L'Actu de la presse spécialisée

Pas d'actualité

Soutenez No Hack Me sur Tipeee

L'Actu de la veille (Presse spécialisée)

Interbank confirms data breach following failed extortion, data leak
​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online. [...]
https://www.bleepingcomputer.com/news/security/interbank-confirms-data-breach-following-failed-extortion-data-leak/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'Midnight Blizzard' Targets Networks With Signed RDP Files
The Russian-backed group is using a novel access vector to harvest victim data and compromise devices in a large-scale intelligence-gathering operation.
https://www.darkreading.com/cyberattacks-data-breaches/midnight-blizzard-targets-networks-signed-rdp-files
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Top React Spreadsheet Tools
Explore the top React spreadsheets and their notable features for your applications in this review of leading options.
https://hackernoon.com/the-top-react-spreadsheet-tools?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer
A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for…
https://hackread.com/fake-meta-ads-hijacking-facebook-sys01-infostealer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Code Smell 277 - UPPERCASE Acronyms
Treat acronyms like normal words to improve human readability.
https://hackernoon.com/code-smell-277-uppercase-acronyms?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The evolution of open source risk: Persistent challenges in software security
As organizations increasingly rely on open source software, associated security risks grow, demanding more robust and proactive risk management.
https://www.sonatype.com/blog/the-evolution-of-open-source-risk-persistent-challenges-in-software-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building Trust in the Digital Economy With Blockchain Powered Digital Identity Verification
Blockchain-based identity verification is reshaping digital trust by enabling self-sovereign, user-controlled identities. This technology enhances security, reduces fraud, and fosters digital inclusion, addressing issues in traditional identity systems like data breaches and privacy concerns. As decentralized identity gains traction, it paves the way for a more secure and inclusive digital economy.
https://hackernoon.com/building-trust-in-the-digital-economy-with-blockchain-powered-digital-identity-verification?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ATPC Cyber Forum To Focus On Next Generation Cybersecurity And Artificial Intelligence Issues
ATLANTA, Georgia, October 30th, 2024/CyberNewsWire/--White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts will discuss industry priorities for 2025 and beyond The American Transaction Processors Coalition (ATPC) Cyber Council will convene “The Tie that Binds: A 21st Century Cybersecurity Dialogue,” on October 31, 2024, at the Bank of America Financial Center Tower's Convention Hall in Atlanta. \ This event will feature leading cyber experts from the financial services sector, Federal agencies, the White House, and Congress to focus on pressing cybersecurity issues and ways the financial services sector is addressing these issues. It will include discussions on evolving technologies that will influence the path forward,...
https://hackernoon.com/atpc-cyber-forum-to-focus-on-next-generation-cybersecurity-and-artificial-intelligence-issues?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

15 Leading Technology and Service Providers Achieve SASE Certification

https://www.darkreading.com/cybersecurity-operations/15-leading-technology-and-service-providers-achieve-sase-certification
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investigating a SharePoint Compromise: IR Tales from the Field
Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire domain.
https://blog.rapid7.com/2024/10/30/investigating-a-sharepoint-compromise-ir-tales-from-the-field/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ex-Disney Employee Charged With Hacking Menu Database
In a vengeful move against the happiest place on Earth, the former employee allegedly used his old credentials to make potentially deadly changes.
https://www.darkreading.com/cyberattacks-data-breaches/ex-disney-employee-charged-hacking-menu-database
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zenity Raises M Series B Funding Round to Secure Agentic AI

https://www.darkreading.com/application-security/zenity-raises-38m-series-b-funding-round-to-secure-agentic-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Norton Report Reveals Nearly Half of US Consumers Were Targeted by a Scam While Online Shopping

https://www.darkreading.com/cyberattacks-data-breaches/norton-report-reveals-nearly-half-of-us-consumers-were-targeted-by-a-scam-while-online-shopping
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files
Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. Microsoft warns of a large-scale spear-phishing campaign by Russia-linked APT Midnight Blizzard (aka APT29, SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes), targeting 1,000+ users across 100+ organizations for intelligence gathering. The Midnight Blizzard group along with APT28 cyber espionage group was involved in the Democratic National […]
https://securityaffairs.com/170398/apt/midnight-blizzard-apt-targeted-100-organizations.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Entra "security defaults" to make MFA setup mandatory
​Microsoft says it will improve security across Entra tenants where security defaults are enabled by making multifactor authentication (MFA) registration mandatory. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-entra-security-defaults-to-make-mfa-setup-mandatory/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Open Source Initiative Announces Open Source AI Definition

https://www.darkreading.com/cybersecurity-operations/the-open-source-initiative-announces-open-source-ai-definition
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Business Email Compromise (BEC) Impersonation: The Weapon of Choice of Cybercriminals

https://www.darkreading.com/cloud-security/business-email-compromise-bec-impersonation-the-weapon-of-choice-of-cybercriminals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Crypto Trinity
Crypto trinity refers to the interrelated variables of Token, Traffic, and Liquidity, which collectively describe the performance of the crypto market. Crypto has a very limited use cases. However, as more utility emerges from broader use cases (Web3), it could positively impact crypto, making it more solid.  Until then, crypto cycles are mainly the product of free cash in pockets, media advertising and traffic, and people who exploit other people's psychological biases.
https://hackernoon.com/the-crypto-trinity?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Casap Secures .5M in Funding

https://www.darkreading.com/cyber-risk/casap-secures-8-5m-in-funding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian Cozy Bear Hackers Phish Critical Sectors with Microsoft, AWS Lures
Russian state-sponsored hackers Cozy Bear are targeting over 100 organizations globally with a new phishing campaign. This sophisticated…
https://hackread.com/russian-cozy-bear-hackers-phish-microsoft-aws-lures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hedging American Put Options with Deep Reinforcement Learning: References
The references section presents a thorough compilation of all sources cited in the study, providing foundational and contemporary literature that supports the exploration of deep reinforcement learning (DRL) in hedging American put options. This resource aids readers in further investigating the theoretical and practical aspects of the research.
https://hackernoon.com/hedging-american-put-options-with-deep-reinforcement-learning-references?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hedging American Put Options with Deep Reinforcement Learning: Appendix A
The appendix contains supplementary data tables detailing the final profit and loss (P&L) statistics for both the DRL agent and BS Delta strategies across various options. It also lists the asset paths used for testing, providing essential context and additional results that support the findings of the main paper.
https://hackernoon.com/hedging-american-put-options-with-deep-reinforcement-learning-appendix-a?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advancements in Deep Reinforcement Learning for Hedging American Put Options
This study highlights the effective application of deep reinforcement learning (DRL) agents in hedging American put options, contrasting with the conventional focus on European options. Employing the DDPG algorithm and a unique reward function that penalizes transaction costs, the DRL agent outperforms both BS Delta and binomial tree strategies in various experiments. Notably, the DRL agent maintains its effectiveness even when volatility is underestimated. Additionally, the transition to stochastic volatility models shows improved hedging performance in empirical settings. Future research should focus on frequent retraining of DRL agents as new data becomes available and the exploration of training hyperparameters to enhance agent performance.
https://hackernoon.com/advancements-in-deep-reinforcement-learning-for-hedging-american-put-options?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

QNAP patches second zero-day exploited at Pwn2Own to get root
QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device. [...]
https://www.bleepingcomputer.com/news/security/qnap-patches-second-zero-day-exploited-at-pwn2own-to-get-root/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Evaluating Deep RL Agents in Hedging with Market-Calibrated Stochastic Volatility Models
The SABR experiments reveal that DRL agents trained with market-calibrated stochastic volatility outperform the BS Delta strategy, particularly under 3% transaction costs. In scenarios without transaction costs, both strategies demonstrate effective hedging, but the DRL agent consistently achieves higher mean final P&Ls. When tested on real-world asset price data, the DRL agent excels in 12 out of 16 instances, showcasing its robustness in practical applications. Future research directions include exploring various training hyperparameters to enhance DRL hedging performance.
https://hackernoon.com/evaluating-deep-rl-agents-in-hedging-with-market-calibrated-stochastic-volatility-models?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Results of Deep Reinforcement Learning Agent Performance in Hedging American Put Options
The results of the DRL agent experiments are categorized into two main areas: GBM and stochastic volatility. In GBM experiments, the agent demonstrated superior performance over BS Delta and binomial strategies, particularly when transaction costs were included, yielding higher mean P&L and lower standard deviation. The DRL agent also showed robustness against increased volatility compared to the other methods, maintaining a higher mean final P&L and reduced standard deviation under various conditions. The analysis provides insights into the effectiveness of the DRL approach in real-world scenarios.
https://hackernoon.com/results-of-deep-reinforcement-learning-agent-performance-in-hedging-american-put-options?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rapidfire Unicorn reveals “Hotshot” Shoot-to-Earn PVP Game at GamesBeat NEXT Industry Event
Hotshot is an online multi-player game of skill where each player can shoot other players to earn in-game tokens from them. Each time a player is shot in the game, tokens are transferred from the balance/score of the player that was shot to the shooter's balance/ score. The first Alpha Play Day will be held in November 2024.
https://hackernoon.com/rapidfire-unicorn-reveals-hotshot-shoot-to-earn-pvp-game-at-gamesbeat-next-industry-event?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Testing Procedures for Evaluating Deep Reinforcement Learning Agents in American Put Option Hedging
The testing procedures for a DRL agent in hedging American put options are structured into two main categories: GBM and stochastic volatility experiments. Each requires asset price data, initial option pricing, exercise boundaries, and benchmarks for comparison. The GBM tests utilize a binomial tree for initial pricing and hedging, while stochastic volatility tests employ a calibrated model and BS Delta for benchmarks, assessing performance through numerous simulated paths and rebalance points.
https://hackernoon.com/testing-procedures-for-evaluating-deep-reinforcement-learning-agents-in-american-put-option-hedging?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Training Resources Often Limited to Developers
With a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats.
https://www.darkreading.com/endpoint-security/cybersecurity-training-resources-limited-developers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vishing, Mishing Go Next-Level With FakeCall Android Malware
A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.
https://www.darkreading.com/cyberattacks-data-breaches/vishing-mishing-fakecall-android-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues
Atlanta, Georgia, 30th October 2024, CyberNewsWire
https://hackread.com/atpc-cyber-forum-to-focus-on-next-generation-cybersecurity-and-artificial-intelligence-issues/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Did Snowflake Have a Target on It? Handling Data Warehouse Security Risks
In early June, the Ticketmaster breach brought widespread attention to the fact that Snowflake accounts did not require multi-factor authentication (MFA) and some were compromised as a result. If only... The post Why Did Snowflake Have a Target on It? Handling Data Warehouse Security Risks appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/why-did-snowflake-have-a-target-on-it-handling-data-warehouse-security-risks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Korean govt hackers linked to Play ransomware attack
The North Korean state-sponsored hacking group tracked as 'Andariel' has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions. [...]
https://www.bleepingcomputer.com/news/security/north-korean-govt-hackers-linked-to-play-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New “Scary” FakeCall Malware Captures Photos and OTPs on Android
A new, more sophisticated variant of the FakeCall malware is targeting Android devices. Learn about the advanced features…
https://hackread.com/scary-fakecall-malware-captures-photos-otps-android/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch now! New Chrome update for two critical vulnerabilities
Chrome issued a security update that patches two critical vulnerabilities. One of which was reported by Apple
https://www.malwarebytes.com/blog/news/2024/10/patch-now-new-chrome-update-for-two-critical-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android malware "FakeCall" now reroutes bank calls to attackers
A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker's phone number instead. [...]
https://www.bleepingcomputer.com/news/security/android-malware-fakecall-now-reroutes-bank-calls-to-attackers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers steal 15,000 cloud credentials from exposed Git config files
A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. [...]
https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Cybersecurity Tools Backfire
Outages are inevitable. Our focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is about keeping bad actors out while maintaining stability and reliability.
https://www.darkreading.com/vulnerabilities-threats/when-cybersecurity-tools-backfire
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI: Upcoming U.S. general election fuel multiple fraud schemes
The Federal Bureau of Investigation (FBI) is warning of multiple schemes taking advantage of the upcoming U.S. general election to scam people out of their money or personal data. [...]
https://www.bleepingcomputer.com/news/security/fbi-upcoming-us-general-election-fuel-multiple-fraud-schemes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Change Healthcare Breach Hits 100M Americans
Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information.
https://krebsonsecurity.com/2024/10/change-healthcare-breach-hits-100m-americans/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Here's a cybersecurity problem: there just aren't enough young people.
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in TechPolicy.Press Sausalito, Calif. – Oct. 30, 2024 3.5 million. That's how many unfilled jobs there are in the cybersecurity profession worldwide, according to Cybersecurity Ventures. Nick Merrill directs the Daylight Lab The post Here's a cybersecurity problem: there just aren't enough young people. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/heres-a-cybersecurity-problem-there-just-arent-enough-young-people/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7085-2: X.Org X Server vulnerability
USN-7085-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.
https://ubuntu.com/security/notices/USN-7085-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'CrossBarking' Attack Targets Secret APIs, Exposes Opera Browser Users
Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim's Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites.
https://www.darkreading.com/vulnerabilities-threats/crossbarking-attack-secret-apis-expose-opera-browser-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information
A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said. To demonstrate the issue, the company said it managed to publish a
https://thehackernews.com/2024/10/opera-browser-fixes-big-security-hole.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet. While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware
Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute information known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs said in a report shared with The Hacker News. "The malvertising campaign leverages nearly a hundred malicious
https://thehackernews.com/2024/10/malvertising-campaign-hijacks-facebook.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Importance of Asset Context in Attack Surface Management.
This topic covers one of the main drivers for ASM and why companies are investing in it, the context it delivers to inform better security decision making.
https://blog.rapid7.com/2024/10/30/the-importance-of-asset-context-in-attack-surface-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Awareness Month: 5 new AI skills cyber pros need
The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant? October is Cybersecurity Awareness Month, which makes it the perfect […] The post Cybersecurity Awareness Month: 5 new AI skills cyber pros need appeared first on Security Intelligence.
https://securityintelligence.com/articles/cybersecurity-awareness-month-new-ai-skills-needed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google fixed a critical vulnerability in Chrome browser
Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an out-of-bounds write issue that resides in the Dawn implementation. Dawn is an open-source […]
https://securityaffairs.com/170395/security/google-fixed-critical-chrome-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7084-2: pip vulnerability
USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. Original advisory details: It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
https://ubuntu.com/security/notices/USN-7084-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code
Cybersecurity researchers have discovered a new malicious Python package that masquerades as a cryptocurrency trading tool but harbors functionality designed to steal sensitive data and drain assets from victims' crypto wallets. The package, named "CryptoAITools," is said to have been distributed via both Python Package Index (PyPI) and bogus GitHub repositories. It was downloaded over 1,300
https://thehackernews.com/2024/10/researchers-uncover-python-package.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Embarking on a Compliance Journey? Here's How Intruder Can Help
Navigating the complexities of compliance frameworks like ISO 27001, SOC 2, or GDPR can be daunting. Luckily, Intruder simplifies the process by helping you address the key vulnerability management criteria these frameworks demand, making your compliance journey much smoother. Read on to understand how to meet the requirements of each framework to keep your customer data safe. How Intruder
https://thehackernews.com/2024/10/embarking-on-compliance-journey-heres.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Jumpy Pisces Engages in Play Ransomware
A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics. The post Jumpy Pisces Engages in Play Ransomware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New PySilon RAT Abusing Discord Platform to Maintain Persistence
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits the popular social platform Discord to maintain persistence on infected systems. Discord, known for its real-time communication features, has become a hub for various communities beyond its gaming origins. However, its API capabilities have also made it a target for […] The post New PySilon RAT Abusing Discord Platform to Maintain Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/new-pysilon-rat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7085-1: X.Org X Server vulnerability
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.
https://ubuntu.com/security/notices/USN-7085-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
QNAP fixed critical zero-day CVE-2024-50388 which was demonstrated against a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. QNAP addressed a critical zero-day vulnerability, tracked as CVE-2024-50388, which was exploited by white hat hackers against a TS-464 NAS device during the recent Pwn2Own Ireland 2024 hacking competition. The flaw is an OS command injection […]
https://securityaffairs.com/170386/uncategorized/qnap-fixed-zero-day-cve-2024-50388-pwn2own-ireland-2024.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations using sophisticated spear-phishing tactics. Known for its stealth and precision, Konni has been active since 2014, primarily targeting regions like Russia and South Korea. Recent reports from cybersecurity firm ThreatBook have highlighted the group’s latest operations, highlighting their evolving strategies […] The post Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/konni-apt-hackers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VimeWorld - 3,118,964 breached accounts
In October 2018, the Russian Minecraft service VimeWorld suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 3.1M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#VimeWorld
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Chrome Security, Critical Vulnerabilities Patched
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions of users worldwide. The latest Stable channel update, version 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux will be rolled out over the coming days and weeks. This update extends to the Extended Stable channel with version 130.0.6723.92 for […] The post Google Chrome Security, Critical Vulnerabilities Patched appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/chrome-vulnerabilities-patched/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metabase Information Disclosure Vulnerability (CVE-2021-41277)
What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful exploitation could lead to information disclosure including expose server files and environment variables to unauthorized users. The vulnerability occurs due to the use of user-supplied input without proper validation.Metabase is an open-source data analytics platform. According to their website it is used by over 60,000 companies including, Capital One, OpenAI, and more. FortiGuard Recon Threat Intelligence team tracked this vulnerability being targeted by a hacktivist group called GhostSec back in May 2024.What is the recommended Mitigation?This issue is fixed in a new maintenance release (0.40.5 and 1.40.5),...
https://fortiguard.fortinet.com/threat-signal-report/5563
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille (Presse)

Chinese Hacking Is Biggest State Cyber Threat to Canada, Spy Agency Says - USNews.com
... Cyber attack' in this illustration taken July 19, 2023. REUTERS/Dado Ruvic/Illustration/File Photo. OTTAWA (Reuters) - An aggressive Chinese ...
https://www.usnews.com/news/technology/articles/2024-10-30/chinese-hacking-is-biggest-state-cyber-threat-to-canada-spy-agency-says
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AGO hit by cybersecurity incident, says customers' credit card info not impacted - CTV News Toronto
Toronto Public Library book returns stored in 12 trailers since cyber attack. While e-mail addresses may have been accessed, a spokesperson for the ...
https://toronto.ctvnews.ca/ago-hit-by-cybersecurity-incident-says-customers-credit-card-info-not-impacted-1.7092693
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Ghost Stole my Data! | Bricker Graydon LLP - JDSupra
We'll be the first to admit that the frequency and quality of your backups play little role in whether you suffer a cyber-attack. However, the ...
https://www.jdsupra.com/legalnews/a-ghost-stole-my-data-8245984/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Does Your Business Need Cybersecurity Insurance? Here's What to Know | CO
... cyber attack can be detrimental to SMBs with limited resources. “Almost half (41%) of small businesses experienced a cyber attack in the past year ...
https://www.uschamber.com/co/co-brandstudio/hiscox/when-to-get-cybersecurity-insurance-for-your-smb
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Security Services - LRQA
Understand cyber security effectiveness, identify weaknesses and ascertain your ability to withstand a cyber-attack Our experts find hidden ...
https://www.lrqa.com/en-us/cyber-security-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack ... Threat actors in North Korea have been implicated in a recent ...
https://thehackernews.com/2024/10/north-korean-group-collaborates-with.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burnley Council has been hit by a cyber security attack | Lancashire Telegraph
A cyber attack has hit an East Lancashire authority with staff actively working with security officers to address the issue.
https://www.lancashiretelegraph.co.uk/news/24689723.burnley-council-hit-cyber-security-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Crime Awareness Month | Stratford-on-Avon District Council
If you are currently being subjected to a live and ongoing cyber-attack then please contact Warwickshire Police on 101. If you suspect you've been ...
https://www.stratford.gov.uk/news/news.cfm/current/1/item/138359
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber attack on Burnley Council brings website down
Cyber attack on Burnley Council brings website down. By Dominic Collis. Published 30th Oct 2024, 16:01 GMT. Updated 30th Oct 2024, 16:01 GMT.
https://www.burnleyexpress.net/news/people/cyber-attack-on-burnley-council-brings-website-down-4846605
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China Hackers Targeted Trump Family, Biden Aides, NYT Reports - Asia Financial
... Cyber Attack, Gang Says · China Planning Ten-Fold Increase in Some Cyber Law Fines · US Cleared Chinese Hackers From Pacific Computer Systems · China ...
https://www.asiafinancial.com/china-hackers-targeted-trump-family-biden-aides-nyt-reports
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Risk Management is Crucial for Cybersecurity Strategies - TechRound
A Business Continuity Plan (BCP) safeguards that companies can take action and restore normality after instances of a cyber attack. Moreover, a ...
https://techround.co.uk/tech/why-risk-management-is-crucial-for-cybersecurity-strategies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

