L'Actu de la presse spécialisée

Pas d'actualité

Soutenez No Hack Me sur Tipeee

L'Actu de la veille (Presse spécialisée)

Widespread Microsoft Entra lockouts tied to new security feature rollout
Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. [...]
https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Android SuperCard X Malware Employs NFC-Relay Technique for Fraudulent POS & ATM Withdrawals
A sophisticated Android malware campaign dubbed ‘SuperCard X’ has emerged as a significant threat to financial institutions and cardholders worldwide. This new malicious software employs an innovative Near-Field Communication (NFC) relay technique that enables attackers to fraudulently authorize Point-of-Sale (POS) payments and perform Automated Teller Machine (ATM) withdrawals by intercepting and relaying NFC communications from […] The post New Android SuperCard X Malware Employs NFC-Relay Technique for Fraudulent POS & ATM Withdrawals appeared first on Cyber Security News.
https://cybersecuritynews.com/new-android-supercard-x-malware-employs-nfc-relay-technique/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New SheByte PaaS Offering 9 Subscription for Cyber Criminals
In the wake of LabHost’s shutdown in April 2024, a new player has emerged in the Phishing-as-a-Service (PhaaS) landscape, positioning itself as the heir apparent to the once-dominant platform. SheByte, which officially branded its services on Telegram in May 2024 before fully launching in mid-June, has quickly carved out a significant portion of the Canadian […] The post New SheByte PaaS Offering 9 Subscription for Cyber Criminals appeared first on Cyber Security News.
https://cybersecuritynews.com/new-shebyte-paas-offering-199-subscription/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attackers exploited SonicWall SMA appliances since January 2025
Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025. The vulnerability is an OS Command […]
https://securityaffairs.com/176706/security/attackers-exploited-sonicwall-sma-appliances-since-january-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Which AI Model Should You Use? (Check Benchmarks)
Read the most common benchmark scores for AI model accuracy then choose one that fits your needs.
https://hackernoon.com/which-ai-model-should-you-use-check-benchmarks?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Look at How We Illustrate and Visualize Tech and AI: Plain Text Zine
Our hope is to use illustration to hold PEOPLE and the decisions they've made through AI and other forms of technology accountable.
https://hackernoon.com/a-look-at-how-we-illustrate-and-visualize-tech-and-ai-plain-text-zine?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reality Is Flexible: You Just Have to Believe
Most people live as if the world is fixed. They accept circumstances as "just the way things are" They believe systems are too entrenched to change. They see barriers as permanent rather than temporary. This mindset is the single biggest limitation keeping you from creating the life, business, and impact you're capable of.
https://hackernoon.com/reality-is-flexible-you-just-have-to-believe?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The HackerNoon Newsletter: Where Were You When the World Shut Down? I Was on BreachForums. (4/19/2025)
How are you, hacker? 🪐 What's happening in tech today, April 19, 2025? The HackerNoon Newsletter brings the HackerNoon homepage straight to your inbox. On this day, we present you with these top quality stories. Where Were You When the World Shut Down? I Was on BreachForums. By @blackheart [ 6 Min read ] It was just another scroll through the usual: freshly dumped data, stolen credentials, drama between low-tier skids and ego-filled “veterans,” and whispers of b Read More. 🧑‍💻 What happened in your world this week? ...
https://hackernoon.com/4-19-2025-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Where Were You When the World Shut Down? I Was on BreachForums.
The FBI seized the most recent BreachForums clearnet site along with its onion site and the associated Telegram. The site was shut down and the domain seized on May 15, 2024, though the domain was back under the owner's control just hours later. The FBI is examining the site's backend to identify members.
https://hackernoon.com/where-were-you-when-the-world-shut-down-i-was-on-breachforums?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Evaluating TnT-LLM: Automatic, Human, and LLM-Based Assessment
Explore our evaluation suite for TnT-LLM, using automatic metrics, human ratings, and LLM-based assessments to validate its performance.
https://hackernoon.com/evaluating-tnt-llm-automatic-human-and-llm-based-assessment?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

openSUSE: 2025:15010-1 moderate: ffmpeg-6-6.1.2-3.1 security issue

https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15010-1-moderate-ffmpeg-6-6-1-2-3-1-9fckj0fszo8q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Agents Need To Come With An Emergency Button
A new AI agent, Manus, is getting raving reviews. The startup Monica gave him early access to Manus AI with plenty of free credits to play around with the AI agent.
https://hackernoon.com/ai-agents-need-to-come-with-an-emergency-button?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Android malware steals your credit cards for NFC relay attacks
A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. [...]
https://www.bleepingcomputer.com/news/security/supercard-x-android-malware-use-stolen-cards-in-nfc-relay-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Have The Last Word Against Ransomware with Immutable Backup
With incidences of ransomware on the rise, nobody should even be thinking that an attack is something that couldn't happen to them, let alone speak those words into existence. And... The post Have The Last Word Against Ransomware with Immutable Backup appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/have-the-last-word-against-ransomware-with-immutable-backup-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Gorilla Android Malware Intercept SMS Messages to Steal OTPs
A sophisticated new Android malware strain called “Gorilla” has emerged in the cybersecurity landscape, specifically designed to intercept SMS messages containing one-time passwords (OTPs). This malicious software operates stealthily in the background, exploiting Android’s permission system to gain access to sensitive information on infected devices. Initial analysis suggests that Gorilla primarily targets banking customers and […] The post New Gorilla Android Malware Intercept SMS Messages to Steal OTPs appeared first on Cyber Security News.
https://cybersecuritynews.com/new-gorilla-android-malware-intercept-sms-messages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 Best Patch Management Tools 2025
In today’s digital landscape, maintaining secure and efficient IT systems is critical for organizations. Patch management tools play a vital role in achieving this by automating the process of identifying, testing, and deploying software updates and security patches across various devices and applications. These tools help mitigate vulnerabilities, improve system performance, and ensure compliance with […] The post 10 Best Patch Management Tools 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/best-patch-management-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 Best Cloud Security Solutions 2025
In today's digital era, businesses are increasingly adopting cloud computing to store data, run applications, and manage infrastructure. However, as organizations shift to the cloud, they face new security challenges such as cyber threats, data breaches, and compliance risks. This is where cloud security solutions come into play. These solutions are designed to protect sensitive […] The post 10 Best Cloud Security Solutions 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/best-cloud-security-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns
Security researchers have identified a concerning trend in the cyber threat landscape as state-sponsored hackers from multiple countries have begun adopting a relatively new social engineering technique called “ClickFix” in their espionage operations. The technique, which emerged in early March 2024 in cybercriminal circles, has rapidly gained popularity among advanced persistent threat (APT) groups due […] The post State Sponsored Hackers Now Widely Using ClickFix Attack Technique in Espionage Campaigns appeared first on Cyber Security News.
https://cybersecuritynews.com/state-sponsored-hackers-now-widely-using-clickfix-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Debian 11 bullseye: DLA-4131-1 moderate: Zabbix remote code execution
Several security vulnerabilities have been discovered in zabbix, a network monitoring solution, potentially among other effects allowing denial of service, information disclosure or remote code inclusion.
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-4131-1-zabbix-security-update-ku3wrtwbhf0y
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. [...]
https://www.bleepingcomputer.com/news/security/public-exploits-released-for-critical-erlang-otp-ssh-flaw-patch-now/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Limitations Placed on DOGE's Access to Private Social Security Information
A federal judge has issued a preliminary injunction that significantly limits the Department of Government Efficiency’s (DOGE) access to sensitive Social Security Administration (SSA) data. The ruling, handed down yesterday, found that the government had provided DOGE with access to this private information without a sufficient legal basis. The court order requires DOGE to immediately […] The post New Limitations Placed on DOGE’s Access to Private Social Security Information appeared first on Cyber Security News.
https://cybersecuritynews.com/restrictions-imposed-to-doge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multi-channel Secure Communication
1.1 Emerging Cybersecurity Technologies As we move into 2025, AI and machine learning are expected to play an even larger role in cybersecurity. These technologies will be used to enhance... The post Multi-channel Secure Communication appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/multi-channel-secure-communication/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese Hackers Exploit Ivanti Connect Secure Flaw to Gain Unauthorized Access
In a sophisticated cyber-espionage operation, a group known as UNC5221, suspected to have China-nexus, has exploited a critical vulnerability in Ivanti Connect Secure VPN appliances. The exploit, identified as CVE-2025-22457, represents a stack-based buffer overflow affecting multiple Ivanti products, including Policy Secure and Zero Trust Access gateways. A Critical Flaw Initially Underestimated CVE-2025-22457 was initially […] The post Chinese Hackers Exploit Ivanti Connect Secure Flaw to Gain Unauthorized Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/hackers-exploit-ivanti-connect-secure-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SheByte PaaS Launches 9 Subscription Service for Cybercriminals
The landscape of cyber threats targeting Canadian financial institutions saw significant shifts after LabHost, a prominent phishing-as-a-service (PhaaS) platform, was shut down. LabHost, known for its extensive Interac-branded phishing kits, was responsible for around three-fourths of such phishing attempts. Its sudden closure led to a halving of phishing attacks against Canadian banks in the subsequent […] The post SheByte PaaS Launches 9 Subscription Service for Cybercriminals appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/shebyte-phishing-as-a-service/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gorilla Android Malware Intercepts SMS to Steal One-Time Passwords
In a concerning development within the Android ecosystem, a new malware variant known as “Gorilla” has been identified, primarily targeting financial and personal information through SMS interception. Written in Kotlin, Gorilla appears to be in its developmental infancy, yet it already showcases sophisticated mechanisms for evasion, persistence, and data extraction. Gorilla’s code lacks obfuscation and […] The post Gorilla Android Malware Intercepts SMS to Steal One-Time Passwords appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/gorilla-android-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Warns of Ransomware Gangs Exploit Cloud Environments with New Techniques
In a comprehensive analysis of the ransomware landscape in the first quarter of 2025, Microsoft Threat Intelligence has highlighted significant shifts in tactics by threat actors, marking a strategic evolution in their operations. The analysis reveals a growing trend where ransomware groups are not only expanding their attack vectors but also targeting cloud environments with […] The post Microsoft Warns of Ransomware Gangs Exploit Cloud Environments with New Techniques appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/ransomware-gangs-exploit-cloud-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Maryam - Open-source Intelligence(OSINT) Framework
OWASP Maryam is a modular open-source framework based on OSINT and data gathering. It is designed to provide a robust environment to harvest data from open sources and search engines quickly and thoroughly. Installation Supported OS Linux FreeBSD Darwin OSX $ pip install maryam Alternatively, you can install the latest version with the following command (Recommended): pip install git+https://github.com/saeeddhqan/maryam.git Usage # Using dns_search. --max means all of resources. --api shows the results as json.# .. -t means use multi-threading.maryam -e dns_search -d ibm.com -t 5 --max --api --form # Using youtube. -q means querymaryam -e youtube -q "<QUERY>"maryam -e google -q "<QUERY>"maryam -e dnsbrute -d domain.tld# Show framework modulesmaryam -e show modules#...
http://www.kitploit.com/2025/04/maryam-open-source-intelligenceosint.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Gemini AI is getting ChatGPT-like Scheduled Actions feature
Google Gemini is testing a ChatGPT-like scheduled tasks feature called "Scheduled Actions," which will allow you to create tasks that Gemini will execute later. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/google-gemini-ai-is-getting-chatgpt-like-scheduled-actions-feature/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Companies Can Safeguard Against the Next Wave of Ransomware
Ransomware is not retreating it’s evolving. Once a niche cybercrime, ransomware has become a multibillion-dollar global threat that disrupts hospitals, banks, factories, and governments. In 2025, the threat continues to grow in scope and intensity, primarily driven by the ransomware-as-a-service (RaaS) model. This “franchise” structure enables technically unskilled actors to launch complex attacks by renting […] The post How Companies Can Safeguard Against the Next Wave of Ransomware appeared first on Cyber Security News.
https://cybersecuritynews.com/how-companies-can-safeguard-against-the-next-wave-of-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Warns of Ransomware Exploiting Cloud Environments with New Techniques
Microsoft has issued an alert regarding sophisticated ransomware attacks targeting hybrid cloud environments in Q1 2025. These attacks exploit vulnerabilities at the intersection of on-premises infrastructure and cloud services, challenging organizations with hybrid configurations. In a significant shift, North Korean state actor Moonstone Sleet has deployed Qilin ransomware in targeted attacks. This marks their first […] The post Microsoft Warns of Ransomware Exploiting Cloud Environments with New Techniques appeared first on Cyber Security News.
https://cybersecuritynews.com/microsoft-warns-of-ransomware-exploiting-cloud-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The TechBeat: INSANE One-click MCP AI Agent Hits the Market (4/19/2025)
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ## I Blew €400 on Cursor — Here's What I Learned So You Don't Have To By @techbyadam [ 3 Min read ] Building software with Cursor is super fast, and you should definitely use it. However, there are some downsides. Read More. Google A2A - a First Look at Another Agent-agent Protocol By @zbruceli [ 5 Min read ] Google A2A - a first look at another agent-agent protocol and compared to Anthropic's MCP. Read More. Claude Desktop + MCP Quietly Transformed my Product Thinking By @asitsahoo [ 3 Min read ] Discover how Claude Desktop with MCP tools eliminated digital fragmentation, enabling...
https://hackernoon.com/4-19-2025-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How SMBs Can Improve SOC Maturity With Limited Resources
Small and Medium-sized Businesses (SMBs) have become prime targets for cybercriminals, being three times more likely to be targeted by phishing attacks than larger organizations. These attacks often serve as entry points for ransomware infections that can devastate operations. As cyber threats grow increasingly sophisticated and frequent, implementing an effective Security Operations Center (SOC) has […] The post How SMBs Can Improve SOC Maturity With Limited Resources appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/how-smbs-can-improve-soc-maturity-with-limited-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Actively Exploiting Critical Exchange & SharePoint Server Vulnerabilities
Microsoft has warned organizations worldwide that threat actors are ramping up their exploitation of critical vulnerabilities in on-premises Exchange Server and SharePoint Server. These attacks, observed in recent months, have enabled cybercriminals to gain persistent and privileged access to targeted environments, leading to remote code execution, lateral movement, and the exfiltration of sensitive data. While […] The post Hackers Actively Exploiting Critical Exchange & SharePoint Server Vulnerabilities appeared first on Cyber Security News.
https://cybersecuritynews.com/exchange-sharepoint-server-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Markup Wants to Investigate Companies Like Axon That Expand Their Reach With Public Dollars
These interests meet in my first story for The Markup: a juicy look at Axon's seemingly ongoing plans to develop Taser-equipped drones as a response to mass shootings
https://hackernoon.com/the-markup-wants-to-investigate-companies-like-axon-that-expand-their-reach-with-public-dollars?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille (Presse)

Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia - Hackread
Her expertise and in-depth analysis make her a key contributor to the platform's trusted coverage. View Posts · China · Cyber Attack · Cybersecurity ...
https://hackread.com/chinese-apt-ironhusky-mysterysnail-rat-russia/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q1 2025 Global Cyber Attack Report from Check Point Software: Africa most targeted region in an
Cyber attack Surge: In Q1 2025, cyber attacks per organisation increased by 47%, reaching an average of 1,925 weekly attacks. Regional Attack Growth: ...
http://businessghana.com/site/news/technology/326577/Q1-2025-Global-Cyber-Attack-Report-from-Check-Point-Software:-Africa-most-targeted-region-in-an-...
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cozy Bear's Wine Lure Drops WineLoader Malware on EU Diplomats - Hackread
Her expertise and in-depth analysis make her a key contributor to the platform's trusted coverage. View Posts · APT29 · Cozy Bear · Cyber Attack ...
https://hackread.com/cozy-bear-wine-lure-wineloader-malware-eu-diplomats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The mistake made by most companies that suffer from cyber attacks - Ruetir
The cyber attack times. In addition to discovering that the percentage of companies that do not pay attention to multifactor authentication has ...
https://www.ruetir.com/2025/04/19/the-mistake-made-by-most-companies-that-suffer-from-cyber-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Three injured in Russian missile strike on Kyiv, Ukraine says - MSN
Apple urges users to update their devices following 'cyber-attack' ... Apple urges users to update their devices following 'cyber-attack' playIndicator.
https://www.msn.com/en-gb/war-and-conflicts/military/three-injured-in-russian-missile-strike-on-kyiv-ukraine-says/ar-AA1CnfIh%3Focid%3DTobArticle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'Fake Christian with Hindu wife'; Second lady Usha Vance faces vile cyber attack - WORLD
'Fake Christian with Hindu wife'; Second lady Usha Vance faces vile cyber attack ... WASHINGTON: US Vice President J.D. Vance drew flak and ridicule for ...
https://keralakaumudi.com/en/news/news.php%3Fid%3D1519666%26u%3D
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Nippon mutual fund website down for over a week following cyberattack - DoonWire
In a stock exchange filing dated April 10, the company confirmed, “There has been an incident involving a cyber attack on our IT infrastructure late ...
https://doonwire.com/category/news/nippon-mutual-fund-website-down-for-over-a-week-following-cyberattack-2025041905
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Android SuperCard X Malware Uses NFC-Relay Technique for POS & ATM Transactions
Home · Threats · Cyber Attack · Data Breach · Vulnerability · What is · DFIR · Top 10. Search. Follow us On Linkedin · HomeCyber Security NewsNew ...
https://gbhackers.com/new-android-supercard-x-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

UK law firm fined £60000 for cybersecurity breach exposing confidential data
Merseyside-based DPP Law Ltd. faced a £60000 fine from the UK's Information Commissioner's Office after a cyber attack exposed sensitive personal ...
https://legal.economictimes.indiatimes.com/news/international/uk-law-firm-fined-60000-for-cybersecurity-breach-exposing-confidential-data/120432509
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Hunt Web And Network-Based Threats From Packet Capture To Payload
gbhackers. Home · Threats · Cyber Attack · Data Breach · Vulnerability · What is · DFIR · Top 10. Search. Follow us On Linkedin · HomeCISOHow To Hunt ...
https://gbhackers.com/how-to-hunt-web-and-network-based-threats-from-packet-capture-to-payload/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BRS demands probe into discrepancies in Group-I exam. - Hyderabad News
Was there any cyber attack to change the merit list?” he questioned. He also raised doubts over awarding marks in a suspicious pattern. The BRS ...
https://www.en.etemaaddaily.com/world/hyderabad/brs-demands-probe-into-discrepancies-in-group-i-exam:174010
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Interview with Nicola Buonanno of Chainalysis on Crypto Crime 2025 - The Cryptonomist
In fact, in February, the cryptocurrency sector was shaken by a serious cyber attack against Bybit, which resulted in a loss of nearly 1.5 billion ...
https://en.cryptonomist.ch/2025/04/19/interview-with-nicola-buonanno-from-chainalysis-on-crypto-crime-2025-crime-evolves-but-so-does-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

