L'Actu de la presse spécialisée
The TechBeat: Swift init(), Once and for All (3/30/2025)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## Win Your Share of 00 in the Web3 Development Writing Contest by GetBlock and HackerNoon
By @hackernooncontests [ 3 Min read ]
Join the Web3 Development Writing Contest by GetBlock & HackerNoon! Write about blockchain APIs, dApp development & more for a chance to win from ,000. Read More.
Meet Leadige LLC, Startup of the Year 2024 Nominee—Where Strategy, Creativity & Data Drive Revenue
By @vitaliikuzmenko [ 3 Min read ]
Meet Leadige LLC, Startups of the Year 2024 Nominee—Where Strategy, Creativity & Data Drive Revenue. Read More.
Ripple in Time: Is XRP About to...
https://hackernoon.com/3-30-2025-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debian LTS: DLA-4097-1: vim Security Advisory Updates
Multiple vulnerabilities were discovered in vim, an enhanced vi editor. CVE-2021-3872
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-4097-1-vim-security-advisory-updates-jqhi92rhuubr
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Found My First High-Severity Bug and Got Rewarded with 3 Trays of Red Bull!
Free link🎈Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-i-found-my-first-high-severity-bug-and-got-rewarded-with-3-trays-of-red-bull-29ec0ca6a2e4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your Internet Service Provider is Watching — Here's How to Disappear
From Streaming Safely to Dodging Data Brokers, a VPN Isn’t Optional AnymoreContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/your-internet-service-provider-is-watching-heres-how-to-disappear-910fd507d938?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTB: Cyber Apocalypse 2025 — Quack Quack
HTB: Cyber Apocalypse 2025 — Quack QuackDifficulty: EasyDescriptionOn the quest to reclaim the Dragon's Heart, the wicked Lord Malakar has cursed the villagers, turning them into ducks! Join Sir Alaric in finding a way to defeat them without causing harm. Quack Quack, it's time to face the Duck!Protection (checksec)$ checksec Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x400000) RUNPATH: b'./glibc/'Disassembly (ghidra)duckling() functionIn this function, there is a read where we should put “Quack Quack “ somewhere to bypass the first check. Because of strstr(), it does not matter where.In the next section, the printf() will print the string after the “Quack Quack “ by shifting 30 bytes....
https://infosecwriteups.com/htb-cyber-apocalypse-2025-quack-quack-1775cefc26ae?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sending Windows Logs to the ELK Stack
Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/sending-windows-logs-to-the-elk-stack-41852ee80dd4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Make Bug Bounty Easy?
💡Free Article LinkContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-to-make-bug-bounty-easy-f2164a69048c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentesting Tools (Exploiting SMB With PsExec)
بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِHello everyone, I've decided to make a series where I explain certain tools used in penetration testing/ethical hacking that can be useful and today I'll be explaining how to use PsExec and when to use it for pentesting so let's begin [ *Made for educational purposes only ;) *].PsExec is a windows utility/tool that was developed by Microsoft that allows you to execute commands on a remote windows system using any user's credentials, in order to be able to execute those commands/processes you will need to of course provide credentials/authentication with PsExec which is done through the SMB protocol.The first step will involve performing a port scan to ensure whether the target system is running SMB or not,...
https://infosecwriteups.com/pentesting-tools-exploiting-smb-with-psexec-4f93f4396841?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ultimate XSS Scanner & Parameter Analysis Tool for Bug Hunters
Understanding XSS AttacksContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/the-ultimate-xss-scanner-parameter-analysis-tool-for-bug-hunters-3c37111ac267?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Bug Bounty Easy?
Free Article LinkContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/is-bug-bounty-easy-f1ae04ceb8e6?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Tricked A Hacker's AI Into Arresting Itself
Sometimes, the best defense is letting the enemy’s weapon backfireContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-i-tricked-a-hackers-ai-into-arresting-itself-de5380455740?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Earn 00: Account Takeover by This Methodology
Free Article LinkContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/earn-1000-account-takeover-by-this-methodology-cc1cbf6d9eae?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42: crosswords-puzzle-sets-xword-dl 2025-2f7c693519 Security Advisory Updates
Update to 0.4.8; Fixes: RHBZ#2237964, RHBZ#2282129
https://linuxsecurity.com/advisories/fedora/fedora-42-crosswords-puzzle-sets-xword-dl-2025-2f7c693519-security-advisory-updates-wcyxgpeeiuzu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Daily Bullets (March 30): Cowgirls Run-Rule Penn State, Cowboys Fall in Extra Innings
Non-OSU Bullets. • On the Tulsa World cyber-attack. What a world. [Tulsa World]. • LOL. Lineman needs to CHILL pic.twitter.com/xBosVzSLyv.
https://pistolsfiringblog.com/daily-bullets-march-30-cowgirls-run-rule-penn-state-cowboys-fall-in-extra-innings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Elon Musk says massive cyber attack on X 'came from inside Ukraine' - MSN
Social media site X went offline yesterday, and now billionaire owner Elon Musk has blamed the 'massive cyber attack' on Ukraine. How To Borrow ...
https://www.msn.com/en-us/news/technology/x-suffers-global-outage-with-millions-unable-to-access-site/ar-AA1ABtGA%3Focid%3DBingNewsVerp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Debian LTS: DLA-4096-1: librabbitmq Security Advisory Updates
An issue has been found in librabbitmq, a AMQP client library and tools written in C. The issue is related to credential visibility when
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-4096-1-librabbitmq-security-advisory-updates-jnogkbsoefss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Narendra Fadnavis: Pioneering Digital Transformation and Supply Chain Excellence
Narendra Fadnavis leads enterprise IT innovation through AI, cloud integration, and supply chain automation. With expertise in Oracle Cloud, ML, and Gen-AI frameworks, he has transformed global operations for tech giants like Google and Meta. His work delivers measurable impact, enabling scalable, future-ready digital ecosystems.
https://hackernoon.com/narendra-fadnavis-pioneering-digital-transformation-and-supply-chain-excellence?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hallucination by Design: How Embedding Models Misunderstand Language
The semantic richness of human language is not captured by conventional keyword-based text processing techniques. Large tech firms have spent billions on creating ever-more-advanced embedding models. Despite their extensive use, we still don't fully grasp how these embeding models function in practical settings.
https://hackernoon.com/hallucination-by-design-how-embedding-models-misunderstand-language?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI and DOJ seize .2 Million in romance baiting crypto fraud scheme
The U.S. DOJ seized over .2 million in USDT stolen through ‘romance baiting’ scams, where victims are tricked into fake investments promising high returns. On February 27, 2025, the U.S. Attorney's Office in Ohio filed a civil forfeiture complaint for .2M in USDT (Tether) linked to a ‘romance baiting’ scam. Fraudsters used anonymous messaging apps […]
https://securityaffairs.com/175990/cyber-crime/fbi-and-doj-seize-8-2-million-in-romance-baiting-crypto-fraud-scheme.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Setting New Standards in Enterprise Financial Transformation by Ramsundernag Changalva
Ramsundernag Changalva led a major financial transformation using OneStream XF, reducing data processing from days to hours and enabling real-time insights. His innovative integration via Mulesoft APIs and AI-enhanced forecasting set new enterprise standards in financial efficiency, strategy, and scalability.
https://hackernoon.com/setting-new-standards-in-enterprise-financial-transformation-by-ramsundernag-changalva?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Web3 is Transforming Carbon Trading in Circular Tech
Circular economy is the new big thing. Organizations that excel in processing "already processed" materials can position themselves as pioneers in innovative manufacturing. Carbon credits are produced, verified and sold in the market.
https://hackernoon.com/how-web3-is-transforming-carbon-trading-in-circular-tech?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What You Have to Know About the New Features in Go 1.24: Cleanups and Weak Pointers
These new features are the runtime.AddCleanup function, which queues up a function to run when an object is no longer reachable, and the weak.Pointer type, which safely points to an object without preventing it from being garbage collected.
https://hackernoon.com/what-you-have-to-know-about-the-new-features-in-go-124-cleanups-and-weak-pointers?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lotus Blossom APT Exploits WMI for Post-Exploitation Activities
The Lotus Blossom Advanced Persistent Threat (APT) group, also known as Lotus Panda, Billbug, and Spring Dragon, has intensified its cyberespionage efforts with new variants of the Sagerunex backdoor. These developments highlight the group's evolving tactics, including leveraging Windows Management Instrumentation (WMI) for post-exploitation activities and employing legitimate cloud services for command-and-control (C2) communications. The […]
The post Lotus Blossom APT Exploits WMI for Post-Exploitation Activities appeared first on Cyber Security News.
https://cybersecuritynews.com/lotus-blossom-apt-exploits-wmi/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Experts warn of the new sophisticate Crocodilus mobile banking Trojan
The new Android trojan Crocodilus exploits accessibility features to steal banking and crypto credentials, mainly targeting users in Spain and Turkey. ThreatFabric researchers discovered a new Android trojan called Crocodilus, which exploits accessibility features to steal banking and crypto credentials. “Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from […]
https://securityaffairs.com/175976/malware/new-sophisticate-crocodilus-mobile-banking-trojan.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debian LTS: DLA-4095-1: intel-microcode Security Advisory Updates
Microcode updates has been released for Intel(R) processors, addressing multiple potential vulnerabilties that may allow local privilege escalation, denial of service or information disclosure.
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-4095-1-intel-microcode-security-advisory-updates-yk4nzotwmiek
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: 2025:14943-1 moderate: rke2-1.30-1.30.11+rke2r1-1.1 Advisory Security Update
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-14943-1-moderate-rke2-1-30-1-30-11-rke2r1-1-1-advisory-security-update-j62ggt7iool4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: 2025:14944-1 moderate: rke2-1.31-1.31.7+rke2r1-1.1 Advisory Security Update
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-14944-1-moderate-rke2-1-31-1-31-7-rke2r1-1-1-advisory-security-update-1dq7c3bidlly
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legally Compliant Cryptocurrency Exchange: A Case Study of NovaChange
NovaChange stands out as a trusted service, operating in full compliance with Brazilian financial regulations, ensuring smooth, transparent, and secure transactions. This article explores the advantages of using cryptocurrency exchanges that follow legal norms, using NovaChange as a prime example.
https://hackernoon.com/legally-compliant-cryptocurrency-exchange-a-case-study-of-novachange?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Setting New Standards in Mobile Innovation: The Receipt Scanner Revolution by Vibhor Goyal
In 2009, Vibhor Goyal built a breakthrough receipt scanner app, overcoming early mobile tech limits with OCR and cloud sync. Recognized by American Express and acquired by Neat, the app streamlined expense management and launched Vibhor's career as a mobile innovation leader.
https://hackernoon.com/setting-new-standards-in-mobile-innovation-the-receipt-scanner-revolution-by-vibhor-goyal?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure devices (CVE-2025-0282). This vulnerability allows attackers to gain unauthorized access and deploy sophisticated malware variants, including the newly identified RESURGE and SPAWNSLOTH. CISA’s analysis revealed that RESURGE operates as a […]
The post CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability appeared first on Cyber Security News.
https://cybersecuritynews.com/cisa-warns-of-esurge-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerNoon Newsletter: How The Internet Will Pay You (3/29/2025)
How are you, hacker?
🪐 What's happening in tech today, March 29, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
homepage
straight to your inbox.
On this day,
TRS-80 Model 100 Introduced in 1983,
and we present you with these top quality stories.
From
How to Test for Neighborhood-Level Internet Disparities
to
How The Internet Will Pay You,
let's dive right in.
How The Internet Will Pay You
By @praisejames [ 10 Min read ] I worked on a project to make internet access free. Here's what I learned about...
https://hackernoon.com/3-29-2025-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Transforming Health Insurance with AI-Driven Business Analytics: A Case Study in Digital Excellence
Ruchi Mangharamani transformed health insurance using AI-driven analytics, cutting fraud by 35%, improving claims efficiency by 20%, and boosting retention by 15%. Her platform unified NLP, deep learning, and predictive insights, setting new industry standards in risk, claims, and policyholder engagement.
https://hackernoon.com/transforming-health-insurance-with-ai-driven-business-analytics-a-case-study-in-digital-excellence?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter (X) Hit by 2.8 Billion Profile Data Leak in Alleged Insider Job
Note: Title edited to maintain clarity and accurately reflect the nature of the breach, emphasizing the leak of profile data rather than implying access to private information.
https://hackread.com/twitter-x-of-2-8-billion-data-leak-an-insider-job/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evolution Of Cyber Threats: Why Attack Surface Management Is Critical Today
“Your organization’s attack surface is bigger than you think.” As digital transformation accelerates, businesses, government agencies, and financial institutions in India are expanding their digital footprints—often unknowingly. Every new cloud...
The post Evolution Of Cyber Threats: Why Attack Surface Management Is Critical Today appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/evolution-of-cyber-threats-why-attack-surface-management-is-critical-today/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Do We Measure Blockchain Decentralization?
Blockchain decentralization is complex to quantify. Metrics like entropy, Gini, and Nakamoto coefficients assess control distribution, while fault tolerance varies—BFT benefits from decentralization, but non-BFT systems may weaken as decentralization increases.
https://hackernoon.com/how-do-we-measure-blockchain-decentralization?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Setting New Standards in AI-Driven Marketing Automation by Manish Tripathi
Manish Tripathi revolutionized retail marketing with an AI-based customer response model, improving campaign lift by 1.5x. His work set new standards in marketing automation, blending technical innovation with business impact. With patented AI solutions, Manish continues to shape responsible and scalable AI use in business.
https://hackernoon.com/setting-new-standards-in-ai-driven-marketing-automation-by-manish-tripathi?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. seized .2 million in crypto linked to 'Romance Baiting' scams
The U.S. Department of Justice (DOJ) has seized over .2 million worth of USDT (Tether) cryptocurrency that was stolen via 'romance baiting' scams. [...]
https://www.bleepingcomputer.com/news/cryptocurrency/us-seized-82-million-in-crypto-linked-to-romance-baiting-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Eliminating the Cyber Safety Review Board Weakens Critical Infrastructure and Cyber Resilience
“It's better to have cybersecurity and not need it than to need it and not have it.” – Anon The Cyber Safety Review Board (CSRB) was established to provide oversight,...
The post Why Eliminating the Cyber Safety Review Board Weakens Critical Infrastructure and Cyber Resilience appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/why-eliminating-the-cyber-safety-review-board-weakens-critical-infrastructure-and-cyber-resilience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RamiGPT – AI Tool To Escalate Privilege & Gain Root Access Within a Minute
A new AI-driven offensive security tool, RamiGPT, is known for its ability to autonomously escalate privileges and gain root access to vulnerable systems in under a minute. Developed by GitHub user M507, the tool leverages OpenAI's API. It integrates proven penetration testing frameworks like PwnTools to streamline attacks on platforms hosted on VulnHub, a repository […]
The post RamiGPT – AI Tool To Escalate Privilege & Gain Root Access Within a Minute appeared first on Cyber Security News.
https://cybersecuritynews.com/ramigpt-gain-root-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClickFix Captcha – A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows
A sophisticated social engineering technique has recently emerged in the cybersecurity landscape, rapidly gaining traction among threat actors seeking to distribute trojans, ransomware, and particularly Quakbot malware. This technique, known as ClickFix Captcha, exploits users’ trust in familiar web elements to bypass traditional security measures and deliver malicious payloads to Windows systems. The attack begins […]
The post ClickFix Captcha – A Creative Technique That Allow Attackers Deliver Malware and Ransomware on Windows appeared first on Cyber Security News.
https://cybersecuritynews.com/clickfix-captcha-a-creative-technique/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows
A sophisticated cyber espionage campaign targeting Ukrainian entities has been uncovered, revealing the latest tactics of the Russia-linked Gamaredon threat actor group. The attackers are leveraging weaponized LNK files disguised as Office documents to deliver the Remcos backdoor malware, utilizing themes related to troop movements in Ukraine as a social engineering lure to trick victims […]
The post Gamaredon Hacker Group Using Weaponize LNK Files To Drop Remcos Backdoor on Windows appeared first on Cyber Security News.
https://cybersecuritynews.com/gamaredon-hacker-group-using-weaponize-lnk-files/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings
Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. A recent investigation revealed 46 new vulnerabilities across three of the world’s top 10 solar inverter vendors, exposing systemic weaknesses in these increasingly essential components of […]
The post 46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings appeared first on Cyber Security News.
https://cybersecuritynews.com/46-new-vulnerabilities-in-solar-inverters-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DeBackdoor – Framework to Detect Backdoor Attacks on Deep Models
In an era where deep learning models increasingly power critical systems from self-driving cars to medical devices, security researchers have unveiled DeBackdoor, an innovative framework designed to detect stealthy backdoor attacks before deployment. Backdoor attacks, among the most effective and covert threats to deep learning, involve injecting hidden triggers that cause models to behave maliciously […]
The post DeBackdoor – Framework to Detect Backdoor Attacks on Deep Models appeared first on Cyber Security News.
https://cybersecuritynews.com/debackdoor-framework-to-detect-backdoor-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Red Team Activities Turns More Sophisticated With The Progress of Artificial Intelligence
Artificial intelligence has dramatically transformed the cybersecurity landscape, with red team activities increasingly leveraging sophisticated AI-driven techniques to simulate advanced persistent threats. These AI-enhanced red teams can now automate the process of penetrating targets and collecting sensitive data at unprecedented speeds. The evolution of machine learning, deep learning, and large language models has opened new […]
The post Red Team Activities Turns More Sophisticated With The Progress of Artificial Intelligence appeared first on Cyber Security News.
https://cybersecuritynews.com/red-team-activities-turns-more-sophisticated/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk
Palo Alto, USA, 29th March 2025, CyberNewsWire
https://hackread.com/squarex-discloses-browser-native-ransomware-that-puts-millions-at-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Leveraging DNS MX Records To Dynamically Create Fake Logins Mimic as 100+ Brands
A sophisticated phishing operation has emerged that creatively leverages DNS mail exchange (MX) records to dynamically serve fake login pages tailored to victims’ email providers. The attack can mimic over 100 brands and represents a significant evolution in phishing techniques, creating highly convincing impersonations that are difficult for users to distinguish from legitimate login pages. […]
The post Hackers Leveraging DNS MX Records To Dynamically Create Fake Logins Mimic as 100+ Brands appeared first on Cyber Security News.
https://cybersecuritynews.com/hackers-leveraging-dns-mx-records-to-dynamically-create-fake-logins/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Tomcat RCE
What is the Vulnerability?On March 10, 2025, Apache issued a security advisory regarding a critical vulnerability (CVE-2025-24813) affecting the Apache Tomcat web server. This flaw could allow attackers to view or inject arbitrary content into security-sensitive files and potentially achieve remote code execution.Exploit code for this vulnerability is publicly available, and no authentication is required to launch an attack, making prompt mitigation essential. According to Apache, successful exploitation requires specific conditions, which may allow attackers to manipulate and view sensitive files or execute remote code.What is the recommended Mitigation?Impacted users should implement the recommended mitigations provided by Apache and follow the instructions outlined in the vendor's advisory:https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq-...
https://fortiguard.fortinet.com/threat-signal-report/6053
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Wisconsin Attorney General sues to block Elon Musk m election giveaway - MyJoyOnline
Musk says X hit by 'cyber-attack' as thousands report outages · South Africa rejects Musk claim Starlink can't operate there because he's not Black ...
https://www.myjoyonline.com/wisconsin-attorney-general-sues-to-block-elon-musk-2m-election-giveaway/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Morocco Strengthens Measures to Confront Locust Threat After Detecting Limited Swarms in ...