PCI DSS Self-Assessment Questionnaires: Choosing the Right Type
If you process credit card payments, you need to prioritize security. One way to guarantee this safety is by complying with Payment Card Industry (PCI) Data Security Standards (DSS).
https://www.legitsecurity.com/blog/pci-dss-self-assessment-questionnaire
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PCI DSS Compliance Levels and Requirements: A Complete Guide
If your business processes credit card transactions, it needs to meet the Payment Card Industry (PCI) Data Security Standards (DSS).
https://www.legitsecurity.com/blog/pci-dss-compliance-levels
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

International law enforcement operation dismantled RedLine and Meta infostealers
A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests. The Dutch police announced it has dismantled infrastructure used by RedLine and Meta infostealers as part of an international law enforcement operation led by Eurojust that was code-named Operation Magnus. RedLine and META targeted millions of victims worldwide, according to Eurojust […]
https://securityaffairs.com/170369/cyber-crime/law-enforcement-operation-disrupted-redline-and-meta-infostealers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Secrets Management? Best Practices and Challenges
Modern apps require hundreds of secrets to function (API keys, cloud credentials, etc.). However, poor management of these secrets can expose sensitive information publicly or to malicious actors.
https://www.legitsecurity.com/blog/what-is-secrets-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely. [...]
https://www.bleepingcomputer.com/news/security/new-windows-themes-zero-day-gets-free-unofficial-patches/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline. [...]
https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Operation Magnus: Police Dismantles RedLine and META Infostealer Infrastructure
An international law enforcement operation, led by the United States, Europol, and the Netherlands, has successfully dismantled the…
https://hackread.com/operation-magnus-redline-meta-infostealer-dismantled/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

QNAP fixes NAS backup software zero-day exploited at Pwn2Own
QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. [...]
https://www.bleepingcomputer.com/news/security/qnap-fixes-nas-backup-software-zero-day-exploited-at-pwn2own/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

According to Cloud Security Alliance Survey More than Half of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization
Report also found that over 75% of enterprises are using two or more IDPs and struggle to manage access controls and consistent security policiesSEATTLE – Oct. 30, 2024 – Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State...
https://cloudsecurityalliance.org/articles/csa-finds-technical-debt-as-top-hurdle-to-identity-system-modernization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding TeamTNTs Malicious Campaign Assaulting Docker Clusters
TeamTNT has recently emerged at the forefront of the ever-evolving threat landscape by devising novel exploits assaulting Docker clusters. Their Docker Gatling Gun campaign has targeted 16 million IP addresses worldwide and attacked Docker clusters globally.
https://linuxsecurity.com/news/cloud-security/teamtnt-assaults-docker-clusters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian Malware Attack Targets Ukrainian Military Recruits via Telegram
Russian hackers launched a targeted malware campaign via Telegram, aimed at Ukrainian military recruits. Disguised as recruitment tools,…
https://hackread.com/russian-malware-ukraine-military-recruits-telegram/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building Resilience: A Post-Breach Security Strategy for Any Organization
In the wake of a recent breach that compromised sensitive information, a healthcare organization sought my guidance on how to significantly enhance their security posture. Drawing from my experience as... The post Building Resilience: A Post-Breach Security Strategy for Any Organization appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/building-resilience-a-post-breach-security-strategy-for-any-organization/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7084-1: urllib3 vulnerability
It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.
https://ubuntu.com/security/notices/USN-7084-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weekly Detection Rule (YARA and Snort) Information – Week 5, October 2024
The following is the information on Yara and Snort rules (week 5, October 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_EDD_prncpal Phishing Kit impersonating Employment Development Department California (EDD) https://github.com/t4d/PhishingKit-Yara-Rules PK_Eika_oio Phishing Kit impersonating Eika Bank https://github.com/t4d/PhishingKit-Yara-Rules PK_Huntington_code0t17 Phishing Kit impersonating Huntington bank https://github.com/t4d/PhishingKit-Yara-Rules PK_LeBonCoin_2022 Phishing […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 5, October 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84143/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Resilience Audit (CRA) scheme launches for assured CAF-based audits
NCSC-assured CRA service now offering Cyber Assessment Framework based audits and more applications invited from potential service providers.
https://www.ncsc.gov.uk/blog-post/cra-scheme-launches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses
Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.
https://securelist.com/compromise-assessment-cases/114332/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Notorious WrnRAT Delivered Mimic As Gambling Games
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games like Badugi, Go-Stop, and Hold’em to disguise itself as a malicious program.  The attackers created a fraudulent gambling website that, when accessed, prompts users to download a game launcher. Instead of initiating the game, the launcher installs the malicious WrnRAT […] The post Notorious WrnRAT Delivered Mimic As Gambling Games appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/wrnrat-gambling-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Windows Downgrade Attack Let Hackers Downgrade Patched Systems To Exploits
The researcher discovered a vulnerability in the Windows Update process that allowed them to downgrade critical system components, including DLLs, drivers, and the NT kernel. This enabled the attacker to bypass security measures like Secure Boot and expose previously patched vulnerabilities.  There are many ways to disable VBS, including Credential Guard and HVCI, even with […] The post New Windows Downgrade Attack Let Hackers Downgrade Patched Systems To Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/windows-downgrade-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Use Fog Ransomware To Attack SonicWall VPNs And Breach Corporate Networks
Recent cyberattacks involving Akira and Fog threat actors have targeted various industries, exploiting a vulnerability (CVE-2024-40766) in SonicWall SSL VPN devices, where these attacks, initiated early in the kill chain, leverage malicious VPN logins from VPS-hosted IP addresses.  The rapid escalation from initial access to ransomware encryption, often within the same day, highlights the urgency […] The post Hackers Use Fog Ransomware To Attack SonicWall VPNs And Breach Corporate Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/fog-ransomware-sonicwall-vpn-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities
Apple has issued patches for several of its operating systems. The ones for iOS and iPadOS deserve your immediate attention.
https://www.malwarebytes.com/blog/news/2024/10/update-your-iphone-mac-watch-apple-issues-patches-for-several-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian charged by U.S. for creating RedLine infostealer malware
The United States announced charges today against Maxim Rudometov, a Russian national, for being the suspected developer and administrator of the RedLine malware operation, one of the most prolific infostealers over the past few years. [...]
https://www.bleepingcomputer.com/news/security/russian-charged-by-us-for-creating-redline-infostealer-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Augmenting Training Datasets Using Generative AI
Custom generative AI solutions have the potential to transform industries, equipping businesses to reach their goals with exceptional…
https://hackread.com/augmenting-training-datasets-using-generative-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Detection Engineering in Post SIEM and SOAR World
A few years back, my security team was tasked to create and maintain a green field environment for FEDRAMP compliance. We made a radical decision, we opted to forego a... The post Detection Engineering in Post SIEM and SOAR World appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/detection-engineering-in-post-siem-and-soar-world/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models
A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI, have been reported as part of Protect AI's Huntr bug bounty platform. The most severe of the
https://thehackernews.com/2024/10/researchers-uncover-vulnerabilities-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why safeguarding sensitive data is so crucial
A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other. The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction […] The post Why safeguarding sensitive data is so crucial appeared first on Security Intelligence.
https://securityintelligence.com/articles/why-safeguarding-sensitive-data-is-crucial/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Interpol is adapting to the ever-evolving cybercrime landscape
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in CSO Sausalito, Calif. – Oct. 29, 2024 With 100 years of history, Interpol is the police organization par excellence, bringing together 196 countries in the fight against crime. But in this The post How Interpol is adapting to the ever-evolving cybercrime landscape appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/how-interpol-is-adapting-to-the-ever-evolving-cybercrime-landscape/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766
Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. CVE-2024-40766  is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August […]
https://securityaffairs.com/170359/cyber-crime/fog-akira-ransomware-sonicwall-vpn-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RedLine and META Infostealers Infrastructure Seized by Authorities
An international coalition led by the U.S. Department of Justice has dismantled the infrastructure behind the notorious RedLine and META infostealers. These malware variants have plagued millions of computers worldwide, stealing sensitive information and facilitating further cybercriminal activities. Operation Magnus was a joint effort involving the US Department of Justice, FBI, Naval Criminal Investigative Service, […] The post RedLine and META Infostealers Infrastructure Seized by Authorities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/redline-and-meta-infostealers-seized/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Evolution of Cybersecurity Quality Assurance: How AI & Machine Learning Can Boost Linux Security
As cyber threats evolve and increasingly target Linux systems critical to our digital infrastructure, more advanced quality assurance (QA) methods are needed to protect them. Linux systems serve as the foundation for many servers and cloud environments worldwide, making Linux vulnerabilities prime targets of cybercriminals.
https://linuxsecurity.com/news/security-trends/evolving-cybersecurity-quality-assurance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

July 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for July 2024 where I collected and analyzed 219 events. During July 2024...
https://www.hackmageddon.com/2024/10/29/july-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7064-2: nano vulnerability
USN-7064-1 fixed a vulnerability in nano. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while editing, the permissions granted to the emergency save file could be used by an attacker to escalate privileges using a malicious symlink.
https://ubuntu.com/security/notices/USN-7064-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation
Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.” Rather than following every lead, Holmes focuses on the details that are needed to move him to the solution. In
https://thehackernews.com/2024/10/a-sherlock-holmes-approach-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus
The Dutch National Police, along with international partners, have announced the disruption of the infrastructure powering two information stealers tracked as RedLine and MetaStealer. The takedown, which took place on October 28, 2024, is the result of an international law enforcement task force codenamed Operation Magnus that involved authorities from the U.S., the U.K., Belgium, Portugal, and
https://thehackernews.com/2024/10/dutch-police-disrupt-major-info.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The threat from commercial cyber proliferation
Report informing readers about the threat to UK industry and society from commercial cyber tools and services.
https://www.ncsc.gov.uk/report/commercial-cyber-proliferation-assessment
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Essentials: are there any alternative standards?
Can an equivalent cyber security standard deliver the same outcomes as the NCSC's Cyber Essentials scheme?
https://www.ncsc.gov.uk/blog-post/cyber-essentials-are-there-any-alternative-standards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese Hackers Scanning Canadian IT Systems for Vulnerabilities
The Canadian Centre for Cyber Security (Cyber Centre), a Communications Security Establishment Canada (CSE) division, has warned Canadian organizations about an ongoing cyber threat. The Cyber Centre reports that a sophisticated state-sponsored threat actor from the People's Republic of China has been conducting extensive reconnaissance scanning on Canadian IT systems over several months. This activity, […] The post Chinese Hackers Scanning Canadian IT Systems for Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/chinese-hackers-scanning-canadian-it-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lumma/Amadey: fake CAPTCHAs want to know if you're human
Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets.
https://securelist.com/fake-captcha-delivers-lumma-amadey/114312/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don't become a statistic: Tips to help keep your personal data off the dark web
You may not always stop your personal information from ending up in the internet's dark recesses, but you can take steps to protect yourself from criminals looking to exploit it
https://www.welivesecurity.com/en/cybercrime/dont-become-statistic-defending-data-dark-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows
Open Policy Agent (OPA) recently patched a critical vulnerability that could have exposed NTLM credentials of the OPA server’s local user account to remote attackers, which was present in both the OPA CLI and Go SDK.  By exploiting this flaw, attackers could have compromised the OPA server’s authentication mechanisms and potentially gained unauthorized access to […] The post SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/smb-auth-vulnerability-opa-windows/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Email, Email on the Wall, Who Sent You, After All?
During Business Email Comproise (BEC) engagements we often have to analyze the provenance of emails. According to the FBI's Internet Crime Report, BEC is one of the most financially damaging attacks, even surpassing ransomware in terms of losses. But how can we know all of this? Through email headers! This blog post tries to shed some light on the information contained within emails, what it means, and what can be done to prevent this type of attack.
https://blog.compass-security.com/2024/10/email-email-on-the-wall-who-sent-you-after-all/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russia-linked espionage group UNC5812 targets Ukraine's military with malware
Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “Civil Defense.” The Telegram channel was created on September 10, 2024 and at this time has 189 […]
https://securityaffairs.com/170346/cyber-warfare-2/unc5812-targets-ukraines-military-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Signs Definitive Agreement to Acquire Normalyze

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-signs-definitive-agreement-acquire-normalyze
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing
The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies. "The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in conflict
https://thehackernews.com/2024/10/us-government-issues-new-tlp-guidance.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Innovator Spotlight: Cloud Range
by Dan K. Anderson CEO, CISO, and vCISO The cybersecurity landscape is rapidly evolving, and so are the tactics of adversaries. According to IBM, the average cost of a data... The post Innovator Spotlight: Cloud Range appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/innovator-spotlight-cloud-range/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors
More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich researchers Johannes Wikner and Kaveh Razavi, aims to undermine the Indirect Branch Predictor Barrier (IBPB) on x86 chips, a crucial mitigation
https://thehackernews.com/2024/10/new-research-reveals-spectre.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Veeam Backup and Replication Deserialization Vulnerability (CVE-2024-40711)
What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code on a vulnerable system without authentication, which poses a significant risk to organizations using Veeam for backup and data protection. The vulnerability has been added to Known Exploited Vulnerabilities Catalog (KEV) on October 17, 2024, and is known to be used in Ransomware Campaigns.What is the recommended Mitigation?Veeam has released security patches addressing CVE-2024-40711, along with 5 other lower severity vulnerabilities in Veeam Backup & Replication. https://www.veeam.com/kb4649What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch provided by the vendor...
https://fortiguard.fortinet.com/threat-signal-report/5559
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top VPN Features to Consider When Choosing the Right Streaming Service
Find the best VPN for streaming with essential features like high-speed servers, strong encryption, streaming optimization, and broad…
https://hackread.com/top-vpn-features-consider-choosing-streaming-service/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Streamlining Cloud Security: Integrating CSA CCM Controls into Your ISO/IEC 27001 Framework
In today's rapidly evolving security landscape, it can be overwhelming to manage multiple frameworks, especially for organizations striving for excellence in cloud security. The CSA Cloud Controls Matrix (CCM) is a gold standard in cloud security governance, providing a detailed map of best practices. However, if you already have an ISO/IEC 27001 Information Security Management System (ISMS) in place, how do you address the additional requirements of the CCM without reinventing the wheel? The...
https://cloudsecurityalliance.org/articles/streamlining-cloud-security-integrating-csa-ccm-controls-into-your-iso-iec-27001-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Securing Our Elections Through Vulnerability Testing and Disclosure
Learn how security researchers are securing election technology though vulnerability testing and disclosure.
https://www.hackerone.com/public-policy/securing-elections-through-vulnerability-testing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

France's second-largest telecoms provider Free suffered a cyber attack
French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. The company is the second-largest ISP in France with over 22.9 million mobile and fixed subscribers. Free disclosed a cyber attack over the […]
https://securityaffairs.com/170333/data-breach/free-suffered-a-cyber-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple Launches ‘Apple Intelligence' and Offers M Bug Bounty for Security
Apple unveils ‘Apple Intelligence’ for iPhone, iPad, and Mac devices while offering a million bug bounty for…
https://hackread.com/apple-launches-apple-intelligence-bug-bounty/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

INE Launches Initiative to Optimize Year-End Training Budgets with Enhanced Cybersecurity and Networking Programs
Cary, NC, 28th October 2024, CyberNewsWire
https://hackread.com/ine-launches-initiative-to-optimize-year-end-training-budgets-with-enhanced-cybersecurity-and-networking-programs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

We Need to Talk: Breaking up with Your SIEM Vendor
Here are three tips to make this breakup as painless as possible – Steve Garrison, Senior Vice President, Marketing, Stellar Cyber San Jose, Calif. – Oct. 28, 2024 Relationships are challenging at times. Think of it like a seesaw. Like in a seesaw, every relationship, The post We Need to Talk: Breaking up with Your SIEM Vendor appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/we-need-to-talk-breaking-up-with-your-siem-vendor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How a CISO Should Brief the Board of Directors
It’s often assumed that if the board knew exactly what they wanted to hear from the CISO, they would simply communicate it. Unfortunately, that’s not always the case. This leaves... The post How a CISO Should Brief the Board of Directors appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/how-a-ciso-should-brief-the-board-of-directors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through
https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder
A critical vulnerability just received a fix with the latest Kubernetes Image Builder release. The… Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/28/hard-coded-credentials-vulnerability-found-in-kubernetes-image-builder/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 - Oct 27)
Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the
https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_28.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Europol warns about counterfeit goods and the criminals behind them
There is a whole ecosystem behind the sales and distribution of counterfeit goods. Best to tay away from them.
https://www.malwarebytes.com/blog/news/2024/10/europol-warns-about-counterfeit-goods-and-the-criminals-behind-them
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A crime ring compromised Italian state databases reselling stolen info
Italian police arrested four and are investigating dozens, including Leonardo Maria Del Vecchio, for alleged unauthorized access to state databases. Italian authorities have arrested four individuals as part of an investigation into alleged illegal access to state databases. The police are also investigating dozens of other individuals, including the son of Luxottica founder Leonardo Maria […]
https://securityaffairs.com/170328/data-breach/a-crime-ring-compromised-italian-state-databases.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spooky Cyber Stats and Trends In Time for Halloween
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full Forbes Story Sausalito, Calif. – Oct. 28, 2024 Every year the stats on cyberattacks seem to get spookier!, according to Chuck Brooks, a Forbes contributor. As we finish October’s Cybersecurity Awareness Month, The post Spooky Cyber Stats and Trends In Time for Halloween appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/spooky-cyber-stats-and-trends-in-time-for-halloween/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? For me, this year's theme is a reminder of the global nature of NIST's cybersecurity and privacy
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain
A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Identity-related attack vectors are a significant concern, with a substantial percentage of cyberattacks—often cited as over 70%—involving compromised credentials or identity theft. However, this problem primarily stems from a lack of visibility. Do you […]
https://securityaffairs.com/170324/security/third-party-identities-cybersecurity-supply-chain.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tony Fadell: Innovating to save our planet | Starmus highlights
As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts
https://www.welivesecurity.com/en/we-live-science/tony-fadell-innovating-save-planets-starmus-highlights/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CloudScout: Evasive Panda scouting cloud services
ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services
https://www.welivesecurity.com/en/eset-research/cloudscout-evasive-panda-scouting-cloud-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (October 21 – October 27)
A list of topics we covered in the week of October 21 to October 27 of 2024
https://www.malwarebytes.com/blog/news/2024/10/a-week-in-security-october-21-october-27
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Basta affiliates used Microsoft Teams in recent attacks
ReliaQuest researchers observed Black Basta affiliates relying on Microsoft Teams to gain initial access to target networks. ReliaQuest researchers warn that Black Basta ransomware affiliates switched to Microsoft Teams, posing as IT support to deceive employees into granting access. The BlackBasta ransomware operators were spotted posing as corporate help desks and contacting employees to help […]
https://securityaffairs.com/170311/cyber-crime/black-basta-ransomware-microsoft-teams.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –... The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity... The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Three Ways AI Can Hack the U.S. Election
The growing capability of AI content poses three very real threats to modern elections. We explain each, and take a glimpse at a possible solution to the growing AIpocalypse.
https://www.f5.com/labs/articles/cisotociso/three-ways-ai-can-hack-the-us-election
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug on ParrotCTF
ParrotCTFHello fellas, how are you guys doing!! Well, I am here with another bug write-up.A little background details about me. I am a new bug bounty hunter still learning about the bugs and trying up new things. For which I am solving THM rooms, HTB rooms, and newly came across a website named, parrotctf which is a great room for intermediate hackers.Now coming back to how I got the bug on their website.DotGitThis is a Firefox extension used by hackers/hunters to get the hidden .git directory of the website if it is present.Link to download: https://addons.mozilla.org/en-US/firefox/addon/dotgit/Once downloaded just pin it to your extension bar, and the next time you will visit any site it will directly show if any is .git directory is present.Bug DetailsExposed .git directory is considered...
https://infosecwriteups.com/bug-on-parrotctf-e64424b0d043?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Configure Static and Dynamic IP Addresses in Linux
A Step-by-Step Guide Using ifconfig and ipContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-to-configure-static-and-dynamic-ip-addresses-in-linux-a-step-by-step-guide-using-ifconfig-and-48551ce4bc45?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