How to Implementing SOAR To Reduce Incident Response Time Effectively
In the modern digital landscape, organizations are constantly challenged by an ever-increasing volume of security alerts, sophisticated cyber threats, and the ongoing shortage of skilled cybersecurity professionals. Security Orchestration, Automation, and Response (SOAR) platforms have emerged as a transformative solution to these challenges, enabling security teams to unify tools, automate repetitive processes, and respond to […] The post How to Implementing SOAR To Reduce Incident Response Time Effectively appeared first on Cyber Security News.
https://cybersecuritynews.com/how-to-implementing-soar-to-reduce-incident-response-time-effectively/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Prioritize Threat Intelligence Alerts In A High-Volume SOC
In today’s rapidly evolving cyber threat landscape, Security Operations Centers (SOCs) face an unprecedented challenge: efficiently managing and prioritizing the overwhelming volume of security alerts they receive daily. SOC analysts often can’t read and respond to a significant portion of the alerts they see every day. This article explores practical strategies and frameworks for prioritizing […] The post How To Prioritize Threat Intelligence Alerts In A High-Volume SOC appeared first on Cyber Security News.
https://cybersecuritynews.com/how-to-prioritize-threat-intelligence-alerts-in-a-high-volume-soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Detect Obfuscated Malware That Evades Static Analysis Tools
Obfuscated malware presents one of the most challenging threats in cybersecurity today. As static analysis tools have become standard components of security defenses, malware authors have responded by developing increasingly sophisticated obfuscation techniques that can bypass these conventional detection methods. These evasion tactics make malicious code difficult to discover and analyze without changing its functionality. […] The post How To Detect Obfuscated Malware That Evades Static Analysis Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/how-to-detect-obfuscated-malware-that-evades-static-analysis-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Could Ransomware Survive Without Cryptocurrency?
Threat actors would be at least temporarily derailed, experts say. But the real issue ladders back to organizations' weak cyber hygiene.
https://www.darkreading.com/cyber-risk/ransomware-would-adapt-without-cryptocurrency
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Debian DLA-4130-1 Urgent: Shadow Login Tools Vulnerability Fix Released
Several vulnerabilities were discovered in the shadow suite of login tools. An attacker may extract a password from memory in limited situations, and confuse an administrator inspecting /etc/passwd from within a terminal.
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-4130-1-shadow-security-update-fjra2uppy1w8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ASUS routers with AiCloud vulnerable to auth bypass exploit
ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vulnerability, tracked as CVE-2025-2492 (CVSS v4 score: 9.2), which impacts routers with AiCloud enabled. A remote attacker can trigger the flaw to perform unauthorized execution of functions on the […]
https://securityaffairs.com/176697/security/asus-warns-of-a-router-authentication-bypass-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BYDFi Officially Launches On-Chain Trading Tool MoonX, Ushering In The Era Of CEX + DEX Dual Engines
MoonX is an on-chain smart trading tool designed specifically for MemeCoin investors. Features such as hot trend discovery, risk screening, smart money following, and trade optimization. Launch of MoonX marks BYDFi's official entry into the "Dual Engine Era" of both Centralized Exchange (CEX) and Decentralized exchange (DEX)
https://hackernoon.com/bydfi-officially-launches-on-chain-trading-tool-moonx-ushering-in-the-era-of-cex-dex-dual-engines?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWWA Supports Introduction of Collaborative Cybersecurity Legislation

https://www.darkreading.com/ics-ot-security/awwa-introduction-cybersecurity-legislation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Organizations Fix Less Than Half of All Exploitable Vulnerabilities, With Just 21% of GenAI App Flaws Resolved

https://www.darkreading.com/application-security/organizations-fix-less-than-half-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Slackware 15.0: 2025-108-01 critical: libxml2 heap buffer overflow
New libxml2 packages are available for Slackware 15.0 and -current to fix security issues.
https://linuxsecurity.com/advisories/slackware/slackware-2025-108-01-libxml2-hzdhx8twbsel
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025's Top OSINT Tools: A Fresh Take on Open-Source Intel
Check out the top OSINT tools of 2025, an updated list featuring the best free and paid open-source…
https://hackread.com/2025-top-osint-tools-take-on-open-source-intel/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attackers and Defenders Lean on AI in Identity Fraud Battle
Identity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire.
https://www.darkreading.com/cyber-risk/fraudsters-increasingly-use-ai-companies-look-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Interlock ransomware gang pushes fake IT tools in ClickFix attacks
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. [...]
https://www.bleepingcomputer.com/news/security/interlock-ransomware-gang-pushes-fake-it-tools-in-clickfix-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese APT Mustang Panda Debuts 4 New Attack Tools
The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.
https://www.darkreading.com/cloud-security/chinese-apt-mustang-panda-4-attack-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Integration of AI in Blockchain-Based Gambling Platforms
AI is reshaping blockchain casinos by personalizing gameplay, enhancing security, and promoting responsible gambling. It detects cheating, automates customer support, and even powers immersive VR experiences. For casinos, AI boosts player engagement, increases revenue, and strengthens fraud prevention—making it a game-changer for the industry.
https://hackernoon.com/the-integration-of-ai-in-blockchain-based-gambling-platforms?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Risks Associated with Adoption of Generative AI Tools
As artificial intelligence (AI) continues to revolutionize the business landscape, midsized organizations find themselves at a crossroads, balancing the transformative potential of AI against the heightened risks it introduces. While... The post Cyber Risks Associated with Adoption of Generative AI Tools appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/cyber-risks-associated-with-adoption-of-generative-ai-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limits
OpenAI has launched three new reasoning models - o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it turns out, these models do not offer 'unlimited' usage. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/openai-details-chatgpt-o3-o4-mini-o4-mini-high-usage-limits/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How AI Monetizes Your Preferences – Insights from Product Manager Timofey Popov
AI is revolutionizing monetization through personalization, dynamic pricing, and predictive analytics. Product Manager Timofey Popov shares insights from his work with McDonald's, SberMarket, and a global marketplace, where AI helped increase revenue, user retention, and engagement. This shift marks a new era of intelligent, user-focused digital monetization.
https://hackernoon.com/how-ai-monetizes-your-preferences-insights-from-product-manager-timofey-popov?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI: Scammers pose as FBI IC3 employees to 'help' recover lost funds
The FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other scammers. [...]
https://www.bleepingcomputer.com/news/security/fbi-scammers-pose-as-fbi-ic3-employees-to-help-recover-lost-funds/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ASUS warns of critical auth bypass flaw in routers using AiCloud
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. [...]
https://www.bleepingcomputer.com/news/security/asus-warns-of-critical-auth-bypass-flaw-in-routers-using-aicloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 reasons to not miss Sonatype at RSAC 2025
RSA Conference (RSAC) brings together cybersecurity practitioners from across the globe to learn about the latest cybersecurity defense strategies and tools, connect with industry peers, and share knowledge about the threat landscape.
https://www.sonatype.com/blog/5-reasons-to-not-miss-sonatype-at-rsac-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Text scams grow to steal hundreds of millions of dollars
Text scams come in many forms and are an ever increasing threat doing an awful lot of financial, and other, damage
https://www.malwarebytes.com/blog/news/2025/04/text-scams-grow-to-steal-hundreds-of-millions-of-dollars
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

openSUSE Tumbleweed: MozillaFirefox 137.0.2-1.1 moderate: security update

https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15005-1-moderate-mozillafirefox-137-0-2-1-1-f3yyoftlzx8h
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

openSUSE Tumbleweed: 2025:15006-1 moderate: argocd-cli-2.14.10-1.1

https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15006-1-moderate-argocd-cli-2-14-10-1-1-b3iqggnodqbh
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA Weighs In on Alleged Oracle Cloud Breach
The agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers.
https://www.darkreading.com/cloud-security/cisa-alleged-oracle-cloud-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SonicWall SMA VPN devices targeted in attacks since January
A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. [...]
https://www.bleepingcomputer.com/news/security/sonicwall-sma-vpn-devices-targeted-in-attacks-since-january/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Wrap-Up 04/18/2025
Smaller Fetch Payloads This week, a significant enhancement was made to the already awesome fetch payload feature by our very own bwatters-r7. The improvement introduces a new option, PIPE_FETCH, which optimizes the process by serving both the payload and the command to be executed simultaneously. This enhancement directly addresses
https://blog.rapid7.com/2025/04/18/metasploit-wrap-up-04-18-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

If Boards Don't Fix OT Security, Regulators Will
Around the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won't drive up security maturity for operational technology unless they're made to.
https://www.darkreading.com/ics-ot-security/boards-fix-ot-security-regulators
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese hackers target Russian govt with upgraded RAT malware
Chinese-speaking IronHusky hackers are targeting Russian and Mongolian government organizations using upgraded MysterySnail remote access trojan (RAT) malware. [...]
https://www.bleepingcomputer.com/news/security/chinese-hackers-target-russian-govt-with-upgraded-rat-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

7 Steps to Take After a Credential-Based cyberattack
Hackers don't break in—they log in. Credential-based attacks now fuel nearly half of all breaches. Learn how to scan your Active Directory for compromised passwords and stop attackers before they strike. [...]
https://www.bleepingcomputer.com/news/security/7-steps-to-take-after-a-credential-based-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple Zero-Days Under 'Sophisticated Attack,' but Details Lacking
The technology giant said two zero-day vulnerabilities were used in attacks on iOS devices against "specific targeted individuals," which suggests spyware or nation-state threat activity.
https://www.darkreading.com/vulnerabilities-threats/apple-zero-days-sophisticated-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux 6.15-rc2 Security Advisory: x86 Patches for Spectre RSB
The latest round of x86 fixes was recently implemented in Linux 6.15-rc2 as several critical patches to increase mitigation against the Spectre Return Stack Buffer (RSB) vulnerability. Not only have these updates refined handling of this perplexing security flaw, but a comprehensive new document gives a full picture of current mitigations being taken. Spectre exploits modern CPU speculative execution to leak sensitive information via Return Stack Buffer leakage.
https://linuxsecurity.com/news/security-projects/x86-fixes-linux-6-15-rc2-spectre-rsb-mitigations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Welcome to TruffleHog Explorer, a user-friendly web-based tool to visualize and analyze data extracted using TruffleHog. TruffleHog is one of the most powerful secrets discovery, classification, validation, and analysis open source tool. In this context, a secret refers to a credential a machine uses to authenticate itself to another machine. This includes API keys, database passwords, private encryption keys, and more. With an improved UI/UX, powerful filtering options, and export capabilities, this tool helps security professionals efficiently review potential secrets and credentials found in their repositories. ⚠️ This dashboard has been tested only with GitHub TruffleHog JSON outputs. Expect updates soon to support additional formats and platforms. You can use online version...
http://www.kitploit.com/2025/04/trufflehog-explorer-user-friendly-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