25 September، 2024. In "Morocco". Morocco Under Threat of Major Cyber Attack.
https://fesnews.media/302360/2025/03/29/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Elon Musk Sells X In Billion Deal - New Telegraph
November 18, 2023. In "Breaking News". Cyber Attack On X From Ukraine, Elon Musk Alleges.
https://newtelegraphng.com/elon-musk-sells-x-in-33-billion-deal/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russia prepares 'major spring offensive' in Ukraine in WEEKS as Vlad 'has no intention of ...
'Multi-level' cyber attack on Ukrainian rail service ... Ukraine's state-owned railway company has shared that its online systems have been hit by a ...
https://www.the-sun.com/news/13853765/trump-ukraine-russia-peace-talks-saudi-arabia-riyadh/page/10/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Musk's xAI buys his social media platform X - MyJoyOnline
Trump says he will buy a Tesla after stock slump · Musk's Tesla facilities in US face 'Takedown' protests · Musk says X hit by 'cyber-attack' as ...
https://www.myjoyonline.com/musks-xai-buys-his-social-media-platform-x/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ugochukwu Joshua Amah as the 221st Certified Global Tech Hero - Vanguard News
... cyber-attack detection, IoT device security, cloud security governance, and best practices for optimizing cloud environments. His influence ...
https://www.vanguardngr.com/2025/03/ugochukwu-joshua-amah-as-the-221st-certified-global-tech-hero/amp/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"Crocodilus" A New Malware Targeting Android Devices for Full Takeover - GBHackers
gbhackers. Home · Threats · Cyber Attack · Data Breach · Vulnerability · What is · DFIR · Top 10. Search. Follow us On Linkedin · HomeAndroid" ...
https://gbhackers.com/crocodilus/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gamaredon Hackers Weaponize LNK Files to Deliver Remcos backdoor - GBHackers
Cyber Attack · Data Breach · Vulnerability · What is · DFIR · Top 10. Search. Follow us On Linkedin · HomeCyber Security NewsGamaredon Hackers ...
https://gbhackers.com/gamaredon-hackers-weaponize/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Comprehensive Security Assessment of Holy Stone Drones: Examining Attack Vectors
1–6. Chibi, N. T., Ghazi, H. E. & Fihri, W. F. (2021). Drone Cyber-Attack: An Intrusion Detection Technique Based on RSSI and ... Cyber-Attack: An ...
https://www.researchgate.net/publication/390191710_Comprehensive_Security_Assessment_of_Holy_Stone_Drones_Examining_Attack_Vectors/download
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maui doctor indicted for attempted murder of wife; wife files restraining order - KITV
More From KITV 4 Island News ... TheBus and TheHandi-Van web services restored after cyber-attack. Crime & Courts · TheBus and TheHandi- ...
https://www.kitv.com/news/crime/maui-doctor-indicted-for-attempted-murder-of-wife-wife-files-restraining-order/article_7747712b-8847-4109-9e1e-be3f41ab1cfe.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
Crooks are reviving the Grandoreiro banking trojan
Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. Grandoreiro is a modular […]
https://securityaffairs.com/175964/malware/crooks-are-reviving-the-grandoreiro-banking-trojan.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Morphing Meerkat Phishing Kit Exploits DNS to Spoof 100+ Brands
A recent analysis published by Infoblox reveals a sophisticated phishing operation, dubbed Morphing Meerkat, actively exploiting DNS vulnerabilities…
https://hackread.com/morphing-meerkat-phishing-kit-dns-spoof-brands/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evilginx Tool (Still) Bypasses MFA
Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.
https://www.darkreading.com/endpoint-security/evilginx-bypasses-mfa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 03/28/2025
This Metasploit release includes an exploit module for CVE-2024-30085, an LPE in cldflt.sys which is known as the Windows Cloud Files Mini Filer Driver.
https://blog.rapid7.com/2025/03/28/metasploit-wrap-up-03-28-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Retail giant Sam's Club investigates Clop ransomware breach claims
Sam's Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. [...]
https://www.bleepingcomputer.com/news/security/retail-giant-sams-club-investigates-clop-ransomware-breach-claims/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7392-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture;
- SuperH RISC architecture;
...
https://ubuntu.com/security/notices/USN-7392-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7393-1: Linux kernel (FIPS) vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- S390 architecture;
...
https://ubuntu.com/security/notices/USN-7393-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian authorities arrest three suspects behind Mamont Android banking trojan
Russian authorities arrested three suspects for developing Mamont, a newly identified Android banking trojan. Russian authorities arrested three suspects in Saratov for developing Mamont (Russian for mammoth), a recently discovered Android banking trojan. “Three Saratov residents are suspected of fraud and unauthorized access to computer information. Officers from the fraud prevention department of PJSC Sberbank […]
https://securityaffairs.com/175935/cyber-crime/russian-authorities-arrest-three-suspects-behind-mamont-android-banking-trojan.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle Still Denies Breach as Researchers Persist
Evidence suggests an attacker gained access to the company's cloud infrastructure environment, but Oracle insists that didn't happen.
https://www.darkreading.com/cyberattacks-data-breaches/oracle-still-denies-breach-researchers-persist
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7346-2: OpenSC regression
USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a
regression in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. The
security fix has been removed pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that OpenSC did not correctly handle certain memory
operations, which could lead to a use-after-free vulnerability. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42780)
It was discovered that OpenSC did not correctly handle certain memory
operations, which could lead to a stack buffer overflow. An attacker
could possibly use this issue to cause a denial of...
https://ubuntu.com/security/notices/USN-7346-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Implement CMMS Software in Your Organization
Let's face it: Rolling out new software across an entire organization can feel like herding cats. Between data…
https://hackread.com/how-to-implement-cmms-software-in-your-organization/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive
How much do scraper bots affect your industry?
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bot-report-scraper-bots-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7392-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture;
- SuperH RISC architecture;
...
https://ubuntu.com/security/notices/USN-7392-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI now pays researchers 0,000 for critical vulnerabilities
Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from ,000 to 0,000. [...]
https://www.bleepingcomputer.com/news/security/openai-now-pays-researchers-100-000-for-critical-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7391-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2024-23848)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Cryptographic API;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID...
https://ubuntu.com/security/notices/USN-7391-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Harmonic Security Raises .5M Series A to Accelerate Zero-Touch Data Protection to Market
https://www.darkreading.com/cybersecurity-operations/harmonic-security-raises-17-5m-zero-touch-data-protection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations
https://www.darkreading.com/cyberattacks-data-breaches/traditional-data-loss-prevention-solutions-not-working-organizations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Engaging Online Learning: Strategies to Keep Students Focused and Motivated
While inundated with ideas, you also need to consider how to present them effectively and structure the course…
https://hackread.com/engaging-online-learning-strategies-students-focused/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks
https://www.darkreading.com/cyberattacks-data-breaches/securityscorecard-2025-report-surge-vendor-driven-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malaysia PM Refuses to Pay M Ransomware Demand
The attack hit the Kuala Lumpur airport over the weekend, and it remains unclear who the threat actors are and what kind of information they may have stolen.
https://www.darkreading.com/cyberattacks-data-breaches/malaysia-refuses-10m-ransom-airport-cyber-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Cloud Security is Transforming Cybersecurity Services
You know, it wasn't that long ago that "cybersecurity" meant a bunch of blinking lights in a server room and a team huddled around monitors, mostly reacting to things that had already gone wrong. But the cloud? The cloud has flipped that whole script. Cloud security in cybersecurity isn't just an add-on; it's fundamentally changing how we think about keeping our digital world safe.
https://linuxsecurity.com/features/features/cloud-security-cybersecurity-services
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands
Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed “Morphing Meerkat,” that leverages DNS mail exchange (MX) records to dynamically serve tailored phishing pages mimicking over 100 brands. The platform, which has been operational since at least January 2020, employs a range of advanced techniques to evade detection and maximize the effectiveness of its […]
The post Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/hackers-exploit-dns-mx-records-to-create-fake-logins/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Concord Orthopaedic Notifies Individuals of Security Incident
https://www.darkreading.com/cyberattacks-data-breaches/concord-orthopaedic-notifies-individuals-security-incident
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Python-Based Discord RAT Targets Users to Steal Login Credentials
A recently identified Remote Access Trojan (RAT) has raised alarms within the cybersecurity community due to its innovative use of Discord’s API as a Command and Control (C2) server. This Python-based malware exploits Discord’s extensive user base to execute commands, steal sensitive information, and manipulate both local machines and Discord servers. Bot Initialization and Functionality […]
The post New Python-Based Discord RAT Targets Users to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/new-python-based-discord-rat-targets-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability in most browsers abused in targeted attacks
A vulnerability has been found that can be exploited through every browser as long as its running on a Windows system
https://www.malwarebytes.com/blog/news/2025/03/vulnerability-in-most-browsers-abused-in-targeted-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel
PJobRAT, an Android Remote Access Trojan (RAT) first identified in 2019, has resurfaced in a new campaign targeting users in Taiwan. Initially, PJobRAT was known for targeting Indian military personnel by disguising itself as dating and instant messaging apps. The latest iteration of this malware has evolved, now masquerading as apps like ‘SangaalLite’ and ‘CChat’, […]
The post PJobRAT Android Malware Masquerades as Dating and Messaging Apps to Target Military Personnel appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/pjobrat-android-malware-masquerades-as-dating-and-messaging-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion
A newly discovered phishing-as-a-service (PhaaS) operation that researchers call Morphing Meerkat, has been using the DNS over HTTPS (DoH) protocol to evade detection. [...]
https://www.bleepingcomputer.com/news/security/phishing-as-a-service-operation-uses-dns-over-https-for-evasion/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7330-2: Ansible regression
USN-7330-1 fixed vulnerabilities in Ansible. The update introduced a
regression when attempting to install Ansible on Ubuntu 16.04 LTS.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Ansible did not properly verify certain fields
of X.509 certificates. An attacker could possibly use this issue to
spoof SSL servers if they were able to intercept network communications.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3908)
Martin Carpenter discovered that certain connection plugins for Ansible
did not properly restrict users. An attacker with local access could
possibly use this issue to escape a restricted environment via symbolic
links misuse. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-6240)
...
https://ubuntu.com/security/notices/USN-7330-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft fixes button that restores classic Outlook client
Microsoft resolved an issue that caused the new Outlook email client to crash when users clicked a button designed to switch back to classic Outlook. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-button-that-restores-classic-outlook-client/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Ubuntu Linux security bypasses require manual mitigations
Three security bypasses have been discovered in Ubuntu Linux's unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components. [...]
https://www.bleepingcomputer.com/news/security/new-ubuntu-linux-security-bypasses-require-manual-mitigations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Trends for 2025
Artificial Intelligence (AI) has been the buzzword in cybersecurity and business for a few years now, and it will continue to impact security and all phases of business in 2025....
The post Cybersecurity Trends for 2025 appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/cybersecurity-trends-for-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle Health breach compromises patient data at US hospitals
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. [...]
https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7387-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Microsoft Hyper-V drivers;
- I3C subsystem;
- IIO ADC...
https://ubuntu.com/security/notices/USN-7387-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7387-3: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- ARM SCPI message protocol;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Microsoft Hyper-V drivers;
- I3C subsystem;
- IIO ADC...
https://ubuntu.com/security/notices/USN-7387-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating Cyber-Risks and New Defenses
Digital transformation has revolutionized industries with critical infrastructure — but it has also introduced new vulnerabilities.
https://www.darkreading.com/vulnerabilities-threats/navigating-cyber-risks-new-defenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data
In a complex cyber operation discovered by Silent Push Threat Analysts, Russian hackers have launched a multi-pronged phishing campaign impersonating various organizations, including the CIA, to gather intelligence on individuals sympathetic to Ukraine’s defense efforts. The campaign, believed to be orchestrated by Russian Intelligence Services or aligned actors, utilizes a network of fraudulent websites to […]
The post Russian Hackers Impersonate CIA to Steal Ukrainian Defense Intelligence Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/russian-hackers-impersonate-cia-to-steal/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SHELBY Malware Steals Data by Abusing GitHub as Command-and-Control Server
Elastic Security Labs has uncovered a sophisticated malware campaign, dubbed REF8685, targeting the Iraqi telecommunications sector. The campaign utilizes a novel malware family called SHELBY, which abuses GitHub for command-and-control (C2) operations, data exfiltration, and command retrieval. Novel Malware Family Targets Iraqi Telecommunications Sector The SHELBY malware family consists of two main components: SHELBYLOADER and […]
The post SHELBY Malware Steals Data by Abusing GitHub as Command-and-Control Server appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/shelby-malware-steals-data-by-abusing-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7390-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device...
https://ubuntu.com/security/notices/USN-7390-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
46 New Vulnerabilities in Solar Inverter Systems Allow Attackers to Tamper with Settings
Forescout Vedere Labs has uncovered 46 new vulnerabilities in solar power systems, primarily affecting inverters from three leading manufacturers Sungrow, Growatt, and SMA. These flaws, if exploited, could enable attackers to manipulate inverter settings, disrupt power grids, and compromise user privacy. The research highlights that 80% of vulnerabilities disclosed in solar systems over the past […]
The post 46 New Vulnerabilities in Solar Inverter Systems Allow Attackers to Tamper with Settings appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/46-new-vulnerabilities-in-solar-inverter-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 5 Web Application Penetration Testing Companies UK
Web Application Penetration Testing (WAPT) is a methodical approach to security that involves ethical hackers simulating real-world cyber-attacks on your web application to uncover vulnerabilities. By mimicking the tactics of cybercriminals, these professionals can identify weaknesses before malicious actors can exploit them. This proactive process allows businesses to address security flaws early and maintain a […]
The post Top 5 Web Application Penetration Testing Companies UK appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/28/top-5-web-application-penetration-testing-companies-uk/?utm_source=rss&utm_medium=rss&utm_campaign=top-5-web-application-penetration-testing-companies-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prevent Web Scraping by Applying the Pyramid of Pain
The Bots Pyramid of Pain: a framework for effective bot defense.
https://www.f5.com/labs/articles/threat-intelligence/prevent-web-scraping-by-applying-the-pyramid-of-pain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DeBackdoor: A Framework for Detecting Backdoor Attacks in Deep Learning Models
Deep learning models, increasingly integral to safety-critical systems like self-driving cars and medical devices, are vulnerable to stealthy backdoor attacks. These attacks involve injecting hidden triggers into models, causing them to misbehave when triggered. Researchers from the Qatar Computing Research Institute and the Mohamed bin Zayed University of Artificial Intelligence have developed DeBackdoor, a novel […]
The post DeBackdoor: A Framework for Detecting Backdoor Attacks in Deep Learning Models appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/debackdoor-a-framework-for-detecting-backdoor-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The CMMC Compliance Journey
The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the defense supply chain. Still, it is...
The post The CMMC Compliance Journey appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-cmmc-compliance-journey/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Overcoming the Challenges of Vulnerability Remediation
The following is a guest blog post by Zac Youtz, Co-Founder and CTO at valued Rapid7 partner, Furl. Here, Zac discusses how to effectively remediate vulnerabilities discovered by Rapid7's InsightVM.
https://blog.rapid7.com/2025/03/28/overcoming-the-challenges-of-vulnerability-remediation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How SBOMs drive a smarter SCA strategy
Modern software is largely assembled from open source components, constituting up to 90% of today's codebases. Managing the security and compliance risks associated with this external code is no longer optional — it's a core part of software development.
https://www.sonatype.com/blog/how-sboms-drive-a-smarter-sca-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7389-1: Linux kernel (NVIDIA Tegra) vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device...
https://ubuntu.com/security/notices/USN-7389-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4 Tips For Crypto Wallet Security
Cryptocurrency will be more popular in 2025 than it has ever been and this means that there is a greater need for wallet security. As the crypto sector becomes more profitable and popular, malicious actors will look to exploit investors and steal their funds through methods like phishing schemes, wallet hacks, and so on. Then […]
The post 4 Tips For Crypto Wallet Security appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/28/4-tips-for-crypto-wallet-security/?utm_source=rss&utm_medium=rss&utm_campaign=4-tips-for-crypto-wallet-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking Your Own Cloud With Autonomous Pentesting and Red Teaming
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story from BreachLock Sausalito, Calif. – Mar. 28, 2025 Cloud adoption is here to stay, and as its use continues to accelerate across enterprises, so does the need for robust security strategies
The post Hacking Your Own Cloud With Autonomous Pentesting and Red Teaming appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/hacking-your-own-cloud-with-autonomous-pentesting-and-red-teaming/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Phishing Uses Fake CIA Sites to Target Anti-war, Ukraine Supporters
The phishing campaign is highly sophisticated!
https://hackread.com/russia-phishing-fake-cia-sites-anti-war-ukraine-supporters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft fixes Remote Desktop issues caused by Windows updates
Microsoft has fixed a known issue that caused problems with Remote Desktop and RDS connections after installing Windows updates released since January 2025. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-remote-desktop-issues-caused-by-windows-updates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mozilla fixed critical Firefox vulnerability CVE-2025-2857
Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Mozilla has released security updates to address a critical flaw, tracked as CVE-2025-2857, impacting its Firefox browser for Windows. Recently, Google addressed a similar vulnerability, tracked as CVE-2025-2783, in Chrome that has been actively exploited in the wild as a zero-day. […]
https://securityaffairs.com/175945/security/mozilla-fixed-critical-firefox-vulnerability-cve-2025-2857.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran's MOIS-Linked APT34 Spies on Allies Iraq & Yemen
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.
https://www.darkreading.com/cyberattacks-data-breaches/irans-mois-linked-apt34-spies-allies-iraq-yemen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Hijacked Microsoft web domain injects spam into SharePoint servers
The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. [...]
https://www.bleepingcomputer.com/news/microsoft/hijacked-microsoft-stream-classic-domain-spams-sharepoint-sites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium Mojo flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium Mojo sandbox escape vulnerability, tracked as CVE-2025-2783, to its Known Exploited Vulnerabilities (KEV) catalog. This week Google has released out-of-band fixes to address a high-severity security […]
https://securityaffairs.com/175936/security/u-s-cisa-adds-google-chromium-mojo-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Snow White Movie Torrent Infects Devices with Malware
Disney's latest Snow White movie, with a 1.6/10 IMDb rating, isn't just the biggest flop the company has…
https://hackread.com/fake-snow-white-movie-torrent-infects-device-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with tough, versions prior to 0.20.0 (Multiple CVEs)
Publication Date: 2025/03/27 02:30PM PDT
Description
The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software. tough is a Rust client library for TUF repositories.