JWT Authentication Bypass leads to Admin Control Panel
🍪From a simple cookie it became a benchmark and then an Accont takeover 😈➡️For legal reasons, I will not reveal the website or the Bug Bounty program.I found this vulnerability about a few months ago, it was a “simple” mistake that I managed to access the Admin panel of a very well-known site. And I have permission to publish this…What is a JWT? (Resume)For those who don't know, the JWT (JSON Web Token) is an authentication method widely used for authentication, formerly cookies (still used) but usually a JWT is more common, they can be accompanied (and should all be) with a signature that is signed by the server, and it is this signature that validates that the JWT is in fact validJWT FormatHeader: Defines the type of token and the signature algorithm.Payload: Contains...
https://infosecwriteups.com/jwt-authentication-bypass-leads-to-admin-control-panel-dfa6efcdcbf5?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NMAP Cheat Sheet: Beginner to Advanced
Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/nmap-cheat-sheet-beginner-to-advanced-787b19a113f4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Common web application threats & risk
We all know how important web applications have become in our lives. You can literally see their impact on everything, such as commercial, financial, governmental, corporate, and security applications…etcGiven the increased adoption of web applications comes no surprise that web applications are constantly exposed to various security threats and risks before , I will clearly distinguish the difference between threats and risks.So what the difference between threats and risks?A threat refers to any potential source of harm or adverse event that may exploit a vulnerability in a system or have an exploit available in the public network.Threats can be human mad, such as cybercriminals, black hate, scammers and do on.Note: the threats they can be natural, such as floods ,earthquakes, power outages.So...
https://infosecwriteups.com/common-web-application-threats-risk-8d54b6a23acb?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DLL hijacking in TOTOLINK A600UB Driver Installer
IntroductionIn this article, we will explore a DLL Hijacking vulnerability detected in a driver installer for Realtek, used by the device company TOTOLINK in one of its USB modems. We will analyze how this vulnerability works and its implications in terms of security. Through this analysis, we aim to provide a deep understanding of this threat and promote more robust development and security practices to prevent future incidents.What is DLL Hijacking?DLL Hijacking is an attack technique that exploits the way Windows loads dynamic link libraries (DLLs). When an application requires a DLL, Windows follows a search order to locate it. An attacker can place a malicious DLL in a preferred location within this order, causing it to load instead of the legitimate DLL. This allows the attacker to execute...
https://infosecwriteups.com/dll-hijacking-in-totolink-a600ub-driver-installer-13787c4d97b4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTB | Cascade — Reverse Engineering - DnSpy and AD Recycle
HTB | Cascade — Reverse Engineering - DnSpy and AD RecycleThis is the Box on Hack The Box Active Directory 101 Track. Find the box here.You can find the Video Walkthrough hereSkill LearnedTightVNC Password ExtractionActive Directory EnumerationReverse Engineering — DnSpyAD Recycle BinNMAPIP: 10.10.10.182nmap -sT -p- --min-rate 10000 10.10.10.182nmap -sC -sV -p 53,88,135,139,389,445,464,593,636,3268,3269,5985,49154,49155,49157,49158,49165 10.10.10.182 -PnnmapSMB & RPCSMBMAP and SMBClient are not workingsmbmap -H 10.10.10.182smbmap -H 10.10.10.182Let's try rpcclientrpcclient -U "" -N 10.10.10.182rpcclient -U “” -N 10.10.10.182I will copy the usersLet's see groupsenumdomgroupsLDAP — TCP 389To enumerate LDAP, first I'll get the naming context:ldapsearch...
https://infosecwriteups.com/htb-cascade-reverse-engineering-dnspy-and-ad-recycle-ecd045caca7d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Electron JS Application Penetration Testing
Overview of Electron JSContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/electron-js-application-penetration-testing-b0809af324f6?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Basics of PowerShell 2024–2025: My Take on Learning It the Fun Way
Do you know why apples turn red?Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/basics-of-powershell-2024-2025-my-take-on-learning-it-the-fun-way-6566c908a8fb?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Demystifying OSINT
An Introduction to Open Source IntelligenceContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/demystifying-osint-e1c287b17e0c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure
Paper bridges gap between traditional information technology security methodologies and the unique demands of critical infrastructure sectorsSEATTLE – Oct. 29, 2024 – In today's interconnected world, critical infrastructure (CI) sectors face an ever-evolving landscape of cyber and physical threats. As these sectors embrace digital transformation and the convergence of operational technology (OT) and information technology (IT), the need for robust, adaptable security strategies has never been...
https://cloudsecurityalliance.org/articles/csa-paper-examines-zero-trust-principles-for-critical-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

StreamCraft - 1,772,620 breached accounts
In July 2020, the Russian Minecraft service StreamCraft suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.8M records of usernames, email and IP addresses and passwords stored as either MD5 or bcrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#StreamCraft
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Imperative of Penetration Testing AI Systems
In the modern era of technological advancement, artificial intelligence (AI) is revolutionizing business operations, presenting unparalleled opportunities for efficiency and innovation. However, as AI systems become integral to our business... The post The Imperative of Penetration Testing AI Systems appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-imperative-of-penetration-testing-ai-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding Linux Persistence Mechanisms and Detection Tools
As Linux-based systems gain greater prevalence across various IT infrastructures, they become increasingly popular targets for attackers. One of threat actors' primary goals post-breach is persistence, techniques that allow them to access compromised systems even after reboots or updates.
https://linuxsecurity.com/features/features/linux-persistence-mechanisms-detection-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Has Video Analytics Enhanced Security and Efficiency?
In recent years, video analytics has significantly transformed the interpretation and utilization of visual data. Through advanced algorithms and artificial intelligence methods, video analytics can perform tasks such as object... The post How Has Video Analytics Enhanced Security and Efficiency? appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/how-has-video-analytics-enhanced-security-and-efficiency/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Club Penguin Experience - 6,342 breached accounts
In October 2024, The Club Penguin Experience (TCPE) suffered a data breach. The incident exposed over 6k subscribers' email addresses alongside usernames, age groups, passwords stored as bcrypt hashes and in some cases, plain text password hints. TCPE sent prompt disclosure notices to impacted customers following the breach.
https://haveibeenpwned.com/PwnedWebsites#TheClubPenguinExperience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Assess and Treat AI Risks and Impacts with ISO/IEC 42001:2023
Originally published by Schellman.ISO/IEC 42001:2023 is rapidly becoming the global standard for Artificial Intelligence (AI) governance. While it is a close cousin of ISO/IEC 27001:2022, ISO 42001—rather than focusing primarily on cyber and information security—takes a more holistic approach to risk management for AI systems.At StackAware, they chose to implement ISO 42001 and subsequently performed the AI risk assessment, impact assessment, and risk treatments required to comply with the fr...
https://cloudsecurityalliance.org/articles/how-to-assess-and-treat-ai-risks-and-impacts-with-iso-iec-42001-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Innovator Spotlight: Legit Security
by Dan K. Anderson CEO, CISO, and vCISO With the rise of software supply chain attacks, organizations are under increasing pressure to secure their software development pipelines. According to a... The post Innovator Spotlight: Legit Security appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/innovator-spotlight-legit-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 10/25/2024
Hackers and Vampires Agree: Every Byte Counts Headlining the release today is a new exploit module by jheysel-r7 that chains two vulnerabilities to target Magento/Adobe Commerce systems: the first, CVE-2024-34102 is an arbitrary file read used to determine the version and layout of the glibc library, and the second,
https://blog.rapid7.com/2024/10/25/metasploit-weekly-wrap-up-10-25-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system. But as one tries to dig deeper and understand how the registry really works internally, things may get confusing really fast. What are hives? How do they map or relate to the top-level keys? Why are some HKEY root keys pointing inside of other root keys (e.g. HKCU being located under HKU)? These are all valid questions, but they are difficult to answer without fully understanding the interactions between the user-mode Registry API and the kernel-mode registry...
https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

100 million US citizens officially impacted by Change Healthcare data breach
Change Healtcare has confrimed that at least 100M US citizens personal data were impacted by their February data breach
https://www.malwarebytes.com/blog/news/2024/10/100-million-us-citizens-officially-impacted-by-change-healthcare-data-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Safeguarding Corporate Secrets: Best Practices and Advanced Solutions
Do you know where all the secrets are? The probable answer to this might be NO and believe me you are not alone. The advancement of technology has overtaken us.... The post Safeguarding Corporate Secrets: Best Practices and Advanced Solutions appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/safeguarding-corporate-secrets-best-practices-and-advanced-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building a Custom Risk Prioritization and Risk Scoring Methodology with Surface Command
With our recent launch of the Command Platform, Rapid7 now delivers a more comprehensive view of your attack surface, with transparency that you can trust.
https://blog.rapid7.com/2024/10/25/building-a-custom-risk-prioritization-and-risk-scoring-methodology-with-surface-command/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Addressing growing concerns about cybersecurity in manufacturing
Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface. According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in […] The post Addressing growing concerns about cybersecurity in manufacturing appeared first on Security Intelligence.
https://securityintelligence.com/articles/addressing-growing-concerns-cybersecurity-in-manufacturing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Cybersecurity Programs Launched By U.S. Schools
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full Businesswire Story Sausalito, Calif. – Oct. 25, 2024 Lisle, Ill.-based DeVry University announced the launch of its cutting-edge cyber range platform offering realistic, immersive simulations that mimic real-world cyber threats. Learners can practice and The post New Cybersecurity Programs Launched By U.S. Schools appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/new-cybersecurity-programs-launched-by-u-s-schools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an... The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

digiDirect - 304,337 breached accounts
In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth. Approximately half the email addresses were on domains from external marketplaces including Amazon, eBay and Westfield.
https://haveibeenpwned.com/PwnedWebsites#digiDirect
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How CSA Research Uses the Cloud Controls Matrix to Address Diverse Security Challenges
CSA extensively leverages the Cloud Controls Matrix (CCM) to enhance security practices across various domains of cloud research. The CCM is a comprehensive cloud security framework consisting of 197 security control objectives. The main purpose of the framework is to help organizations address the unique challenges of cloud computing. However, the CCM also acts as a foundational tool for other CSA research initiatives.In this blog, learn directly from our research team how they use the CCM i...
https://cloudsecurityalliance.org/articles/how-csa-research-uses-the-cloud-controls-matrix-to-address-diverse-security-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are Companies Becoming More Transparent About Cyber Incidents?
Originally published by CXO REvolutionaries.Written by Nat Smith, Sr. Director, Product Management, Zscaler.Not long ago, companies were hesitant to disclose cyber incidents, fearing a backlash and damage to their reputations, and a loss of customer trust. In 2017, Equifax waited six weeks to disclose that sensitive customer information had leaked, helping make it one of the most iconic breaches in history. Recent trends suggest that the tide is turning, with more and more companies putting g...
https://cloudsecurityalliance.org/articles/are-companies-becoming-more-transparent-about-cyber-incidents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Elevating Alert Readiness: A People-First Approach for CISOs
Originally published by Devoteam.The Gartner Security & Risk Management Summit 2024 hammered home the need for a proactive and resilient approach to cybersecurity. Sure, there were plenty of shiny new technologies and strategies on display, but the biggest takeaway for me was the resounding emphasis on a people-centric approach to security and cyber resilience. This resonated with me, because it aligns perfectly with the core principles of the Alert Readiness Framework (ARF).Simon Sinek f...
https://cloudsecurityalliance.org/articles/elevating-alert-readiness-a-people-first-approach-for-cisos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Measure, Compare, and Enhance Security Programs with HackerOne Benchmarks
Learn about HackerOne Benchmarks, a set of features designed to provide insights for optimizing your security program's performance.
https://www.hackerone.com/vulnerability-management/hackerone-benchmarks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Product Review: BlueSleuth-Lite BLE Tag Detector
No wonder the BlueSleuth-Lite Bluetooth detector has been so popular – David Braue Melbourne, Australia – Oct. 24, 2024 The small size and long battery life of modern Bluetooth-enabled tracking devices has made them invaluable for keeping tabs on everything from your bike and dog The post Product Review: BlueSleuth-Lite BLE Tag Detector appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/product-review-bluesleuth-lite-ble-tag-detector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Reduce Risk From Misconfigured Build Assets
Get steps to prevent risky misconfigurations in your SDLC. 
https://www.legitsecurity.com/blog/reduce-risk-misconfigured-build-assets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity spotlight on bug bounty researcher @adrianoapj
As we wrap up Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@adrianoapj! The post Cybersecurity spotlight on bug bounty researcher @adrianoapj appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cybersecurity-spotlight-on-bug-bounty-researcher-adrianoapj/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Malware & Security Issue 4st Week of October, 2024
ASEC Blog publishes “Android Malware & Security Issue 4st Week of October, 2024” 게시물 Android Malware & Security Issue 4st Week of October, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84098/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pinterest tracks users without consent, alleges complaint
Pinterest is facing a complaint because it failed to comply with GDPR rules about using personal data for personalized advertising.
https://www.malwarebytes.com/blog/news/2024/10/pinterest-tracks-users-without-consent-alleges-complaint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 3 Questions at the Core of Every Cybersecurity Compliance Mandate
Cybersecurity compliance is undergoing a massive shift, with regulatory frameworks rapidly introducing more complex rules, stricter enforcement, and tougher penalties for non-compliance. We see this exemplified through the vast reach... The post The 3 Questions at the Core of Every Cybersecurity Compliance Mandate appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-3-questions-at-the-core-of-every-cybersecurity-compliance-mandate/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 proven use cases for AI in preventative cybersecurity
IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of .2 million. Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance. Here are three […] The post 3 proven use cases for AI in preventative cybersecurity appeared first on Security Intelligence.
https://securityintelligence.com/articles/3-proven-use-cases-for-ai-preventative-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cross-examining cybercrime at GITEX GLOBAL 2024, world's largest tech event
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full GITEX Global Story Sausalito, Calif. – Oct. 24, 2024 With global cybercrime damage projected to reach .5 trillion annually by 2025, according to Cybersecurity Ventures, the international tech community is determined to ignite The post Cross-examining cybercrime at GITEX GLOBAL 2024, world’s largest tech event appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cross-examining-cybercrime-at-gitex-global-2024-worlds-largest-tech-event/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 July 2024 Cyber Attacks Timeline
In the second timeline of July 2024 I collected 116 events (7.25 events/day) with a threat landscape dominated by malware with...
https://www.hackmageddon.com/2024/10/24/16-31-july-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESET Research Podcast: CosmicBeetle
Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world
https://www.welivesecurity.com/en/podcasts/eset-research-podcast-cosmicbeetle/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS CDK Bucket Squatting Risk
The AWS Cloud Development Kit (CDK) is a way of deploying infrastructure-as-code. The vulnerability involves AWS CDK's use of a predictable S3 bucket name format (cdk-{Qualifier}-assets-{Account-ID}-{Region}), where the default “random” qualifier (hnb659fds) is common and easily guessed. If an AWS customer deletes this bucket and reuses CDK, an attacker who claims the bucket can inject malicious CloudFormation templates, potentially gaining admin access. Attackers supposedly only need the AWS account ID to prepare the bucket in various regions, exploiting the default naming convention. However, it is important to note that the additional conditions greatly lower the likelihood of exploitation. The victim must use the CDK, having deleted the bucket, and then subsequently attempt to...
https://www.cloudvulndb.org/aws-cdk-squatting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shadow AI Prevention: Safeguarding Your Organization's AI Landscape
Written by CSA's AI Organizational Responsibility Working Group.In today's rapidly evolving technological landscape, the rise of Shadow AI poses a significant challenge to organizations. Shadow AI refers to unauthorized or undocumented AI systems within an organization, which can compromise security, compliance, and overall control of AI operations. Drawing from CSA's recent AI Organizational Responsibilities publication, this blog will explore the essential strategies for implementing a comp...
https://cloudsecurityalliance.org/articles/shadow-ai-prevention-safeguarding-your-organization-s-ai-landscape
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Security Configuration Review and Best Practices
Learn the ins and outs of AWS security configuration testing and why community-driven PTaaS is the best method.
https://www.hackerone.com/penetration-testing/aws-security-configuration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The scale of open source: Growth, challenges, and key insights
In recent years, the adoption and growth of open source software (OSS) have soared, with 2024 set to break records, projecting over 6.6 trillion downloads by year-end. The vast influence of open source now underpins nearly every aspect of software development.
https://www.sonatype.com/blog/the-scale-of-open-source-growth-challenges-and-key-insights
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