YouTube Marketing Lesson From RSA Conference 2025
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story from RSA Conference Sausalito, Calif. – Apr. 18, 2025 Cybersecurity Ventures recently asked AI “Why use YouTube for marketing?” and it replied “YouTube is a powerful marketing tool because of its The post YouTube Marketing Lesson From RSA Conference 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/youtube-marketing-lesson-from-rsa-conference-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GNOME 48.1 Released with Bug Fixes & Improvements
The GNOME Project recently rolled out GNOME 48.1 , the first maintenance update for the GNOME 48 ''Bengaluru'' desktop environment series. This update will soon be available in the stable software repositories of various popular GNU/Linux distributions.
https://linuxsecurity.com/news/desktop-security/gnome-48-1-bug-fixes-improvements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco Webex bug lets hackers gain code execution via meeting links
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. [...]
https://www.bleepingcomputer.com/news/security/cisco-webex-bug-lets-hackers-gain-code-execution-via-meeting-links/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions of the flaws: This week Apple released out‑of‑band […]
https://securityaffairs.com/176687/hacking/u-s-cisa-adds-apple-products-and-microsoft-windows-ntlm-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 December 2024 Cyber Attacks Timeline
In the second timeline of December 2024, I collected 94 events with a threat landscape dominated by malware with...
https://www.hackmageddon.com/2025/04/18/16-31-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Ultimate Guide to WAF Bypass Using SQLMap, Proxychains & Tamper Scripts
Mastering Advanced SQLMap Techniques with Proxychains and tamper scripts Against Cloudflare and ModSecurityContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/waf-bypass-masterclass-using-sqlmap-with-proxychains-and-tamper-scripts-against-cloudflare-9d46b36bae94?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burp Suite Beyond Basics: Hidden Features That Save Time and Find More Bugs
📌Free Article LinkContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/burp-suite-beyond-basics-hidden-features-that-save-time-and-find-more-bugs-19f15bb3bcc3?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your NTLM Hashes at Risk: Inside CVE‑2025‑24054
NTLM (New Technology LAN Manager) is Microsoft’s legacy authentication suite, still found in many enterprise environments. NTLMv2 improves…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/your-ntlm-hashes-at-risk-inside-cve-2025-24054-171d8600f5dc?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TryHackMe: Pickle Rick Walkthrough
“Because science, Morty.”Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/tryhackme-pickle-rick-walkthrough-3f4d57872ce8?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Entertainment venue management firm Legends International disclosed a data breach
Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues. Legends International is a global leader in sports and entertainment venue management, specializing in delivering comprehensive solutions for stadiums, arenas, and attractions. The company offers a 360-degree service platform that includes strategic planning, sales, partnerships, hospitality, merchandise, […]
https://securityaffairs.com/176674/data-breach/legends-international-disclosed-a-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Obfuscation Isn't a Fix, And It Cost Them ,500 — A Real-World Case Study
Obfuscation Isn't a Fix, And It Cost Them ,500 — A Real-World Case StudyChallenge AcceptedA while ago, I performed a penetration test on a major web application owned by one of my clients. During the assessment, I identified several critical vulnerabilities. Although these flaws weren't easy to find — they required in-depth analysis and carefully crafted requests — they posed a serious risk to the platform's integrity and user data.Given the severity of the findings, I expected the development and management teams to prioritize proper remediation. But instead, they chose a different path.Rather than fixing the underlying security issues, they decided to encrypt the entire body of each HTTP request— for example, encrypting login credentials or parameter values — in...
https://infosecwriteups.com/obfuscation-isnt-a-fix-and-it-cost-them-2-500-a-real-world-case-study-5a2fd65c6b4f?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ResolverRAT: A Sophisticated Threat Targeting Healthcare and Pharma
he healthcare and pharmaceutical sectors are prime targets for cybercriminals due to their sensitive data and critical infrastructure. In…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/resolverrat-a-sophisticated-threat-targeting-healthcare-and-pharma-78d761a8bacf?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVSS 10.0 Critical Vulnerability in Erlang/OTP's SSH: Unauthenticated Remote Code Execution Risk
A critical security vulnerability (CVE-2025–32433) with a CVSS score of 10.0Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/cvss-10-0-critical-vulnerability-in-erlang-otps-ssh-unauthenticated-remote-code-execution-risk-1321fa3e570d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automating GraphQL Bug Bounty Hunting with GrapeQL
Source: https://portswigger.net/web-security/graphqlOverviewWhat if you had a tool that could detect Remote Code Execution (RCE) in a vulnerable GraphQL application, provide a full suite of automated security tests, and generate a comprehensive report? Enter GrapeQL, a purpose-built security testing tool for modern GraphQL-based applications. GrapeQL goes beyond traditional tools by addressing the unique architecture of GraphQL without relying on a plethora of separate tools.GrapeQL can fingerprint GraphQL servers, perform introspection queries to gather detailed API metadata, and conduct tests for CSRF, command injection, SQL injection, and multiple types of denial-of-service (DoS) attacks. In fact, GrapeQL has already proven its value in a real-world bug bounty scenario, where it uncovered...
https://infosecwriteups.com/automating-graphql-bug-bounty-hunting-with-grapeql-e1e874f11c7c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

CISA Urges Action on Potential Oracle Cloud Credential Compromise
Following reports of unauthorized access to a legacy Oracle cloud environment, CISA warns of potential credential compromise leading…
https://hackread.com/cisa-urges-action-oracle-cloud-credential-compromise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Publisher's Spotlight: Veriti
By Gary S. Miliefsky, Publisher, Cyber Defense Magazine Transforming Exposure Management with Safe, Automated Remediation Organizations today invest heavily in security tools, often spending 0k or more annually. But the... The post Publisher's Spotlight: Veriti appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/publishers-spotlight-veriti/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Phones Pre-Downloaded With Malware Target User Crypto Wallets
The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users' wallet addresses with their own.
https://www.darkreading.com/threat-intelligence/android-pre-downloaded-malware-crypto-wallets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
PANO is a powerful OSINT investigation platform that combines graph visualization, timeline analysis, and AI-powered tools to help you uncover hidden connections and patterns in your data. Getting Started Clone the repository: bash git clone https://github.com/ALW1EZ/PANO.git cd PANO Run the application: Linux: ./start_pano.sh Windows: start_pano.bat The startup script will automatically: - Check for updates - Set up the Python environment - Install dependencies - Launch PANO In order to use Email Lookup transform You need to login with GHunt first. After starting the pano via starter scripts; Select venv manually Linux: source venv/bin/activate Windows: call venv\Scripts\activate See how to login here 💡 Quick Start Guide Create Investigation: Start a new investigation...
http://www.kitploit.com/2025/04/pano-advanced-osint-investigation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China-linked APT Mustang Panda upgrades tools in its arsenal
China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon, RedDelta or Bronze President). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia. Mustang Panda has been active since […]
https://securityaffairs.com/176662/apt/china-linked-apt-mustang-panda-upgrades-tools-in-its-arsenal.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dogged by Trump, Chris Krebs Resigns From SentinelOne
The president revoked the former CISA director's security clearance, half a decade after Krebs challenged right-wing election disinformation, prompting his eventual resignation.
https://www.darkreading.com/cybersecurity-operations/trump-chris-krebs-resigns-sentinelone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH
Security researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed…
https://hackread.com/researchers-cvss-severity-rce-vulnerability-erlang-otp-ssh/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PromptArmor Launches to Help Assess, Monitor Third-Party AI Risks
The AI security startup has already made waves with critical vulnerability discoveries and seeks to address emerging AI concerns with its PromptArmor platform.
https://www.darkreading.com/cyber-risk/promptarmor-launches-assess-monitor-third-party-ai-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Evolution of Data Security: From Traditional DLP to DSPM
Originally published by Skyhigh Security. Written by Hari Prasad Mariswamy Director, Product Management Data Protection, Skyhigh Security.   Overview In today's landscape of digital transformation, data security challenges continue to evolve, exposing organizations to new threats and compliance demands. Amidst these challenges, Data Security Posture Management (DSPM) has emerged as a powerful technology to help enterprises gain comprehensive visibility and co...
https://cloudsecurityalliance.org/articles/the-evolution-of-data-security-from-traditional-dlp-to-dspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Legit Is Using Classic Economic Tools to Prevent Application Vulnerabilities
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/how-legit-is-using-classic-economic-models-to-prevent-application-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What to Look for in Application Security Posture Management (ASPM)
Get details on the key capabilities for an ASPM platform. 
https://www.legitsecurity.com/blog/what-to-look-for-in-application-security-posture-management-aspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Entrust Announces all-in-one Cryptographic Security Platform
Entrust has announced the Entrust Cryptographic Security Platform, for release in May. The platform is a unified, end-to-end cryptographic security management solution for keys, secrets, and certificates. Cyberattacks on data security and identity systems are exploding in scale and sophistication. Traditional approaches to securing data and identities aren’t working, and in digital-first environments every connected […] The post Entrust Announces all-in-one Cryptographic Security Platform appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/17/entrust-announces-all-in-one-cryptographic-security-platform/?utm_source=rss&utm_medium=rss&utm_campaign=entrust-announces-all-in-one-cryptographic-security-platform
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ISACA and Chartered IIA pen open letter to UK Government urging swift audit reform to build digital resilience
ISACA and the Chartered Institute of Internal Auditors (Chartered IIA), have sent a letter to Rt Hon Jonathan Reynolds MP, Secretary of State for Business and Trade, stressing the urgent need for audit reform legislation to boost digital resilience. The letter underlines strong stakeholder support for the Audit Reform and Corporate Governance Bill promised in […] The post ISACA and Chartered IIA pen open letter to UK Government urging swift audit reform to build digital resilience appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/17/isaca-and-chartered-iia-pen-open-letter-to-uk-government-urging-swift-audit-reform-to-build-digital-resilience/?utm_source=rss&utm_medium=rss&utm_campaign=isaca-and-chartered-iia-pen-open-letter-to-uk-government-urging-swift-audit-reform-to-build-digital-resilience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft's Secure by Design journey: One year of success
Read about the initiatives Microsoft has undertaken over the past 18 months to support secure by design, secure by default, and secure in operations objectives as part of our SFI Initiative. The post Microsoft’s Secure by Design journey: One year of success appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/17/microsofts-secure-by-design-journey-one-year-of-success/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple patches security vulnerabilities in iOS and iPadOS. Update now!
Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited...
https://www.malwarebytes.com/blog/news/2025/04/apple-patches-security-vulnerabilities-in-ios-and-ipados-update-now
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE Program Cuts Send the Cyber Sector Into Panic Mode
After threatening to slash support for the CVE program, CISA threw MITRE a lifeline at the last minute — extending its government contract for another 11 months. After that, it looks like it's up to the private sector to find the cash to keep it going.
https://www.darkreading.com/vulnerabilities-threats/cve-program-cuts-cyber-sector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mobile Security & Malware Issue 3st Week of April, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of April, 2025”
https://asec.ahnlab.com/en/87548/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BREAKING: CISA Steps In to Keep CVE Services Alive
By Gary Miliefsky, Publisher, Cyber Defense Magazine Good news comes to us like a Windows patch Tuesday: Common Vulnerabilities and Exposures Program will continue operating with an eleven month continuation... The post BREAKING: CISA Steps In to Keep CVE Services Alive appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/breaking-cisa-steps-in-to-keep-cve-services-alive/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mass Ransomware Campaign Hits S3 Buckets Using Stolen AWS Keys
Researchers reveal a large-scale ransomware campaign leveraging over 1,200 stolen AWS access keys to encrypt S3 buckets. Learn…
https://hackread.com/mass-ransomware-campaign-s3-buckets-stolen-aws-keys/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7443-1: Erlang vulnerability
Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP's SSH module incorrect handled authentication. A remote attacker could use this issue to execute arbitrary commands without authentication, possibly leading to a system compromise.
https://ubuntu.com/security/notices/USN-7443-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Node.js malvertising campaign targets crypto users
Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. Threat actors are increasingly using Node.js to deploy malware, shifting from traditional […]
https://securityaffairs.com/176651/hacking/node-js-malvertising-campaign-targets-crypto-users.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7442-1: Ruby vulnerabilities
It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-27219) It was discovered that the Ruby CGI gem incorrectly handled parsing certain regular expressions. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-27220) It was discovered that the Ruby URI gem incorrectly handled certain URI handling methods. A remote attacker could possibly use this issue to leak authentication credentials. (CVE-2025-27221) It was discovered that the Ruby REXML gem incorrectly handled parsing XML documents containing many digits in a hex numeric character reference. A remote attacker could use this issue to...
https://ubuntu.com/security/notices/USN-7442-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating the complexities of cloud security
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Technology Record Sausalito, Calif. – Apr. 17, 2025 The global threat landscape is projected to become more sophisticated, with cybercrime expected to cost the world .5 trillion annually by 2025, and The post Navigating the complexities of cloud security appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/navigating-the-complexities-of-cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking the Power of MetaTrader – Your Ultimate Trading Tool
MetaTrader is a key tool for traders, offering a comprehensive platform that supports various financial instruments. Understanding its…
https://hackread.com/unlocking-power-of-metatrader-ultimate-trading-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Expired US Funding Threatened to Disrupt Security Flaw Tracking
This past weekend, the globally recognized Common Vulnerabilities and Exposures (CVE) database, essential for tracking security flaws in software and systems, narrowly avoided going offline due to funding issues with the U.S. government. For us Linux security admins and open-source developers, the near-disruption wasn't just a bureaucratic oversight''it was a stark reminder of how fragile one of the most vital cornerstones of global cybersecurity truly is. With vulnerabilities being discovered and weaponized faster than ever, the CVE database is a critical tool to help administrators track, prioritize, and remediate issues. Losing or fragmenting access to this central repository could open the door to chaos, confusion, and exploitation.
https://linuxsecurity.com/features/features/expired-us-funding-nearly-disrupted-cve-tracking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Fixed An Old Chrome Flaw That Exposed Browsing History
Google Chrome receives a significant security update as the tech giant addresses a major security… Google Fixed An Old Chrome Flaw That Exposed Browsing History on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/17/google-fixed-an-old-chrome-flaw-that-exposed-browsing-history/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple released emergency updates for actively exploited flaws
Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out‑of‑band security updates to address two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, impacting iOS, iPadOS & macOS. The company confirmed that the flaws have been exploited in a small number of “extremely sophisticated” attacks against iOS targets. […]
https://securityaffairs.com/176644/security/apple-emergency-updates-actively-exploited-ios-ipados-macos-bugs.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Defender For Endpoint Now Isolates Undiscovered Endpoints
With recent updates, Microsoft took another step towards thwarting network threats with Defender. As announced,… Microsoft Defender For Endpoint Now Isolates Undiscovered Endpoints on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/17/microsoft-defender-for-endpoint-now-isolates-undiscovered-endpoints/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CapCut copycats are on the prowl
Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead
https://www.welivesecurity.com/en/scams/capcut-copycats-prowl/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an OS Command Injection Vulnerability in the SMA100 management interface. A […]
https://securityaffairs.com/176630/hacking/u-s-cisa-adds-sonicwall-sma100-appliance-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
MysterySnail RAT attributed to IronHusky APT group hasn't been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.
https://securelist.com/mysterysnail-new-version/116226/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