AWS is aware of the following issues within tough, versions prior to 0.20.0. On March 27, 2025, we released a fix in tough 0.20.0 and recommend customers upgrade to address these issues and ensure any forked or derivative code is patched to incorporate the new fixes.
CVE-2025-2885 relates to an issue with missing validation of the root metadata version number which could allow an actor to supply an unexpected version number to the client instead of the intended version in the root metadata file, altering the version fetched by...
https://aws.amazon.com/security/security-bulletins/AWS-2025-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hoff's Rule: People First
Dark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture.
https://www.darkreading.com/cyberattacks-data-breaches/dark-reading-confidential-hoff-rule-people-first
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New security requirements adopted by HTTPS certificate industry
Posted by Chrome Root Program, Chrome Security Team
The Chrome Root Program launched in 2022 as part of Google's ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying security assurances provided by Transport Layer Security (TLS). Many of these initiatives are described on our forward looking, public roadmap named “Moving Forward, Together.”
At a high-level, “Moving Forward, Together” is our vision of the future. It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy. It's focused on themes that we feel are essential...
http://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. [...]
https://www.bleepingcomputer.com/news/security/infostealer-campaign-compromises-10-npm-packages-targets-devs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How CISA Cuts Impact Election Security
State and federal security experts weighed in on the impact that budgetary and personnel cuts to CISA will have on election security as a whole.
https://www.darkreading.com/cyber-risk/how-cisa-cuts-impact-election-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI Bumps Up Bug Bounty Reward to 0K in Security Update
The artificial intelligence research company previously had its maximum payout set at ,000 before exponentially raising the reward.
https://www.darkreading.com/cybersecurity-operations/openai-bug-bounty-reward-100k
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese FamousSparrow hackers deploy upgraded malware in attacks
A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. [...]
https://www.bleepingcomputer.com/news/security/chinese-famoussparrow-hackers-deploy-upgraded-malware-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 KB5053656 update released with 38 changes and fixes
Microsoft has released the KB5053656 preview cumulative update for Windows 11 24H2 with 38 changes, including real-time translation on AMD and Intel-powered Copilot+ PCs and fixes for authentication and blue-screen issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5053656-update-released-with-38-changes-and-fixes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI Bug Bounty Program Increases Top Reward to 0,000
OpenAI Bug Bounty program boosts max reward to 0,000, expanding scope and offering new incentives to enhance AI security and reliability.
https://hackread.com/openai-bug-bounty-program-increases-top-reward/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RedCurl Uses New QWCrypt Ransomware in Hypervisor Attacks
Discover the novel QWCrypt ransomware used by RedCurl in targeted hypervisor attacks. This article details their tactics, including…
https://hackread.com/redcurl-uses-qwcrypt-ransomware-hypervisor-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Getting Phished Puts You in Mortal Danger
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.
https://krebsonsecurity.com/2025/03/when-getting-phished-puts-you-in-mortal-danger/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Unveils Latest WearOS App for Android
Keeper Security has unveiled its latest improvements to the Keeper WearOS app that accompanies their flagship password management solution. The upscaled app enhances security and ease for smartwatch users. The update aligns with Google's latest Android guidelines, providing a more intuitive and streamlined experience for Android WearOS users. The Keeper WearOS app, formerly known as KeeperDNA, […]
The post Keeper Unveils Latest WearOS App for Android appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/27/keeper-unveils-latest-wearos-app-for-android/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-unveils-latest-wearos-app-for-android
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Department of Labor's journey to Zero Trust security with Microsoft Entra ID
Discover how the US Department of Labor enhanced security and modernized authentication with Microsoft Entra ID and phishing-resistant authentication.
The post US Department of Labor's journey to Zero Trust security with Microsoft Entra ID appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/27/us-department-of-labors-journey-to-zero-trust-security-with-microsoft-entra-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple crypto packages hijacked, turned into info-stealers
Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims.
https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“This fraud destroyed my life.” Man ends up with criminal record after ID was stolen
A man didn't just have his ID stolen, identity theft ruined his life and robbed him of a promising future.
https://www.malwarebytes.com/blog/news/2025/03/this-fraud-destroyed-my-life-man-ends-up-with-criminal-record-after-id-was-stolen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Laptop for Cybersecurity: Top Picks for Ethical Hackers & Security Professionals
Selecting the right Laptop For Cybersecurity is one of the most critical decisions for cybersecurity professionals. Whether you are a CISO, penetration tester, ethical hacker, or IT security analyst, the hardware and...
The post Best Laptop for Cybersecurity: Top Picks for Ethical Hackers & Security Professionals appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/best-laptop-for-cybersecurity-top-picks-for-ethical-hackers-security-professionals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 4st Week of March, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of March, 2025”
https://asec.ahnlab.com/en/87052/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crooks target DeepSeek users with fake sponsored Google ads to deliver malware
Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware. While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. Crooks are using DeepSeek as a lure to trap unsuspecting Google searchers. “Unfortunately, we […]
https://securityaffairs.com/175923/malware/crooks-deepseek-users-with-fake-sponsored-google-ads-to-deliver-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Moving from WhatsApp to Signal: A good idea?
Is moving from WhatApp to Signal a good idea? We look at the pros and cons, and which settings can make Signal even more private.
https://www.malwarebytes.com/blog/news/2025/03/moving-from-whatsapp-to-signal-a-good-idea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpacking a post-compromise breach simulation with Vector Command
This blog is the third in our Vector Command series, where we explore the tactics, techniques, and procedures (TTPs) leveraged by Rapid7's expert red team.
https://blog.rapid7.com/2025/03/27/unpacking-a-post-compromise-breach-simulation-with-vector-command/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
G2 Names INE 2025 Cybersecurity Training Leader
Cary, North Carolina, 27th March 2025, CyberNewsWire
https://hackread.com/g2-names-ine-2025-cybersecurity-training-leader/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Someone Lurking in The Background Waiting To Impersonate You?
Are you confident someone isn't lurking in the background on your computer right now, gathering information and preparing to impersonate you? The era of confidently sending e-mails securely or answering...
The post Is Someone Lurking in The Background Waiting To Impersonate You? appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/is-someone-lurking-in-the-background-waiting-to-impersonate-you/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SandboxAQ Strengthens Leadership in Post-Quantum Security as NIST Approves HQC Algorithm
The National Institute of Standards and Technology (NIST) has officially added HQC (Hamming Quasi-Cyclic), co-invented by SandboxAQ, to its suite of post-quantum cryptographic (PQC) standards, the company announced today. HQC becomes the fifth algorithm selected by NIST in its ongoing effort to develop quantum-resistant encryption standards. Of the five, three will serve digital signature purposes, […]
The post SandboxAQ Strengthens Leadership in Post-Quantum Security as NIST Approves HQC Algorithm appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/27/sandboxaq-strengthens-leadership-in-post-quantum-security-as-nist-approves-hqc-algorithm/?utm_source=rss&utm_medium=rss&utm_campaign=sandboxaq-strengthens-leadership-in-post-quantum-security-as-nist-approves-hqc-algorithm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Perfect Storm: Why Power Plants Are Prime Targets For Cyberattacks
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Power Magazine Sausalito, Calif. – Mar. 27, 2025 The power sector is on the frontlines of a global cybersecurity battlefield, says Holger Betz, Cybersecurity Solution Architect at Siemens Energy. While
The post The Perfect Storm: Why Power Plants Are Prime Targets For Cyberattacks appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-perfect-storm-why-power-plants-are-prime-targets-for-cyberattacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1,2] the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2019-9875 (CVSS score of 8.8) is a Deserialization of Untrusted Data in the anti […]
https://securityaffairs.com/175915/security/u-s-cisa-adds-sitecore-cms-and-xp-and-github-action-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration
Understanding trends amidst noise: tracking shifts in security alerts allows cloud defenders to parse threats from attackers targeting IAM, storage and more.
The post Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration appeared first on Unit 42.
https://unit42.paloaltonetworks.com/2025-cloud-security-alert-trends/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
http://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy Concerns and Data Protection in TTS Applications
Text-to-Speech (TTS) software has become a necessity in most industries, including customer support, education, and accessibility services. Even content creators working on Linux and hoping to add voice capabilities to their projects are depending on Linux text to speech tools.
https://linuxsecurity.com/news/privacy/tts-privacy-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arkana Security group claims the hack of US telco provider WideOpenWest (WOW!)
Arkana Security, a new ransomware group, claims to have breached the telecommunications provider WideOpenWest (WOW!). The new ransomware group Arkana Security claims to have hacked US telecom provider WOW!, stealing customer data. WideOpenWest (WOW!) is a US-based telecommunications company that provides broadband internet, cable TV, and phone services. It operates mainly in the Midwest and […]
https://securityaffairs.com/175905/data-breach/arkana-security-group-claims-the-hack-of-wideopenwest-wow.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Announces New Vulnerability Prevention Capabilities
Get details on Legit's new capabilities that allow AppSec teams to prevent introducing vulnerabilities.
https://www.legitsecurity.com/blog/legit-announces-new-vulnerability-prevention-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What VirusTotal Missed — Discover with Unknown Cyber
“VirusTotal gives you opinions. Hybrid Analysis gives you behavior. Unknown Cyber gives you the truth in the code—before the malware even runs. That's how we blow them both away.” —...
The post What VirusTotal Missed — Discover with Unknown Cyber appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/what-virustotal-missed-discover-with-unknown-cyber/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security expert Troy Hunt hit by phishing attack
Troy Hunt, security expert and Have I Been Pwned owner, disclosed a phishing attack against him in a commendable display of transparency.
https://www.malwarebytes.com/blog/news/2025/03/security-expert-troy-hunt-hit-by-phishing-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New ReaderUpdate malware variants target macOS users
New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. ReaderUpdate is a macOS malware loader that has been active since 2020, the malicious code […]
https://securityaffairs.com/175891/malware/readerupdate-malware-variants-targets-macos.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't Buy A Network Pen Test Until You Ask These Questions
Originally published by Schellman.
Written by Austin Bentley, Manager, Schellman.
When people hear of an upcoming pen test, they most commonly think of network testing. These tests can be focused against your external network (i.e. network perimeter) or your internal network (cloud environment and/or on-premises network). As these networks typically change year to year with new devices, cloud migrations, on-premises migrations, and firewall migrations, pe...
https://cloudsecurityalliance.org/articles/don-t-buy-a-network-pen-test-until-you-ask-these-questions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q&A: Cybersecurity in ‘The Intelligent Era'
The Gurus spoke to Robert Hann, VP of Technical Solutions at Entrust, about the future of IT and the challenges these developments pose to security teams and business leaders globally. What do you think will be the most significant changes in the IT industry over the next 5-10 years? I believe the three most influential […]
The post Q&A: Cybersecurity in ‘The Intelligent Era' appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/26/qa-cybersecurity-in-the-intelligent-era/?utm_source=rss&utm_medium=rss&utm_campaign=qa-cybersecurity-in-the-intelligent-era
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit
Posted by Ian Beer, Google Project Zero
On September 7, 2023 Apple issued an out-of-band security update for iOS:
Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild":
"[The target was] an individual employed by a Washington DC-based civil society organization with international offices...
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
The day before,...
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Titan Security Keys now available in more countries
Posted by Christiaan Brand, Group Product ManagerWe're excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.What is a Titan Security Key?A Titan Security Key is a small, physical device that you can use to verify your identity when you sign in to your Google Account. It's like a second password that's much harder for cybercriminals to steal.Titan Security Keys allow you to store your passkeys on a strong, purpose-built...
http://security.googleblog.com/2025/03/titan-security-keys-now-available-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Earns 5-Star Rating in the 2025 CRN® Partner Program Guide
Rapid7 has been honored by CRN®, a brand of The Channel Company, with a 5-Star Award in the 2025 CRN Partner Program Guide. This annual guide is an essential resource for solution providers seeking vendor partner programs that match their business goals and deliver high partner value.
https://blog.rapid7.com/2025/03/26/rapid7-earns-5-star-rating-in-the-2025-crn-r-partner-program-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Guide On How AI Pilot Programs are Shaping Enterprise Adoption
Written by Koat.ai.
The First Flight into AI Initiatives
In the ever-evolving landscape of business, AI Pilot Programs offer a structured approach for companies to harness the potential of artificial intelligence. These initiatives provide a testing ground where businesses can refine their strategies and align AI technologies with their specific goals. By implementing AI pilot programs, organizations can assess the practical benefits of AI and identify any chall...
https://cloudsecurityalliance.org/articles/a-guide-on-how-ai-pilot-programs-are-shaping-enterprise-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking The Code: The Complete List of Women Hackers in Hollywood Movies
A curated collection of films that are meant to inspire an underrepresented group in cybersecurity – Paul John Spaulding & Amanda Glassner Northport, N.Y. – Mar. 26, 2025 Cybercrime, if it were an economy, would be the third largest in the world after the U.S.
The post Breaking The Code: The Complete List of Women Hackers in Hollywood Movies appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/breaking-the-code-the-complete-list-of-women-hackers-in-hollywood-movies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Generative AI In Business: Managing Risks in The Race for Innovation
Artificial intelligence has emerged as a game-changing force, with record amounts of funding fueling new innovations that are transforming industries and workflows at speeds we have never seen before. According...
The post Generative AI In Business: Managing Risks in The Race for Innovation appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/generative-ai-in-business-managing-risks-in-the-race-for-innovation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, March 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, March 2025 * New ransomware group Arkana Security claims attack on a US telecommunications company. * New ransomware group Frag claims attacks on 27 companies located in the US, Netherlands, and Singapore. * Korean […]
https://asec.ahnlab.com/en/87037/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rethinking SAP Security Without Maintenance Contracts
Do you rely on SAP maintenance contracts to keep vulnerabilities in check? Here's a question: have you felt the sting of renewal season? Those spiraling costs are hard to ignore—just...
The post Rethinking SAP Security Without Maintenance Contracts appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/rethinking-sap-security-without-maintenance-contracts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside the Mind of the Attacker: A Conversation with Raj Samani
Join Take Command 2025, a free virtual cybersecurity event on April 9. Hear from industry experts on AI-driven security, real-world attack simulations, and frontline SOC threat hunting strategies. Register now!
https://blog.rapid7.com/2025/03/26/inside-the-mind-of-the-attacker-a-conversation-with-raj-samani/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Tomcat: Vulnerable versions downloaded nearly 100K times since PoC
A rapidly exploited vulnerability with a major blast radius
A recently disclosed vulnerability in Apache Tomcat, CVE-2025-24813, is drawing significant attention due to its ease of exploitation, rapid adoption by attackers, and widespread usage across enterprise environments. This vulnerability is a blend of path traversal issues and deserialization flaws, potentially allowing for remote code execution (RCE) or the exfiltration of sensitive data.
https://www.sonatype.com/blog/apache-tomcat-vulnerability-widespread-exploitation-and-key-insights-from-sonatype
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Human Error and The Financial Impact of Cybercrime
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in TechBulllion Sausalito, Calif. – Mar. 26, 2025 The financial repercussions of cyber incidents can be staggering, affecting companies large and small. According to a report from Cybersecurity Ventures, global cybercrime damages are predicted
The post Human Error and The Financial Impact of Cybercrime appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/human-error-and-the-financial-impact-of-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Security Fixes & Enhancements in Linux Kernel 6.14
Linux kernel version 6.14 has been released with essential updates that Linux security admins won't want to miss. This version, unveiled on March 24, 2025, brings crucial optimizations and security improvements to provide a smoother and more secure computing experience. With a focus on key vulnerability patches, such as those addressing use-after-free issues in the key management system, every system admin's role in maintaining secure, reliable environments just got a little easier.
https://linuxsecurity.com/news/security-projects/security-fixes-enhancements-linux-kernel-6-14
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware
Fake Booking.com emails sent to hotels lead to fake CAPTCHA sites that trick the staff into infecting their own systems.
https://www.malwarebytes.com/blog/news/2025/03/fake-booking-com-phish-uses-fake-captchas-to-trick-hotel-staff-into-downloading-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DeepSeek users targeted with fake sponsored Google ads that deliver malware
With its growing popularity, sponsored Google search ads have started impersonating DeepSeek AI.
https://www.malwarebytes.com/blog/news/2025/03/deepseek-users-targeted-with-fake-sponsored-google-ads-that-deliver-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub Actions Supply Chain Attack
What is the Attack?Recently, a popular third-party GitHub Action tj-actions/changed-files (CVE-2025-30066), used by over 23,000 repositories, was compromised, potentially exposing sensitive workflow secrets in any pipeline that integrated it.Subsequent investigation revealed that the compromise of tj-actions/changed-files may be linked to a similar breach of another GitHub Action, reviewdog/action-setup@v1 (CVE-2025-30154). Multiple Reviewdog actions were affected during a specific timeframe, raising further concerns about the scope of the attack. CVE-2025-30154 · GitHub Advisory DatabaseGitHub Actions, a widely used CI/CD platform, enables developers to automate software development pipelines with reusable workflow components. The supply chain compromise in this case poses a serious security...
https://fortiguard.fortinet.com/threat-signal-report/6052
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach
With 23andMe filing for bankruptcy, here's how to remove your data from the company and protect yourself from the 2023 breach.
https://www.malwarebytes.com/blog/news/2025/03/23andme-bankruptcy-how-to-delete-your-data-and-stay-safe-from-the-2023-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome.
https://securelist.com/operation-forumtroll/115989/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quantum Minute On The Cybercrime Radio Podcast
Brought to you by Applied Quantum and Secure Quantum The Quantum Minute is brought to you by Applied Quantum, a leading consultancy and solutions provider specializing in quantum computing, quantum cryptography, quantum communication, and quantum AI. D-Wave is the latest company to claim that they have achieved quantum supremacy.