After concerns of handing Facebook taxpayer info, four companies found to have improperly shared data
Tax preparation firms shared user information with Google and Meta without proper consent by using tracking pixels
https://www.malwarebytes.com/blog/news/2024/10/after-concerns-of-handing-facebook-taxpayer-info-four-companies-found-to-have-improperly-shared-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
On Wednesday, October 23, 2024, security company Fortinet published an advisory on CVE-2024-47575, a critical zero-day vulnerability affecting their FortiManager network management solution.
https://blog.rapid7.com/2024/10/23/etr-fortinet-fortimanager-cve-2024-47575-exploited-in-zero-day-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LinkedIn bots and spear phishers target job seekers
The #opentowork hashtag may attract the wrong crowd as criminals target LinkedIn users to steal personal information, or scam them.
https://www.malwarebytes.com/blog/cybercrime/2024/10/linkedin-bots-and-spear-phishers-target-job-seekers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 4, October 2024
ASEC Blog publishes Ransom & Dark Web Issues Week 4, October 2024         Hacktivist Anonymous Sudan: Indicted by the U.S. Department of Justice IntelBroker Announces New Post on South Korean Government Agencies and the Ministry of National Defense Hacking of Servers of Domestic and Foreign Automobile Manufacturers' Subcontractors: Access Rights for Sale […] 게시물 Ransom & Dark Web Issues Week 4, October 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84071/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI hallucinations can pose a risk to your cybersecurity
In early 2023, Google’s Bard made headlines for a pretty big mistake, which we now call an AI hallucination. During a demo, the chatbot was asked, “What new discoveries from the James Webb Space Telescope can I tell my 9-year-old about?” Bard answered that JWST, which launched in December 2021, took the “very first pictures” […] The post AI hallucinations can pose a risk to your cybersecurity appeared first on Security Intelligence.
https://securityintelligence.com/articles/ai-hallucinations-pose-risk-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How IBM and Palo Alto Networks team up to combat cyberthreats
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full siliconANGLE Story Sausalito, Calif. – Oct. 23, 2024 It's estimated that organizations spend more than 0 billion annually on security hardware, software and services globally. That's a big number. But consider The post How IBM and Palo Alto Networks team up to combat cyberthreats appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/how-ibm-and-palo-alto-networks-team-up-to-combat-cyberthreats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Global Surveillance Free-for-All in Mobile Ad Data
Not long ago, the ability to remotely track someone's daily movements just by knowing their home address, employer, or place of worship was considered a powerful surveillance tool that should only be in the purview of nation states. But a new lawsuit in a likely constitutional battle over a New Jersey privacy law shows that anyone can now access this capability, thanks to a proliferation of commercial services that hoover up the digital exhaust emitted by widely-used mobile apps and websites.
https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Crypto Game of Lazarus APT: Investors vs. Zero-days
Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain.
https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction
We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick AIs, with a high success rate. The post Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction appeared first on Unit 42.
https://unit42.paloaltonetworks.com/jailbreak-llms-through-camouflage-distraction/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Embargo ransomware: Rock'n'Rust
Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit
https://www.welivesecurity.com/en/eset-research/embargo-ransomware-rocknrust/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Missing authentication in fgfmsd
A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.Reports have shown this vulnerability to be exploited in the wild. Revised on 2024-10-30 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-423
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7082-1: libheif vulnerability
Gerrard Tai discovered that libheif did not properly validate certain images, leading to out-of-bounds read and write vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or to obtain sensitive information.
https://ubuntu.com/security/notices/USN-7082-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7081-1: Go vulnerabilities
It was discovered that the Go net/http module did not properly handle responses to requests with an "Expect: 100-continue" header under certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-24791) It was discovered that the Go parser module did not properly handle deeply nested literal values. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2024-34155) It was discovered that the Go encoding/gob module did not properly handle message decoding under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2024-34156) It was discovered that the Go build module did not properly handle certain build tag lines with deeply nested...
https://ubuntu.com/security/notices/USN-7081-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grandoreiro, the global trojan with grandiose goals
In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions.
https://securelist.com/grandoreiro-banking-trojan/114257/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 new protections on Google Messages to help keep you safe
Posted by Jan Jedrzejowicz, Director of Product, Android and Business Communications; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Stephan Somogyi, Product Lead, User Protection; Branden Archer, Software Engineer Every day, over a billion people use Google Messages to communicate. That's why we've made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month. With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users. And we're not stopping there. We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private. As...
http://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action
Healthcare organizations are an attractive target for ransomware attacks. Read our latest blog post to learn why and get strategies to protect yourself from cyberthreats.​ The post Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/22/microsoft-threat-intelligence-healthcare-ransomware-report-highlights-need-for-collective-industry-action/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What NIST's post-quantum cryptography standards mean for data security
Data security is the cornerstone of every business operation. Today, the security of sensitive data and communication depends on traditional cryptography methods, such as the RSA algorithm. While such algorithms secure against today’s threats, organizations must continue to look forward and begin to prepare against upcoming risk factors. The National Institute of Standards and Technology […] The post What NIST’s post-quantum cryptography standards mean for data security appeared first on Security Intelligence.
https://securityintelligence.com/posts/nist-post-quantum-cryptography-standards-data-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weekly Detection Rule (YARA and Snort) Information – Week 4, October 2024
The following is the information on Yara and Snort rules (week 4, October 2024) collected and shared by the AhnLab TIP service. 0 YARA Rules 8 Snort Rules Detection name Source ET CURRENT_EVENTS Javascript Browser Fingerprinting POST Request https://rules.emergingthreatspro.com/open/ ET TROJAN Suspected PrivateLoader CnC Checkin – Server Response https://rules.emergingthreatspro.com/open/ ET EXPLOIT Ivanti Cloud Services Appliance […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 4, October 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84043/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RAT Malware Operating via Discord Bot
Discord is a social platform where users can create servers to form communities and communicate in real-time, supporting voice, video, and text chat. While it initially gained popularity among gamers, it has now expanded into a space where groups with diverse interests gather to communicate. A Discord Bot is a program that automatically performs specific […] 게시물 RAT Malware Operating via Discord Bot이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84107/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Vulnerability Patched In Jetpack WordPress Plugin
Heads up, WordPress admins! It's time to update your websites with the latest Jetpack release… Critical Vulnerability Patched In Jetpack WordPress Plugin on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/22/critical-vulnerability-patched-in-jetpack-wordpress-plugin/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SOC 2 Compliance Requirements and Criteria
Meeting SOC 2 standards demonstrates your commitment to security and boosts trust—especially when you have a report to prove it. The American Institute of Certified Public Accountants (AICPA) created these standards and the coordinating reports, known as SOC 1, SOC 2, and SOC 3. While they aren't legally required, they're a great way to highlight your security protocols. 
https://www.legitsecurity.com/blog/soc-2-compliance-requirements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security Assessment Reports: A Complete Overview
The first step to improving your security posture is knowing where you stand. That's what a security assessment report (SAR) tells you.
https://www.legitsecurity.com/blog/what-are-security-assessment-reports
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7080-1: Unbound vulnerability
Toshifumi Sakaguchi discovered that Unbound incorrectly handled name compression for large RRsets, which could lead to excessive CPU usage. An attacker could potentially use this issue to cause a denial of service by sending specially crafted DNS responses.
https://ubuntu.com/security/notices/USN-7080-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CNN Reports: Cybercrime To Cost The World T Annually, Per Cybersecurity Ventures
This week in cybersecurity from the editors at Cybercrime Magazine – Watch The Full CNN Report Sausalito, Calif. – Oct. 22, 2024 CNN reports in a special news video that “Fighting cybercrime is big business around the world. By the end of this year, the financial impact of The post CNN Reports: Cybercrime To Cost The World T Annually, Per Cybersecurity Ventures appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cnn-reports-cybercrime-to-cost-the-world-10t-annually-per-cybersecurity-ventures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Upload a video selfie to get your Facebook or Instagram account back
Meta wants to introduce the option to upload a video selfie if you need to recover a lost Facebook or Instagram account.
https://www.malwarebytes.com/blog/news/2024/10/upload-a-video-selfie-to-get-your-facebook-or-instagram-account-back
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a
https://www.nist.gov/blogs/cybersecurity-insights/iot-assignment-completed-report-barriers-us-iot-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7079-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
https://ubuntu.com/security/notices/USN-7079-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Most Political Campaign Texts Aren't Scams, Experts Say

https://www.proofpoint.com/us/newsroom/news/most-political-campaign-texts-arent-scams-experts-say
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Astaroth Banking Malware Runs Actively Targets Users In Brazil
The notorious banking trojan, known as the Astaroth malware, has resurfaced in recent campaigns, particularly… Astaroth Banking Malware Runs Actively Targets Users In Brazil on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/22/astaroth-banking-malware-runs-actively-targets-users-in-brazil/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best practices on securing your AI deployment
As organizations embrace generative AI, there are a host of benefits that they are expecting from these projects—from efficiency and productivity gains to improved speed of business to more innovation in products and services. However, one factor that forms a critical part of this AI innovation is trust. Trustworthy AI relies on understanding how the […] The post Best practices on securing your AI deployment appeared first on Security Intelligence.
https://securityintelligence.com/posts/best-practices-securing-ai-deployment/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7078-1: Firefox vulnerability
Atte Kettunen discovered that Firefox did not properly validate before inserting ranges into the selection node cache. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
https://ubuntu.com/security/notices/USN-7078-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This Visuals Use-After-Free Vulnerability tagged as CVE-2024-4671 can cause a browser to crash, execute code, and leak data. According to Google, the vulnerability is being actively exploited and CISA has already added this vulnerability to its known exploited catalog. What is the vendor mitigation?Google released security updates on May 9, 2024 for Windows, MacOS, and Linux affecting the Google Chrome browser. The vendor advises users to ensure that they are running the latest version of their browsers. Also, users of Chromium-based browsers such as Microsoft Edge and Opera are also advised to apply the fixes...
https://fortiguard.fortinet.com/threat-signal-report/5437
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VMware ESXi Ransomware Attack (CVE-2024-37085)
What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According to the blog, Akira and Black Basta ransomware deployments were found on the impacted servers. The vulnerability has also been added to CISA's Known Exploited Catalog (KEV) list on July 31, 2024.What is the recommended Mitigation?Please go through the vendor provided update to address the security vulnerability. Support Content Notification - Support Portal - Broadcom support portalWhat...
https://fortiguard.fortinet.com/threat-signal-report/5498
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679). Mirth Connect is an open-source data integration platform widely used by healthcare companies. It enables the management of information using bi-directional sending of many types of messages. Attackers could exploit this vulnerability for initial access or to compromise sensitive healthcare data. CISA has recently added CVE-2023-43208 to its Known Exploited Vulnerabilities (KEV) catalog on May 20th, 2024. What is the recommended Mitigation?Users are advised to update to the latest version of NextGen Healthcare Mirth Connect as per the vendor's instructions. What FortiGuard Coverage...
https://fortiguard.fortinet.com/threat-signal-report/5460
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)
What is the attack?A threat actor known as Water Sigbin (aka the 8220 Gang) is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and CVE-2023-21839 is an insecure deserialization vulnerability. CISA recently added the Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog on 3 June 2023.What is the recommended Mitigation?Apply the most recent patch released by Oracle. In the advisory, Oracle mentioned that they continue to receive reports of exploitation attempts.What FortiGuard Coverage is available?FortiGuard customers remain protected by the IPS signatures available for both vulnerabilities. FortiGuard Outbreak Alert is available to review the full coverage. FortiGuard Incident...
https://fortiguard.fortinet.com/threat-signal-report/5466
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top IAM Priorities for 2025: Addressing Multi-Cloud Identity Management Challenges
As we move toward 2025, the adoption of multi-cloud and hybrid cloud is continuing to accelerate. While the benefits are manifold, it also means that organizations have significant challenges when securely integrating hybrid and cloud identity systems.Just some of these challenges identity and access management (IAM) leaders are grappling with include high costs related to technical debt, a pronounced talent gap, and vendor lock-in. In 2025 it will be critical to have robust identity manageme...
https://cloudsecurityalliance.org/articles/top-iam-priorities-for-2025-addressing-multi-cloud-identity-management-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unpacking the Cloud Security Best Practices from CISA and the NSA
Originally published by Tenable. Written by Zan Liffick. Recent cloud security guidance from CISA and the NSA offers a wealth of recommendations to help organizations reduce risk. This blog highlights key takeaways, provides further insights from CIS, and explores how utilizing cloud security posture management (CSPM) and cloud-native application protection program (CNAPP) solutions/services can help. The cloud security best practices from CISA and the NSA The five cloud security best...
https://cloudsecurityalliance.org/articles/unpacking-the-cloud-security-best-practices-from-cisa-and-the-nsa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Hidden Power of Zero Trust Thinking
Written by Mark Fishburn and originally published on his website.1. Daytime Stress and Sleepless Nights Managing cybersecurity, networks, workloads, and websites can be stressful, especially when many things go bump simultaneously in the middle of the night. During calmer daytime moments, we rationalize decisions, selecting the right defensive or application architecture, analyzing problems, balancing business and technical requirements, based on logical thinking. 2. Reality Check When w...
https://cloudsecurityalliance.org/articles/the-hidden-power-of-zero-trust-thinking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Alliance Releases Second Paper Delineating Organizational Responsibilities for Successfully and Ethically Implementing Artificial Intelligence
Paper provides comprehensive, industry-neutral guidelines and best practices for various stakeholders, from CISOs and AI developers to business leaders and policymakersSEATTLE – Oct. 22, 2024 – Driven by the need to address the evolving landscape of Artificial Intelligence (AI) and its associated risks and ethical considerations, the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-releases-paper-delineating-organizational-responsibilities-for-implementing-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-8901 - missing JWT issuer and signer validation in aws-alb-route-directive-adapter-for-istio
Publication Date: 2024/10/21 4:00 PM PDT The AWS ALB Route Directive Adapter For Istio repo provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In deployments of ALB that ignore security best practices, where ALB targets are directly exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication. Affected versions: v1.0, v1.1 Resolution The repository/package has been deprecated, is End of Life, and is no longer actively supported. Workarounds As a security best practice, ensure that your ELB targets (e.g. EC2 Instances, Fargate...
https://aws.amazon.com/security/security-bulletins/AWS-2024-011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-10125 - missing JWT issuer and signer validation in aws-alb-identity-aspnetcore
Publication Date: 2024/10/21 4:00 PM PDT Description: The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET Core deployment scenario, including AWS Fargate, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Compute Cloud (Amazon EC2), and AWS Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity...
https://aws.amazon.com/security/security-bulletins/AWS-2024-012/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Continued Intense Scanning From One IP in Lithuania
Plus a few interesting changes in the CVEs we track, and some notes on just what kinds of malware stagers we see.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-september-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Top 10: The Risk of Cryptographic Failures
Cryptographic failures: what are they and why are they considered so concerning by the OWASP Top 10?
https://www.hackerone.com/vulnerability-management/cryptographic-failures
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Types of Security Audits: Overview and Best Practices
Cybersecurity audits are key to maintaining compliance with regulations and upholding a strong security posture. They evaluate your organization's systems, identify vulnerabilities, and offer the insights you need to optimize security. But there are many different kinds to choose from, depending on your needs.
https://www.legitsecurity.com/blog/types-of-security-audits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FedRAMP Certification and Compliance: What It Is and Why It Matters
Cloud technologies increase access to information, streamline communication between government agencies and citizens, and accelerate information sharing. And that's why the U.S. government has become a champion of cloud computing. But each perk comes with a risk, and in response, the Office of Management and Budget (OMB) created the Federal Risk and Authorization Management Program (FedRAMP). If you're a cloud service provider (CSP), software-as-a-service (SaaS) company, or other vendor interested in working with federal government agencies, FedRAMP certification proves that your organization meets the security standards required to successfully safeguard information. Here's how to get FedRAMP certification. What Is FedRAMP? FedRAMP is a set of standards and certification...
https://www.legitsecurity.com/blog/fedramp-authorization-process
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing the open source supply chain: The essential role of CVEs
Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have helped supply chain security keep pace. The post Securing the open source supply chain: The essential role of CVEs appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/securing-the-open-source-supply-chain-the-essential-role-of-cves/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WrnRAT Distributed Under the Guise of Gambling Games
AhnLab SEcurity intelligence Center (ASEC) recently discovered that malware was being distributed under the guise of gambling games such as badugi, 2-player go-stop, and hold’em. The threat actor created a website disguised as a gambling game site, and if the game launcher is downloaded, it installs malware that can control the infected system and steal […] 게시물 WrnRAT Distributed Under the Guise of Gambling Games이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84086/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This industry profits from knowing you have cancer, explains Cody Venzke (Lock and Code S05E22)
This week on the Lock and Code podcast, we speak with Cody Venzke about why data brokers are allowed to collect everything about us.
https://www.malwarebytes.com/blog/podcast/2024/10/this-industry-profits-from-knowing-you-have-cancer-explains-cody-venzke-lock-and-code-s05e22
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Internet Archive attackers email support users: “Your data is now in the hands of some random guy”
Those who hacked the Internet Archive haven’t gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting...
https://www.malwarebytes.com/blog/news/2024/10/internet-archive-attackers-email-support-users-your-data-is-now-in-the-hands-of-some-random-guy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercrime In South Africa 2024: Deepfakes On The Rise
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full Investec Article Sausalito, Calif. – Oct. 21, 2024 South Africa-based Investec, a private bank with more than 7,400 staff in 40 cities on four continents, recaps some of the latest trends and The post Cybercrime In South Africa 2024: Deepfakes On The Rise appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-in-south-africa-2024-deepfakes-on-the-rise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Boost Your Linux Server Security with SSH Mastery
Secure remote connections are essential when managing a Linux server, and one of the most widely used and trusted methods for remote server administration is Secure Shell (SSH) . SSH creates a protected channel over an insecure network by encrypting all information shared between the server and client, safeguarding data exchanged between them from potential attackers, eavesdroppers, hijackers, or manipulators of communication streams.
https://linuxsecurity.com/features/features/ssh-mastery-linux-server-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stealer here, stealer there, stealers everywhere!
Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer.
https://securelist.com/kral-amos-vidar-acr-stealers/114237/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Voice scams: What are they and how do I avoid them?
Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers
https://www.welivesecurity.com/en/scams/google-voice-scams-what-how-avoid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (October 14 – October 20)
A list of topics we covered in the week of October 14 to October 20 of 2024
https://www.malwarebytes.com/blog/apple/2024/10/a-week-in-security-october-14-october-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fair Vote Canada - 134,336 breached accounts
In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses, phone numbers and, for some individuals, date and amount of a donation.
https://haveibeenpwned.com/PwnedWebsites#FairVoteCanada
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Missing JWT issuer and signer validation in ALB middleware

https://www.cloudvulndb.org/missing-jwt-issuer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday
Microsoft addressed crossed the century of vulnerability fixes, making it one of the huge update… Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/20/microsoft-fixed-100-vulnerabilities-with-october-patch-tuesday/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 10/18/2024
AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique was discovered by Just Bollinger.
https://blog.rapid7.com/2024/10/18/metasploit-weekly-wrap-up-10-18-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The transformation of open source: Lessons from the past decade
Over the past decade, the world of open source software has undergone a seismic transformation, both in terms of its scale and challenges.
https://www.sonatype.com/blog/the-transformation-of-open-source-lessons-from-the-past-decade
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott
Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7's Placement Programme.
https://blog.rapid7.com/2024/10/18/7-rapid-questions-on-our-belfast-placement-programme-orla-magee-and-paddy-mcdermott/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's behind the 51% drop in ransomware attacks?
In a world where cyber threats feel omnipresent, a recent report has revealed some unexpected good news: ransomware attacks on state and local governments have dropped by 51% in 2024. Still, this decline does not signal the end of the ransomware threat, nor should it lead to complacency. As the nature of ransomware evolves, so […] The post What’s behind the 51% drop in ransomware attacks? appeared first on Security Intelligence.
https://securityintelligence.com/articles/whats-behind-51-drop-in-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brazil Arrests ‘USDoD,' Hacker in FBI Infragard Breach
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.
https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe
The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year
https://www.welivesecurity.com/en/videos/threat-actors-exploiting-zero-days-faster-ever-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc.
https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Publishers Spotlight: Proofpoint

https://www.proofpoint.com/us/newsroom/news/publishers-spotlight-proofpoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Voice  Cloning with Deep Learning Models
Given the explosion of development and interest in deep learning models in the past year, we decided to research on the topic to increase our know-how and find applications where these technologies can be leveraged in offensive security engagements. This posts explores the use of machine learning for voice cloning and how it can be used for social engineering.
https://blog.compass-security.com/2024/10/voice-cloning-with-deep-learning-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Progress Telerik Report Server Authentication Bypass Vulnerability
What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator users. The flaw, tracked as CVE-2024-4358, has been added to CISA's known exploited vulnerabilities catalog (KEV) in mid-June and FortiGuard Labs continues to see attack attempts targeting this particular vulnerability.What is the recommended Mitigation?Apply mitigations as outlined in the vendor advisory: https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature "Progress.Telerik.Report.Server.Register.Authentication.Bypass" which was released in mid-June to detect...
https://fortiguard.fortinet.com/threat-signal-report/5480
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications across networks is affected by an authentication bypass vulnerability. This flaw (CVE-2024-7593) arises from an incorrect implementation of an authentication algorithm, which can be exploited by a remote unauthenticated attacker to bypass authentication in the admin panel, allowing them to create a new admin user. This potentially grants unauthorized access and control over the affected system.A public Proof of Concept (PoC) is available for this exploit and CISA has added this vulnerability to Known Exploited Vulnerabilities (KEV) Catalog on September 24, 2024.What is the recommended Mitigation?Ivanti released updates for Ivanti Virtual Traffic Manager...
https://fortiguard.fortinet.com/threat-signal-report/5551
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)
What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting them system administrator access. This flaw effects the Change Favicon (Favorite Icon) option that can be misused to upload a malicious file ending with .png extension to masquerade as an image file. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-39717 to its Known Exploited Vulnerabilities list.What is the recommended Mitigation?Versa Networks has released a patch to address this vulnerability and has mentioned in their advisory that the vulnerability has already been exploited by an Advanced Persistent Threat actor.What FortiGuard Coverage is available?FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5511
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen

https://www.hackerone.com/vulnerability-management/gaining-rce-through-imagemagick
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL : Generic ALL Permissions
In this post, we explore the exploitation of Discretionary Access Control Lists (DACL) using the Generic ALL permission in Active Directory environments. This permission provides The post Abusing AD-DACL : Generic ALL Permissions appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-generic-all-permissions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system's Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user's protected data. The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a […] The post New macOS vulnerability, “HM Surf”, could lead to unauthorized data access appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The cybersecurity skills gap contributed to a .76 million increase in average breach costs
Understaffing in cybersecurity — the “skills gap” — is driving up the cost of data breaches in recent years, according to a decade of reports by IBM. The 2024 IBM Data Breach Report found that more than half of breached organizations experienced severe security staffing shortages, a 26.2% increase from the previous year. They found […] The post The cybersecurity skills gap contributed to a .76 million increase in average breach costs appeared first on Security Intelligence.
https://securityintelligence.com/articles/cybersecurity-skills-gap-contributed-increase-average-breach-costs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Malware & Security Issue 3st Week of October, 2024
ASEC Blog publishes “Android Malware & Security Issue 3st Week of October, 2024” 게시물 Android Malware & Security Issue 3st Week of October, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83982/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sudanese Brothers Arrested in ‘AnonSudan' Takedown
The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the brothers is facing life in prison for allegedly seeking to kill people with his attacks.
https://krebsonsecurity.com/2024/10/sudanese-brothers-arrested-in-anonsudan-takedown/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding your Attack Surface: Different Approaches to Asset Discovery
In this post, we'll delve intoprocess of discovering assets. We cannot secure what we cannot see so getting this piece right is foundational to the success of your ASM program. This blog will explore four different methods of asset discovery starting with the most basic, deployed software agents.
https://blog.rapid7.com/2024/10/17/understanding-your-attack-surface-different-approaches-to-asset-discovery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SAS CTF and the many ways to persist a kernel shellcode on Windows 7
In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7.
https://securelist.com/sas-ctf-windows-7-challenge-explained/114180/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism
Explore how macOS Gatekeeper's security could be compromised by third-party apps not enforcing quarantine attributes effectively. The post Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism appeared first on Unit 42.
https://unit42.paloaltonetworks.com/gatekeeper-bypass-macos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AlpineReplay - 898,681 breached accounts
In 2019, the snow sports tracking app AlpineReplay suffered a data breach that exposed 900k unique email addresses. Later rolled into the Trace service, the breach included names, usernames, genders, dates of birth, weights and passwords stored as either unsalted MD5 or bcrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#AlpineReplay
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Root Access for Data Control: A DEF CON IoT Village Story
Our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed attendees many methods of extracting firmware from IoT devices and manipulating the systems in the name of control and operations.
https://blog.rapid7.com/2024/10/16/root-access-for-data-control-a-def-con-iot-village-story/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Test Driving a New Benefit Programme in Belfast
Rapid7's electric vehicle scheme was rolled out in late 2023 for Belfast employees. The programme enables employees to lease an electric car via their employer and pay for it on a salary sacrifice basis, offering substantial tax and national insurance savings.
https://blog.rapid7.com/2024/10/16/test-driving-a-new-benefit-programme-in-belfast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 3, October 2024
ASEC Blog publishes Ransom & Dark Web Issues Week 3, October 2024       Pro-Russian hacktivists carried out DDoS attacks on multiple Japanese websites A Japanese tech giant Casio falls victim to the Underground ransomware Threat actor USDoD arrested in Brazil: Accused of international data breaches   게시물 Ransom & Dark Web Issues Week 3, October 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83932/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating the ethics of AI in cybersecurity
Even if we’re not always consciously aware of it, artificial intelligence is now all around us. We’re already used to personalized recommendation systems in e-commerce, customer service chatbots powered by conversational AI and a whole lot more. In the realm of information security, we’ve already been relying on AI-powered spam filters for years to protect […] The post Navigating the ethics of AI in cybersecurity appeared first on Security Intelligence.
https://securityintelligence.com/articles/navigating-ethics-ai-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks
The Unit 42 Threat Frontier report discusses GenAI's impact on cybersecurity, emphasizing the need for AI-specific defenses and proactive security. The post Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks appeared first on Unit 42.
https://unit42.paloaltonetworks.com/prepare-for-emerging-ai-risks-unit-42-threat-frontier/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)
“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship
https://www.welivesecurity.com/en/videos/protecting-children-grooming-unlocked-403-cybersecurity-podcast-ep-7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti CSA (Cloud Services Appliance) zero-day Attack
What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access, bypass security measures, run arbitrary SQL commands, and execute code remotely.In a recent incident response engagement, FortiGuard Incident Response (FGIR) services were engaged where an advanced adversary was observed exploiting vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). To read more visit: Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA | FortiGuard Labs (fortinet.com)CVE-2024-9379: SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.CVE-2024-9380:...
https://fortiguard.fortinet.com/threat-signal-report/5556
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Safer with Google: Advancing Memory Safety
Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers Error-prone interactions between software and memory1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities2 in memory-unsafe codebases are due to memory safety bugs. Malicious actors exploit these vulnerabilities and continue to create real-world harm. In 2023, Google's threat intelligence teams conducted an industry-wide study and observed a close to all-time high number of vulnerabilities exploited in the wild. Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities. At Google, we have been mindful of these issues for over two decades, and are on a journey to continue...
http://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bringing new theft protection features to Android users around the world
Posted by Jianing Sandra Guo, Product Manager and Nataliya Stanetsky, Staff Program Manager, Android Janine Roberta Ferreira was driving home from work in São Paulo when she stopped at a traffic light. A man suddenly appeared and broke the window of her unlocked car, grabbing her phone. She struggled with him for a moment before he wrestled the phone away and ran off. The incident left her deeply shaken. Not only was she saddened at the loss of precious data, like pictures of her nephew, but she also felt vulnerable knowing her banking information was on her phone that was just stolen by a thief. Situations like Janine's highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform. Phone theft is a widespread concern in many countries...
http://security.googleblog.com/2024/10/android-theft-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weekly Detection Rule (YARA and Snort) Information – Week 3, October 2024
The following is the information on Yara and Snort rules (week 3, October 2024) collected and shared by the AhnLab TIP service. 3 YARA Rules Detection name Description Source MAL_RANSOM_INC_Aug24 Detects INC ransomware and it’s variants like Lynx https://github.com/Neo23x0/signature-base3 MAL_EXPL_Perfctl_Oct24 Detects exploits used in relation with Perfctl malware campaigns https://github.com/Neo23x0/signature-base3 MAL_LNX_Perfctl_Oct24 Detects Perfctl malware samples […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 3, October 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83874/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AhnLab and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178)
AhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) have discovered a new zero-day vulnerability in the Microsoft Internet Explorer (IE) browser and have conducted a detailed analysis on attacks that exploit this vulnerability. This post shares the joint analysis report “Operation Code on Toast by TA-RedAnt” which details the findings of […] 게시물 AhnLab and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83877/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA
Phishing campaigns relentlessly continue to evolve, utilizing innovative tricks to deceive users. ANY.RUN, the interactive… ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/15/any-run-discovers-tricky-phishing-attack-using-fake-captcha/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Escalating cyber threats demand stronger global defense and cooperation
We must find a way to stem the tide of this malicious cyber activity. That includes continuing to harden our digital domains to protect our networks, data, and people at all levels. However, this challenge will not be accomplished solely by executing a checklist of cyber hygiene measures but only through a focus on and commitment to the foundations of cyber defense from the individual user to the corporate executive and to government leaders.   The post Escalating cyber threats demand stronger global defense and cooperation appeared first on Microsoft Security Blog.
https://blogs.microsoft.com/on-the-issues/2024/10/15/escalating-cyber-threats-demand-stronger-global-defense-and-cooperation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guidance on effective communications in a cyber incident
Supporting organisations of all sizes to manage their communications strategy before, during and after a cyber security incident.
https://www.ncsc.gov.uk/guidance/effective-communications-in-a-cyber-incident
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

H1 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in the first half of 2024. In this period...
https://www.hackmageddon.com/2024/10/15/h1-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beyond the Surface: the evolution and expansion of the SideWinder APT group
Kaspersky analyzes SideWinder APT's recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques.
https://securelist.com/sidewinder-apt/114089/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Quishing attacks are targeting electric car owners: Here's how to slam on the brakes
Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers' payment details
https://www.welivesecurity.com/en/scams/quishing-attacks-targeting-electric-car-owners-slam-on-brakes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Use HackerOne's Global Vulnerability Policy Map
Use HackerOne's Global Vulnerability Policy Map to keep up with evolving VDP mandates and recommendations.
https://www.hackerone.com/public-policy/global-vulnerability-policy-map
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Warning Against Phishing Emails Impersonating Major Korean Entertainment Agencies
AhnLab SEcurity Intelligence Center (ASEC) releases weekly and quarterly phishing email statistical reports on the ASEC blog, with fake login, delivery, and purchase order request types being the most common. However, it has been confirmed that phishing emails impersonating major Korean entertainment agencies have recently been distributed in Korea. The threat actor disguised the message […] 게시물 Warning Against Phishing Emails Impersonating Major Korean Entertainment Agencies이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83953/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'PDNS for Schools' to provide cyber resilience for more institutions
The NCSC's ‘Protective Domain Name Service for Schools' scaled-up to protect a wider range of organisations.
https://www.ncsc.gov.uk/blog-post/pdns-for-schools-provide-cyber-resilience-for-more-institutions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships
The world needs more cybersecurity professionals – here are three great ways to give you an ‘in' to the ever-growing and rewarding security industry
https://www.welivesecurity.com/en/cybersecurity/aspiring-digital-defender-explore-cybersecurity-internships-scholarships-apprenticeships/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Whispers from the Dark Web Cave. Cyberthreats in the Middle East
The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on.
https://securelist.com/meta-threat-landscape-h1-2024/114164/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

European Council Adopts Cyber Resilience Act
Learn about the EU Council's Cyber Resilience Act, where we're headed, and what we believe should happen next.
https://www.hackerone.com/public-policy/eu-council-cyber-resilience-act
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft's guidance to help mitigate Kerberoasting
Kerberoasting, a well-known Active Directory (AD) attack vector, enables threat actors to steal credentials and navigate through devices and networks. Microsoft is sharing recommended actions administrators can take now to help prevent successful Kerberoasting cyberattacks. The post Microsoft’s guidance to help mitigate Kerberoasting   appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SDLC Methodologies: The 7 Most Common
The software development lifecycle (SDLC) looks different for every team, but standard methodologies have emerged and evolved to help teams plan, test, and maintain projects with consistency and accuracy. These methodologies offer a clear approach to software development, ensuring each phase of development—from initial design to post-deployment maintenance—executes effectively.
https://www.legitsecurity.com/blog/top-sdlc-methodologies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is the Agile SDLC? Benefits, Stages And Implementation
The goal of any software development lifecycle (SDLC) is to create a great product. And that requires flexibility, customer-centricity, and a philosophy of constant improvement—all attributes of the Agile SDLC. 
https://www.legitsecurity.com/blog/agile-sdlc-benefits-stages-implementation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ADDO session: Secure your application supply chain on AWS
We've wrapped up our 9th All Day DevOps (ADDO) event, where we've learned from the industry's best and brightest about the latest tools and methodologies for securing the software supply chain. Hossam Barakat, Senior Cloud Architect at Amazon Web Services (AWS), led a session titled "Secure Your Application Supply Chain on AWS" that explored topics including Supply-chain Levels for Software Artifacts (SLSA), software bill of materials (SBOM), and how these tools can help build a secure pipeline.
https://www.sonatype.com/blog/addo-session-secure-your-application-supply-chain-on-aws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe
ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities
https://www.welivesecurity.com/en/videos/goldenjackal-jumps-air-gap-twice-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber security tips for barristers, solicitors and legal professionals
Steps to take to help reduce the likelihood of falling victim to a cyber attack.
https://www.ncsc.gov.uk/guidance/cyber-security-tips-for-barristers-solicitors-and-legal-professionals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ADDO session: Building observability to increase resiliency
As part of the DevOps and DevSecOps track during Sonatype's 9th All Day DevOps (ADDO) event, AWS Senior Developer Advocate Guillermo Ruiz presented his session titled "Building Observability to Increase Resiliency." Well-applied observability helps you find early signs of problems before they impact customers and makes it possible to react quickly to disruptions.
https://www.sonatype.com/blog/addo-session-building-observability-to-increase-resiliency
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Measure Your AI Risk Preparedness with This Interactive Self-Assessment Tool
Learn how HackerOne's AI Risk Readiness Self-Assessment Tool helps measure your AI security and compliance preparedness.
https://www.hackerone.com/ai/ai-security-readiness-quiz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lynx Ransomware: A Rebranding of INC Ransomware
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. The post Lynx Ransomware: A Rebranding of INC Ransomware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ADDO session: The state of SBOM, what's coming in standards and regulations
In 2021, the Log4j vulnerability catalyzed the industry to take action to boost the security of open source components. The development community is leading this movement, but governments are also taking notice and writing legislation to regulate how organizations approach software transparency.
https://www.sonatype.com/blog/addo-session-the-state-of-sbom-whats-coming-in-standards-and-regulations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using Chrome's accessibility APIs to find security bugs
Posted by Adrian Taylor, Security Engineer, Chrome Chrome's user interface (UI) code is complex, and sometimes has bugs. Are those bugs security bugs? Specifically, if a user's clicks and actions result in memory corruption, is that something that an attacker can exploit to harm that user? Our security severity guidelines say “yes, sometimes.” For example, an attacker could very likely convince a user to click an autofill prompt, but it will be much harder to convince the user to step through a whole flow of different dialogs. Even if these bugs aren't the most easily exploitable, it takes a great deal of time for our security shepherds to make these determinations. User interface bugs are often flakey (that is, not reliably reproducible). Also, even...
http://security.googleblog.com/2024/10/using-chromes-accessibility-apis-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Malware & Security Issue 2st Week of October, 2024
ASEC Blog publishes “Android Malware & Security Issue 2st Week of October, 2024” 게시물 Android Malware & Security Issue 2st Week of October, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83784/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 years of software supply chains: Navigating the growth, risks, and future of open source
Reflecting on 10 years of the State of the Software Supply Chain report is both a milestone and a call to action. Over the past decade, the world of software development has been transformed by open source consumption. We've seen unprecedented innovation, but also a rise in new challenges, particularly in managing the security and integrity of the software supply chain.
https://www.sonatype.com/blog/10-years-of-software-supply-chains-navigating-the-growth-risks-and-future-of-open-source
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to... The post Protecting Your Website From DDoS Attack appeared first on Hacker Combat.
https://www.hackercombat.com/ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protect Your Devices With Free Virus Removal
Computer viruses are extremely hazardous, which is why it’s crucial to secure your devices with reliable malware removal programs. These free applications serve as your second line of defense against... The post Protect Your Devices With Free Virus Removal appeared first on Hacker Combat.
https://www.hackercombat.com/free-virus-removal/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 July 2024 Cyber Attacks Timeline
In the first timeline of July 2024 I collected 102 events (6.8 events/day) with a threat landscape dominated by ransomware...
https://www.hackmageddon.com/2024/10/10/1-15-july-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools​​
​This edition of Cyber Signals delves into the cybersecurity challenges facing classrooms and campuses, highlighting the critical need for robust defenses and proactive measures. From personal devices to virtual classes and research stored in the cloud, the digital footprint of school districts, colleges, and universities has multiplied exponentially.​ The post ​​Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools​​ appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/10/cyber-signals-issue-8-education-under-siege-how-cybercriminals-target-our-schools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Not all types of MFA are created equal...
Our updated multi-factor authentication (MFA) guidance recommends organisations use techniques that give better protection against phishing attacks.
https://www.ncsc.gov.uk/blog-post/not-all-types-mfa-created-equal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Recruitment Process: What to Expect When You Apply at HackerOne

https://www.hackerone.com/culture-and-talent/recruitment-process-what-expect-when-you-apply-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Internet Archive - 31,081,179 breached accounts
In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes.
https://haveibeenpwned.com/PwnedWebsites#InternetArchive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lamborghini Carjackers Lured by 3M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a 3 million cryptocurrency heist in August were carjacked a week later, while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.
https://krebsonsecurity.com/2024/10/lamborghini-carjackers-lured-by-243m-cyberheist/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting for Internal Networks
Learn how to optimize internal network pentesting through community-driven pentesting as a service (PTaaS).
https://www.hackerone.com/penetration-testing/internal-network-pentests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers. The post Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday, October 2024 Edition
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 "Sequoia" update that broke many cybersecurity tools.
https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best practices for authentication and authorization: Yoshiyuki Tabata's keynote at ADDO
Authentication (authn) and authorization (authz) are cornerstones of security in cloud-native applications. And yet, they remain some of the most challenging aspects for many organizations today.
https://www.sonatype.com/blog/best-practices-for-authentication-and-authorization-yoshiyuki-tabatas-keynote-at-addo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Muah.AI - 1,910,261 breached accounts
In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.
https://haveibeenpwned.com/PwnedWebsites#Muah
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Transforming enterprises with generative AI: Pallavi Nargund's keynote at ADDO
Generative artificial intelligence (AI) is transforming industries, enabling businesses to harness the power of machine learning (ML) to reshape customer experiences and revolutionize software development.
https://www.sonatype.com/blog/transforming-enterprises-with-generative-ai-pallavi-nargunds-keynote-at-addo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday - October 2024
5 zero-days. Configuration Manager pre-auth RCE. RDP RPC pre-auth RPC. Winlogon EoP. Hyper-V container escape. curl o-day RCE late patch. Management console zero-day RCE. Windows 11 lifecycle changes.
https://blog.rapid7.com/2024/10/08/patch-tuesday-october-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unveiling the trillion dollar engine of innovation: Manuel Hoffmann's keynote at ADDO
Open source software (OSS) has revolutionized the technology landscape, powering innovations across industries from finance to healthcare.
https://www.sonatype.com/blog/unveiling-the-trillion-dollar-engine-of-innovation-manuel-hoffmanns-keynote-at-addo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Third Annual Ponemon Institute Report: Nearly Seven in 10 Healthcare Organizations Experienced Disruption to Patient Care Due to Cyber Attacks

https://www.proofpoint.com/us/newsroom/press-releases/third-annual-ponemon-institute-report-nearly-seven-10-healthcare
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How an IDOR Vulnerability Led to User Profile Modification
Learn the ins and outs of IDOR vulnerabilities and how one exploitation led to malicious user profile modification.
https://www.hackerone.com/vulnerability-management/idor-vulnerability-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks. The post File hosting services misused for identity phishing appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Study: 92% of Healthcare Firms Hit by Cyberattacks This Year

https://www.proofpoint.com/us/newsroom/news/study-92-healthcare-firms-hit-cyberattacks-year
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scalability Challenges in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon (UK Office of National Statistics (ONS)), and Sikha Pentyala (University of Washington Tacoma), who were winners in the
https://www.nist.gov/blogs/cybersecurity-insights/scalability-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber insurance, human risk, and the potential for cyber-ratings
Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people's financial responsibility?
https://www.welivesecurity.com/en/business-security/cyber-insurance-human-risk-potential-cyber-ratings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Defender VPN Detects Unsafe WiFi Networks
After the recent Defender VPN update, Microsoft users will receive warnings when interacting with unsafe… Microsoft Defender VPN Detects Unsafe WiFi Networks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/08/microsoft-defender-vpn-detects-unsafe-wifi-networks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Format String Bug in fazsvcd
A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer fazsvcd daemon may allow a remote privileged attacker with admin profile to execute arbitrary code or commands via specially crafted requests. Revised on 2024-10-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-196
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Priviledged admin able to view device summary for device in different ADOM
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager Administrative Domain (ADOM) may allow a remote authenticated attacker assigned to an ADOM to access device summary of other ADOMs via crafted HTTP requests. Revised on 2024-10-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-472
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementing Zero Trust
Zero trust is an adaptable security framework designed to address today’s cyber security challenges. It employs microsegmentation and data-centric policies, verifying users, devices, applications irrespective of network location as well... The post Implementing Zero Trust appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study
Forrester found that Microsoft Defender for Cloud markedly enhanced the security, compliance, and operational efficiency of each company participating. The post Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/07/microsoft-defender-for-cloud-remediated-threats-30-faster-than-other-solutions-according-to-forrester-tei-study/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CDK Cyber Attack
This attack had all the hallmarks of ransomware attack and targeted CDK Global systems used by auto dealerships to manage sales, finance and service operations. Due to outdated technology, ineffective... The post CDK Cyber Attack appeared first on Hacker Combat.
https://www.hackercombat.com/cdk-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Awaken Likho is awake: new techniques of an APT group
Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.
https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to talk to board members about cyber
New guidance helps CISOs communicate with Boards to improve oversight of cyber risk.
https://www.ncsc.gov.uk/blog-post/how-to-talk-to-board-members-about-cyber
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Switch - 5,397 breached accounts
In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant.
https://haveibeenpwned.com/PwnedWebsites#Switch
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Podcast bait, malware switch.