️‍♂️ “I Didn't Plan to Find a P1… But My Script Had Other Plans ”
🎬 It all started with a YouTube video…https://medium.com/media/8606d88b6e0966b9f5721fe15ef4325f/hrefYou know those random rabbit holes you go down on YouTube at 2 AM? Well, this one? It hit different.I stumbled upon this absolute gem of a video: 📺 How to Find Misconfigured S3 BucketsAnd man… that video wasn't just “good” — it was fire 🔥. The way he explained everything — clear, real-world focused — it lit a spark inside me.💭 “Damn, I don't wanna just solve labs in CTFs or playgrounds. I want the real thing. Real bugs. Real websites. Real impact.”I don't really enjoy solving lab environments for learning — they feel scripted. What gets me hyped is finding those exact same issues in real-world targets. That's the real flex — taking...
https://infosecwriteups.com/%EF%B8%8F-%EF%B8%8F-i-didnt-plan-to-find-a-p1-but-my-script-had-other-plans-77691a46985b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‍☠️The Ultimate Subdomain Enumeration Guide: Tools, Tricks, and Hidden Secrets
🔥Free Article LinkContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/%EF%B8%8Fthe-ultimate-subdomain-enumeration-guide-tools-tricks-and-hidden-secrets-bbae13df9a83?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis
Agent Tesla, Remcos RAT and XLoader delivered via a complex phishing campaign. Learn how attackers are using multi-stage delivery to hinder analysis. The post Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis appeared first on Unit 42.
https://unit42.paloaltonetworks.com/phishing-campaign-with-complex-attack-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hi, robot: Half of all internet traffic now automated
Bots now account for half of all internet traffic, according to a new study that shows how non-human activity has grown online.
https://www.malwarebytes.com/blog/uncategorized/2025/04/hi-robot-half-of-all-internet-traffic-now-automated
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA's 11-Month extension ensures continuity of MITRE's CVE Program
MITRE's U.S.-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. U.S. government funding for MITRE 's CVE program, a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption. The 25-year-old program has assigned over 274,000 CVE IDs for public security […]
https://securityaffairs.com/176608/security/cisas-11-month-extension-ensures-continuity-of-mitres-cve-program.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE Program Stays Online as CISA Backs Temporary MITRE Extension
MITRE avoids CVE program shutdown with last-minute contract extension. Questions remain about long-term funding and the future of…
https://hackread.com/cve-program-online-cisa-temporary-mitre-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's happening with MITRE and the CVE program uncertainty
Yesterday's headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today. Overnight, the CVE Foundation emerged with a plan to maintain the program before the Cybersecurity and Infrastructure Security Agency (CISA) announced it has extended support for the program this morning. As the backbone of the global vulnerability identification system, CVE has long served as the industry's shared language for describing digital flaws. For Sonatype customers, here's the good news: you're already covered. Our security research and vulnerability dataset were built for this exact kind of disruption — and go far beyond CVE. ...
https://www.sonatype.com/blog/cve-program-uncertainty
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyver by CYE: Transformative Cyber Exposure Management for Modern Enterprises
Rating: 10 out of 10 Introduction Today's enterprise security teams face an overwhelming problem: they are inundated with thousands of vulnerabilities, alerts, and findings from dozens of tools, yet still... The post Hyver by CYE: Transformative Cyber Exposure Management for Modern Enterprises appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/hyver-by-cye-transformative-cyber-exposure-management-for-modern-enterprises/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BidenCash Market Dumps 1 Million Stolen Credit Cards on Russian Forum
BidenCash dumps almost a million stolen credit card records on Russian forum, exposing card numbers, CVVs, and expiry dates in plain text with no cardholder names.
https://hackread.com/bidencash-market-leak-credit-cards-russian-forum/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Looming Shadow Over AI: Securing the Future of Large Language Models
These days Large Language Models (LLMs) are nothing short of revolutionary, though they have been around since 1996 (ELIZA, developed by Joseph Weizenbaum, simulating a psychotherapist in conversation). It always... The post The Looming Shadow Over AI: Securing the Future of Large Language Models appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-looming-shadow-over-ai-securing-the-future-of-large-language-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 3, April 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, April 2025                   Qilin Ransomware Attack on South Korean Corporations: Threat Analysis and Implications Renowned Cybercrime Forum BreachForums Experiences Access Errors and Goes Offlin U.S.-based Imageboard Site 4chan Experiences Service Disruption Due to Hacking Incident     […]
https://asec.ahnlab.com/en/87536/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Following the News: MITRE's Common Vulnerabilities and Exposures (CVE) Funding
Rapid7 continues to monitor both public and private discussions closely in its capacity as a CVE Numbering Authority (CNA) and as a longtime leader and participant in the CVE ecosystem.
https://blog.rapid7.com/2025/04/16/following-the-news-mitres-common-vulnerabilities-and-exposures-cve-funding/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