The post Quantum Minute On The Cybercrime Radio Podcast appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/quantum-minute/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlueSky InfoSec News List
Hello all, happy Tuesday. I’ve migrated my cybersecurity news feed list to BlueSky and it can now be found here: https://web-cdn.bsky.app/profile/hacks4pancakes.com/lists/3ll6ownhbuz2o I hope you find this useful. If you’re using Mastodon, the import process is a bit more manual: @Updated InfoSec Mastodon Lists!
https://tisiphone.net/2025/03/25/bluesky-infosec-news-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes
On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover.
https://blog.rapid7.com/2025/03/25/etr-multiple-vulnerabilities-in-ingress-nginx-controller-for-kubernetes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Roles Wins 2025 Cybersecurity Excellence Award for Hybrid Active Directory Protection
Alisa Viejo, United States, 25th March 2025, CyberNewsWire
Active Roles Wins 2025 Cybersecurity Excellence Award for Hybrid Active Directory Protection on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/25/active-roles-wins-2025-cybersecurity-excellence-award-for-hybrid-active-directory-protection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notable vulnerabilities in Next.js (CVE-2025-29927) and CrushFTP
Rapid7 is warning customers of two notable vulnerabilities affecting Next.js (CVE-2025-29927) and file transfer software CrushFTP (no CVE).
https://blog.rapid7.com/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating NIS2 Compliance: Elevating Cyber Resilience Through Network Visibility
As cyber threats continue to surge, businesses face growing pressure to fortify their defences and ensure operational continuity. Regulatory frameworks like the Network and Information Systems Directive 2 (NIS2) reflect...
The post Navigating NIS2 Compliance: Elevating Cyber Resilience Through Network Visibility appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/navigating-nis2-compliance-elevating-cyber-resilience-through-network-visibility/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weekly Detection Rule (YARA and Snort) Information – Week 4, March 2025
The following is the information on Yara and Snort rules (week 4, March 2025) collected and shared by the AhnLab TIP service. 10 YARA Rules Detection name Description Source PK_Alibaba_whizkossy Phishing Kit impersonating Alibaba https://github.com/t4d/PhishingKit-Yara-Rules PK_Caixa_db Phishing Kit impersonating Caixa Bank https://github.com/t4d/PhishingKit-Yara-Rules PK_MBHBank_takare Phishing Kit impersonating MBH Bank from Hungary https://github.com/t4d/PhishingKit-Yara-Rules PK_Telstra_mengunjungi2 Phishing Kit impersonating […]
https://asec.ahnlab.com/en/87025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Connect announces vSOC Assure to streamline cyber risk assessments and increase cyber resilience
Data Connect, a leading cyber security services provider underpinned by elite cyber practitioners and technology, today announced the launch of vSOC Assure. The platform has been developed in response to the growing need for robust, ongoing security assessments and it goes beyond traditional cyber security audits, offering a structured, year-round approach to risk identification, remediation […]
The post Data Connect announces vSOC Assure to streamline cyber risk assessments and increase cyber resilience appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/25/data-connect-announces-vsoc-assure-to-streamline-cyber-risk-assessments-and-increase-cyber-resilience/?utm_source=rss&utm_medium=rss&utm_campaign=data-connect-announces-vsoc-assure-to-streamline-cyber-risk-assessments-and-increase-cyber-resilience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Troy Hunt's Mailchimp List - 16,627 breached accounts
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
https://haveibeenpwned.com/PwnedWebsites#TroyHuntMailchimpList
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Most Ransomware Victims Who Pay Up Don't Get Their Data Back
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in SC Media Sausalito, Calif. – Mar. 25, 2025 It's any IT professional's worst nightmare, writes Trevor Dearing, an SC Media contributor. Someone has breached the network, locked users out of their
The post Most Ransomware Victims Who Pay Up Don’t Get Their Data Back appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/most-ransomware-victims-who-pay-up-dont-get-their-data-back/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oops! Google accidentally deletes some users’ Maps Timeline data
Google has admitted it accidentally deleted some Maps Timeline user data after what it calls a "technical issue".
https://www.malwarebytes.com/blog/news/2025/03/oops-google-accidentally-deletes-some-users-maps-timeline-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Financial cyberthreats in 2024
The Kaspersky financial threat report for 2024 contains the main trends and statistics on financial phishing and scams, mobile and PC banking malware, as well as recommendations on how to protect yourself and your business.
https://securelist.com/financial-threat-report-2024/115966/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DeepSeek: Behind the Hype and Headlines
Written by Kurt Seifried, Chief Innovation Officer, CSA.
The Story That Shook the Markets
In January 2025, a relatively unknown Chinese AI company called DeepSeek burst onto the global stage with a bold claim—they had built advanced AI models that matched or exceeded the capabilities of tech giants like OpenAI and Google—at a tiny fraction of the cost. Markets reacted dramatically, with Nvidia alone losing nearly 0 billion in value in a single day, part of a broade...
https://cloudsecurityalliance.org/articles/deepseek-behind-the-hype-and-headlines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issues with Kubernetes ingress-nginx controller (Multiple CVEs)
Publication Date: 2025/03/24 09:00AM PDT
Description
Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function.
AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller. Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version.
We have proactively notified customers who were identified as having this controller installed.
References:
CVE-2025-1098 - GitHub Issue
CVE-2025-1974 - GitHub Issue
CVE-2025-1097 - GitHub Issue
CVE-2025-24514 - GitHub Issue...
https://aws.amazon.com/security/security-bulletins/AWS-2025-006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Next.js Vulnerability: What You Need to Know
Get details on this recent vulnerability, how to respond, and how Legit can help.
https://www.legitsecurity.com/blog/next-js-vulnerability-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Guardians: INE Security Champions Cybersecurity Training During National Physicians Week 2025
Cary, NC, 24th March 2025, CyberNewsWire
Cyber Guardians: INE Security Champions Cybersecurity Training During National Physicians Week 2025 on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/24/cyber-guardians-ine-security-champions-cybersecurity-training-during-national-physicians-week-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SaaS Security and IaaS Security—Why You Need Both
Originally published by Valence.
Written by Jason Silberman.
The rapid adoption of cloud computing over the past decade SaaS (Software-as-a-Service) and IaaS (Infrastructure-as-a-Service) has revolutionized how businesses operate. However, with this transformation comes a dual-edged sword: while these platforms offer unmatched flexibility and scalability, they also expose organizations to a growing array of security risks. Modern enterprises must navigate a complex...
https://cloudsecurityalliance.org/articles/saas-security-and-iaas-security-why-you-need-both
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A maintainer's guide to vulnerability disclosure: GitHub tools to make it simple
A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.
The post A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/a-maintainers-guide-to-vulnerability-disclosure-github-tools-to-make-it-simple/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft unveils Microsoft Security Copilot agents and new protections for AI
Learn about the upcoming availability of Microsoft Security Copilot agents and other new offerings for a more secure AI future.
The post Microsoft unveils Microsoft Security Copilot agents and new protections for AI appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/24/microsoft-unveils-microsoft-security-copilot-agents-and-new-protections-for-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberFirst Girls Competition: a proud milestone and exciting future
The future of the CyberFirst Girls Competition and reflecting on brilliant progress.
https://www.ncsc.gov.uk/blog-post/cyberfirst-girls-competition-milestone-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Report on Ransomware Attacks Targeting Korean Companies
Overview In recent years, ransomware attacks have been increasing worldwide, with Korean companies also experiencing a rise in cases. Especially since 2023, there has been a sharp surge in ransomware incidents targeting the Asia region, highlighting the need for a systematic analysis of this trend and its impact. This report is based […]
https://asec.ahnlab.com/en/87009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privileged access workstations: introducing our new set of principles
Principles-based guidance for organisations setting up a PAW solution.
https://www.ncsc.gov.uk/blog-post/introducing-new-paws-principles
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Matthew Modine on AI, Cybercrime, Hacking, and the Internet
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 24, 2025 –Watch the video on YouTube Matthew Modine “is one of the best, most adaptable film actors of his generation,” says The New York Times. Modine's iconic portrayals in films such
The post Matthew Modine on AI, Cybercrime, Hacking, and the Internet appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/matthew-modine-on-ai-cybercrime-hacking-and-the-internet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anatomy of Linux Ransomware Attacks and Protection Strategies
Ransomware has dominated cybersecurity news headlines for the past decade, and for a good reason. Through a combination of advanced encryption and effective extortion mechanisms, a ransomware attack can have devastating consequences for any victim, including data loss, reputation harm, recovery costs, and significant downtime.
https://linuxsecurity.com/features/features/anatomy-of-linux-ransomware-attacks-and-protection-strategies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (March 17 – March 23)
A list of topics we covered in the week of March 17 to March 23 of 2025
https://www.malwarebytes.com/blog/news/2025/03/a-week-in-security-march-17-march-23
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passkeys: they're not perfect but they're getting better
Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.
https://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passkeys: the promise of a simpler and safer alternative to passwords
The merits of choosing passkeys over passwords to help keep your online accounts more secure, and explaining how the technology promises to do this
https://www.ncsc.gov.uk/blog-post/passkeys-promise-simpler-alternative-passwords
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Google Chrome knows about you, with Carey Parker (Lock and Code S06E06)
This week on the Lock and Code podcast, we speak with Carey Parker about what Google Chrome knows about you.
https://www.malwarebytes.com/blog/podcast/2025/03/what-google-chrome-knows-about-you-with-carey-parker-lock-and-code-s06e06
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Warning Against Phishing Emails Distributing GuLoader Malware by Impersonating a Famous International Shipping Company
AhnLab SEcurity intelligence Center (ASEC) recently identified the distribution of GuLoader malware via a phishing email by impersonating a famous international shipping company. The phishing email was obtained through the email honeypot operated by ASEC. The mail body instructs users to check their post-paid customs tax and demands them to open the attachment. Figure […]
https://asec.ahnlab.com/en/87002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arrests in Tap-to-Pay Scheme Powered by Phishing
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China.
https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 03/21/2025
This week, the Metasploit team have added an exciting relay module that has been in the works for a long time. Learn more!
https://blog.rapid7.com/2025/03/21/metasploit-wrap-up-03-21-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Personal data revealed in released JFK files
The release of the JFK assassination records also resulted in the leak of hundreds of Social Security Numbers
https://www.malwarebytes.com/blog/news/2025/03/personal-data-revealed-in-released-jfk-files
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Human Factor: Redefining Cybersecurity In The Age Of AI
https://www.proofpoint.com/us/newsroom/news/human-factor-redefining-cybersecurity-age-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with the AWS CDK CLI and custom credential plugins (CVE-2025-2598)
Publication Date: 2025/03/21 07:00 AM PDT
Description
AWS identified CVE-2025-2598, an issue in the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI), versions 2.172.0 through 2.178.1. The AWS CDK CLI is a command line tool that deploys AWS CDK applications onto AWS accounts.
When customers run AWS CDK CLI commands with credential plugins and configure those plugins to return temporary credentials by including an expiration property, this issue can potentially result in the AWS credentials retrieved by the plugin to be printed to the console output. Any user with access to where the CDK CLI was ran would have access to this output. We have released a fix for this issue and recommend customers upgrade to version 2.178.2 or later to address this issue....
https://aws.amazon.com/security/security-bulletins/AWS-2025-005/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Business Alert: Top 10 Most Common Social Engineering Attacks
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 21, 2025 –Read the full story in Tech Bullion According to Cybersecurity Ventures, the global cost of cybercrime is projected to reach .5 trillion annually by 2025, up from trillion in
The post Small Business Alert: Top 10 Most Common Social Engineering Attacks appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/small-business-alert-top-10-most-common-social-engineering-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 MDR Supports AWS GuardDuty's New Attack Sequence Alerts
AWS GuardDuty has introduced two powerful new alerts that enhance its threat detection capabilities: "Potential Credential Compromise" and "Potential S3 Data Compromise."
https://blog.rapid7.com/2025/03/21/rapid7-mdr-supports-aws-guarddutys-new-attack-sequence-alerts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/articles/threat-intelligence/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One-third of CNI organisations admit to paying ransomware according to new report from Bridewell
According to new research entitled Cyber Security in Critical National Infrastructure: 2025, from Bridewell, a leading UK-based cyber security services provider, one-third of UK CNI organisations targeted by ransomware admitted to paying the ransom – a practice which has been hotly debated in recent times. Furthermore, a staggering 95% of UK Critical National Infrastructure (CNI) […]
The post One-third of CNI organisations admit to paying ransomware according to new report from Bridewell appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/21/one-third-of-cni-organisations-admit-to-paying-ransomware-according-to-new-report-from-bridewell/?utm_source=rss&utm_medium=rss&utm_campaign=one-third-of-cni-organisations-admit-to-paying-ransomware-according-to-new-report-from-bridewell
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat landscape for industrial automation systems in Q4 2024
The report contains statistics on malware, initial infection vectors and other threats to industrial automation systems in Q4 2024.
https://securelist.com/ics-cert-q4-2024-report/115944/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21)
A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains.
The post GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hybrid Cloud Security – Top Challenges and Best Practices
Originally published by InsiderSecurity.
The increasing prevalence of digital transformations in businesses has led to a global surge in cloud adoption. Many companies are now opting for a hybrid cloud model, which combines private and public cloud services to harness the advantages of both while introducing specific security challenges. It's important for businesses to be aware of the risks and follow best practices for managing hybrid cloud security. The article examines the sec...
https://cloudsecurityalliance.org/articles/hybrid-cloud-security-top-challenges-and-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Transform Your GRC with Continuous Controls Monitoring
Originally published by RegScale.
Overwhelmed audit teams.
Lengthy control processes.
Increased regulatory scrutiny.
Today, organizations are facing mounting pressure to strengthen their security posture while managing an ever-expanding web of compliance requirements. Manual processes are breaking under the strain, and traditional workflows can't keep pace with evolving cyber risks.
As companies struggle to mitigate risks effectively, many are searching for ...
https://cloudsecurityalliance.org/articles/how-to-transform-your-grc-with-continuous-controls-monitoring
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hybrid Work: Navigating Security Challenges in the Modern Enterprise
Originally published by Reemo.
Hybrid work has emerged as a dominant organizational model, with a significant portion of the global workforce embracing this flexible approach. While it offers numerous benefits, it also introduces complex security challenges that organizations must address to protect their valuable assets.
The rise of hybrid work and its security implications
The shift towards hybrid work, combining on-site and remote work, has accelerated due to advancem...
https://cloudsecurityalliance.org/articles/hybrid-work-navigating-security-challenges-in-the-modern-enterprise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rethinking Data Risk in the AI Era: Why Organizations Need a Unified Approach
Originally published by BigID.
The landscape of data security, privacy, and compliance has fundamentally changed. The explosive growth of data, the rapid adoption of AI, and an evolving threat landscape have outpaced traditional security measures. Organizations are now confronted with an undeniable reality: fragmented, legacy solutions are no longer enough.
The Complexity of Modern Data Risk
Data is sprawled across multi-cloud environments, third-party apps, and AI mode...
https://cloudsecurityalliance.org/articles/rethinking-data-risk-in-the-ai-era-why-organizations-need-a-unified-approach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building a Robust Data Security Maturity Model
Written by Suresh Kumar Akkemgari, Hyland Software.
Introduction
In today's digital world, cyber threats challenge governments, business, critical infrastructure, and individuals. As these threats grow more frequent and complex, organizations must enhance their security measures. Data security governance entities should assess their security maturity to stay resilient.
Security maturity measures an organization's ability to manage risks within its specific context. It invo...
https://cloudsecurityalliance.org/articles/building-a-robust-data-security-maturity-model
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Makes Cybersecurity Everyone's Responsibility
Originally published by Illumio on October 14, 2024.
Written by Gary Barlet, Public Sector CTO.
Last month, news broke that senior Navy leaders aboard the USS Manchester were running a secret, unauthorized WiFi network on the ship. They only used the network to check sports scores, text home, and stream movies, according to the Navy Times article. But they kept its existence under wraps for months before the ship's superiors grew suspicious and started investigati...
https://cloudsecurityalliance.org/articles/zero-trust-makes-cybersecurity-everyone-s-responsibility
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Semrush impersonation scam hits Google Ads
The phishing campaign for valuable Google accounts continues with a new twist, going after the customers of a SasS platform.
https://www.malwarebytes.com/blog/cybercrime/2025/03/semrush-impersonation-scam-hits-google-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Modeling OpenAI's Responses API with the MAESTRO Framework
Written by Ken Huang, CEO of DistributedApps.ai, CSA Fellow, Co-Chair of CSA AI Safety Working Groups.
OpenAI has ushered in a new era of AI capabilities with its latest release: the Responses API. This isn't just another incremental update; it represents a fundamental shift towards agentic AI. While previous APIs like "Chat Completions" focused on conversational interactions, the Responses API empowers developers to build agents – autonomous systems capable of taking actions...
https://cloudsecurityalliance.org/articles/threat-modeling-openai-s-responses-api-with-the-maestro-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening Cybersecurity in Healthcare: Newly Proposed HIPAA Rules to Include Pentesting
Originally published by Synack.
New year, new regulations. In late December 2024, the U.S. Department of Health and Human Services (HHS) issued a proposal to modify the Health Insurance Portability and Accountability Act's (HIPAA) Security Rule, with an overarching goal of strengthening the cybersecurity programs of healthcare organizations and protecting patient data from malicious adversaries.