https://www.proofpoint.com/us/newsroom/news/podcast-bait-malware-switch
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
Four DNS tunneling campaigns identified through a new machine learning tool expose intricate tactics when targeting vital sectors like finance, healthcare and more. The post No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection appeared first on Unit 42.
https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 10/04/2024
This week's Metasploit Weekly Wrap-Up includes; 3 new module content, 3 new enhancements and features, and 2 bug fixes. Learn more!
https://blog.rapid7.com/2024/10/04/metasploit-weekly-wrap-up-10-04-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Engaging with Boards to improve the management of cyber security risk
How to communicate more effectively with board members to improve cyber security decision making.
https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. After the disclosure, I received some questions about how this issue was discovered, since dav1d is already being fuzzed by at least oss-fuzz. This blog post explains what happened. It’s a useful case study in how to construct fuzzers to exercise as much code as possible. But first, some background...BackgroundDav1d Dav1d is a highly-optimized AV1 decoder. AV1 is a royalty-free video coding format developed by the Alliance...
https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems
Posted by Sherk Chung, Stephan Chen, Pixel team, and Roger Piqueras Jover, Ivan Lozano, Android team Pixel phones have earned a well-deserved reputation for being security-conscious. In this blog, we'll take a peek under the hood to see how Pixel mitigates common exploits on cellular basebands. Smartphones have become an integral part of our lives, but few of us think about the complex software that powers them, especially the cellular baseband – the processor on the device responsible for handling all cellular communication (such as LTE, 4G, and 5G). Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult. Security researchers have increasingly exploited this attack vector and routinely demonstrated the possibility of...
http://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Evaluating Mitigations & Vulnerabilities in Chrome
Posted by Alex Gough, Chrome Security Team The Chrome Security Team is constantly striving to make it safer to browse the web. We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue. When choosing where to invest it is helpful to consider how bad actors find and exploit vulnerabilities. In this post we discuss several axes along which to evaluate the potential harm to users from exploits, and how they apply to the Chrome browser. Historically the Chrome Security Team has made major investments and driven the web to be safer. We pioneered browser sandboxing, site isolation and the migration to an encrypted web. Today we're investing...
http://security.googleblog.com/2024/10/evaluating-mitigations-vulnerabilities.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Single Cloud Compromise Can Feed an Army of AI Sex Bots
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.
https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Makes Recall Opt-In While Improving Privacy
After much backlash around privacy, Microsoft finally improvised Windows Recall, rolling it as an opt-in… Microsoft Makes Recall Opt-In While Improving Privacy on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/03/microsoft-makes-recall-opt-in-while-improving-privacy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q2 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q2 2024. In this period, I collected 688 events dominated by Cyber Crime with ...
https://www.hackmageddon.com/2024/10/03/q2-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Celebrating eight years of being the NCSC – a part of GCHQ
As Felicity Oswald hands over to the new NCSC CEO, she reflects on why cyber security and intelligence are so connected.
https://www.ncsc.gov.uk/blog-post/celebrating-eight-years-being-the-ncsc-part-of-gchq
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attackers exploit critical Zimbra vulnerability using cc'd email addresses

https://www.proofpoint.com/us/newsroom/news/attackers-exploit-critical-zimbra-vulnerability-using-ccd-email-addresses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Penetration testing
How to get the most from penetration testing
https://www.ncsc.gov.uk/guidance/penetration-testing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133)
Publication Date: 2024/10/01 6:35 PM PDT AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin. Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images (AMIs) version v20240928 with the patched NVIDIA container toolkit v1.16.2. Customers using Managed node groups can upgrade their node groups by referring to the EKS documentation. Customers using Karpenter can update their nodes by following the documentation on drift or AMI selection. Customers using self-managing worker nodes can replace existing nodes by referring to the...
https://aws.amazon.com/security/security-bulletins/AWS-2024-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity spotlight on bug bounty researcher @imrerad
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@imrerad! The post Cybersecurity spotlight on bug bounty researcher @imrerad appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cybersecurity-spotlight-on-bug-bounty-researcher-imrerad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Awareness Month: Securing our world—together
To help our global cyberdefenders, Microsoft has put together the Be Cybersmart Kit, designed to educate everyone, on best practices for going passwordless, not falling for sophisticated phishing or fraud, device protection, AI safety, and more. The post Cybersecurity Awareness Month: Securing our world—together appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/01/cybersecurity-awareness-month-securing-our-world-together/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BudTrader - 2,721,185 breached accounts
In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.
https://haveibeenpwned.com/PwnedWebsites#BudTrader
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment. Colibri Hero (also known as allcolibri) is a company with a noble mission: We want to create a world where organizations can make a positive impact on people and communities. One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website: Plantation financed by our partners So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kia Dealer Portal Vulnerability Risked Millions of Cars
Kia recently addressed a serious security vulnerability, risking its cars. The vulnerability existed in the… Kia Dealer Portal Vulnerability Risked Millions of Cars on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/01/kia-dealer-portal-vulnerability-risked-millions-of-cars/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning
Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model. The post Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning appeared first on Unit 42.
https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

June 2024 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for June 2024 where I collected and analyzed 230 events. During June 2024 Cyber Crime continued to lead...
https://www.hackmageddon.com/2024/10/01/june-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

COM Cross-Session Activation
Once again, reading blogs and tweets from James Forshaw led me to wonder how things work. This time, I was working on DCOM for my last blog post and while reading about cross-session activation, I had trouble believing what I was reading.
https://blog.compass-security.com/2024/10/com-cross-session-activation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crooked Cops, Stolen Laptops & the Ghost of UGNazi
A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the man's alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.
https://krebsonsecurity.com/2024/09/crooked-cops-stolen-laptops-the-ghost-of-ugnazi/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Find Broken Access Control Vulnerabilities in the Wild
Learn the ins and outs of broken access control vulnerabilities and how to find them in your security research.
https://www.hackerone.com/community/find-broken-access-control-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Central Tickets - 722,860 breached accounts
In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and passwords stored as unsalted SHA-1 hashes.
https://haveibeenpwned.com/PwnedWebsites#CentralTickets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tor And Tails OS Announce Merger For Streamlined Operations
The popular privacy tools Tor and Tails OS formally announced a merger to enhance their… Tor And Tails OS Announce Merger For Streamlined Operations on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/30/tor-and-tails-os-announce-merger-for-streamlined-operations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Open-Source Tools Can Help Keep Your Computer Secure
If you're thinking security, you've got a lot of options. With the intensity of cybercrime… How Open-Source Tools Can Help Keep Your Computer Secure on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/30/how-open-source-tools-can-help-keep-your-computer-secure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Justice Dept. charges three men in alleged Iran hack of Trump campaign

https://www.proofpoint.com/us/newsroom/news/justice-dept-charges-three-men-alleged-iran-hack-trump-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How online scammers hijack your brain

https://www.proofpoint.com/us/newsroom/news/how-online-scammers-hijack-your-brain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, […] The post Storm-0501: Ransomware attacks expanding to hybrid cloud environments appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex
The United States today unveiled sanctions and indictments against the alleged proprietor of Joker's Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia's most active money laundering networks.
https://krebsonsecurity.com/2024/09/u-s-indicts-2-top-russian-hackers-sanctions-cryptex/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Social Media: how to use it safely
Use privacy settings across social media platforms to manage your digital footprint.
https://www.ncsc.gov.uk/guidance/social-media-how-to-use-it-safely
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US Transportation and Logistics Firms Targeted With Infostealers, Backdoors

https://www.proofpoint.com/us/newsroom/news/us-transportation-and-logistics-firms-targeted-infostealers-backdoors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-30 June 2024 Cyber Attacks Timeline
In the second timeline of June 2024, I collected 106 events (7.07 events/day) with a threat landscape dominated by...
https://www.hackmageddon.com/2024/09/26/16-30-june-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unraveling Sparkling Pisces's Tool Set: KLogEXE and FPSpy
We analyze new tools DPRK-linked APT Sparkling Pisces (aka Kimsuky) used in cyberespionage campaigns: KLogExe (a keylogger) and FPSpy (a backdoor variant). The post Unraveling Sparkling Pisces's Tool Set: KLogEXE and FPSpy appeared first on Unit 42.
https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
Gartner® names Microsoft a Leader in Endpoint Protection Platforms—a reflection, we believe, of our continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center teams. The post ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/09/25/microsoft-is-named-a-leader-in-the-2024-gartner-magic-quadrant-for-endpoint-protection-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Eliminating Memory Safety Vulnerabilities at the Source
Posted by Jeff Vander Stoep - Android team, and Alex Rebert - Security Foundations Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding, a secure-by-design approach that prioritizes transitioning to memory-safe languages. This post demonstrates why focusing on Safe Coding for new code quickly and counterintuitively reduces the overall security risk of a codebase, finally breaking through the stubbornly high plateau of memory safety vulnerabilities and starting an exponential decline, all while being scalable and cost-effective. We'll also share updated data on how the percentage of memory safety vulnerabilities in Android...
http://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Timeshare Owner? The Mexican Drug Cartels Want You
The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than ,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.
https://krebsonsecurity.com/2024/09/timeshare-owner-the-mexican-drug-cartels-want-you/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz
Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its unique aspects and more. The post Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz appeared first on Unit 42.
https://unit42.paloaltonetworks.com/phishing-platform-sniper-dz-unique-tactics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OSINT : User Privacy in Linux
Linux telemetry involves gathering and sending data from a Linux-based system to an external server or service. The purpose of this process is often to The post OSINT : User Privacy in Linux appeared first on Hacking Articles.
https://www.hackingarticles.in/osint-user-privacy-in-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google & Arm - Raising The Bar on GPU Security
Posted by Xuan Xing, Eugene Rodionov, Jon Bottarini, Adam Bacchus - Android Red Team; Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - Arm Product Security Team Who cares about GPUs? You, me, and the entire ecosystem! GPUs (graphics processing units) are critical in delivering rich visual experiences on mobile devices. However, the GPU software and firmware stack has become a way for attackers to gain permissions and entitlements (privilege escalation) to Android-based devices. There are plenty of issues in this category that can affect all major GPU brands, for example, CVE-2023-4295, CVE-2023-21106, CVE-2021-0884, and more. Most exploitable GPU vulnerabilities are in the implementation of the GPU kernel mode modules. These modules are pieces of code that load/unload during runtime,...
http://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others. How It Works By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass...
http://www.kitploit.com/2024/09/safeline-serve-as-reverse-proxy-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inside SnipBot: The Latest RomCom Malware Variant
We deconstruct SnipBot, a variant of RomCom malware. Its authors, who target diverse sectors, seem to be aiming for espionage instead of financial gain. The post Inside SnipBot: The Latest RomCom Malware Variant appeared first on Unit 42.
https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious source code and the trusted script interpeter are safely written to the target system, one could simply execute said source code via the trusted script interpreter. PolyDrop - Leverages thirteen scripting languages to perform the above attack. The following langues are wholly ignored by AV vendors including MS-Defender: - tcl - php - crystal - julia - golang - dart - dlang - vlang - nodejs - bun - python - fsharp - deno All of these languages were allowed to completely execute, and...
http://www.kitploit.com/2024/09/polydrop-byosi-bring-your-own-script.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GameVN - 1,369,485 breached accounts
In May 2016, the Vietnamese gaming forum GameVN suffered a data breach that was later redistributed as part of a larger corpus of data. Data breached from the XenForo-based forum included 1.4M unique email addresses, usernames, IP addresses and salted MD5 password hashes.
https://haveibeenpwned.com/PwnedWebsites#GameVN
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Secator - The Pentester'S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library usage Distributed options with Celery Complexity from simple tasks to complex workflows Customizable Supported tools secator integrates the following tools: Name Description Category httpx Fast HTTP prober. http cariddi Fast crawler and endpoint secrets / api keys / tokens matcher. http/crawler gau Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). http/crawler gospider Fast web spider written in Go. http/crawler katana Next-generation crawling...
http://www.kitploit.com/2024/09/secator-pentesters-swiss-knife.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a virtually simulated environment designed for offensive security professionals to safely learn and practice drone hacking techniques. It simulates real-world ArduPilot & MAVLink drone architectures and vulnerabilities, offering a hands-on experience in exploiting drone systems. Why was it built? The Damn Vulnerable Drone aims to enhance offensive security skills within a controlled environment, making it an invaluable tool for intermediate-level security professionals, pentesters, and hacking enthusiasts....
http://www.kitploit.com/2024/09/damn-vulnerable-drone-intentionally.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable (PE) files. It provides a range of features to help developers and security professionals work with PE files more effectively. Features PE Header Fixing: file-unpumper can fix and align the PE headers of a given executable file. This is particularly useful for resolving issues caused by packers or obfuscators that modify the headers. Resource Extraction: The tool can extract embedded resources from a PE file, such as icons, bitmaps, or other data resources. This can be helpful for reverse engineering or analyzing the contents of an executable. Metadata Analysis: file-unpumper provides a comprehensive analysis of the PE file's metadata, including information about the machine...
http://www.kitploit.com/2024/09/file-unpumper-tool-that-can-be-used-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Managing Cybersecurity and Privacy Risks in the Age of Artificial Intelligence: Launching a New Program at NIST
The rapid proliferation of Artificial Intelligence (AI) promises significant value for industry, consumers, and broader society, but as with many technologies, new risks from these advancements in AI must be managed to realize it's full potential. The NIST AI Risk Management Framework (AI RMF) was developed to manage the benefits and risks to individuals, organizations, and society associated with AI and covers a wide range of risk ranging from safety to lack of transparency and accountability. For those of us at NIST working in cybersecurity, privacy and AI, a key concern is how advancements
https://www.nist.gov/blogs/cybersecurity-insights/managing-cybersecurity-and-privacy-risks-age-artificial-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from the response to a second request provided, one parameter at a time. This approach allows for the automated testing and exploitation of potential mass assignment vulnerabilities. Disclaimer This tool actively modifies server-side data. Please ensure you have proper authorization before use. Any unauthorized or illegal activity using this tool is entirely at your own risk. Features Enables the addition of custom headers within requests Offers customization of various HTTP methods for both origin and...
http://www.kitploit.com/2024/09/mass-assigner-simple-tool-made-to-probe.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. The post Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool appeared first on Unit 42.
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Single IP is Scanning Intensely, and Yields a List of Malware Loaders
Overall scanning for CVEs we track is down, but one specific scanner caught our attention. We dig into what it’s doing.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Imperius - Make An Linux Kernel Rootkit Visible Again
A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched. It involves getting the memory address of a rootkit's "show_module" function, for example, and using that to call it, adding it back to lsmod, making it possible to remove an LKM rootkit. We can obtain the function address in very simple kernels using /sys/kernel/tracing/available_filter_functions_addrs, however, it is only available from kernel 6.5x onwards. An alternative to this is to scan the kernel memory, and later add it to lsmod again, so it can be removed. So in summary, this LKM abuses the function of lkm rootkits that have the functionality to become visible again. OBS: There is another trick of removing/defusing a LKM rootkit, but it will be in the research that will...
http://www.kitploit.com/2024/09/imperius-make-linux-kernel-rootkit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Three-Headed Potato Dog
Earlier this year, several security researchers published research about using DCOM to coerce Windows systems to authenticate to other systems. This can be misused to relay the authentication to NTLM or Kerberos, to AD CS over HTTP for instance. This sounds like a hot and complex topic. Let’s take a look back how this started […]
https://blog.compass-security.com/2024/09/three-headed-potato-dog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be unfortunate for them, it's an opportunity for us to profit. Flashy methods like residing in memory or thread injection are heavily monitored. Without a binary signed by a valid Certificate Authority, execution is nearly impossible. Enter BYOSI (Bring Your Own Scripting Interpreter). Every scripting interpreter is signed by its creator, with each certificate being valid. Testing in a live environment revealed surprising results: a highly signatured PHP script from this repository not only ran on systems monitored by CrowdStrike and Trellix but also established an external connection without triggering...
http://www.kitploit.com/2024/09/byosi-evade-edrs-simple-way-by-not.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Psobf - PowerShell Obfuscator
Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the obfuscation level to their specific needs../psobf -h ██████╗ ███████╗ ██████╗ ██████╗ ███████╗ ██╔══██╗██╔════╝██╔═══██╗██╔══██╗██╔════╝ ██████╔╝███████╗██║ ██║██████╔╝█████╗ ██╔═══╝ ╚════██║██║ ██║██╔══██╗██╔══╝...
http://www.kitploit.com/2024/09/psobf-powershell-obfuscator.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CloudImposer
Google Cloud Composer is a managed service for Apache Airflow. Tenable discovered that the Cloud Composer package was vulnerable to dependency confusion, which could have allowed attackers to inject malicious code when the package was compiled from source. This could have led to remote code execution on machines running Cloud Composer, which include various other GCP services as well as internal servers at Google. The dependency confusion stemmed from Google's risky recommendation in their documentation to use the --extra-index-url argument when installing private Python packages. Following disclosure, Google fixed the dependency confusion vulnerability and also updated their documentation.
https://www.cloudvulndb.org/cloudimposer-gcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Document AI data exfiltration
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project, in a way that isn't properly documented. The Document AI service agent is auto-assigned with excessive permissions, allowing it to access all objects from Cloud Storage buckets in the same project. Malicious actors can exploit this to exfiltrate data from Cloud Storage by indirectly leveraging the service agent's permissions. This vulnerability is an instance of transitive access abuse, a class of security flaw where unauthorized access is gained indirectly through a trusted intermediary.
https://www.cloudvulndb.org/gcp-document-ai-data-exfil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/ImperiusDownload ModTracer
http://www.kitploit.com/2024/09/modtracer-modtracer-finds-hidden-linux.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology. Containers allow developers to package an application and its dependencies into a single, portable unit that can run consistently across various computing environments. Docker simplifies the development and deployment process by ensuring that applications run the same way regardless of where they are deployed. About Docker Hub Docker Hub is a cloud-based repository where developers can store, share, and distribute container images. It serves as the largest library of container images, providing access...
http://www.kitploit.com/2024/09/dockerspy-dockerspy-searches-for-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A new path for Kyber on the web
Posted by David Adrian, David Benjamin, Bob Beck & Devon O'Brien, Chrome Team We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients. The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber. At the time, the NIST standardization process for Kyber had not yet finished. Since then, the Kyber algorithm has been standardized with minor technical changes and renamed to the Module Lattice Key Encapsulation Mechanism (ML-KEM). We have implemented ML-KEM in Google's cryptography library, BoringSSL, which allows for it to be deployed and utilized by services that depend on this library. The changes to the final version of ML-KEM make it incompatible with the previously...
http://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 June 2024 Cyber Attacks Timeline
In the first timeline of June 2024 I collected 124 events (8.27 events/day) with a threat landscape dominated by...
https://www.hackmageddon.com/2024/09/12/1-15-june-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Detailed Guide on Feroxbuster
Feroxbuster is a robust tool designed to identify directories and files on web servers using brute-force techniques. It is frequently utilized in penetration testing and The post A Detailed Guide on Feroxbuster appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-feroxbuster/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

access to backend information and logs via RestAPI on shared environments
An improper access control vulnerability [CWE-284] in FortiEDR Manager API may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.  Revised on 2024-09-17 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-371
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inadequate user validation and no brute force protection on change password requests
An improper authorization vulnerability [CWE-285] in FortiSOAR change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests. Revised on 2024-09-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-048
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cookie security policy bypass
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature Revised on 2024-09-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-22-256
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiClient - Lack of client-side certificate validation in ZTNA service
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows, FortiClientLinux and FortiClientMac may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation Revised on 2024-09-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-22-282
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiClient(All) - Lack of client-side certificate validation using SAML SSO
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows, FortiClientMac, FortiClientLinux, FortiClientAndroid and FortiClientiOS SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and  both the service provider and the identity provider. Revised on 2024-09-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-22-230
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Ways to Mitigate Risk in Cybersecurity
Cybersecurity refers to practices designed to defend computers, mobile devices, electronic data storage platforms and networks against attacks such as ransomware extortion and data breaches. Preventative techniques are key in... The post 5 Ways to Mitigate Risk in Cybersecurity appeared first on Hacker Combat.
https://www.hackercombat.com/five-ways-to-mitigate-risk-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is Malware
Malware refers to any form of malicious software which aims to disrupt, harm or steal private information for criminal use. Furthermore, malware can mine cryptocurrency for cybercriminals as an additional... The post What is Malware appeared first on Hacker Combat.
https://www.hackercombat.com/malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Classroom into Bug Bounty: Investigating Motivational Factors Among Swiss Students
Bug bounty programs have evolved into a critical element of modern cybersecurity. In this post, we give some answers to how bug bounty programs can attract students as hunters.
https://blog.compass-security.com/2024/09/from-classroom-into-bug-bounty-investigating-motivational-factors-among-swiss-students/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Identify and Stop Scrapers
Fighting sophisticated scrapers requires advanced detection methods. Discover the techniques needed to identify and manage these hidden threats outlined in our investigation.
https://www.f5.com/labs/articles/threat-intelligence/how-to-identify-and-stop-scrapers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deploying Rust in Existing Firmware Codebases
Posted by Ivan Lozano and Dominik Maier, Android Team Android's use of safe-by-design principles drives our adoption of memory-safe languages like Rust, making exploitation of the OS increasingly difficult with every release. To provide a secure foundation, we're extending hardening and the use of memory-safe languages to low-level firmware (including in Trusty apps).In this blog post, we'll show you how to gradually introduce Rust into your existing firmware, prioritizing new code and the most security-critical code. You'll see how easy it is to boost security with drop-in Rust replacements, and we'll even demonstrate how the Rust toolchain can handle specialized bare-metal targets.Drop-in Rust replacements for C code are not a novel idea and have been used in other cases, such as librsvg's...
http://security.googleblog.com/2024/09/deploying-rust-in-existing-firmware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learning, Sharing, and Exploring with NIST's New Human-Centered Cybersecurity Community of Interest
Human-centered cybersecurity (also known as ‘usable security') involves the social, organizational, and technological influences on people's understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity (HCC) approach, we can both improve people's cybersecurity experiences and achieve better cybersecurity outcomes, which is so important in today's digitally interconnected world. At NIST, we understand the value of making connections, listening, and interactivity. We also understand that researchers and practitioners want to hear directly from each other—and
https://www.nist.gov/blogs/cybersecurity-insights/learning-sharing-and-exploring-nists-new-human-centered-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