“I sent you an email from your email account,” sextortion scam claims
A new variant of the hello pervert emails claims that the target's system is infected with njRAT and spoofs the victims email address
https://www.malwarebytes.com/blog/news/2025/04/i-sent-you-an-email-from-your-email-account-sextortion-scam-claims
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions
Palo Alto, California, 16th April 2025, CyberNewsWire
https://hackread.com/squarex-to-uncover-data-splicing-attacks-at-bsides-san-francisco-a-major-dlp-flaw-that-compromises-data-security-of-millions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding the 2025 HIPAA Security Rule Updates: A Comprehensive Analysis of Healthcare Cybersecurity Enhancements
Introduction The evolving landscape of healthcare cybersecurity is undergoing a major transformation with the Department of Health and Human Services' (HHS) December 27, 2024, proposal to update the HIPAA Security... The post Understanding the 2025 HIPAA Security Rule Updates: A Comprehensive Analysis of Healthcare Cybersecurity Enhancements appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/understanding-the-2025-hipaa-security-rule-updates-a-comprehensive-analysis-of-healthcare-cybersecurity-enhancements/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Designing Data Center Operations for Tomorrow's Demand
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story from CBRE Sausalito, Calif. – Apr. 16, 2025 By 2029, global internet users are projected to reach 7.9 billion: a staggering 47 percent increase from 5.35 billion in 2024, according to The post Designing Data Center Operations for Tomorrow’s Demand appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/designing-data-center-operations-for-tomorrows-demand/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies
This project is a command line tool and python library that uses Wappalyzer extension (and its fingerprints) to detect technologies. Other projects emerged after discontinuation of the official open source project are using outdated fingerpints and lack accuracy when used on dynamic web-apps, this project bypasses those limitations. Installation Before installing wappalyzer, you will to install Firefox and geckodriver/releases">geckodriver. Below are detailed steps for setting up geckodriver but you may use google/youtube for help. Setting up geckodriver Step 1: Download GeckoDriver Visit the official GeckoDriver releases page on GitHub: https://github.com/mozilla/geckodriver/releases Download the version compatible with your system: For Windows: geckodriver-vX.XX.X-win64.zip...
http://www.kitploit.com/2025/04/wappalyzer-next-python-library-that.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps
Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackers' own. The campaign targeted low-end […]
https://securityaffairs.com/176600/malware/chinese-android-phones-shipped-with-malware-laced-whatsapp-telegram-apps.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures
Microsoft maintains a continuous effort to protect its platforms and customers from fraud and abuse. This edition of Cyber Signals takes you inside the work underway and important milestones achieved that protect customers. The post Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/16/cyber-signals-issue-9-ai-powered-deception-emerging-fraud-threats-and-countermeasures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LSN-0111-1: Kernel Live Patch Security Notice
It was discovered that the watch_queue event notification system contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or escalate their privileges.)(CVE-2022-0995) In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.)(CVE-2024-26928) In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.)(CVE-2024-35864) In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer...
https://ubuntu.com/security/notices/LSN-0111-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Streamlining detection engineering in security operation centers
A proper detection engineering program can help improve SOC operations. In this article we'll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency.
https://securelist.com/streamlining-detection-engineering/116186/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

They're coming for your data: What are infostealers and how do I stay safe?
Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data
https://www.welivesecurity.com/en/malware/theyre-coming-data-infostealers-how-stay-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program -- which is traditionally funded each year by the Department of Homeland Security -- expires on April 16.
https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

“Follow me” to this fake crypto exchange to claim 0
Follow me for lucky prizes scams are old fake crypto exchange scams in a new jacket and on a different platform
https://www.malwarebytes.com/blog/news/2025/04/follow-me-to-this-fake-crypto-exchange-to-claim-500
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MITRE CVE Program in Jeopardy
As a former advisory board member to the CVE/OVAL initiatives, I'm sounding the alarm: MITRE has confirmed that funding for the CVE and CWE programs will expire on April 16,... The post MITRE CVE Program in Jeopardy appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/mitre-cve-program-in-jeopardy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Publisher's Spotlight: Industrial Defender
By Gary S. Miliefsky, Publisher, Cyber Defense Magazine In today's hyperconnected world, protecting critical infrastructure has become a national imperative. From energy grids and transportation systems to water treatment facilities... The post Publisher's Spotlight: Industrial Defender appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/publishers-spotlight-industrial-defender/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7439-1: QuickJS vulnerabilities
It was discovered that QuickJS could be forced to reference uninitialized memory in certain instances. An attacker could possibly use this issue to cause QuickJS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2023-48183) It was discovered that QuickJS incorrectly managed memory in certain circumstances. An attacker could possibly use this issue to exhaust system resources, resulting in a denial of service. (CVE-2023-48184) It was discovered that QuickJS could be forced to crash due to a failing test. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-33263)
https://ubuntu.com/security/notices/USN-7439-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7438-1: 7-Zip vulnerabilities
Igor Pavlov discovered that 7-Zip had several memory-related issues. An attacker could possibly use these issues to cause 7-Zip to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2023-52168, CVE-2023-52169)
https://ubuntu.com/security/notices/USN-7438-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

9 Modern Ways You Can Use Bitcoin in 2025
Cryptocurrency is slowly becoming a regular way to pay for something, with new uses popping up every day. Many people choose Bitcoin, among others, because it's easy to use, quick, secure, private, and more affordable than traditional methods. 1. Gaming, Virtual Worlds, and Entertainment If you're into gaming, Bitcoin is already part of the action, […] The post 9 Modern Ways You Can Use Bitcoin in 2025 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/15/9-modern-ways-you-can-use-bitcoin-in-2025/?utm_source=rss&utm_medium=rss&utm_campaign=9-modern-ways-you-can-use-bitcoin-in-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat actors misuse Node.js to deliver malware and other malicious payloads
Since October 2024, Microsoft Defender Experts has observed and helped multiple customers address campaigns leveraging Node.js to deliver malware and other payloads that ultimately lead to information theft and data exfiltration. The post Threat actors misuse Node.js to deliver malware and other malicious payloads appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/15/threat-actors-misuse-node-js-to-deliver-malware-and-other-malicious-payloads/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​Transforming security​ with Microsoft Security Exposure Management initiatives​
Microsoft Secure Score is important, but the increasing sophistication of security requirements has driven the development of more comprehensive security initiatives using Microsoft Security Exposure Management. The post ​​Transforming security​ with Microsoft Security Exposure Management initiatives​  appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/15/transforming-security-with-microsoft-security-exposure-management-initiatives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hertz data breach caused by CL0P ransomware attack on vendor
Car rental giant Hertz data suffered a data breach caused by a CL0P ransomware attack on file sharing vendor Cleo
https://www.malwarebytes.com/blog/news/2025/04/hertz-data-breach-caused-by-cl0p-ransomware-attack-on-vendor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7161-3: Docker vulnerability
USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. This update fixes it for source package docker.io in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. These updates only address the docker library and not the docker.io application itself, which was already patched in the previous USNs (USN-7161-1 and USN-7161-2). Original advisory details: Yair Zak discovered that Docker could unexpectedly forward DNS requests from internal networks in an unexpected manner. An attacker could possibly use this issue to exfiltrate data by encoding information in DNS queries to controlled nameservers. This issue was...
https://ubuntu.com/security/notices/USN-7161-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyberwarfare 2025 Report: How AI Is Reshaping Cyberattacks And Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine –Download the report Sausalito, Calif. – Apr. 15, 2025 The cybersecurity landscape is undergoing a dramatic shift, with AI-driven cyberattacks escalating in both scale and sophistication. As traditional warfare converges with digital conflicts, organizations and nations are The post Cyberwarfare 2025 Report: How AI Is Reshaping Cyberattacks And Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cyberwarfare-2025-report-how-ai-is-reshaping-cyberattacks-and-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Telegram-Checker - A Python Tool For Checking Telegram Accounts Via Phone Numbers Or Usernames
Enhanced version of bellingcat's Telegram Phone Checker! A Python script to check Telegram accounts using phone numbers or username. ✨ Features 🔍 Check single or multiple phone numbers and usernames 📁 Import numbers from text file 📸 Auto-download profile pictures 💾 Save results as JSON 🔐 Secure credential storage 📊 Detailed user information 🚀 Installation Clone the repository: git clone https://github.com/unnohwn/telegram-checker.gitcd telegram-checker Install required packages: pip install -r requirements.txt 📦 Requirements Contents of requirements.txt: telethonrichclickpython-dotenv Or install packages individually: pip install telethon rich click python-dotenv ⚙️ Configuration First time running the script, you'll need: - Telegram API credentials (get...
http://www.kitploit.com/2025/04/telegram-checker-python-tool-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MIWIC25: Sochima Okoye, Cybersecurity Consultant at CSA Cyber
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […] The post MIWIC25: Sochima Okoye, Cybersecurity Consultant at CSA Cyber appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/15/miwic25-sochima-okoye-cybersecurity-consultant-at-csa-cyber/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-sochima-okoye-cybersecurity-consultant-at-csa-cyber
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bridewell research finds UK Financial Services under pressure from cyber security challenges and mounting regulatory requirements
Research from Bridewell, a leading UK-based cyber security services provider, has found compliance with regulation as the chief challenge, as well as the main stimulus, for increasing cyber security maturity in the financial services sector. The study, entitled Cyber Security in Financial Services: 2025, also shows that response times to cyber threats like ransomware are […] The post Bridewell research finds UK Financial Services under pressure from cyber security challenges and mounting regulatory requirements appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/15/bridewell-research-finds-uk-financial-services-under-pressure-from-cyber-security-challenges-and-mounting-regulatory-requirements/?utm_source=rss&utm_medium=rss&utm_campaign=bridewell-research-finds-uk-financial-services-under-pressure-from-cyber-security-challenges-and-mounting-regulatory-requirements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building Web Check using PaaS
How Platform as a Service (PaaS) can make good security easier to achieve.
https://www.ncsc.gov.uk/blog-post/building-web-check-using-paas
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)
As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you were given a customer laptop and the aim was to “find something interesting”, perhaps a misconfiguration on the customer side. The problem was that the laptop […]
https://blog.compass-security.com/2025/04/3-milliseconds-to-admin-mastering-dll-hijacking-and-hooking-to-win-the-race-cve-2025-24076-and-cve-2025-24994/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trump Revenge Tour Targets Cyber Leaders, Elections
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs's employer SentinelOne, comes as CISA is facing huge funding and staffing cuts.
https://krebsonsecurity.com/2025/04/trump-revenge-tour-targets-cyber-leaders-elections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7437-1: CImg library vulnerabilities
It was discovered that the CImg library did not properly check the size of images before loading them. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1325) It was discovered that the CImg library did not correctly handle certain memory operations, which could lead to a buffer overflow. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. (CVE-2024-26540)
https://ubuntu.com/security/notices/USN-7437-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meta slurps up EU user data for AI training
Meta users in Europe will have their public posts swept up and ingested for AI training, the company announced this week.
https://www.malwarebytes.com/blog/uncategorized/2025/04/meta-slurps-up-eu-user-data-for-ai-training
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero Trust is Not Enough: Evolving Cloud Security in 2025
Written by Sayali Paseband, Advisor, Cyber Security Engineering, Verisk.   Zero Trust has been the foundation of cloud security, focusing on principles like least privilege access, continuous verification, and micro-segmentation. These principles have helped protect against unauthorized access and movement within networks. However, as companies use multiple cloud services, face smarter AI-driven threats, and deal with more supply chain risks, Zero Trust alone is no...
https://cloudsecurityalliance.org/articles/zero-trust-is-not-enough-evolving-cloud-security-in-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Final Countdown to Compliance: Preparing for PCI DSS v4.x
Originally published by VikingCloud. Written by Natasja Bolton.   If your business processes payment card data, you've likely been working on transitioning from PCI DSS v3.2.1 to PCI DSS v4.x—but the work isn't over yet.  While the initial readiness deadline for PCI DSS v4.0 was March 31, 2024, many of the most critical security changes were future-dated—giving businesses an extra year to prepare. That grace period is coming to an end. On April 1, 2025, all the f...
https://cloudsecurityalliance.org/articles/final-countdown-to-compliance-preparing-for-pci-dss-v4-x
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7436-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
https://ubuntu.com/security/notices/USN-7436-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Explore how to secure AI by attending our Learn Live Series
Register to attend one or all our Learn Live sessions to learn how to secure your environment for AI adoption. The post Explore how to secure AI by attending our Learn Live Series appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/explore-how-to-secure-ai-by-attending-our-learn-live-series/4399703
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cases Studies and Countermeasures of Credential Stuffing Attacks Using Leaked Accounts
Abstract Credential stuffing attacks using leaked passwords have been rapidly increasing. These attacks that began with a simple technique has evolved—through advances in automation tools and the vulnerability of credential reuse—into large-scale account breaches and financial damages. Previously, the threats could be identified simply by detecting the large number of login attempts. However, attackers today […]
https://asec.ahnlab.com/en/87535/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Take Command 2025: A Day of Insight, Innovation, and Impact
Explore top insights from Take Command 2025—ransomware, AI, red teaming, and more. All sessions now available on demand.
https://blog.rapid7.com/2025/04/14/take-command-2025-a-day-of-insight-innovation-and-impact/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