The HIPAA (not HIPPA, as many often confuse it to be) proposal introduces...
https://cloudsecurityalliance.org/articles/strengthening-cybersecurity-in-healthcare-newly-proposed-hipaa-rules-to-include-pentesting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure Your Attack Surface: Key Findings from IDC's 2024 Spotlight Report
We're pleased to share IDC analyst Michelle Abraham's insights on cyber risk exposure management and the imperative for organizations to implement proactive security strategies.
https://blog.rapid7.com/2025/03/20/secure-your-attack-surface-key-findings-from-idcs-2024-spotlight-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Timelines for migration to post-quantum cryptography
Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.
https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating MSSP Growth: Mergers, Acquisitions, and Strategic Differentiation
The Rise of Mergers and Acquisitions in the MSP and MSSP Industry – Jeff Hill, Senior Director Americas Service Providers and MSSP at Stellar Cyber San Jose, Calif. – Mar. 20, 2025 It's an exciting time for service providers, with a lot of merger and
The post Navigating MSSP Growth: Mergers, Acquisitions, and Strategic Differentiation appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/navigating-mssp-growth-mergers-acquisitions-and-strategic-differentiation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 3st Week of March, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of March, 2025”
https://asec.ahnlab.com/en/86960/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Than Half Of Ransomware Attacks Bypass Traditional Detection Tools
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 20, 2025 –Read the full story from Morphisec Global annual ransomware damages are projected to exceed 5 billion by 2031, according to Cybersecurity Ventures, highlighting the urgent need for businesses to
The post More Than Half Of Ransomware Attacks Bypass Traditional Detection Tools appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/more-than-half-of-ransomware-attacks-bypass-traditional-detection-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New KnowBe4 Report Reveals a Spike in Phishing Campaigns
KnowBe4, Security Awareness Training leader, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organisations at the start of 2025. Based on data generated by KnowBe4 Defend, this edition highlights the growing threat of ransomware and explores how cybercriminals are using sophisticated tactics to […]
The post New KnowBe4 Report Reveals a Spike in Phishing Campaigns appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/20/new-knowbe4-report-reveals-a-spike-in-phishing-campaigns/?utm_source=rss&utm_medium=rss&utm_campaign=new-knowbe4-report-reveals-a-spike-in-phishing-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond open vs. closed: Understanding the spectrum of AI transparency
Artificial intelligence (AI) is transforming industries, from software development to cybersecurity. But as AI adoption grows, so does the discussion around its accessibility and transparency. Unlike traditional software, where the concept of open source is well-defined, AI introduces additional complexities — particularly around training data, model parameters, and architecture openness.
https://www.sonatype.com/blog/beyond-open-vs.-closed-understanding-the-spectrum-of-ai-transparency
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Setting direction for the UK's migration to post-quantum cryptography
Why the key milestones for PQC migration are part of building and maintaining good cyber security practice.
https://www.ncsc.gov.uk/blog-post/setting-direction-uk-migration-to-pqc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses
In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve learned, these techniques can be detected by proxies employing TLS inspection, by checking whether the hostname in the SNI matches the one in the HTTP Host header. If they […]
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A different future for telecoms in the UK
NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei equipment in the UK.
https://www.ncsc.gov.uk/blog-post/a-different-future-for-telecoms-in-the-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security, complexity and Huawei; protecting the UK's telecoms networks
With 5G set to transform mobile services, Ian Levy explains how the UK has approached telecoms security, and what that means for the future.
https://www.ncsc.gov.uk/blog-post/blog-post-security-complexity-and-huawei-protecting-uks-telecoms-networks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Use of Russian technology products and services following the invasion of Ukraine
Cyber security – even in a time of global unrest – remains a balance of different risks. Ian Levy, the NCSC's Technical Director, explains why.
https://www.ncsc.gov.uk/blog-post/use-of-russian-technology-products-services-following-invasion-ukraine
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The future of telecoms in the UK
NCSC Technical Director Dr Ian Levy explains how the security analysis behind the DCMS supply chain review will ensure the UK's telecoms networks are secure – regardless of the vendors used.
https://www.ncsc.gov.uk/blog-post/the-future-of-telecoms-in-the-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
So long and thanks for all the bits
Ian Levy, the NCSC's departing Technical Director, discusses life, the universe, and everything.
https://www.ncsc.gov.uk/blog-post/so-long-thanks-for-all-the-bits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TLS 1.3: better for individuals - harder for enterprises
The NCSC's technical director outlines the challenges that TLS 1.3 presents for enterprise security.
https://www.ncsc.gov.uk/blog-post/tls-13-better-individuals-harder-enterprises
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Yes, That's Me on Your Radio!
I had the honor of another short segment on NPR’s Marketplace this morning. I spoke about the state of cyber crime, and the impact of US government changes on cyber defense.
https://tisiphone.net/2025/03/19/yes-thats-me-on-your-radio/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DOGE to Fired CISA Staff: Email Us Your Personal Data
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment -- presumably with the password needed to view the file included in the body of the email.
https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyX - 1,977,011 breached accounts
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
https://haveibeenpwned.com/PwnedWebsites#SpyX
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Veeam Backup & Replication CVE-2025-23120
On Wednesday, March 19, 2025, backup and recovery software provider Veeam published a security advisory for a critical remote code execution vulnerability.
https://blog.rapid7.com/2025/03/19/etr-critical-veeam-backup-and-replication-cve-2025-23120/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Tomcat CVE-2025-24813: What You Need to Know
Apache Tomcat CVE-2025-24813 is an unauthenticated remote code execution vulnerability in Apache Tomcat's partial PUT feature disclosed on March 10, 2025.
https://blog.rapid7.com/2025/03/19/etr-apache-tomcat-cve-2025-24813-what-you-need-to-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, March 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, March 2025 New RaaS platform VanHelsing Locker being promoted on dark web forums Pro-Palestinian hacktivist group RipperSec claims to have hacked SCADA systems of Korea Electric Power Technology and Dairy Promotion Board, among others Hacktivist group Dienet claims cyber attack […]
https://asec.ahnlab.com/en/86954/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nominations Open for 2025 European Cybersecurity Blogger Awards
Eskenzi PR are proud to announce that nominations are open for the 12th annual European Cybersecurity Bloggers Awards. The 2025 event is sponsored by Keeper Security and Pulse Conferences and supported once again by media partners, Infosecurity Magazine and the IT Security Guru. The awards will take place at Novotel London ExCeL on the 4th […]
The post Nominations Open for 2025 European Cybersecurity Blogger Awards appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/19/nominations-open-for-2025-european-cybersecurity-blogger-awards/?utm_source=rss&utm_medium=rss&utm_campaign=nominations-open-for-2025-european-cybersecurity-blogger-awards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Over 15 women graduate from new cybersecurity training programme
More than 15 women have graduated from cyberUPLIFT, a new cybersecurity training programme from TECwomen, a community-interest company committed to supporting, training, and building a network for women who work or aspire to work in the Technology, Engineering, and Creative Digital industries. The programme, which builds on the success of TECwomen's digitalUPLIFT initiative, was developed […]
The post Over 15 women graduate from new cybersecurity training programme appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/19/over-15-women-graduate-from-new-cybersecurity-training-programme/?utm_source=rss&utm_medium=rss&utm_campaign=over-15-women-graduate-from-new-cybersecurity-training-programme
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyCloud's 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats
Austin, TX, United States, 19th March 2025, CyberNewsWire
SpyCloud's 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/19/spyclouds-2025-identity-exposure-report-reveals-the-scale-and-hidden-risks-of-digital-identity-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arcane stealer: We want all your data
The new Arcane stealer spreads via YouTube and Discord, collecting data from many applications, including VPN and gaming clients, network utilities, messaging apps, and browsers.
https://securelist.com/arcane-stealer/115919/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff.
https://tisiphone.net/2025/03/18/updated-infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lexipol - 672,546 breached accounts
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
https://haveibeenpwned.com/PwnedWebsites#Lexipol
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint enhances cybersecurity by expanding partnership with Microsoft Azure
https://www.proofpoint.com/us/newsroom/news/proofpoint-enhances-cybersecurity-expanding-partnership-microsoft-azure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MSFT 'Strengthens' Cybersecurity Partnership with Proofpoint
https://www.proofpoint.com/us/newsroom/news/msft-strengthens-cybersecurity-partnership-proofpoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Darren Lee, EVP + GM at Proofpoint joins LIVE on NYSE TV
https://www.proofpoint.com/us/newsroom/news/darren-lee-evp-gm-proofpoint-joins-live-nyse-tv
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI innovation requires AI security: Hear what's new at Microsoft Secure
When you're secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you're the hero in this battle between protecting vast amounts of data while ensuring AI systems remain transparent and compliant. What you need in this time of new threats and complexity in securing interconnected AI applications is a proactive, innovative approach to stay ahead.
The post AI innovation requires AI security: Hear what's new at Microsoft Secure appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/ai-innovation-requires-ai-security-hear-what%E2%80%99s-new-at-microsoft-secure/4394130
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weekly Detection Rule (YARA and Snort) Information – Week 3, March 2025
The following is the information on Yara and Snort rules (week 3, March 2025) collected and shared by the AhnLab TIP service. 0 YARA Rules 17 Snort Rules Detection name Source ET WEB_SPECIFIC_APPS D-Tale Filter Query Command Injection Attempt (CVE-2025-0655) https://rules.emergingthreatspro.com/open/ ET EXPLOIT [CORELIGHT] – CVE-2025-27218 Sitecore unsafe deserialization attempt https://rules.emergingthreatspro.com/open/ ET WEB_SPECIFIC_APPS Apache Camel […]
https://asec.ahnlab.com/en/86939/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Github Actions tj-actions/changed-files Attack
Get details on this recent supply chain attack and how to prevent similar attacks in the future.
https://www.legitsecurity.com/blog/github-actions-tj-actions-changed-files-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 3: Domain Fronting
The last two blog posts in this series were about SNI spoofing and Host header spoofing. We also learned that the latter is addressed by some vendors with a technique called "Domain Fronting Detection". But what exactly is domain fronting? This will be explained in this blog post.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Establishes Global Strategic Alliance with Microsoft to Build on Azure and Strengthen Human-Centric Cybersecurity for Organizations
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-establishes-global-strategic-alliance-microsoft-build-azure-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect your Gmail, Outlook after FBI warning on Medusa ransomware
https://www.proofpoint.com/us/newsroom/news/how-protect-your-gmail-outlook-after-fbi-warning-medusa-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
Microsoft Incident Response uncovered a novel remote access trojan (RAT) named StilachiRAT, which demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. This blog primarily focuses on analysis of the WWStartupCtrl64.dll module that contains the RAT capabilities and summarizes the malware's key behaviors, capabilities, and the potential risk posed to systems and users.
The post StilachiRAT analysis: From system reconnaissance to cryptocurrency theft appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing OSV-Scanner V2: Vulnerability scanner and remediation tool for open source
Posted by Rex Pan and Xueqin Cui, Google Open Source Security TeamIn December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities. Our goal is to simplify and streamline vulnerability management for developers and security teams alike.Today, we're thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with...
http://security.googleblog.com/2025/03/announcing-osv-scanner-v2-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Corporate Investigation with Belkasoft X: A Digital Forensics Tool Revolutionizing Data Analysis
In today's fast-paced business environment, corporate investigation has become a cornerstone for maintaining integrity, compliance,…
Corporate Investigation with Belkasoft X: A Digital Forensics Tool Revolutionizing Data Analysis on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/17/corporate-investigation-with-belkasoft-x-a-digital-forensics-tool-revolutionizing-data-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
European Cyber Report 2025: 137% more DDoS attacks than last year – what companies need to know
Frankfurt am Main, Germany, 17th March 2025, CyberNewsWire
European Cyber Report 2025: 137% more DDoS attacks than last year – what companies need to know on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/17/european-cyber-report-2025-137-more-ddos-attacks-than-last-year-what-companies-need-to-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legacy Driver Exploitation Through Bypassing Certificate Verification
1. Overview In June 2024, the security company CheckPoint-Research (CPR) published a post on a security threat that used the Legacy Driver Exploitation technique. This attack mostly focused on remotely controlling infected systems using the Gh0stRAT malware and causing additional damage. The threat actor distributed malware using a phishing site and messaging apps, and loaded […]
https://asec.ahnlab.com/en/86881/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.
https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Text scams warning of unpaid road tolls fueled by cybercriminal salesmen on Telegram
https://www.proofpoint.com/us/newsroom/news/text-scams-warning-unpaid-road-tolls-fueled-cybercriminal-salesmen-telegram
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Application security trends: Shift-left security, AI, and open source malware
Software is at the heart of business operations across most industries, which means application security has never been more critical. However, as organizations embrace cloud-native architectures, microservices, and open source components, the attack surface continues to expand. The result: an ever-growing number of vulnerable and malicious dependencies that adversaries are eager to exploit.
https://www.sonatype.com/blog/application-security-trends-shift-left-security-ai-and-open-source-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Off the Beaten Path: Recent Unusual Malware
Three unusual malware samples analyzed here include an ISS backdoor developed in a rare language, a bootkit and a Windows implant of a post-exploit framework.
The post Off the Beaten Path: Recent Unusual Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unusual-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How MSRC coordinates vulnerability research and disclosure while building community
Learn about the Microsoft Security Response Center, which investigates vulnerabilities and releases security updates to help protect customers from cyberthreats.
The post How MSRC coordinates vulnerability research and disclosure while building community appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/13/how-msrc-coordinates-vulnerability-research-and-disclosure-while-building-community/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 2025년 3월 2주차
ASEC Blog publishes “Android Malware & Security Issue 2st Week of March, 2025”
https://asec.ahnlab.com/en/86827/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Downloader Malware Written in JPHP Interpreter
AhnLab SEcurity intelligence Center (ASEC) recently discovered malware created using JPHP. JPHP is a PHP interpreter that runs on the Java Virtual Machine (JVM), and it was designed to allow PHP code to be used in a Java environment. It can convert PHP code into Java bytecode for execution, enabling direct calls to Java libraries. […]
https://asec.ahnlab.com/en/86859/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft. […]
The post Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/13/phishing-campaign-impersonates-booking-com-delivers-a-suite-of-credential-stealing-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/threat-intelligence/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats
Cary, North Carolina, 13th March 2025, CyberNewsWire
INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/13/ine-security-alert-using-ai-driven-cybersecurity-training-to-counter-emerging-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Head Mare and Twelve join forces to attack Russian entities
We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve.
https://securelist.com/head-mare-twelve-collaboration/115887/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims
We identified a campaign spreading thousands of sca crypto investment platforms through websites and mobile apps, possibly through a standardized toolkit.
The post Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fraud-crypto-platforms-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 2: Host Header Spoofing
In the last post about bypassing web filters, I discussed how SNI spoofing works and how this can also be prevented by web filters. This post is about another bypass technique called Host Header spoofing.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we'll shed light on how these vulnerabilities that rely on a parser differential were uncovered.
The post Sign in as anyone: Bypassing SAML SSO authentication with parser differentials appeared first on The GitHub Blog.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, March 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, March 2025 New ransomware group SecP0 demands ransom for corporate vulnerabilities. Pro-Palestinian hacktivist group RipperSec claims DDoS attacks on South Korean telecom companies, public institutions, and education-related websites. Pro-Palestinian hacktivist group Dark Storm Team claims large-scale DDoS attack on X. […]
https://asec.ahnlab.com/en/86775/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Incident response analyst report 2024
Kaspersky provides incident response statistics for 2024, as well real incidents analysis. The report also shares IR trends and cybersecurity recommendations.
https://securelist.com/kaspersky-incident-response-report-2024/115873/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.
https://krebsonsecurity.com/2025/03/microsoft-6-zero-days-in-march-2025-patch-tuesday/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alleged Co-Founder of Garantex Arrested in India
Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.
https://krebsonsecurity.com/2025/03/alleged-co-founder-of-garantex-arrested-in-india/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. These enhanced features help this malware family steal and exfiltrate files and system and user information, such as digital wallet data and notes, among others.
The post New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing picklescan: Sonatype discovers four vulnerabilities
Sonatype has discovered and disclosed four vulnerabilities in picklescan, a tool designed to help developers scan Python pickle files for malicious content. Pickle files, used for serializing and deserializing Python AI/ML models, can be a security risk as they allow for arbitrary code execution during the deserialization process.
https://www.sonatype.com/blog/bypassing-picklescan-sonatype-discovers-four-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DCRat backdoor returns
Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats.
https://securelist.com/new-wave-of-attacks-with-dcrat-backdoor-distributed-by-maas/115850/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 1: SNI Spoofing
This is the first part of a series of blog posts about techniques to bypass web filters, looking at increasingly advanced techniques with each part.
The first part is about how SNI spoofing can be used to bypass web filters.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stack buffer overflow in CLI command
A stack-buffer overflow vulnerability [CWE-121] in FortiMail CLI may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI commands. Revised on 2025-03-19 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-331
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web application firewall rules bypass by using an empty filename
Two improper handling of syntactically invalid structure vulnerabilities [CWE-228] in FortiWeb may allow an unauthenticated attacker to bypass web firewall protections via HTTP/S crafted requests. Revised on 2025-03-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-115
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Camel Vulnerability - CVE-2025-27636
CVE-2025-27636Bypass/Injection vulnerability in Apache Camel-Bean component under particular conditions. This issue affects Apache Camel: from 4.10.0 through
https://fortiguard.fortinet.com/psirt/FG-IR-25-166
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authenticated SQLI on CLI
Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiAnalyzer, FortiManager & FortiAnalyzer-BigData may allow a privileged attacker to execute unauthorized code or commands via specifically crafted CLI requests. Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-130
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Client-side enforcement of server-side security related to vm download feature
A client-side enforcement of server-side security vulnerability [CWE-602] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-305
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cross Site Request Forgery in admin endpoint
A cross site request forgery vulnerability [CWE-352] in FortiNDR may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests. Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-353
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware Multiple Products Zero-day Vulnerabilities
What is the Vulnerability?Multiple zero-day vulnerabilities have been identified in VMware's ESXi, Workstation, and Fusion products. VMware has confirmed that these vulnerabilities are being actively exploited in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) has included them in its Known Exploited Vulnerabilities Catalog due to evidence of such exploitation.The vendor advisory indicates that these vulnerabilities were reported to VMware by the Microsoft Threat Intelligence Center.• CVE-2025-22225: Arbitrary Write Vulnerability in VMware ESXi • CVE-2025-22224: TOCTOU Race Condition Vulnerability in VMware ESXi and Workstation • CVE-2025-22226: Information Disclosure Vulnerability in VMware ESXi, Workstation, and FusionWhat is the recommended Mitigation?Updates...
https://fortiguard.fortinet.com/threat-signal-report/6026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders.
The post Full exposure: A practical approach to handling sensitive data leaks appeared first on The GitHub Blog.
https://github.blog/security/full-exposure-a-practical-approach-to-handling-sensitive-data-leaks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SideWinder targets the maritime and nuclear sectors with an updated toolset
In this article, we discuss the tools and TTPs used in the SideWinder APT's attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.
https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Feds Link 0M Cyberheist to 2022 LastPass Hacks
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular 0 million cryptocurrency heist said they had reached the same conclusion.
https://krebsonsecurity.com/2025/03/feds-link-150m-cyberheist-to-2022-lastpass-hacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Reward Program: 2024 in Review
Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who's reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who've recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and related initiatives:The Google VRP revamped its reward structure, bumping rewards up to a maximum...
http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple Vulnerabilities Discovered in a SCADA System
We identified multiple vulnerabilities in ICONICS Suite, SCADA software used in numerous OT applications. This article offers a technical analysis of our findings.
The post Multiple Vulnerabilities Discovered in a SCADA System appeared first on Unit 42.
https://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who is the DOGE and X Technician Branden Spikes?
At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk's most loyal employees. Here's a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elon's cousin.
https://krebsonsecurity.com/2025/03/who-is-the-doge-and-x-technician-branden-spikes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Women's History Month: Why different perspectives in cybersecurity and AI matter more than ever before
This Women's History Month serves as a crucial moment for us to lead and continue to pave the way for a more inclusive future. I am truly honored to support my amazing women colleagues who continue to excel in their careers. Their diverse perspectives and talents are invaluable, driving innovation and progress across various industries. I am proud to be a part of Microsoft Security, which is focused on building and nurturing an inclusive cybersecurity workforce and curating careers, tools, and resources that work for everyone. We recognize that this is what promotes business growth, strengthens global defenses, and enhances AI safety.
The post Women's History Month: Why different perspectives in cybersecurity and AI matter more than ever before appeared first on Microsoft Security Blog....
https://www.microsoft.com/en-us/security/blog/2025/03/06/womens-history-month-why-different-perspectives-in-cybersecurity-and-ai-matter-more-than-ever-before/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising campaign leads to info stealers hosted on GitHub
Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with malvertising redirectors and ultimately redirected users to GitHub to deliver initial access payloads as the start of a modular and multi-stage attack chain.
