. There are also questions about the nature of the files found during analysis. While many files were explicitly work in progress, including direct instructions written in Chinese and translated to Korean, other files, pertaining to the BBC children’s show Octonauts, were complete, making it unclear as to whether they were simply files used as reference for other projects, or actively worked on by the outfit. We’re gonna make (you draw) a movie, kid Other work-in-progress files were identifiable as from the third season of Amazon’s Invincible and Cartoon Network / HBO Max collaboration “Iyanu, Child of Wonder”. While animated television isn’t really in TechRadar Pro’s wheelhouse, our sister site has previously covered Invincible, for example, as early as this month. The 38 North report sheds little light on the contracted operation, only that it was based in Pyongyang. The report guesses that it’s April 26 Animation Studio, or SEK Studio, ‘North Korea’s premier animation house’, but also an outfit put under US sanctions in 2016, with other companies found to be collaborating with it given similar punishments relating to ‘corruption and human rights abuse’ as late as 2022. This stuff is quite frightening, honestly. It’s easy, as a consumer, to put it out of mind under, essentially, the belief that there’s no such thing as ethical consumption under capitalism. There's plenty of truth in that: it’s a basic guarantee that you or I have intentionally or otherwise put money into the coffers of some unethical operation or other in the pursuit of happiness, or just life itself, especially when companies like Amazon are working on running every aspect of it. True, you can be a tedious internet nihilist and say ‘get real dude, it’s a cartoon’, but they don’t appear out of thin air, do they? Why don’t you draw tens of thousands of pictures under duress and see if your arm hurts? The other big question that remains unresolved is: just how hard did people in the trenches work on, say, Invincible season 2? Discovering the answer might be beyond our cloud storage remit, but we’d still be very interested to find out. More from TechRadar Pro Cloud servers are proving to be an unfortunately common entry route for cyberattacksWe’ve also listed the best small business servers right now Going cloud optional for the deskless workforce View the full article

APIs (Application Programming Interfaces) have proliferated widely, which increases their susceptibility to various vulnerabilities. In the realm of web applications, prime examples that stand out are SOAP (Simple Object Access Protocol) and Representational State Transfer (REST) APIs. Due to their inherent complexity and the dynamic nature of software ecosystems, common vulnerabilities include inadequate authentication mechanisms [...] The post Top 3 API Leaks Identified by Cybersecurity & InfoSec Experts appeared first on Wallarm. The post Top 3 API Leaks Identified by Cybersecurity & InfoSec Experts appeared first on Security Boulevard. View the full article

Millions of secrets and authentication keys were leaked on GitHub in 2023, with the majority of developers not caring to revoke them even after being notified of the mishap, new research has claimed. A report from GitGuardian, a project that helps developers secure their software development with automated secrets detection and remediation, claims that in 2023, GitHub users accidentally exposed 12.8 million secrets in more than 3 million public repositories. These secrets include account passwords, API keys, TLS/SSL certificates, encryption keys, cloud service credentials, OAuth tokens, and similar. Slow response During the development stage, many IT pros would hardcode different authentication secrets in order to make their lives easier. However, they often forget to remove the secrets before publishing the code on GitHub. Thus, should any malicious actors discover these secrets, they would get easy access to private resources and services, which can result in data breaches and similar incidents. India was the country from which most leaks originated, followed by the United States, Brazil, China, France, and Canada. The vast majority of the leaks came from the IT industry (65.9%), followed by education (20.1%). The remaining 14% was split between science, retail, manufacturing, finance, public administration, healthcare, entertainment, and transport. Making a mistake and hardcoding secrets can happen to anyone - but what happens after is perhaps even more worrying. Just 2.6% of the secrets are revoked within the hour - practically everything else (91.6%) remains valid even after five days, when GitGuardian stops tracking their status. To make matters worse, the project sent 1.8 million emails to different developers and companies, warning them of its findings, and just 1.8% responded by removing the secrets from the code. Riot Games, GitHub, OpenAI, and AWS were listed as companies with the best response mechanisms. Via BleepingComputer More from TechRadar Pro GitHub's secret scanning feature is now even more powerful, covering AWS, Google, Microsoft, and moreHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article