No, it's not OK to delete that new inetpub folder
A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204
https://www.malwarebytes.com/blog/news/2025/04/no-its-not-ok-to-delete-that-new-inetpub-folder
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7435-1: Protocol Buffers vulnerability
It was discovered that Protocol Buffers incorrectly handled memory when receiving malicious input using the Java bindings. An attacker could possibly use this issue to cause a denial of service.
https://ubuntu.com/security/notices/USN-7435-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercrime Magazine YouTube Channel Exceeds 1 Million Subscribers
This week in cybersecurity from the editors at Cybercrime Magazine –Subscribe to the YouTube Channel Sausalito, Calif. – Apr. 14, 2025 The Cybercrime Magazine YouTube Channel has reached 1 million subscribers. We are the #1 destination for entertaining and informative videos covering AI and security, cyberattacks, cybercrime, cybercriminals, cryptocrime, The post Cybercrime Magazine YouTube Channel Exceeds 1 Million Subscribers appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-magazine-youtube-channel-exceeds-1-million-subscribers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Torward - An Improved Version Based On The Torghost-Gn And Darktor Scripts, Designed To Enhance Anonymity On The Internet
Torward is an improved version based on the torghost-gn and darktor scripts, designed to enhance anonymity on the Internet. The tool prevents data leaks and forces all traffic from our computer to be routed exclusively through the Tor network, providing a high level of privacy in our connections. Installation git clone https://github.com/chundefined/Torward.git cd Torward chmod +x install.sh ./install.sh Security Enhancements This version includes several key security improvements to protect your identity and ensure better network configuration: IPv6 Leak Prevention IPv6 is now disabled to prevent any potential IP leaks. All traffic is forced through the Tor network by modifying system IPv6 settings in network_config.py. Enhanced iptables Rules Strict...
http://www.kitploit.com/2025/04/torward-improved-version-based-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing Kubernetes and Cloud-Native Environments through DevSecOps
As Kubernetes and cloud-native technologies become increasingly integral to IT infrastructures, we Linux security admins must adapt to a rapidly changing environment where agility and security converge. A recent CNCF survey highlights a significant uptick in Kubernetes deployment, with most organizations using container technology as a backbone for their applications.
https://linuxsecurity.com/features/features/cncf-research-cloud-native-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7434-1: Perl vulnerability
It was discovered that Perl incorrectly handled transliterating non-ASCII bytes. A remote attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code.
https://ubuntu.com/security/notices/USN-7434-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MIWIC25: Anastasiia Ostrovska, co-founder & CEO Women's Leadership and Strategic Initiatives Foundation (WLSIF)
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […] The post MIWIC25: Anastasiia Ostrovska, co-founder & CEO Women's Leadership and Strategic Initiatives Foundation (WLSIF) appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/14/miwic25-anastasiia-ostrovska-co-founder-ceo-womens-leadership-and-strategic-initiatives-foundation-wlsif/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-anastasiia-ostrovska-co-founder-ceo-womens-leadership-and-strategic-initiatives-foundation-wlsif
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

April Patch Tuesday From Microsoft Fixed Over 130 Vulnerabilities
Microsoft rolled out the monthly security updates for April, fixing over a hundred different vulnerabilities.… April Patch Tuesday From Microsoft Fixed Over 130 Vulnerabilities on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/14/april-patch-tuesday-from-microsoft-fixed-over-130-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges. The post Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attacks on the education sector are surging: How can cyber-defenders respond?
Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?
https://www.welivesecurity.com/en/business-security/attacks-education-sector-surging-cyber-defenders-respond/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”
Malwarebytes has been rewarded with prestigious accolades by two renowned publications, PCMag and CNET.
https://www.malwarebytes.com/blog/product/2025/04/malwarebytes-named-best-antivirus-software-and-best-malware-removal-service
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (April 7 – April 13)
A list of topics we covered in the week of April 7 to April 13 of 2025
https://www.malwarebytes.com/blog/news/2025/04/a-week-in-security-april-7-april-13
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

APT Group Profiles – Larva-24005
    1)   Introduction   During the breach investigation process, the AhnLab SEcurity intelligence Center (ASEC) discovered a new operation related to the Kimsuky group and named it Larva-24005.1 The threat actors exploited the RDP vulnerability to infiltrate the system. They then changed the system configuration by installing the MySpy malware and RDPWrap to create […]
https://asec.ahnlab.com/en/87554/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Instagram-Brute-Force-2024 - Instagram Brute Force 2024 Compatible With Python 3.13 / X64 Bit / Only Chrome Browser
Instagram Brute Force CPU/GPU Supported 2024 (Use option 2 while running the script.) (Option 1 is on development) (Chrome should be downloaded in device.) Compatible and Tested (GUI Supported Operating Systems Only) Python 3.13 x64 bit Unix / Linux / Mac / Windows 8.1 and higher Install Requirements pip install -r requirements.txt How to run python3 instagram_brute_force.py [instagram_username_without_hashtag]python3 instagram_brute_force.py mrx161Download Instagram-Brute-Force-2024
http://www.kitploit.com/2025/04/instagram-brute-force-2024-instagram.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Samsung Germany Customer Tickets - 216,333 breached accounts
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
https://haveibeenpwned.com/PwnedWebsites#SamsungGermany
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