The post Malvertising campaign leads to info stealers hosted on GitHub appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust in the enterprise: Best practices and security considerations
As Rust programming language adoption continues to grow, enterprises are beginning to integrate it into their development ecosystems.
https://www.sonatype.com/blog/rust-in-the-enterprise-best-practices-and-security-considerations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit SLA Management & Governance – Built for Enterprise-Scale AppSec
Get details on Legit's powerful SLA management capabilities.
https://www.legitsecurity.com/blog/legit-sla-management-and-governance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Next Level: Typo DGAs Used in Malicious Redirection Chains
A graph intelligence-based pipeline and WHOIS data are among the tools we used to identify this campaign, which introduced a variant of domain generation algorithms.
The post The Next Level: Typo DGAs Used in Malicious Redirection Chains appeared first on Unit 42.
https://unit42.paloaltonetworks.com/typo-domain-generation-algorithms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprises Should Consider Replacing Employees' Home TP-Link Routers
An examination of CVE trends from February 2025 scanning data.
https://www.f5.com/labs/articles/threat-intelligence/enterprises-should-consider-replacing-employees-home-tp-link-routers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trojans disguised as AI: Cybercriminals exploit DeepSeek's popularity
Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites.
https://securelist.com/backdoors-and-stealers-prey-on-deepseek-and-grok/115801/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Citrix NetScaler ADC and NetScaler Gateway Unauthenticated Remote Code Execution Vulnerability (CVE-2023-3519)
What is Citrix NetScaler ADC and NetScaler Gateway?Citrix NetScaler ADC, previously known as Citrix ADC, is an Application Delivery Controller (ADC) designed to achieve secure and optimized network traffic. Citrix NetScaler Gateway, previously known as Citrix Gateway, is an SSL-VPN solution designed to provide secure and optimized remote access. What is the Attack?According to the advisory published by Citrix, CVE-2023-3519 is an unauthenticated remote code execution vulnerability that affects the unmitigated Citrix NetScaler ADC and NetScaler Gateway products. For these products to be vulnerable, they must be configured either as a gateway or as an authentication, authorization, and auditing (AAA) virtual server. The advisory also confirms that Citrix-managed servers have already been mitigated,...
https://fortiguard.fortinet.com/threat-signal-report/5227
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities?Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a local authenticated attacker to escalate their privileges.According to a blog released by Mandiant, it has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. Ivanti Connect...
https://fortiguard.fortinet.com/threat-signal-report/5612
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
November 2024 Cyber Attacks Statistics
In November 2024, Cyber Crime continued to lead the Motivations chart with 72%, up from 68% of October. Operations driven...
https://www.hackmageddon.com/2025/03/05/november-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems
A topological analysis and case studies add nuance to a study of malicious traffic distribution systems. We compare their use by attackers to benign systems.
The post Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems appeared first on Unit 42.
https://unit42.paloaltonetworks.com/detect-block-malicious-traffic-distribution-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silk Typhoon targeting IT supply chain
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat actor along with insight into their recent activity as well as their longstanding tactics, techniques, and procedures (TTPs), including a persistent interest in the exploitation of zero-day vulnerabilities in various public-facing appliances and moving from on-premises to cloud environments.
The post Silk Typhoon targeting IT supply chain appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool
Attackers blackmail YouTubers with complaints and account blocking threats, forcing them to distribute a miner disguised as a bypass tool.
https://securelist.com/silentcryptominer-spreads-through-blackmail-on-youtube/115788/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Auto-Color Linux Malware Targets Universities, Government Organizations
A new threat to Linux systems is active in the wild, targeting universities and government…
New Auto-Color Linux Malware Targets Universities, Government Organizations on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/05/new-auto-color-linux-malware-targets-universities-government-organizations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Retires Skype, Asks Users To Switch To Teams Free
The popular chat app Skype's demise is now official. Microsoft recently asked all users to…
Microsoft Retires Skype, Asks Users To Switch To Teams Free on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/05/microsoft-retires-skype-asks-users-to-switch-to-teams-free/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thousands of Misconfigured AMS Risk Buildings' Security Globally
Researchers found thousands of misconfigured access management systems (AMS) exposing sensitive data online. These misconfigured…
Thousands of Misconfigured AMS Risk Buildings' Security Globally on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/05/thousands-of-misconfigured-ams-risk-buildings-security-globally/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hitachi Vantara Pentaho BA Server Vulnerabilities
What is the Vulnerability?Threat actors are actively exploiting vulnerabilities in the Hitachi Vantara Pentaho Business Analytics Server. FortiGuard network sensors have detected attack attempts on over 500 devices, and CISA has added these vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation.The Pentaho Business Analytics Server is widely used, trusted by 73% of Fortune 100 companies, and plays a crucial role in data analysis and business intelligence.Affected VulnerabilitiesCVE-2022-43939: Hitachi Vantara Pentaho BA Server Authorization Bypass VulnerabilityCVE-2022-43769: Hitachi Vantara Pentaho BA Server Special Element Injection VulnerabilityWhat is the recommended Mitigation?Apply the latest patch or update from the vendor. [CVE-2022-43769...
https://fortiguard.fortinet.com/threat-signal-report/6025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with Temporary elevated access management (TEAM) - CVE-2025-1969
Publication Date: 2025/03/04 10:30 AM PST
Description
Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. We recommend customers upgrade TEAM to the latest release, version 1.2.2.
Affected versions: <1.2.2
Resolution
A fix has been released in version 1.2.2.
Please refer to the "Update TEAM solution" documentation for instructions on upgrading.
References
GHSA-x9xv-r58p-qh86
CVE-2025-1969
Acknowledgement
We would like to thank Redshift Cyber Security for collaborating on this issue through the coordinated vulnerability disclosure process.
Please email aws-security@amazon.com with any security questions or concerns....
https://aws.amazon.com/security/security-bulletins/AWS-2025-004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New AI-Powered Scam Detection Features to Help Protect You on Android
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse
Google has been at the forefront of protecting users from the ever-growing threat of scams and fraud with cutting-edge technologies and security expertise for years. In 2024, scammers used increasingly sophisticated tactics and generative AI-powered tools to steal more than trillion from mobile consumers globally, according to the Global Anti-Scam Alliance. And with the majority of scams now delivered through phone calls and text messages, we've been focused on making Android's safeguards even more intelligent with powerful Google AI to help keep your financial information and data safe.
Today, we're launching two new industry-leading...
http://security.googleblog.com/2025/03/new-ai-powered-scam-detection-features.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The hidden threat: Tackling malware in your software supply chain
The value of open source is undeniable — 90% of all modern software development depends on it. According to Harvard Business School, in 2024 alone, more than 6 trillion open source software components were downloaded, representing almost trillion in value to users.
https://www.sonatype.com/blog/the-hidden-threat-tackling-malware-in-your-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Uncovering .NET Malware Obfuscated by Encryption and Virtualization
Malware authors use AES encryption and code virtualization to evade sandbox static analysis. We explore how this facilitates spread of Agent Tesla, XWorm and more.
The post Uncovering .NET Malware Obfuscated by Encryption and Virtualization appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malware-obfuscation-techniques/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Color Dating - 220,503 breached accounts
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
https://haveibeenpwned.com/PwnedWebsites#ColorDating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Flat Earth Sun, Moon and Zodiac App - 33,294 breached accounts
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.
https://haveibeenpwned.com/PwnedWebsites#FlatEarthDave
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Palo Alto PAN-OS Authentication Bypass
What is the Vulnerability?A recent authentication bypass vulnerability (CVE-2025-0108) in the Palo Alto Networks PAN-OS software is under active exploitation as has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog. Successful exploitation of CVE-2025-0108 enables an unauthenticated attacker with network access to the management web interface to bypass the authentication required by the PAN-OS management web interface and invoke certain PHP scripts that can impact its integrity and confidentiality. According to the vendor advisory, Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces. A detailed Outbreak report including the attack using CVE-2024-9474 was released...
https://fortiguard.fortinet.com/threat-signal-report/6019
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.
https://krebsonsecurity.com/2025/02/notorious-malware-spam-host-prospero-moves-to-kaspersky-lab/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JavaGhost's Persistent Phishing Attacks From the Cloud
Unit 42 reports on phishing activity linked to the threat group JavaGhost. These attacks target organizations' AWS environments.
The post JavaGhost's Persistent Phishing Attacks From the Cloud appeared first on Unit 42.
https://unit42.paloaltonetworks.com/javaghost-cloud-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spyzie - 518,643 breached accounts
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#Spyzie
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 2025 State of Application Risk Report: Understanding Toxic Combinations in Application Security
Get details on the most common toxic combinations Legit unearthed in enterprises' software factories.
https://www.legitsecurity.com/blog/understanding-toxic-combinations-in-application-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-30 November 2024 Cyber Attacks Timeline
In the second timeline of November 2024 I collected 117 events (7.8 events/day) with a threat landscape dominated by malware
https://www.hackmageddon.com/2025/02/27/16-30-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Squidoor: Suspected Chinese Threat Actor's Backdoor Targets Global Organizations
We analyze the backdoor Squidoor, used by a suspected Chinese threat actor to steal sensitive information. This multi-platform backdoor is built for stealth.
The post Squidoor: Suspected Chinese Threat Actor's Backdoor Targets Global Organizations appeared first on Unit 42.
https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Orange Romania - 556,557 breached accounts
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
https://haveibeenpwned.com/PwnedWebsites#OrangeRomania
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question "can hacking be treason?" prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.
https://krebsonsecurity.com/2025/02/u-s-soldier-charged-in-att-hack-searched-can-hacking-be-treason/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why AI Can't Replace Cybersecurity Analysts
As we face an extreme downturn in cybersecurity hiring which entry level candidates bear the brunt of, I want to address an elephant in the room: AI. I spend a lot of my time providing career clinics and mentorship, and I truly understand this is one of the worst cybersecurity job markets for young people […]
https://tisiphone.net/2025/02/26/why-ai-cant-replace-cybersecurity-analysts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Phillip Wylie Show!
I made an appearance on the wonderful Phillip Wylie show! It was incredibly kind of him to have me on. We talked about a kind of niche area of ICS – how to do digital forensics in that space – especially weird and legacy stuff – and what that actually means during incident response. Check […]
https://tisiphone.net/2025/02/26/the-phillip-wylie-show/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building a security-minded development team: DevSecOps tools and SDLC best practices
In an increasingly adversarial threat landscape, software security can't be just one more checkpoint on the road to your next release. It should be integral to how every member of your development team works, from developers and DevOps professionals to quality assurance testers and project managers. As your organization faces increasingly sophisticated threats, a security-minded development team has evolved from a "nice-to-have" into a business imperative.
https://www.sonatype.com/blog/building-a-security-minded-development-team-devsecops-tools-and-sdlc-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector
Koi Stealer and RustDoor malware were used in a campaign linked to North Korea. This activity targeted crypto wallet owners.
The post RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector appeared first on Unit 42.
https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silent Reaper (Azure LogicApp Secrets Control Plane Exfiltration)
Azure iPaaS services, such as Logic Apps, separate the Control Plane (management) from the Data Plane (execution), but a flaw in this model enabled undetectable data harvesting.
An attacker with Azure Reader access to workflow run history can silently extract sensitive data from executions, including secrets and API responses. This is possible because execution details are exposed via the Control Plane, bypassing Data Plane access controls.
The root cause of this issue is the unintended exposure of runtime data through metadata endpoints, which could allow an attacker to passively collect information without triggering alerts or requiring direct execution privileges.
https://www.cloudvulndb.org/azure-logic-apps-secrets-control-plane-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vault Recon (Azure KeyVault Secrets Metadata Control Plane Exfiltration)
Azure Key Vault enforces a separation between the Control Plane (management) and Data Plane (secrets access). However, a flaw in this isolation allows unauthorized users to enumerate secrets and keys within a vault.
By having Reader access or lesser privileges on a Key Vault, an attacker could leverage Azure Resource Explorer to access metadata about stored secrets. This is due to unintended exposure through the Control Plane, which should not provide insight into Data Plane resources.
The root cause of this issue is insufficient isolation between the two planes, where metadata retrieval is permitted even when direct access to secrets is restricted. This allows attackers to gain information about sensitive assets without full permissions.
https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing tomorrow's software: the need for memory safety standards
Posted by Alex Rebert, Security Foundations, Ben Laurie, Research, Murali Vijayaraghavan, Research and Alex Richardson, SiliconFor decades, memory safety vulnerabilities have been at the center of various security incidents across the industry, eroding trust in technology and costing billions. Traditional approaches, like code auditing, fuzzing, and exploit mitigations – while helpful – haven't been enough to stem the tide, while incurring an increasingly high cost.In this blog post, we are calling for a fundamental shift: a collective commitment to finally eliminate this class of vulnerabilities, anchored on secure-by-design practices – not just for ourselves but for the generations that follow.The shift we are calling for is reinforced by a recent ACM article calling to standardize...
http://security.googleblog.com/2025/02/securing-tomorrows-software-need-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ALIEN TXTBASE Stealer Logs - 284,132,969 breached accounts
In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website.
https://haveibeenpwned.com/PwnedWebsites#AlienStealerLogs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Behind the Baseline: Reflecting on the launch of the Open Source Project Security Baseline
It's been a while since I've shared an update on the work Sonatype is doing in the open source ecosystem, so I'm excited to share an update on a few things we're doing in the space — and how it led to the creation of a new security standard in the Open Source Security Foundation (OpenSSF).
https://www.sonatype.com/blog/behind-the-baseline-reflecting-on-the-launch-of-the-open-source-project-security-baseline
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passkeys
Don't we all know the hassle of managing loads of passwords, trying to come up with secure and unique ones only to try afterwards to remember them? Or always staying on high alert whether the URL is definitely the valid one for the website we are trying to visit?
What if all this could be over soon?
Welcome to Passkeys!
https://blog.compass-security.com/2025/02/passkeys/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Auto-Color: An Emerging and Evasive Linux Backdoor
The new Linux malware named Auto-color uses advanced evasion tactics. Discovered by Unit 42, this article cover its installation, evasion features and more.
The post Auto-Color: An Emerging and Evasive Linux Backdoor appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing Legit Context: The Missing Link to True Business-Driven ASPM
Get details on Legit's new capabilities that allow AppSec teams to focus on the issues posing real risk.
https://www.legitsecurity.com/blog/announcing-legit-context
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spyic - 875,999 breached accounts
In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#Spyic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cocospy - 1,798,059 breached accounts
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#Cocospy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake job offers target software developers with infostealers
A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers
https://www.welivesecurity.com/en/videos/fake-job-offers-target-coders-infostealers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DeceptiveDevelopment targets freelance developers
ESET researchers analyzed a campaign delivering malware bundled with job interview challenges
https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Last chance for online career mentorship, for a while
As I turn my attention to the major life change of moving to Australia, this will be the last opportunity to take advantage of my free, weekly cybersecurity career mentorship sessions for the indefinite future. I’ve really enjoyed providing this service on top of my normal career clinics at conferences, and I hope I can […]
https://tisiphone.net/2025/02/19/last-chance-for-online-career-mentorship-for-a-while/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast: Expanding Frontiers Research
In this podcast, I’m asked about current and future trends in industrial cyberattacks, as well as a variety of community and social issues facing our industry in the future.
https://tisiphone.net/2025/02/19/podcast-expanding-frontiers-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ultralytics Supply Chain Attack: How It Happened, How to Prevent
Get details on this recent supply chain attack and how to avoid falling victim to similar attacks.
https://www.legitsecurity.com/blog/the-ultralytics-supply-chain-attack-how-it-happened-how-to-prevent
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint ranked #1 in Four out of Five Use Cases in the 2025 Gartner® Critical Capabilities™ Report for Email Security Platforms
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-ranked-1-four-out-five-use-cases-2025-gartnerr-critical
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Vulnerability Scanning Surges 91%
Scans intensify, looking for a critical vulnerability in TBK DVR devices.
https://www.f5.com/labs/articles/threat-intelligence/2024-vulnerability-scanning-surges-91
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
No, you're not fired – but beware of job termination scams
Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff
https://www.welivesecurity.com/en/scams/no-youre-not-fired-beware-job-termination-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Katharine Hayhoe: The most important climate equation | Starmus highlights
The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action
https://www.welivesecurity.com/en/we-live-science/katharine-hayhoe-most-important-climate-equation-starmus-highlights/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
On Cybersecurity Mentorship
I want to take a moment to articulate my thoughts on cybersecurity mentorship and what it should entail. I speak a lot about problems I see doing extensive mentoring and career clinics, but I have been repeatedly asked for a formal resource on how to conduct mentorships (and find a mentor). First, your mileage may […]
https://tisiphone.net/2025/02/16/on-cybersecurity-mentorship/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Very Personal Interview with SecurityWeek Magazine
I hope you enjoy my latest interview with SecurityWeek Magazine on my career and the future of OT cybersecurity. https://www.securityweek.com/rising-tides-lesley-carhart-on-bridging-enterprise-security-and-ot-and-improving-the-human-condition/
https://tisiphone.net/2025/02/16/a-very-personal-interview-with-securityweek-magazine/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Storenvy - 11,052,071 breached accounts
In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records. A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was put up for sale. The data contained 11M unique email addresses alongside usernames, IP addresses, the user's city, gender date of birth and original salted SHA-1 password hash.
https://haveibeenpwned.com/PwnedWebsites#Storenvy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4 ways to bring cybersecurity into your community
It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an […]
The post 4 ways to bring cybersecurity into your community appeared first on Security Intelligence.
https://securityintelligence.com/articles/4-ways-to-bring-cybersecurity-into-your-community/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft .NET Framework Information Disclosure Vulnerability
What is the Attack?Threat Actors are targeting a Microsoft .NET Framework information disclosure vulnerability (CVE-2024-29059) that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution. The security vulnerability tracked as CVE-2024-29059, has also been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog on February 4, 2025.What is the recommended Mitigation?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor's advisory. [CVE-2024-29059 - Security Update Guide - Microsoft - .NET Framework Information Disclosure Vulnerability]What FortiGuard Coverage is available?FortiGuard IPS protection is available, and Fortinet customers remain protected through it. Intrusion Prevention | FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/6014
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Out with the Old, In with the Bold: Gen Threat Labs
For years, Avast Decoded has been your go-to for the latest in cybersecurity insights and research. But as cybercriminals evolve, so do we. Starting now, our groundbreaking research, expert analysis and the stories that keep the digital world safe are moving to one place: the Gen Insights Blog. By uniting our expertise under the Gen […]
The post Out with the Old, In with the Bold: Gen Threat Labs appeared first on Avast Threat Labs.
https://decoded.avast.io/salat/out-with-the-old-in-with-the-bold-gen-threat-labs/?utm_source=rss&utm_medium=rss&utm_campaign=out-with-the-old-in-with-the-bold-gen-threat-labs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How red teaming helps safeguard the infrastructure behind AI models
Artificial intelligence (AI) is now squarely on the frontlines of information security. However, as is often the case when the pace of technological innovation is very rapid, security often ends up being a secondary consideration. This is increasingly evident from the ad-hoc nature of many implementations, where organizations lack a clear strategy for responsible AI […]
The post How red teaming helps safeguard the infrastructure behind AI models appeared first on Security Intelligence.
https://securityintelligence.com/articles/how-red-teaming-helps-safeguard-the-infrastructure-behind-ai-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gaming or gambling? Lifting the lid on in-game loot boxes
The virtual treasure chests and other casino-like rewards inside your children's games may pose risks you shouldn't play down
https://www.welivesecurity.com/en/kids-online/gaming-gambling-lifting-lid-in-game-loot-boxes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Doxbin (TOoDA) - 136,461 breached accounts
In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames. The data was provided to HIBP by a source who requested it be attributed to "emo.rip".
https://haveibeenpwned.com/PwnedWebsites#DoxbinTOoDA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shadow Credentials Attack
In this post, we explore the exploitation technique known as the Shadow Credentials attack. This attack leverages the mismanagement or exploitation of Active Directory Certificate
The post Shadow Credentials Attack appeared first on Hacking Articles.
https://www.hackingarticles.in/shadow-credentials-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How GitHub uses CodeQL to secure GitHub
How GitHub's Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.