May 2024 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for May 2024 where I collected and analyzed 242 events...
https://www.hackmageddon.com/2024/08/29/may-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 May 2024 Cyber Attacks Timeline
In the second timeline of May 2024 I collected 136 events (8.5 events/day) with a threat landscape dominated by...
https://www.hackmageddon.com/2024/08/27/16-31-may-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MSSQL for Pentester: NetExec
NetExec (nxc) is a powerful network exploitation tool developed as a modern successor to CrackMapExec (CME), which was widely used by penetration testers and red The post MSSQL for Pentester: NetExec appeared first on Hacking Articles.
https://www.hackingarticles.in/mssql-for-pentester-netexec/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scanning for CVE-2017-9841 Drops Precipitously
Last issue, we observed huge amounts of scanning for the rather old CVE-2017-9841, an RCE in PHPUnit. This time it’s fallen off nearly as sharply. We look into why!
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-july-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementation Challenges in Privacy-Preserving Federated Learning
In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon ( United Kingdom (UK) Office of National Statistics (ONS)), and Dr. Michael Fenton (Trūata) who were winners in the UK-US Privacy-Enhancing Technologies ( PETs) Prize Challenges. We discuss implementation challenges of privacy-preserving federated learning (PPFL) - specifically, the areas of threat modeling and real world deployments. Threat Modeling In research on privacy-preserving federated learning (PPFL), the protections of a PPFL system are usually encoded in a threat model that defines
https://www.nist.gov/blogs/cybersecurity-insights/implementation-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Patchdiffing Journey – TP-Link Omada
Last year we participated in the Pwn2Own 2023 Toronto competition and successfully exploited the Synology BC500 camera. The DEVCORE Internship Program team managed to exploit a bug in the TP-Link Omada Gigabit VPN Router. So I was naturally curious and wanted to figure out how difficult it would be to recreate that exploit having access only to a high-level bug description and the firmware.
https://blog.compass-security.com/2024/08/a-patchdiffing-journey-tp-link-omada/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Copilot Studio information disclosure via SSRF

https://www.cloudvulndb.org/copilot-studio-infoleak-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Private AI For All: Our End-To-End Approach to AI Privacy on Android
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy, and Giles Hogben, Senior Director, Privacy Engineering, Android Your smartphone holds a lot of your personal information to help you get things done every day. On Android, we are seamlessly integrating the latest artificial intelligence (AI) capabilities, like Gemini as a trusted assistant – capable of handling life's essential tasks. As such, ensuring your privacy and security on Android is paramount. As a pioneer in responsible AI and cutting-edge privacy technologies like Private Compute Core and federated learning, we made sure our approach to the assistant experience with Gemini on Android is aligned with our existing Secure AI framework, AI Principles and Privacy Principles. We've always safeguarded...
http://security.googleblog.com/2024/08/android-private-ai-approach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars. The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Post-Quantum Cryptography: Standards and Progress
Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, Google, and Phil Venables, VP, TI Security & CISO, Google Cloud The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures. In progress since 2016, this achievement represents a major milestone towards standards development that will keep information on the Internet secure and confidential for many years to come. Here's a brief overview of what PQC is, how Google is using PQC, and how other organizations can adopt these new standards. You can also read more about PQC and Google's role in the standardization process in this 2022 post from Cloud CISO Phil Venables. What is PQC? Encryption...
http://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Azue Health privilege escalation via SSRF

https://www.cloudvulndb.org/azure-health-pe-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 0.103 LTS End of Life Announcement
The ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security vulnerability fix support from our team. This end of life date will be Sept. 14, 2024. ClamAV 0.103 users will be able to update signatures from the official database mirror for an additional one year after the EOL date. After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature updates. We recommend that users update to the newest LTS release, ClamAV 1.0.6. For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1. The most recent version of ClamAV can be found here: https://www.clamav.net/downloads The following is a list of major changes available to users in the newest versions of ClamAV. Since ClamAV 0.103, ClamAV 1.0 LTS adds: ·                     A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean. Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Penetration Testing on MYSQL (Port 3306)
MySQL is an open-source Relational Database Management System (RDBMS). It is widely used for managing and organizing data in a structured format, using tables to The post Penetration Testing on MYSQL (Port 3306) appeared first on Hacking Articles.
https://www.hackingarticles.in/penetration-testing-on-mysql-port-3306/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Are Scrapers and Why Should You Care?
Data miners and scraper bots are everywhere, feeding AI LLMs and more, and many of them are NOT harmless.
https://www.f5.com/labs/articles/threat-intelligence/what-are-scrapers-and-why-should-you-care
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Configure GitHub Artifact Attestations for secure cloud-native delivery
Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images. The post Configure GitHub Artifact Attestations for secure cloud-native delivery appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/configure-github-artifact-attestations-for-secure-cloud-native-delivery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Huge Increase in Scanning for CVE-2017-9841 With Large Variability in Scanning Infrastructure
The rather old CVE-2017-9841, an RCE in PHPUnit, suddenly jumps to the top of our list, with an increase of nearly 400% since last month. We dig into the scanning infrastructure.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-june-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with AWS Client VPN - CVE-2024-30164, CVE-2024-30165
Publication Date: 2024/07/16 3:30 PM PDT AWS is aware of CVE-2024-30164 and CVE-2024-30165 in AWS Client VPN. These issues could potentially allow an actor with access to an end user's device to escalate to root privilege and execute arbitrary commands on that device. We addressed these issues on all platforms. Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux. For additional information on configuring AWS Client VPN to meet your security and compliance requirements, please refer to our "Security in AWS Client VPN" user guide. We would like to thank Robinhood for collaborating on this issue through the coordinated vulnerability disclosure process. Security-related questions...
https://aws.amazon.com/security/security-bulletins/AWS-2024-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with PyTorch TorchServe - CVE-2024-35198, CVE-2024-35199
Publication Date: 2024/07/18 2:50 PM PDT AWS is aware of the issues described in CVE-2024-35198 and CVE-2024-35199 in PyTorch TorchServe versions 0.3.0 to 0.10.0. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker are not affected. CVE-2024-35198 does not prevent a model from being downloaded into the model store if the URL contains characters such as ".." when TorchServe model registration API is called. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and Amazon Elastic Kubernetes Service (Amazon EKS) are not affected by this issue. CVE-2024-35199 does not bind two gRPC ports 7070 and 7071 to localhost by default. These two interfaces are bound to all interfaces when TorchServe is natively launched...
https://aws.amazon.com/security/security-bulletins/AWS-2024-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 ways to get Remote Code Execution in Kafka UI
In this blog post, we'll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited. The post 3 ways to get Remote Code Execution in Kafka UI appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/3-ways-to-get-remote-code-execution-in-kafka-ui/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

File Transfer Cheatsheet: Windows and Linux
File transfer is a crucial step in the post-exploitation scenario while performing penetration testing or red teaming. There are various ways to do the file The post File Transfer Cheatsheet: Windows and Linux appeared first on Hacking Articles.
https://www.hackingarticles.in/file-transfer-cheatsheet-windows-and-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 DDoS Attack Trends
Unveiling the rise of Hacktivism in a tense global climate.
https://www.f5.com/labs/articles/threat-intelligence/2024-ddos-attack-trends
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WinRM Penetration Testing
Windows Remote Management (WinRM) is a protocol developed by Microsoft for remotely managing hardware and operating systems on Windows machines. It is a component of The post WinRM Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/winrm-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary. But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting Trained Models in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . The last two posts in our series covered techniques for input privacy in privacy-preserving federated learning in the context of horizontally and vertically partitioned data. To build a complete privacy-preserving federated learning
https://www.nist.gov/blogs/cybersecurity-insights/protecting-trained-models-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers. Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OpenSSH regreSSHion Attack (CVE-2024-6387)
CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This could lead to remote code execution with root privileges. Revised on 2024-10-16 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-258
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The  cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […] The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MSSQL for Pentester: Command Execution with xp_cmdshell
Transact-SQL (T-SQL) is an extension of the SQL language used primarily in Microsoft SQL Server. T-SQL expands the functionality of SQL by adding procedural programming The post MSSQL for Pentester: Command Execution with xp_cmdshell appeared first on Hacking Articles.
https://www.hackingarticles.in/mssql-for-pentester-command-execution-with-xp_cmdshell/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SAML Raider Release 2.0.0
SAML Raider is a Burp Suite extension and the tool of choice for many pentesters for testing SAML infrastructures. This blog post should give a brief introduction to what has changed in the new version 2.0.0. From Improving developer and user experience to bug fixes.
https://blog.compass-security.com/2024/07/saml-raider-release-2-0-0/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. In that case, tidbits of valuable data can lurk in forgotten documentation, out-of-print books, and dusty open-source code – each potentially offering a critical piece of the puzzle. Uncovering them takes some effort, but the payoff is often immense. Scraps of information can contain hints as to how certain parts of the software are implemented, as well as why – what were ...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attack of the clones: Getting RCE in Chrome's renderer with duplicate object properties
In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post Attack of the clones: Getting RCE in Chrome's renderer with duplicate object properties appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/attack-of-the-clones-getting-rce-in-chromes-renderer-with-duplicate-object-properties/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine- Google Dorking without limits- Github Information Grabbing- Subdomain Identifier - Cms/Technology Detector With Custom Headers Installation ~> git clone https://github.com/ankitdobhal/Ashok~> cd Ashok~> python3.7 -m pip3 install -r requirements.txt How to use Ashok? A detailed usage guide is available on Usage section of the Wiki. But Some index of options is given below:...
http://www.kitploit.com/2024/06/ashok-osint-recon-tool-aka-swiss-army.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scanning for TP-Link Wifi Router Vulnerability Increases by 100%
The TP-Link Archer AX21 Wifi Router vulnerability CVE-2023-1389 experiences massive targeting along with a rather old critical RCE in PHPUnit.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-may-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero IntroductionAt Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches. As the code comprehension and general reasoning ability of Large Language Models (LLMs) has improved, we have been exploring how these models can reproduce the systematic approach of a human security researcher when identifying and demonstrating security vulnerabilities. We hope that in the future, this can close some of the blind spots of current automated vulnerability discovery approaches, and enable automated detection of "unfuzzable" vulnerabilities. ...
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we'll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects. The post Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/execute-commands-by-sending-json-learn-how-unsafe-deserialization-vulnerabilities-work-in-ruby-projects/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild.  Diamorphine is a well-known […] The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Conkeyscan – Confluence Keyword Scanner
TL;DR Release of Conkeyscan – A Confluence Keyword/Secret Scanner, which is tailored towards pentesters. Secrets Everywhere Many companies, especially larger ones, need to store knowledge in a centralized way. A wiki is the usual choice for this. One product that is frequently used for this purpose is Confluence from Atlassian. Similar to how sensitive data […]
https://blog.compass-security.com/2024/06/introducing-conkeyscan-confluence-keyword-scanner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with DeepJavaLibrary - CVE-2024-37902
Publication Date: 2024/06/17 10:30 AM PDT AWS is aware of CVE-2024-37902, relating to a potential issue with the archive extraction utilities for DeepJavaLibrary (DJL). On May 15, 2024, we released version 0.28.0 to address this issue. If you are using an affected version (0.1.0 through 0.27.0), we recommend you upgrade to 0.28.0 or higher. For additional information, please refer to the DJL release notes. Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2024-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Azure Machine Learning SSRF

https://www.cloudvulndb.org/azure-ml-ssrf-pt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GCP HMAC Keys do not log creation, deletion or usage
Cloud Audit Logs do not capture actions mediated through the cloud console private API service (cloudconsole-pa). Consequently, there is no logging of HMAC key creation or deletion linked to user accounts. This absence of logs hampers defenders' ability to alert or monitor the creation of HMAC keys for user accounts, posing a persistence risk, or their deletion, presenting a denial of service risk.
https://www.cloudvulndb.org/gcp-hmac-keys-insufficient-logging
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GCP HMAC Keys are not discoverable or revokable other than for self
GCP administrators face challenges in managing HMAC keys within their organizations, lacking visibility into which user accounts have generated these keys and whether they are actively being used to access storage objects. Additionally, there's a lack of functionality to revoke keys associated with other users, restricting their ability to enforce security policies effectively. Similarly, GCP incident response teams rely on Cloud Logging to monitor Cloud Storage object access, but they lack specific indicators to determine if HMAC keys are being utilized in these access attempts.
https://www.cloudvulndb.org/gcp-hmac-keys-unauditable
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Driving forward in Android drivers
Posted by Seth Jenkins, Google Project ZeroIntroduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases carry the potential to compromise a significant segment of Android phones. There are recent public examples of third-party drivers containing serious vulnerabilities that are exploited on Android. While there exists a well-established body of public (and In-the-Wild) security research on Android GPU drivers, other chipset components may not be as frequently audited so this research sought to explore those drivers in greater detail.Driver Enumeration: Not as Easy as it Looks This...
https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 years of the GitHub Security Bug Bounty Program
Let's take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program. The post 10 years of the GitHub Security Bug Bounty Program appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/10-years-of-the-github-security-bug-bounty-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Buffer overflow in fgfmd
A stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM and FortiSwitchManager may allow a remote attacker to execute arbitrary code or command via crafted packets reaching the fgfmd daemon, under certain conditions which are outside the control of the attacker. Revised on 2024-09-30 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-036
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Blockchain / Smart Contract Bugs
To identify and understand threats and weaknesses of smart contracts, it is important to be at least familiar with common smart contract bugs and vulnerabilities, how they can be leveraged by a malicious attacker, and how these issues can be mitigated. This blog article aims to raise awareness about common smart contract vulnerabilities and their corresponding mitigation strategies.
https://blog.compass-security.com/2024/06/blockchain-smart-contract-bugs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same  threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests. As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs. We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building DDoS Botnets with TP-Link and Netgear Routers
Threat actors double down with their botnet building efforts. Vulnerable Netgear routers join exploitable TP-Link and other IoT devices, expanding attacker DDoS capabilities.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-april-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to become a Hacker
Introduction Last year, I attended a job fair organized by the Association of Computer Science Students at ETH Zürich. It was a rewarding experience to be able to share my day-to-day work in a field I am so passionate about. We got to talk to numerous students at different stages of their studies, as well […]
https://blog.compass-security.com/2024/05/how-to-become-a-hacker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Internal Azure Container Registry writable via exposed secret
A Microsoft employee accidentally published credentials via a git commit to a public repository. These credentials granted privileged access to an internal Azure Container Registry (ACR) used by Azure, which reportedly held container images utilized by multiple Azure projects, including Azure IoT Edge, Akri, and Apollo. The privileged access could have allowed an attacker to download private images as well as upload new images and (most importantly) overwrite existing ones. In theory, an attacker could have leveraged the latter to implement a supply chain attack against these Azure projects and their users. However, it is currently unknown precisely which images this ACR contained or how they were used, so the effective impact of this issue remains undetermined.
https://www.cloudvulndb.org/azure-internal-acr-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors. In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reel HackTheBox Walkthrough
Summary Reel is a windows Active Directory machine and is considered as a hard box in HTB. This box stands out for its uniqueness, featuring The post Reel HackTheBox Walkthrough appeared first on Hacking Articles.
https://www.hackingarticles.in/reel-hackthebox-walkthrough/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploiting Race Condition using Turbo Intruder
In web security, a race condition refers to a scenario where the behaviour of a web application is influenced by the sequence or timing of The post Exploiting Race Condition using Turbo Intruder appeared first on Hacking Articles.
https://www.hackingarticles.in/exploiting-race-condition-using-turbo-intruder/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package.  But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lethal Injection
Multiple vulnerabilities were uncovered in Azure Health Bot service, Microsoft's health chatbot platform. These could have potentially exposed sensitive user data and granted attackers extensive control, allowing unrestricted code execution as root on the bot backend, unrestricted access to authentication secrets & integration auth providers, unrestricted memory read in the bot backend, exposing sensitive secrets, allowing cross-tenant data access and unrestricted deletion of other tenants' public resources. These issues stemmed from various bugs related to URL sanitization, shared compute, and sandboxing. Following disclosure, Microsoft changed the service architecture to run a completely separate ACI instance per customer, thereby mitigating future sandbox escapes, and changed the sandboxing...
https://www.cloudvulndb.org/lethal-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Where does your software (really) come from?
GitHub is working with the OSS community to bring new supply chain security capabilities to the platform. The post Where does your software (really) come from? appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/where-does-your-software-really-come-from/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sensor Intel Series: Top CVEs in March 2024
TP-Link Archer AX21 Wifi Router targeting, plus a handful of new CVEs! See what mass scanning looks like in March 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-march-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CodeQL zero to hero part 3: Security research with CodeQL
Learn how to use CodeQL for security research and improve your security research workflow. The post CodeQL zero to hero part 3: Security research with CodeQL appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-3-security-research-with-codeql/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GraphNinja
A vulnerability in Microsoft Graph allowed attackers to conduct password-spray attacks without detection. The issue involved switching the 'common' authentication endpoint with that of an unrelated tenant, thereby avoiding the appearance of logon attempts in the victim's logs. This technique could allow attackers to validate user credentials through verbose error messages, but actual successful logons using these credentials would still be recorded in the victims' logs (regardless of endpoint).
https://www.cloudvulndb.org/graph-ninja
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #2: A brief history of the feature
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values", used by Windows and applications to store a variety of settings and configuration data. It is represented by a tree structure, in which keys may have one or more sub-keys, and every subkey is associated with exactly one parent key. Furthermore, every key may also contain one or more values, which have a type (integer, string, binary blob etc.) and are used to store actual data in the registry. Every key can be uniquely identified by its name and the names of all of its ascendants...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer based on the Bochs x86 emulator (one of my favorite tools for security research: see Bochspwn, Bochspwn Reloaded, and my earlier font fuzzing infrastructure), and needed some binary formats to test it on. My first pick were PE files: they are very popular in the Windows environment, which makes it easy to create an initial corpus of input samples, and a basic fuzzing harness is equally easy to develop with just a single GetFileVersionInfoSizeW API call. The test was successful: even though...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […] The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-28056
Publication Date: 2024/04/15 07:00 AM PST AWS is aware of CVE-2024-28056, which affects Amplify CLI versions prior to 12.10.1 and Amplify Studio, which uses Amplify CLI. We released a fix to Amplify CLI on January 10, 2024 that also fixed Amplify Studio, and recommend customers upgrade to Amplify CLI 12.10.1 or higher to address this issue. We have proactively communicated with the customers using affected versions. AWS has taken two additional steps to protect customers using Amplify from unintentional misconfigurations. First, AWS added a mitigation to the AWS Security Token Service (STS) where attempts to make a cross-account role assumption with a trust policy referencing Amazon Cognito as the trusted principal, without conditions to scope down access to specific Amazon Cognito...
https://aws.amazon.com/security/security-bulletins/AWS-2024-003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system. We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators. Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-3094
Publication Date: 2024/03/29 12:30 PM PST CVE Identifier: CVE-2024-3094 AWS is aware of CVE-2024-3094, which affects versions 5.6.0 and 5.6.1 of the xz-utils package. This issue may attempt to introduce security issues in openssh through the use of liblzma within some operating system environments. Amazon Linux customers are not affected by this issue, and no action is required. AWS infrastructure and services do not utilize the affected software and are not impacted. Users of Bottlerocket are not affected. Customers using other operating systems are advised to refer to information provided by the OS vendor to address any concerns originating from this reported issue. Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2024-002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sensor Intel Series: Top CVEs in February 2024
27 new CVEs, and continued IoT targeting. See what's new from February 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-february-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing. I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack). It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sponsored Ad Fraud: Mystery Box Scams Flood Social Media
Social media platforms are overflowing with scams. In the past couple of months, Bitdefender Labs has been monitoring a steep increase in fraudulent social media ads on Facebook promoting various swindles ranging from crypto-doubling to AI-generated celebrity-endorsed giveaways. Our latest analysis has spotted a consistent trend, with fraudsters continuing to exploit Meta's ad system to deceive consumers. The hustle? A long-established ruse that involves peddling so-called mystery boxes from
https://www.bitdefender.com/en-us/blog/labs/sponsored-ad-fraud-mystery-box-scams-flood-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro. The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Stealers Converge: New Variant of Atomic Stealer in the Wild
Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our malware zoo. During routine verifications, we were able to isolate multiple suspicious and undetected macOS disk image files surprisingly small for files of this kind (1.3 MB per file). A short look into the code revealed that these files are significantly similar to other samples analysed in the
https://www.bitdefender.com/en-us/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Details on Apple's Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 sheds light on the critical importance of continuous security vigilance. Apple's Shortcuts application, designed to enhance user automation, can inadvertently become a potential vector for privacy breaches. This analysis aims to provide users, developers, and security professionals with insights into the nature of the vulnerability, its potential impact, and recommended mitigation measures. At a glance: * We have discovered a vulnerability in Apple Shortcuts that lets a potent
https://www.bitdefender.com/en-us/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: HomuWitch Ransomware
HomuWitch is a ransomware strain that initially emerged in July 2023. Unlike the majority of current ransomware strains, HomuWitch targets end-users - individuals - rather than institutions and companies. The post Decrypted: HomuWitch Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-homuwitch-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-homuwitch-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Audio deepfakes: Celebrity-endorsed giveaway scams and fraudulent investment opportunities flood social media platforms
Bitdefender Labs has been keeping up with the latest modus operandi of cybercrooks who adapt emerging technologies to siphon money from consumers. Artificial intelligence is just one of the many tools that help in the creation and successful dissemination of online schemes to extort money and sensitive information. This paper focuses on voice cloning (audio deepfakes) schemes and how they are proliferated via social media to trick unsuspecting victims. Before delving deeper into the main subj
https://www.bitdefender.com/en-us/blog/labs/audio-deepfakes-celebrity-endorsed-giveaway-scams-and-fraudulent-investment-opportunities-flood-social-media-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: Rhysida Ransomware
The team at Avast has developed a decryptor for the Rhysida ransomware and released it for public download. The Rhysida ransomware has been active since May 2023. As of Feb 2024, their TOR site lists 78 attacked companies, including IT (Information Technology) sector, healthcare, universities, and government organizations. The post Decrypted: Rhysida Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-rhysida-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-rhysida-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
UPDATE: Following our initial release, we have been contacted by our fellow researchers at Jamf who were able to identify three more samples that act like first-stage payloads. They are responsible for downloading the backdoor: * e7cab6f2be47940bf36e279bbec54ec7 - Jobinfo.app.zip * 26d6a7e3507edf9953684d367dcd44bd - Jobinfo.zip * 775851f86cbde630808ff6d2cf8cedbf - Jobinfo.zip Combined with information in our previous research, the investigation of these samples revealed new components of t
https://www.bitdefender.com/en-us/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Format String Bug in fgfmd
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.A third-party report is indicating this may be exploited in the wild. Revised on 2024-10-17 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-029
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Avast Q4/2023 Threat Report
10 Billion Attacks Blocked in 2023, Qakbot's Resurrection, and Google API Abused The post Avast Q4/2023 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q4-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2023-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-21626 - Runc container issue
Publication Date: 2024/01/31 1:30 PM PST CVE Identifier: CVE-2024-21626 AWS is aware of a recently disclosed security issue affecting the runc component of several open source container management systems (CVE-2024-21626). With the exception of the AWS services listed below, no customer action is required to address this issue. Amazon Linux An updated version of runc is available for Amazon Linux 1 (runc-1.1.11-1.0.amzn1), Amazon Linux 2 (runc-1.1.11-1.amzn2) and for Amazon Linux 2023 (runc-1.1.11-1.amzn2023). AWS recommends that customers using runc or other container-related software apply those updates or a newer version. Further information is available in the Amazon Linux Security Center. Bottlerocket OS An updated version of runc will be included in Bottlerocket 1.19.0, which will...
https://aws.amazon.com/security/security-bulletins/AWS-2024-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investigating Worldwide SMS Scams, and Tens of Millions of Dollars in Fraud
SMS services remain a critical part of telecommunications; they don't require Internet access, and companies use them to inform their customers. This combination of features makes them incredibly useful for criminals who use the technology as a stepping stone in their never-ending campaigns. And if you think that the new RCS messaging standard will offer any protection, you would be wrong. These types of scams will continue to spread regardless of the messaging standard used. SMS scams are ever
https://www.bitdefender.com/en-us/blog/labs/investigating-worldwide-sms-scams-and-tens-of-millions-of-dollars-in-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Recover an Unsaved Excel File
If your Excel file was left unsaved by accident, don’t fret – Microsoft understands mistakes happen and provides built-in functionality to help recover it. To recover an unsaved file, navigate... The post How to Recover an Unsaved Excel File appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-recover-unsaved-excel-file/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool
BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground
https://www.darknet.org.uk/2024/01/best-edr-of-the-market-beotm-endpoint-detection-and-response-testing-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 release candidate now available!
The ClamAV 1.3.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package.  But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2023/12/clamav-130-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