The post How GitHub uses CodeQL to secure GitHub appeared first on The GitHub Blog.
https://github.blog/engineering/how-github-uses-codeql-to-secure-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When you shouldn't patch: Managing your risk factors
Look at any article with advice about best practices for cybersecurity, and about third or fourth on that list, you’ll find something about applying patches and updates quickly and regularly. Patching for known vulnerabilities is about as standard as it gets for good cybersecurity hygiene, right up there with using multi-factor authentication and thinking before […]
The post When you shouldn't patch: Managing your risk factors appeared first on Security Intelligence.
https://securityintelligence.com/articles/when-you-shouldnt-patch-managing-your-risk-factors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)
Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.
https://www.welivesecurity.com/en/videos/what-is-penetration-testing-unlocked-403-cybersecurity-podcast-ep-10/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The straight and narrow — How to keep ML and AI training on track
Artificial intelligence (AI) and machine learning (ML) have entered the enterprise environment. According to the IBM AI in Action 2024 Report, two broad groups are onboarding AI: Leaders and learners. Leaders are seeing quantifiable results, with two-thirds reporting 25% (or greater) boosts to revenue growth. Learners, meanwhile, say they’re following an AI roadmap (72%), but […]
The post The straight and narrow — How to keep ML and AI training on track appeared first on Security Intelligence.
https://securityintelligence.com/articles/the-straight-and-narrow-how-to-keep-ml-and-ai-training-on-track/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI-driven identify fraud is causing havoc
Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back
https://www.welivesecurity.com/en/cybersecurity/ai-driven-identify-fraud-havoc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stealthy AD CS Reconnaissance
Introducing a certipy parse command to perform stealthy offline AD CS enumeration based on local registry data.
https://blog.compass-security.com/2025/02/stealthy-ad-cs-reconnaissance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Permission escalation due to an Improper Privilege Management
An incorrect privilege assignment vulnerability [CWE-266] in the FortiOS security fabric may allow an authenticated admin whose access profile has the Security Fabric write permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control. Revised on 2025-03-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-302
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reducing ransomware recovery costs in education
2024 continued the trend of ransomware attacks in the education sector making headlines. The year opened with Freehold Township School District in New Jersey canceling classes due to a ransomware attack. Students at New Mexico Highlands University missed classes for several days while employees experienced disruption of their paychecks after a ransomware attack. The attack on […]
The post Reducing ransomware recovery costs in education appeared first on Security Intelligence.
https://securityintelligence.com/articles/reducing-ransomware-recovery-costs-in-education/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights
As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?
https://www.welivesecurity.com/en/we-live-science/neil-lawrence-what-makes-us-unique-age-ai-starmus-highlights/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Abusing AD Weak Permission Pre2K Compatibility
Pre2K (short for “Pre-Windows 2000”) Active Directory misconfigurations often stem from overlooked legacy settings in Windows environments. Common issues include enabling NTLM or SMBv1 for
The post Abusing AD Weak Permission Pre2K Compatibility appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-weak-permission-pre2k-compatibility/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trimble Cityworks Remote Code Execution Attack
What is the Attack?Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server, potentially resulting in downtime and potential loss of service. According to Trimble Cityworks website, it provides a Geographic Information System (GIS)-centric solution for local governments, utilities, airports, and public works agencies to manage and maintain infrastructure across the full lifecycle. Trimble has investigated customer reports of hackers exploiting the vulnerability to gain unauthorized access to networks, confirming that active exploitation is occurring. CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog on February...
https://fortiguard.fortinet.com/threat-signal-report/5997
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brain Cipher Ransomware Attack
What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia's government-owned national data centers. This incident involved threat actors encrypting government data, which disrupted digital services for immigration, airport checks, and several public services. This ransomware attack represents a new variant of the LockBit 3.0 ransomware. In 2023, the LockBit hacker group also severely disrupted the Bank Syariah Indonesia (BSI) systems.What is the recommended Mitigation?Ensure that all systems are up to date with robust cybersecurity measures. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. What FortiGuard Coverage is available?FortiGuard Labs has AV signatures to block...
https://fortiguard.fortinet.com/threat-signal-report/5479
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA
The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing.
The post From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA appeared first on The GitHub Blog.
https://github.blog/security/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Will AI threaten the role of human creativity in cyber threat detection?
Cybersecurity requires creativity and thinking outside the box. It’s why more organizations are looking at people with soft skills and coming from outside the tech industry to address the cyber skills gap. As the threat landscape becomes more complex and nation-state actors launch innovative cyberattacks against critical infrastructure, there is a need for cybersecurity professionals […]
The post Will AI threaten the role of human creativity in cyber threat detection? appeared first on Security Intelligence.
https://securityintelligence.com/articles/will-ai-threaten-the-role-of-human-creativity-in-cyber-threat-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking the mind: Why psychology matters to cybersecurity
In cybersecurity, too often, the emphasis is placed on advanced technology meant to shield digital infrastructure from external threats. Yet, an equally crucial — and underestimated — factor lies at the heart of all digital interactions: the human mind. Behind every breach is a calculated manipulation, and behind every defense, a strategic response. The psychology […]
The post Hacking the mind: Why psychology matters to cybersecurity appeared first on Security Intelligence.
https://securityintelligence.com/articles/hacking-the-mind-why-psychology-matters-to-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 November 2024 Cyber Attacks Timeline
In the first timeline of November 2024 I collected 128 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/02/06/1-15-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stress-testing multimodal AI applications is a new frontier for red teams
Human communication is multimodal. We receive information in many different ways, allowing our brains to see the world from various angles and turn these different “modes” of information into a consolidated picture of reality. We’ve now reached the point where artificial intelligence (AI) can do the same, at least to a degree. Much like our […]
The post Stress-testing multimodal AI applications is a new frontier for red teams appeared first on Security Intelligence.
https://securityintelligence.com/articles/stress-testing-multimodal-ai-applications-new-frontier-for-red-teams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
https://www.proofpoint.com/us/newsroom/news/cybercriminals-use-go-resty-and-node-fetch-13-million-password-spraying-attempts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity awareness: Apple's cloud-based AI security system
The rising influence of artificial intelligence (AI) has many organizations scrambling to address the new cybersecurity and data privacy concerns created by the technology, especially as AI is used in cloud systems. Apple addresses AI’s security and privacy issues head-on with its Private Cloud Compute (PCC) system. Apple seems to have solved the problem of […]
The post Cybersecurity awareness: Apple’s cloud-based AI security system appeared first on Security Intelligence.
https://securityintelligence.com/articles/cybersecurity-awareness-apples-cloud-based-ai-security-system/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch or perish: How organizations can master vulnerability management
Don't wait for a costly breach to provide a painful reminder of the importance of timely software patching
https://www.welivesecurity.com/en/cybersecurity/patch-perish-organizations-vulnerability-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Leaders Named CRN Channel Chiefs 2025
https://www.proofpoint.com/us/newsroom/news/proofpoint-leaders-named-crn-channel-chiefs-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI-driven SOC co-pilots will change security center operations
Have you ever wished you had an assistant at your security operations centers (SOCs) — especially one who never calls in sick, has a bad day or takes a long lunch? Your wish may come true soon. Not surprisingly, AI-driven SOC “co-pilots” are topping the lists for cybersecurity predictions in 2025, which often describe these […]
The post How AI-driven SOC co-pilots will change security center operations appeared first on Security Intelligence.
https://securityintelligence.com/articles/how-ai-driven-soc-co-pilots-will-change-security-center-operations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How scammers are exploiting DeepSeek's rise
As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek
https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not just those implemented in the service, but any other object compatible with being remoted. For example, if you wanted to expose an XML document across the client-server boundary, you could use a pre-existing COM or .NET library and return that object back to the client. By default when the object is returned it's marshaled by reference, which results in the object staying in the out-of-process server.
This flexibility has a number of downsides, one of which is the topic of this...
https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel.
The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn't going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities...
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing Legit Root Cause Remediation
Get details on Legit's new capabilities that allow teams to quickly fix what matters most.
https://www.legitsecurity.com/blog/announcing-legit-root-cause-remediation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – January 2025 edition
DeepSeek's bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-january-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AD Recon: Kerberos Username Bruteforce
In this post, we explore the exploitation technique known as the Kerberos pre-authentication brute-force attack. This attack takes advantage of Kerberos authentication responses to determine
The post AD Recon: Kerberos Username Bruteforce appeared first on Hacking Articles.
https://www.hackingarticles.in/ad-recon-kerberos-username-bruteforce/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Untrustworthy AI: How to deal with data poisoning
You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so
https://www.welivesecurity.com/en/business-security/untrustworthy-ai-data-poisoning/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path traversal issue in Deep Java Library - (CVE-2025-0851)
Publication Date: 2025/01/29 1:30 PM PST
AWS identified CVE-2025-0851, a path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms that allows a bad actor to write files to arbitrary locations. If leveraged, an actor could gain SSH access by injecting an SSH key into the authorized_keys file, or upload HTML files to leverage cross-site scripting issues. We can confirm that this issue has not been leveraged. A fix for this issue has been released and we recommend the users of DJL upgrade to version 0.31.1 or later.
Affected versions: 0.1.0 - 0.31.0
Resolution
The patches are included in DJL 0.31.1.
Reference
CVE-2025-0851
GHSA-6h2x-4gjf-jc5w
Please email aws-security@amazon.com with any security questions or concerns.
https://aws.amazon.com/security/security-bulletins/AWS-2025-003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we kept the Google Play & Android app ecosystems safe in 2024
Posted by Bethel Otuteye and Khawaja Shams (Android Security and Privacy Team), and Ron Aquino (Play Trust and Safety)
Android and Google Play comprise a vibrant ecosystem with billions of users around the globe and millions of helpful apps. Keeping this ecosystem safe for users and developers remains our top priority. However, like any flourishing ecosystem, it also attracts its share of bad actors. That's why every year, we continue to invest in more ways to protect our community and fight bad actors, so users can trust the apps they download from Google Play and developers can build thriving businesses.
Last year, those investments included AI-powered threat detection, stronger privacy policies, supercharged developer tools, new industry-wide alliances, and more. As a result, we...
http://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity researchers: Digital detectives in a connected world
Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world.
The post Cybersecurity researchers: Digital detectives in a connected world appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cybersecurity-researchers-digital-detectives-in-a-connected-world/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Credential Dumping: AD User Comment
In this article, we shall explore different tools & techniques that help us enumerate Active Directory (AD) users’ passwords using which an attacker can expand
The post Credential Dumping: AD User Comment appeared first on Hacking Articles.
https://www.hackingarticles.in/credential-dumping-ad-user-comment/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we estimate the risk from prompt injection attacks on AI systems
Posted by the Agentic AI Security Team at Google DeepMindModern AI systems, like Gemini, are more capable than ever, helping retrieve data and perform actions on behalf of users. However, data from external sources present new security challenges if untrusted sources are available to execute instructions on AI systems. Attackers can take advantage of this by hiding malicious instructions in data that are likely to be retrieved by the AI system, to manipulate its behavior. This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.To mitigate the risk posed by this class of attacks, we are actively deploying defenses within our AI systems along with measurement and monitoring tools. One of these tools is a robust evaluation...
http://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BloodHound Community Edition Custom Queries
This blog post introduces our new custom queries for BloodHound Community Edition (CE) and explains how you can use them effectively to analyze your Active Directory infrastructure. TL;DR: Check out our new BloodHound CE custom queries! Active Directory and BloodHound The majority of our customers run a Microsoft Active Directory infrastructure, either exclusively on-prem or […]
https://blog.compass-security.com/2025/01/bloodhound-community-edition-custom-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Diamond Ticket Attack: Abusing kerberos Trust
The Diamond Ticket attack represents a sophisticated escalation in Active Directory (AD) exploitation methods, leveraging intricate flaws in Kerberos authentication and authorization mechanisms. This article
The post Diamond Ticket Attack: Abusing kerberos Trust appeared first on Hacking Articles.
https://www.hackingarticles.in/diamond-ticket-attack-abusing-kerberos-trust/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android enhances theft protection with Identity Check and expanded features
Posted by Jianing Sandra Guo, Product Manager, Android, Nataliya Stanetsky, Staff Program Manager, Android
Today, people around the world rely on their mobile devices to help them stay connected with friends and family, manage finances, keep track of healthcare information and more – all from their fingertips. But a stolen device in the wrong hands can expose sensitive data, leaving you vulnerable to identity theft, financial fraud and privacy breaches.
This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft. As part of our commitment to help you stay safe on Android, we're expanding and enhancing these features to deliver even more robust protection...
http://security.googleblog.com/2025/01/android-theft-protection-identity-check-expanded-features.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing the 2025 State of Application Risk Report
Use the data and analysis in this report to prioritize your 2025 AppSec efforts.
https://www.legitsecurity.com/blog/announcing-2025-state-of-application-risk-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attacks on Maven proxy repositories
Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.
The post Attacks on Maven proxy repositories appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/attacks-on-maven-proxy-repositories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
http://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for October 2024 where I collected and analyzed 240 events...
https://www.hackmageddon.com/2025/01/21/october-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OSV-SCALIBR: A library for Software Composition Analysis
Posted by Erik Varga, Vulnerability Management, and Rex Pan, Open Source Security TeamIn December 2022, we announced OSV-Scanner, a tool to enable developers to easily scan for vulnerabilities in their open source dependencies. Together with the open source community, we've continued to build this tool, adding remediation features, as well as expanding ecosystem support to 11 programming languages and 20 package manager formats. Today, we're excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning. OSV-SCALIBR combines Google's internal vulnerability management expertise into one scanning library with significant new capabilities such as:SCA for installed packages, standalone binaries, as well as source codeOSes...
http://security.googleblog.com/2025/01/osv-scalibr-library-for-software.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
White House Executive Order: Strengthening and Promoting Innovation in the Nation's Cybersecurity
Get details on this new cybersecurity Executive Order and its implications.
https://www.legitsecurity.com/blog/white-house-executive-order-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 October 2024 Cyber Attacks Timeline
In the second timeline of October 2024 I collected 120 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/01/16/16-31-october-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hitchhiker's Guide to Managed Security
Over the past few years, we have had the opportunity to conduct several Purple Teaming exercises together with our customers.
Particularly after Purple Teaming exercises involving external providers, we often see a mismatch between the customer's expectations and the service provided.
This blog post attempts to summarize how to prevent the most prevalent issues with a managed security service as early as possible.
https://blog.compass-security.com/2025/01/hitchhikers-guide-to-managed-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path traversal in csfd daemon
An improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiManager, FortiOS, FortiProxy, FortiRecorder, FortiVoice and FortiWeb may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files and a remote unauthenticated attacker with the same network access to delete an arbitrary folder. Revised on 2025-03-20 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-259
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Out-of-bounds Write in IPSEC Daemon
An Out-of-bounds Write in FortiOS IPSEC daemon may allow an unauthenticated attacker to perform a denial of service under certains conditions that are outside the control of the attacker. Revised on 2025-03-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-373
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to secure your GitHub Actions workflows with CodeQL
In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours.
The post How to secure your GitHub Actions workflows with CodeQL appeared first on The GitHub Blog.
https://github.blog/security/application-security/how-to-secure-your-github-actions-workflows-with-codeql/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dangers of DNS Hijacking
How expired domains and improper DNS management can lead to severe security risks like MitM attacks, fraudulent TLS/SSL certifications, and more.
https://www.f5.com/labs/articles/threat-intelligence/the-dangers-of-dns-hijacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Abusing AD-DACL: AddSelf
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the AddSelf permission in Active Directory environments. By exploiting this
The post Abusing AD-DACL: AddSelf appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-addself/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
http://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 October 2024 Cyber Attacks Timeline
In the first timeline of October 2024, I collected 120 events (8 events/day) with a threat landscape...
https://www.hackmageddon.com/2025/01/07/1-15-october-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Fun Chat With Patrick Miller
Happy Saturday, all! I hope you’re having a lovely weekend. This week, I had a fun chat with a long time friend and colleague, Ampyx‘s Patrick Miller. We talked about one of my favorite tech topics – digital forensics in the weird and wacky world of critical infrastructure – where it’s growing, where it’s struggling, […]
https://tisiphone.net/2025/01/04/a-fun-chat-with-patrick-miller/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Directory Pentesting Using Netexec Tool: A Complete Guide
Active Directory (AD) penetration testing is an essential part of the security assessment of enterprise networks. The Netexec tool offers a wide range of capabilities
The post Active Directory Pentesting Using Netexec Tool: A Complete Guide appeared first on Hacking Articles.
https://www.hackingarticles.in/active-directory-pentesting-using-netexec-tool-a-complete-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing CodeQL Community Packs
We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment…
The post Announcing CodeQL Community Packs appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/announcing-codeql-community-packs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q3 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in the third quarter of 2024. In this period, I collected...
https://www.hackmageddon.com/2024/12/23/q3-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero
As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as...
https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
September 2024 Cyber Attacks Statistics
After the corresponding cyber attacks timelines, it's time to publish the statistics for September 2024 where I collected and analyzed 257 events. During September 2024...
https://www.hackmageddon.com/2024/12/19/september-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Biggest Data Breaches of 2024
Similarly to what I have done in the past few years, I am collecting the main mega breaches (that is breaches with more than one million records stolen by the attackers and possibly leaked).
https://www.hackmageddon.com/2024/12/18/the-biggest-data-breaches-of-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Uncovering GStreamer secrets
In this post, I'll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files.