First handset with MTE on the market
By Mark Brand, Google Project ZeroIntroduction It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said (to far too many people at this point to be able to back out…) that I'd immediately switch to the first available device that supported this feature. It's been a long wait (since late 2017) but with the release of the new Pixel 8 / Pixel 8 Pro handsets, there's finally a production handset that allows you to enable MTE! The ability of MTE to detect memory corruption exploitation at the first dangerous access is a significant improvement in diagnostic and potential security effectiveness. The availability of MTE on a production handset for the first time is a big step forward, and I think there's...
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.2.1, 1.1.3, 1.0.4, 0.103.11 patch versions published
Today, we are publishing the 1.2.1, 1.1.3, 1.0.4, and 0.103.11 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. Continue reading to learn what changed in each version.1.2.1ClamAV 1.2.1 is a patch release with the following fixes:Eliminate security warning about unused "atty" dependency.GitHub pull request.Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.GitHub pull request.Build system: Fix link error with Clang/LLVM/LLD version 17. Patch courtesy of Yasuhiro Kimura.GitHub pull request.Fix alert-exceeds-max feature for files > 2GB and < max-filesize.GitHub pull request. Special thanks to Yasuhiro Kimura for code contributions and bug reports.1.1.3ClamAV...
http://blog.clamav.net/2023/10/clamav-121-113-104-010311-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first. As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon. Contents Why not Share₂Fedi? Share on Mastodon or on Fediverse? ...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a 7-day disclosure deadline and Apple released iOS 16.4.1 on April 7, 2023 fixing CVE-2023-28206 and CVE-2023-28205. Over the last few years Apple has been hardening the Safari WebContent (or "renderer") process sandbox attack surface on iOS, recently removing the ability for the WebContent process to access GPU-related hardware directly. Access to graphics-related drivers is now brokered via a GPU process which runs in a separate sandbox. ...
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analyzing a Modern In-the-wild Android Exploit
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google's Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG's blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel arbitrary read/write access.Notably, several of the previous stages of the exploit chain used n-day vulnerabilities:CVE-2022-4262, a 0-day vulnerability in Chrome was exploited in the Samsung browser to achieve RCE.CVE-2022-3038, a Chrome n-day that unpatched in the Samsung browser, was used...
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A year after the disastrous breach, LastPass has not improved
In September last year, a breach at LastPass' parent company GoTo (formerly LogMeIn) culminated in attackers siphoning out all data from their servers. The criticism from the security community has been massive. This was not so much because of the breach itself, such things happen, but because of the many obvious ways in which LastPass made matters worse: taking months to notify users, failing to provide useful mitigation instructions, downplaying the severity of the attack, ignoring technical issues which have been publicized years ago and made the attackers' job much easier. The list goes on. Now this has been almost a year ago. LastPass promised to improve, both as far as their communication goes and on the technical side of things. So let's take a look at whether they managed to...
https://palant.info/2023/09/05/a-year-after-the-disastrous-breach-lastpass-has-not-improved/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AgentSmith HIDS – Host Based Intrusion Detection
AgentSmith HIDS is a powerful component of a Host-based Intrusion Detection system, it has anti-rootkit functionalities and is a very performant way to collect information about a host.
https://www.darknet.org.uk/2023/08/agentsmith-hids-host-based-intrusion-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chrome Sync privacy is still very bad
Five years ago I wrote an article about the shortcomings of Chrome Sync (as well as a minor issue with Firefox Sync). Now Chrome Sync has seen many improvements since then. So time seems right for me to revisit it and to see whether it respects your privacy now. Spoiler: No, it doesn't. It improved, but that's an improvement from outright horrible to merely very bad. The good news: today you can use Chrome Sync in a way that preserves your privacy. Google however isn't interested in helping you figure out how to do it. Contents The default flow The privacy-preserving flow What does Google do with your data? It could have been worse Comparison to Firefox Sync The default flow Chrome Sync isn't some obscure feature of Google Chrome. In fact, as of Chrome...
https://palant.info/2023/08/29/chrome-sync-privacy-is-still-very-bad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.2.0 feature version and 1.1.2, 1.0.3, 0.103.10 patch versions published
The ClamAV 1.2.0 feature release is now stable and available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub.Today, we are also publishing the 1.1.2, 1.0.3, and 0.103.10 security patch versions. You may be surprised about the impromptu patch release. Indeed, we just published patch versions earlier this month. Unfortunately, a recent CVE for the UnRAR* library has prompted us to prepare these additional updates. We strongly encourage everyone to upgrade to one of these versions. The release files for the patch versions are also available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub. Because ClamAV 1.2.0 is now the latest release, the release files for version 1.1.2 will be found under the...
http://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.1.1, 1.0.2, 0.103.9 patch versions published
Today, we are releasing the following critical patch versions for ClamAV: 1.1.1 1.0.2 0.103.9  ClamAV 0.105 and 0.104 have reached end-of-life according to the ClamAV's End of Life (EOL) policy and will not be patched.The release files are available for download on ClamAV.net, on the Github Release page, and through Docker Hub.Note: We observed an issue building ClamAV on Windows using the recently released libjson-c version 0.17. If you are building ClamAV for Windows, you should use libjson-c version 0.16 or prior. 1.1.1 ClamAV 1.1.1 is a critical patch release with the following fixes: CVE-2023-20197 Fixed a possible denial of service vulnerability in the HFS+ file parser. This issue affects versions 1.1.0, 1.0.1 through 1.0.0, 0.105.2 through 0.105.0,...
http://blog.clamav.net/2023/07/2023-08-16-releases.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MTE As Implemented, Part 1: Implementation Testing
By Mark Brand, Project ZeroBackground In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions). Through mid-2022 and early 2023, Project Zero had access to pre-production hardware implementing this instruction set extension to evaluate the security properties of the implementation. In particular, we're interested in whether it's possible to use this instruction set extension to implement effective security mitigations, or whether its use is limited to debugging/fault detection purposes. As of the v8.5a specification, MTE can operate in two distinct modes, which are switched between on a per-thread basis. The first mode is sync-MTE, where tag-check failure on a memory access will...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MTE As Implemented, Part 3: The Kernel
By Mark Brand, Project ZeroBackground In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions). In Part 1 we discussed testing the technical (and implementation) limitations of MTE on the hardware that we've had access to. In Part 2 we discussed the implications of this for mitigations built using MTE in various user-mode contexts. This post will now consider the implications of what we know on the effectiveness of MTE-based mitigations in the kernel context. To recap - there are two key classes of bypass techniques for memory-tagging based mitigations, and these are the following:Known-tag-bypasses - In general, confidentiality of tag values is key to the effectiveness...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-3-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why browser extension games need access to all websites
When installing browser extensions in Google Chrome, you are asked to confirm the extension's permissions. In theory, this is supposed to allow assessing the risk associated with an extension. In reality however, users typically lack the knowledge to properly interpret this prompt. For example, I've often seen users accusing extension developers of spying just because the prompt says they could. On the other hand, people will often accept these cryptic prompts without thinking twice. They expect the browser vendors to keep them out of harm's way, trust that isn't always justified [1] [2] [3]. The most extreme scenario here is casual games not interacting with the web at all, yet requesting access to all websites. I found a number of extensions that will abuse this power to hijack...
https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SMTP password ciphertext exposure in Log
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS / FortiProxy log events may allow a remote authenticated attacker to read certain passwords in ciphertext. Revised on 2024-10-22 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-22-455
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Another cluster of potentially malicious Chrome extensions
We've already seen Chrome extensions containing obfuscated malicious code. We've also seen PCVARK's malicious ad blockers. When looking for more PCVARK extensions, I stumbled upon an inconspicuous extension called “Translator - Select to Translate.” The only unusual thing about it were its reviews, lots of raving positive reviews mixed with usability complains. That, and the permissions: why does a translator extension need webRequest and webRequestBlocking permissions? When I looked into this extension, I immediately discovered a strange code block. Supposedly, it was buggy locale processing. In reality, it turned out to be an obfuscated malicious logic meant to perform affiliate fraud. That extension wasn't alone. I kept finding similar extensions until I had a list of 109 extensions,...
https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing PCVARK and their malicious ad blockers
It isn't news that the overwhelming majority of ad blockers in Chrome Web Store is either outright malicious or waiting to accumulate users before turning malicious. So it wasn't a surprise that the very first ad blocker I chose semi-randomly (Adblock Web with 700,000 users) turned out malicious. Starting from it, I found another malicious extension (Ad-Blocker, 700,000 users) and two more that have been removed from Chrome Web Store a year ago (BitSafe Adblocker and Adblocker Unlimited). All these ad blockers and probably some more were developed by the company PCVARK. According to Malwarebytes Labs, this company specializes in developing “potentially unwanted programs.” In other words: they show users warnings about alleged compromise, only to push them into installing their software....
https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

padre – Padding Oracle Attack Exploiter Tool
padre is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.
https://www.darknet.org.uk/2023/05/padre-padding-oracle-attack-exploiter-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue With IAM Supporting Multiple MFA Devices
Initial Publication Date: 04/25/2023 10:00AM EST A security researcher recently reported an issue with AWS's recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when the following three conditions were met: (1) An IAM user had possession of long-term access key (AK)/secret key (SK) credentials, (2) that IAM user had the privilege to add an MFA to their own identity without using an MFA, and (3) that IAM user's overall access privileges beyond console sign-in had been configured by an administrator to be greater after adding the MFA. Under those narrow conditions, possession of AK/SK alone was equivalent to possession of AK/SK and a previously configured MFA....
https://aws.amazon.com/security/security-bulletins/AWS-2023-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privacy Implications of Web 3.0 and Darknets
The evolution of the internet has been rapid over the years and has impacted the privacy implications of Web 3.0 and Darknets
https://www.darknet.org.uk/2023/03/privacy-implications-of-web-3-0-and-darknets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DataSurgeon – Extract Sensitive Information (PII) From Logs
DataSurgeon (ds) is a versatile tool designed to Extract Sensitive Information (PII) From Logs, it's intended to be used for incident response, penetration testing, and CTF challenges.
https://www.darknet.org.uk/2023/03/datasurgeon-extract-sensitive-information-pii-from-logs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap
Pwnagotchi is an A2C-based "AI" leveraging bettercap that learns from its surrounding WiFi environment to maximize crackable WPA key material it captures
https://www.darknet.org.uk/2023/02/pwnagotchi-maximize-crackable-wpa-key-material-for-bettercap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lessons Learned from Cybersecurity Mentoring
I suppose one could say that I’ve been doing this far too long, and I’ve gained some knowledge about how the cybersecurity industry works, and how people succeed or fail at the field. To give back to newcomers, I recently opened up a Calendly to do ad hoc career mentoring, in addition to the career… Read More Lessons Learned from Cybersecurity Mentoring
https://tisiphone.net/2023/01/03/lessons-learned-from-cybersecurity-mentoring/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HardCIDR – Network CIDR and Range Discovery Tool
HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test.
https://www.darknet.org.uk/2022/12/hardcidr-network-cidr-and-range-discovery-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Career Counseling Office Hours!
I now have some limited appointments for career counseling and resume discussion open for sign-ups. These sessions are free for college students and current enlisted military, and tip-what-you can for everyone else, if you feel my help was meaningful. You can sign up here: https://calendly.com/lesleycarhart Keep in mind that I can only review North American… Read More Career Counseling Office Hours!
https://tisiphone.net/2022/12/05/career-counseling-office-hours/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I've Moved to Mastodon!
Hi friends! I hope you’re having a wonderful Thanksgiving weekend (for the US folks), or a nice weekend regardless of location. I just wanted to drop a quick note to let you all know that from now on the best way to follow my daily social media posts, which include Q&As, cybersecurity news, and news… Read More I’ve Moved to Mastodon!
https://tisiphone.net/2022/11/26/ive-moved-to-mastodon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Podcast: Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Lesley Carhart | Episode 28
Via: https://www.itspmagazine.com/securing-bridges-podcast
https://tisiphone.net/2022/11/13/podcast-securing-bridges-a-live-stream-podcast-with-alyssa-miller-guest-lesley-carhart-episode-28/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Infosec Mastodon Lists!
Hi pals! I hear you like lists as folks migrate over to Mastodon. Here are some I will keep relatively updated you may find useful, just to track people down! If you want me to remove you for some reason, contact me by DM or email. You can import these lists in your Mastodon preferences… Read More Infosec Mastodon Lists!
https://tisiphone.net/2022/11/10/infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)

https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...] The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

(Podcast) ITSP – Martial Arts, Marksmanship, And ICS Cyber Incident Response | A Conversation With Lesley Carhart
https://itspmagazinepodcast.com/episodes/martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart-cy-beat-podcast-with-deb-radcliff-2dWkd8yh
https://tisiphone.net/2022/10/10/podcast-itsp-martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ASIS Article – Preparing for OT Incident Response
https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2022/october/Your-Cyber-Response-Plan-Needs-These-6-Components/ Cybersecurity incidents are no longer a matter of if, but when. Building a good strategy and architecture to deter intrusions is incredibly important in reducing the frequency and severity of incidents, but there is no scenario where any organization is totally immune. That means that every organization must have a plan for what they… Read More ASIS Article – Preparing for OT Incident Response
https://tisiphone.net/2022/10/10/asis-article-preparing-for-ot-incident-response/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Other similar tools check username availability by requesting the profile page of the username in question and based on […]
https://www.darknet.org.uk/2022/04/socialscan-command-line-tool-to-check-for-email-and-social-media-username-usage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis

https://malwaretech.com/2022/04/video-exploiting-windows-rpc-cve-2022-26809-explained-patch-analysis.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks […]
https://www.darknet.org.uk/2022/01/cfripper-cloudformation-security-scanning-audit-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...] The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently. At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning […]
https://www.darknet.org.uk/2022/01/credninja-test-credential-validity-of-dumped-credentials-or-hashes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...] The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...] The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ask Lesley: How Much Should SOC Work Suck?
“Dear Lesley, I’ve been in a MSSP Security Operations Center (SOC) for a few months as my first cybersecurity job. The work is monotonous, I have access to only a few SIEM tools, and most of what I do is handle repetitive tickets for a ton of customers all by myself on awkward shifts. I… Read More Ask Lesley: How Much Should SOC Work Suck?
https://tisiphone.net/2021/09/22/ask-lesley-how-much-should-soc-work-suck/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The three most important AWS WAF rate-based rules
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reasonable IR Team Expectations
With the surplus of ransomware attacks consistently increasing, I have unfortunately witnessed another increase – in shoddy and predatory cybersecurity incident response firms with good SEO taking advantage of victims. In some cases this may be opportunistic, and in others simply a side effect of the shortage of senior and principal level incident responders in… Read More Reasonable IR Team Expectations
https://tisiphone.net/2021/05/11/reasonable-ir-team-expectations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ask Lesley: From Ops to DFIR, a Tough Transition
Lesley, I am having the hardest time getting my foot in the door in an investigative role. I have spent almost 4 years at the same job, in the same role, and cannot find a way to transition out of the operations side of the house. I went into operations with the intent of doing… Read More Ask Lesley: From Ops to DFIR, a Tough Transition
https://tisiphone.net/2021/03/19/ask-lesley-from-ops-to-dfir-a-tough-transition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […] The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […] The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […] The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […] The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […] The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […] The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […] The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […] The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […] The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […] The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...] The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...] The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...] The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...] The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...] The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...] The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)