The post Uncovering GStreamer secrets appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-30 September 2024 Cyber Attacks Timeline
In the second timeline of September 2024 I collected 130 events (8.67 events/day) with a threat landscape...
https://www.hackmageddon.com/2024/12/17/16-30-september-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Cybersecurity Predictions
“I never think of the future. It comes soon enough.”
https://www.f5.com/labs/articles/cisotociso/2025-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Nifty Initial Access Payload
Red Teaming engagements are “realistic” attack simulations designed to test the security posture of an organization and its Blue Team. This term is used in many different ways, so if you’re not sure where to draw the line, Michael Schneier’s latest blog post provides a good comparison of different types of assessment. Anyway, when doing […]
https://blog.compass-security.com/2024/12/a-nifty-initial-access-payload/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Posted by Seth Jenkins, Google Project ZeroThis blog post provides a technical analysis of exploit artifacts provided to us by Google's Threat Analysis Group (TAG) from Amnesty International. Amnesty’s report on these exploits is available here. Thanks to both Amnesty International and Google's Threat Analysis Group for providing the artifacts and collaborating on the subsequent technical analysis!IntroductionEarlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered,...
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dirty DAG - Azure Apache Airflow Integration Vulnerabilities
Unit 42 researchers identified vulnerabilities in the Azure Data Factory's integration with Apache Airflow. These vulnerabilities include misconfigured Kubernetes Role-Based Access Control (RBAC), improper secret handling in Azure's internal Geneva service, and weak authentication mechanisms.
Exploiting these flaws, attackers could gain shadow admin control over Azure infrastructure by crafting malicious DAG files or compromising service principals, leading to unauthorized access, data exfiltration, malware deployment, and persistent control of the cluster.
Once attackers gain access, they can escalate privileges within the Azure Kubernetes Service (AKS) cluster, compromise containerized environments, and exploit Azure's Geneva service to manipulate logs and metrics.
The research highlighted...
https://www.cloudvulndb.org/azure-airflow-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Tooling Updates: OleView.NET
Posted by James Forshaw, Google Project ZeroThis is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such as privilege escalation and remote code execution. The updates were recently presented at the Microsoft Bluehat conference in Redmond under the name "DCOM Research for Everyone!". This blog expands on the topics discussed to give a bit more background and detail that couldn't be fit within the 45-minute timeslot. This post assumes a knowledge of COM as I'm only going to describe a limited number of terms.Using the OleView.NET Tooling
Before we start the discussion it's important...
https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with DynamoDB local - CVE-2022-1471
Publication Date: 2024/12/11 2:00PM PST
AWS is aware of CVE-2022-1471 in SnakeYaml software, included in DynamoDB local jar and Docker distributions from version 1.21 and version 2.0. If leveraged, this issue could allow an actor to perform remote code execution using the SnakeYaml's Constructor(), as the software does not restrict the types that can be instantiated during deserialization. AWS has found no evidence that this issue has been leveraged, however, customers should still take action. On November 6, 2024, we released a fix for this issue. Customers should upgrade DynamoDB local to the latest version: v1.25.1 and above, or 2.5.3 and above.
Please email aws-security@amazon.com with any security questions or concerns.
https://aws.amazon.com/security/security-bulletins/AWS-2024-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Abusing AD-DACL: WriteOwner
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the WriteOwner permission in Active Directory environments. The WriteOwner permission
The post Abusing AD-DACL: WriteOwner appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-writeowner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud expands vulnerability detection for Artifact Registry using OSV
Posted by Greg Mucci, Product Manager, Artifact Analysis, Oliver Chang, Senior Staff Engineering, OSV, and Charl de Nysschen, Product Manager OSVDevOps teams dedicated to securing their supply chain and predicting potential risks consistently face novel threats. Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage. A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis. This scanning service leverages the same infrastructure that Google depends on to monitor vulnerabilities within its internal systems and software supply chains.Artifact Analysis has recently expanded its scanning coverage to eight additional language packages,...
http://security.googleblog.com/2024/12/google-cloud-expands-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scanning For Credentials, and BotPoke Changes IPs Again
Nearly 50% of observed traffic is looking for accidentally exposed data.
https://www.f5.com/labs/articles/threat-intelligence/scanning-for-credentials-and-botpoke-changes-ips-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing the launch of Vanir: Open-source Security Patch Validation
Posted by Hyunwook Baek, Duy Truong, Justin Dunlap and Lauren Stan from Android Security and Privacy, and Oliver Chang with the Google Open Source Security TeamToday, we are announcing the availability of Vanir, a new open-source security patch validation tool. Introduced at Android Bootcamp in April, Vanir gives Android platform developers the power to quickly and efficiently scan their custom platform code for missing security patches and identify applicable available patches. Vanir significantly accelerates patch validation by automating this process, allowing OEMs to ensure devices are protected with critical security updates much faster than traditional methods. This strengthens the security of the Android ecosystem, helping to keep Android users around the world safe. By open-sourcing...
http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Abusing AD-DACL: WriteDacl
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the WriteDacl permission in Active Directory environments. Attackers can abuse
The post Abusing AD-DACL: WriteDacl appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-writedacl/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Predictions 2025: The Future of Cybersecurity Unveiled
The digital world is evolving at breakneck speed. In 2025, we're set to witness transformative changes in cybersecurity that will redefine trust, security, and how we navigate our digital lives. Here's what we see coming: Read the full blog to explore the trends in depth. The future of cybersecurity will demand both solutions and vigilance. […]
The post Predictions 2025: The Future of Cybersecurity Unveiled appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/predictions-2025-the-future-of-cybersecurity-unveiled/?utm_source=rss&utm_medium=rss&utm_campaign=predictions-2025-the-future-of-cybersecurity-unveiled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Harvesting GitLab Pipeline Secrets
TLDR: Scan GitLab job logs for credentials using https://github.com/CompassSecurity/pipeleak Many organizations use (self-hosted) GitLab instances to manage their source code and a lot of infrastructure is managed in code (IaC), thus these configurations must be source-controlled as well, putting a lot of responsibility on the source code platform in use. Often deployments are automated using CI/CD […]
https://blog.compass-security.com/2024/12/harvesting-gitlab-pipeline-secrets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Abusing AD-DACL: GenericWrite
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the GenericWrite permission in Active Directory environments. This permission can
The post Abusing AD-DACL: GenericWrite appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-genericwrite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BotPoke Scanner Switches IP
Our top talker changes up their infrastructure, and CVE-2023-1389 continues to hold the top spot.
https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Posted by Ivan Fratric, Google Project Zero
Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware. However, despite this, during decoding, a large part of the AV1 format parsing happens in software, inside the kernel, more specifically inside the AppleAVD kernel extension (or at least, that used to be the case in macOS 14/ iOS 17). As fuzzing is one of the techniques we employ regularly, the question of how to effectively fuzz this code inevitably came up.
It should be noted that I wasn’t the first person to look into the problem of Apple kernel extension fuzzing, so before going...
https://googleprojectzero.blogspot.com/2024/11/simple-macos-kernel-extension-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gen Q3/2024 Threat Report
The third quarter threat report is here—and it's packed with answers. Our Threat Labs team had uncovered some heavy stories behind the stats, exposing the relentless tactics shaping today's threat landscape. Here's what you need to know: This is just the surface. Read the full report and see how our Threat Labs team is relentlessly […]
The post Gen Q3/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/gen-q3-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=gen-q3-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unlocking Cybersecurity Talent: The Power of Apprenticeships
Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there's no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let's commit to supporting this important talent development approach
https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver's license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver's license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with data.all (Multiple CVEs)
Publication Date: 2024/11/8 4:00 PM PDT
Data.all is an open source development framework to help customers build a data marketplace on AWS.
We have identified the following issues within data.all version 1.0.0 through 2.6.0. On November 8, 2024, we released a fix and recommend customers upgrade to version 2.6.1 or later and ensure any forked or derivative code are patched to incorporate the new fixes.
CVE-2024-52311 relates to an issue where data.all does not invalidate authentication token upon user logout.
CVE-2024-52312 relates to an issue where data.all authenticated users can perform restricted operations against DataSets and Environments.
CVE-2024-52313 relates to an issue where data.all authenticated users can obtain incorrect object level authorizations.
CVE-2024-52314...
https://aws.amazon.com/security/security-bulletins/AWS-2024-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Posted by the Big Sleep team
Introduction
In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind.
Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered the vulnerability and reported it to the developers in early October, who fixed it on the same day. Fortunately, we found...
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? Now more than ever, the use of technology is central to our lives. It is the means by which we are
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero
To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system. But as one tries to dig deeper and understand how the registry really works internally, things may get confusing really fast. What are hives? How do they map or relate to the top-level keys? Why are some HKEY root keys pointing inside of other root keys (e.g. HKCU being located under HKU)? These are all valid questions, but they are difficult to answer without fully understanding the interactions between the user-mode Registry API and the kernel-mode registry...
https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a
https://www.nist.gov/blogs/cybersecurity-insights/iot-assignment-completed-report-barriers-us-iot-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-8901 - missing JWT issuer and signer validation in aws-alb-route-directive-adapter-for-istio
Publication Date: 2024/10/21 4:00 PM PDT
The AWS ALB Route Directive Adapter For Istio repo provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In deployments of ALB that ignore security best practices, where ALB targets are directly exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication.
Affected versions: v1.0, v1.1
Resolution
The repository/package has been deprecated, is End of Life, and is no longer actively supported.
Workarounds
As a security best practice, ensure that your ELB targets (e.g. EC2 Instances, Fargate...
https://aws.amazon.com/security/security-bulletins/AWS-2024-011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-10125 - missing JWT issuer and signer validation in aws-alb-identity-aspnetcore
Publication Date: 2024/10/21 4:00 PM PDT
Description:
The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET Core deployment scenario, including AWS Fargate, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Compute Cloud (Amazon EC2), and AWS Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity...
https://aws.amazon.com/security/security-bulletins/AWS-2024-012/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to...
The post Protecting Your Website From DDoS Attack appeared first on Hacker Combat.
https://www.hackercombat.com/ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero
Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. After the disclosure, I received some questions about how this issue was discovered, since dav1d is already being fuzzed by at least oss-fuzz. This blog post explains what happened. It’s a useful case study in how to construct fuzzers to exercise as much code as possible. But first, some background...BackgroundDav1d
Dav1d is a highly-optimized AV1 decoder. AV1 is a royalty-free video coding format developed by the Alliance...
https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133)
Publication Date: 2024/10/01 6:35 PM PDT
AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin.
Amazon Elastic Container Service (Amazon ECS)
Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with the patched NVIDIA container toolkit v1.16.2. We recommend that ECS customers update to these AMIs (or the latest available). Additional information on the ECS-optimized AMI is available at in our "Amazon ECS-optimized Linux AMIs" developer guide.
Amazon Elastic Kubernetes Service (Amazon EKS)
Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images...
https://aws.amazon.com/security/security-bulletins/AWS-2024-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others. How It Works By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass...
http://www.kitploit.com/2024/09/safeline-serve-as-reverse-proxy-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious source code and the trusted script interpeter are safely written to the target system, one could simply execute said source code via the trusted script interpreter. PolyDrop - Leverages thirteen scripting languages to perform the above attack. The following langues are wholly ignored by AV vendors including MS-Defender: - tcl - php - crystal - julia - golang - dart - dlang - vlang - nodejs - bun - python - fsharp - deno All of these languages were allowed to completely execute, and...
http://www.kitploit.com/2024/09/polydrop-byosi-bring-your-own-script.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secator - The Pentester'S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library usage Distributed options with Celery Complexity from simple tasks to complex workflows Customizable Supported tools secator integrates the following tools: Name Description Category httpx Fast HTTP prober. http cariddi Fast crawler and endpoint secrets / api keys / tokens matcher. http/crawler gau Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). http/crawler gospider Fast web spider written in Go. http/crawler katana Next-generation crawling...
http://www.kitploit.com/2024/09/secator-pentesters-swiss-knife.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a virtually simulated environment designed for offensive security professionals to safely learn and practice drone hacking techniques. It simulates real-world ArduPilot & MAVLink drone architectures and vulnerabilities, offering a hands-on experience in exploiting drone systems. Why was it built? The Damn Vulnerable Drone aims to enhance offensive security skills within a controlled environment, making it an invaluable tool for intermediate-level security professionals, pentesters, and hacking enthusiasts....
http://www.kitploit.com/2024/09/damn-vulnerable-drone-intentionally.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable (PE) files. It provides a range of features to help developers and security professionals work with PE files more effectively. Features PE Header Fixing: file-unpumper can fix and align the PE headers of a given executable file. This is particularly useful for resolving issues caused by packers or obfuscators that modify the headers. Resource Extraction: The tool can extract embedded resources from a PE file, such as icons, bitmaps, or other data resources. This can be helpful for reverse engineering or analyzing the contents of an executable. Metadata Analysis: file-unpumper provides a comprehensive analysis of the PE file's metadata, including information about the machine...
http://www.kitploit.com/2024/09/file-unpumper-tool-that-can-be-used-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from the response to a second request provided, one parameter at a time. This approach allows for the automated testing and exploitation of potential mass assignment vulnerabilities. Disclaimer This tool actively modifies server-side data. Please ensure you have proper authorization before use. Any unauthorized or illegal activity using this tool is entirely at your own risk. Features Enables the addition of custom headers within requests Offers customization of various HTTP methods for both origin and...
http://www.kitploit.com/2024/09/mass-assigner-simple-tool-made-to-probe.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Imperius - Make An Linux Kernel Rootkit Visible Again
A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched. It involves getting the memory address of a rootkit's "show_module" function, for example, and using that to call it, adding it back to lsmod, making it possible to remove an LKM rootkit. We can obtain the function address in very simple kernels using /sys/kernel/tracing/available_filter_functions_addrs, however, it is only available from kernel 6.5x onwards. An alternative to this is to scan the kernel memory, and later add it to lsmod again, so it can be removed. So in summary, this LKM abuses the function of lkm rootkits that have the functionality to become visible again. OBS: There is another trick of removing/defusing a LKM rootkit, but it will be in the research that will...
http://www.kitploit.com/2024/09/imperius-make-linux-kernel-rootkit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be unfortunate for them, it's an opportunity for us to profit. Flashy methods like residing in memory or thread injection are heavily monitored. Without a binary signed by a valid Certificate Authority, execution is nearly impossible. Enter BYOSI (Bring Your Own Scripting Interpreter). Every scripting interpreter is signed by its creator, with each certificate being valid. Testing in a live environment revealed surprising results: a highly signatured PHP script from this repository not only ran on systems monitored by CrowdStrike and Trellix but also established an external connection without triggering...
http://www.kitploit.com/2024/09/byosi-evade-edrs-simple-way-by-not.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Psobf - PowerShell Obfuscator
Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the obfuscation level to their specific needs../psobf -h ██████╗ ███████╗ ██████╗ ██████╗ ███████╗ ██╔══██╗██╔════╝██╔═══██╗██╔══██╗██╔════╝ ██████╔╝███████╗██║ ██║██████╔╝█████╗ ██╔═══╝ ╚════██║██║ ██║██╔══██╗██╔══╝...
http://www.kitploit.com/2024/09/psobf-powershell-obfuscator.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/ImperiusDownload ModTracer
http://www.kitploit.com/2024/09/modtracer-modtracer-finds-hidden-linux.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology. Containers allow developers to package an application and its dependencies into a single, portable unit that can run consistently across various computing environments. Docker simplifies the development and deployment process by ensuring that applications run the same way regardless of where they are deployed. About Docker Hub Docker Hub is a cloud-based repository where developers can store, share, and distribute container images. It serves as the largest library of container images, providing access...
http://www.kitploit.com/2024/09/dockerspy-dockerspy-searches-for-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars.
The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RADIUS Protocol CVE-2024-3596
A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server. Revised on 2025-03-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-255
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]
The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project
Zero
When tackling a new vulnerability research target, especially a closed-source one, I
prioritize gathering as much information about it as possible. This gets especially interesting when
it's a subsystem as old and fundamental as the Windows registry. In that case, tidbits of valuable data
can lurk in forgotten documentation, out-of-print books, and dusty open-source code – each potentially
offering a critical piece of the puzzle. Uncovering them takes some effort, but the payoff is often immense.
Scraps of information can contain hints as to how certain parts of the software are implemented, as well as
why – what were
...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine- Google Dorking without limits- Github Information Grabbing- Subdomain Identifier - Cms/Technology Detector With Custom Headers Installation ~> git clone https://github.com/ankitdobhal/Ashok~> cd Ashok~> python3.7 -m pip3 install -r requirements.txt How to use Ashok? A detailed usage guide is available on Usage section of the Wiki. But Some index of options is given below:...
http://www.kitploit.com/2024/06/ashok-osint-recon-tool-aka-swiss-army.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero
IntroductionAt Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches.
As the code comprehension and general reasoning ability of Large Language Models (LLMs) has improved, we have been exploring how these models can reproduce the systematic approach of a human security researcher when identifying and demonstrating security vulnerabilities. We hope that in the future, this can close some of the blind spots of current automated vulnerability discovery approaches, and enable automated detection of "unfuzzable" vulnerabilities.
...
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild. Diamorphine is a well-known […]
The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors.
In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign
The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.
The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […]
The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sponsored Ad Fraud: Mystery Box Scams Flood Social Media
Social media platforms are overflowing with scams.
In the past couple of months, Bitdefender Labs has been monitoring a steep increase in fraudulent social media ads on Facebook promoting various swindles ranging from crypto-doubling to AI-generated celebrity-endorsed giveaways.
Our latest analysis has spotted a consistent trend, with fraudsters continuing to exploit Meta's ad system to deceive consumers.
The hustle? A long-established ruse that involves peddling so-called mystery boxes from
https://www.bitdefender.com/en-us/blog/labs/sponsored-ad-fraud-mystery-box-scams-flood-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Stealers Converge: New Variant of Atomic Stealer in the Wild
Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our malware zoo. During routine verifications, we were able to isolate multiple suspicious and undetected macOS disk image files surprisingly small for files of this kind (1.3 MB per file).
A short look into the code revealed that these files are significantly similar to other samples analysed in the
https://www.bitdefender.com/en-us/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 release candidate now available!
The ClamAV 1.3.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2023/12/clamav-130-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first.
As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon.
Update (2025-01-12): Added Lemmy endpoint which has been fixed by now. Also mentioned...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)
https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[FG-IR-21-023] Multiple buffer overflows in FortiMail
Multiple instances of incorrect calculation of buffer size in FortiMail webmail and administrative interface and FortiNDR administrative interface may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests. Revised on 2025-03-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-21-023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[FG-IR-20-105] Unauthenticated user can determine software-version information
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiMail may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. Revised on 2025-03-28 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-20-105
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...]
The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)