QuickResponseC2 - A Command & Control Server That Leverages QR Codes To Send Commands And Receive Results From Remote Systems
QuickResponseC2 is a stealthy Command and Control (C2) framework that enables indirect and covert communication between the attacker and victim machines via an intermediate HTTP/S server. All network activity is limited to uploading and downloading images, making it an fully undetectable by IPS/IDS Systems and an ideal tool for security research and penetration testing. Capabilities: Command Execution via QR Codes: Users can send custom commands to the victim machine, encoded as QR codes. Victims scan the QR code, which triggers the execution of the command on their system. The command can be anything from simple queries to complex operations based on the test scenario. Result Retrieval: Results of the executed command are returned from the victim system and encoded into a QR...
http://www.kitploit.com/2025/04/quickresponsec2-command-control-server.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing Smart (and Not So Smart) Devices With Microsegmentation
Originally published by CXO REvolutionaries. Written by Ritesh Agrawal, VP of Product Management at Zscaler and Co-Founder of Airgap.   There is a reason that a compromise of one smartphone doesn't lead to a breach of every smartphone's security: microsegmentation. Telecom companies use this ‘network of one' strategy to isolate devices and protect against threats spreading them and it was the inspiration that led to me confounding Airgap in 2019. Securing critical...
https://cloudsecurityalliance.org/articles/securing-smart-and-not-so-smart-devices-with-microsegmentation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SOC 2 Meets HIPAA: A Unified Approach to Data Protection and Privacy
Originally published by Scrut Automation. Written by Amrita Agnihotri.   Cyber threats in healthcare are rising at an alarming rate. Over the past five years, hacking-related breaches have surged by 256%, with ransomware incidents up by 264%, according to the U.S. Department of Health and Human Services (HHS). To combat these growing risks, covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA) must take proac...
https://cloudsecurityalliance.org/articles/soc-2-meets-hipaa-a-unified-approach-to-data-protection-and-privacy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 04/11/2025
Spring Exploits This weekly release of Metasploit Framework includes new RCE exploit modules for several vulnerable applications: Appsmith, a low-code application platform which contains a misconfiguration on PostgreSQL (CVE-2024-55964); Pandora FMS, a monitoring solution, where, once gained access to the administrator panel is possible to inject commands (CVE-2024-12971); Oracle Access
https://blog.rapid7.com/2025/04/11/metasploit-weekly-wrap-up-04-11-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Pall Mall Pact and why it matters
The US indicated they will sign the Pall Mall Pact, an international treaty to regulate commercial spyware and surveillance tools.
https://www.malwarebytes.com/blog/news/2025/04/the-pall-mall-pact-and-why-it-matters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hands-On Labs: The Key to Accelerating CMMC 2.0 Compliance
Cary, North Carolina, 11th April 2025, CyberNewsWire Hands-On Labs: The Key to Accelerating CMMC 2.0 Compliance on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/11/hands-on-labs-the-key-to-accelerating-cmmc-2-0-compliance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Identity Theft Is Rampant. Check Your Credit Report For Free – Today!
This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the podcast Sausalito, Calif. – Apr. 11, 2025 “Check your credit report,” urges Alissa (Dr Jay) Abdullah, PhD, Deputy Chief Security Officer at Mastercard, on the latest episode of “Mastering Cyber” a weekly The post Identity Theft Is Rampant. Check Your Credit Report For Free – Today! appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/identity-theft-is-rampant-check-your-credit-report-for-free-today/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Telegram-Scraper - A Powerful Python Script That Allows You To Scrape Messages And Media From Telegram Channels Using The Telethon Library
A powerful Python script that allows you to scrape messages and media from Telegram channels using the Telethon library. Features include real-time continuous scraping, media downloading, and data export capabilities. ___________________ _________\__ ___/ _____/ / _____/ | | / \ ___ \_____ \ | | \ \_\ \/ \ |____| \______ /_______ / \/ \/ Features 🚀 Scrape messages from multiple Telegram channels Download media files (photos, documents) Real-time continuous scraping Export data to JSON and CSV formats SQLite database storage Resume capability (saves progress) Media reprocessing for failed downloads Progress tracking Interactive menu interface Prerequisites 📋 Before running the script, you'll need: Python 3.7 or higher Telegram...
http://www.kitploit.com/2025/04/telegram-scraper-powerful-python-script.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MIWIC25: Katie Beecroft, Associate Director Risk & Security, Fidelity International
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […] The post MIWIC25: Katie Beecroft, Associate Director Risk & Security, Fidelity International appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/11/miwic25-katie-beecroft-associate-director-risk-security-fidelity-international/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-katie-beecroft-associate-director-risk-security-fidelity-international
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows CLFS Driver Elevation of Privilege
What is the Vulnerability?A zero-day vulnerability has recently been identified in the Common Log File System (CLFS) kernel driver. CLFS is a general-purpose logging subsystem within the Windows operating system that provides a high-performance way to store log data for various applications. If successfully exploited, an attacker operating under a standard user account can elevate their privileges.Furthermore, Microsoft has observed that the exploit has been utilized by PipeMagic malware and has attributed this exploitation activity to Storm-2460, which has also leveraged PipeMagic to distribute ransomware. Microsoft has published a blog that provides an in-depth analysis of Microsoft's findings regarding the CLFS exploit and the associated activities. Exploitation of CLFS zero-day leads to...
https://fortiguard.fortinet.com/threat-signal-report/6073
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The ultimate guide to Microsoft Security at RSAC 2025
For RSAC 2025, Microsoft Security is bringing an exciting lineup of sessions, expert panels, and exclusive networking opportunities to empower security professionals in the era of AI. The post The ultimate guide to Microsoft Security at RSAC 2025  appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/the-ultimate-guide-to-microsoft-security-at-rsac-2025/4402554
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oracle Cloud Infrastructure Breach: Mitigating Future Attacks with Agentic AI
Written by Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups.   The cybersecurity community has been rocked by a significant breach of Oracle Cloud Infrastructure (OCI), specifically targeting its Identity Manager systems. This incident provides critical lessons for organizations relying on cloud infrastructure. In this analysis, I'll break down the technical details of what happened and propose potential mitigation strategies powered by Agentic AI security techniques....
https://cloudsecurityalliance.org/articles/oracle-cloud-infrastructure-breach-mitigating-future-attacks-with-agentic-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Defending Against SSRF Attacks in Cloud Native Applications
Originally published by Sweet Security. Written by Sarah Elkaim, Head of Product Marketing, Sweet Security.   A Server-Side Request Forgery (SSRF) attack occurs when an attacker tricks a server into making requests to other internal or external services on behalf of the server itself. This can lead to unauthorized access to sensitive data, exploitation of internal systems, and even full system takeover.  At Sweet Security, we've seen a surge in SSRF attacks within ...
https://cloudsecurityalliance.org/articles/defending-against-ssrf-attacks-in-cloud-native-applications
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud File Transfer: Upgrade to the Most Secure Cloud Configuration
Originally published by Axway. Written by Emmanuel Vergé, Senior Product & Solutions Marketing Director, Axway.   I get it. You're probably thinking, “Cloud file transfer? We already have an MFT solution and it's checking all our boxes. Why rock the boat now?” Large organizations that rely on MFT have mature, dedicated teams. They've invested time and resources into building a well-oiled process – and they really don't want to change it. On the other hand, the comp...
https://cloudsecurityalliance.org/articles/cloud-file-transfer-upgrade-to-the-most-secure-cloud-configuration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Human and Non-Human Identities: The Overlooked Security Risk in Modern Enterprises
Originally published by CheckRed.  Written by Amardip Deshpande, Senior Security Researcher, CheckRed.   Cloud and SaaS identities are not just about people. They also include the digital personas of applications, services, and machines. These digital identities are crucial for managing access and ensuring security in modern cloud environments.   Understanding Human Identities In the context of cloud security, human identities refer to the unique digital identif...
https://cloudsecurityalliance.org/articles/human-and-non-human-identities-the-overlooked-security-risk-in-modern-enterprises
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How we're making security easier for the average developer
Security should be native to your workflow, not a painful separate process. The post How we're making security easier for the average developer appeared first on The GitHub Blog.
https://github.blog/security/application-security/how-were-making-security-easier-for-the-average-developer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China-based SMS Phishing Triad Pivots to Banks
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.
https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mobile Security & Malware Issue 2st Week of April, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of April, 2025”  
https://asec.ahnlab.com/en/87436/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

March 2025 Deep Web and Dark Web Trends Report
Note   This trend report on the deep web and dark web of March 2025 is sectioned into Ransomware, Data Breach, DarkWeb, CyberAttack, and Threat Actor. Please note that there are some parts of the content that cannot be verified for accuracy.       Key Issues      1)     Ransomware     1. Overview  […]
https://asec.ahnlab.com/en/87553/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Child predators are lurking on dating apps, warns report
A report from Edinburgh University warns that child abusers are using dating apps to find single parents with vulnerable children.
https://www.malwarebytes.com/blog/news/2025/04/child-predators-are-lurking-on-dating-apps-warns-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker's Movie Guide: Women In Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the podcast Sausalito, Calif. – Apr. 10, 2025 Cybercrime Magazine has assembled a complete list of hacker movies as well as video games, but now we’re here to zoom in and focus on women hackers, programmers, The post Hacker’s Movie Guide: Women In Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/hackers-movie-guide-women-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Password Spray Attacks Taking Advantage of Lax MFA
In the first quarter of 2025, Rapid7's Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests.
https://blog.rapid7.com/2025/04/10/password-spray-attacks-taking-advantage-of-lax-mfa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Moukthar - Android Remote Administration Tool
Remote adminitration tool for android Features Permissions bypass (android 12 below) https://youtube.com/shorts/-w8H0lkFxb0 Keylogger https://youtube.com/shorts/Ll9dNrkjFOA Notifications listener SMS listener Phone call recording Image capturing and screenshots Video recording Persistence Read & write contacts List installed applications Download & upload files Get device location Installation Clone repository console git clone https://github.com/Tomiwa-Ot/moukthar.git Install php, composer, mysql, php-mysql driver, apache2 and a2enmod Move server files to /var/www/html/ and install dependencies console mv moukthar/Server/* /var/www/html/ cd /var/www/html/c2-server composer install cd /var/www/html/web-socket/ composer install cd /var/www...
http://www.kitploit.com/2025/04/moukthar-android-remote-administration.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Check Point Cloud Firewalls Achieve Industry Best 100% Block Rate and Accuracy: CyberRatings.Org Test Results Confirm
Organisations demand uncompromising protection against today's most pressing threats while ensuring minimal disruption to legitimate business operations. Check Point CloudGuard Network Security has just set a new industry benchmark by achieving a 100% exploit block rate including evasions in independent testing conducted by CyberRatings.org (Fig 1.). Check Point also leads in reducing alert fatigue with […] The post Check Point Cloud Firewalls Achieve Industry Best 100% Block Rate and Accuracy: CyberRatings.Org Test Results Confirm appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/10/check-point-cloud-firewalls-achieve-industry-best-100-block-rate-and-accuracy-cyberratings-org-test-results-confirm/?utm_source=rss&utm_medium=rss&utm_campaign=check-point-cloud-firewalls-achieve-industry-best-100-block-rate-and-accuracy-cyberratings-org-test-results-confirm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MIWIC25: Lisa Landau, CEO and Co-Founder of ThreatLight
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […] The post MIWIC25: Lisa Landau, CEO and Co-Founder of ThreatLight appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/10/miwic25-lisa-landau-ceo-and-co-founder-of-threatlight/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-lisa-landau-ceo-and-co-founder-of-threatlight
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GOFFEE continues to attack organizations in Russia
Kaspersky researchers analyze GOFFEE's campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.
https://securelist.com/goffee-apt-new-attacks/116139/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Watch out for these traps lurking in search results
Here's how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results
https://www.welivesecurity.com/en/cybersecurity/watch-out-traps-lurking-search-results/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CrushFTP Authentication Bypass
What is the Vulnerability?FortiGuard Labs has observed in-the-wild attack attempts targeting CVE-2025-31161, an authentication bypass vulnerability in CrushFTP managed file transfer (MFT) software. Successful exploitation may grant attackers administrative access to the application, posing a serious threat to enterprise environments.The vulnerability is remotely exploitable, and a proof-of-concept (PoC) exploit is now publicly available. This increases the risk of rapid adoption by threat actors, including ransomware groups who have historically targeted MFT platforms like MOVEit Transfer and Cleo MFT.According to the Shadowserver Foundation, approximately 1,800 unpatched, internet-exposed CrushFTP instances remain vulnerable globally, heightening the urgency for immediate mitigation.What...
https://fortiguard.fortinet.com/threat-signal-report/6072
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to request a change to a CVE record
Learn how to identify which CVE Numbering Authority is responsible for the record, how to contact them, and what to include with your suggestion. The post How to request a change to a CVE record appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-request-a-change-to-a-cve-record/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit Scans for Secrets in SharePoint
Get details on Legit's new ability to scan for secrets in SharePoint.
https://www.legitsecurity.com/blog/legit-scans-for-secrets-in-sharepoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI
Exchange Server and SharePoint Server are business-critical assets and considered crown-jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server integrated Windows Antimalware Scan Interface (AMSI), providing an essential layer of protection by preventing harmful web requests from reaching backend endpoints. The blog outlines several attacks prevented by AMSI integration and highlights recent enhancements. The blog also provides protection and mitigation guidance and how defenders can respond. The post Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/09/stopping-attacks-against-on-premises-exchange-server-and-sharepoint-server-with-amsi/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How cyberattackers exploit domain controllers using ransomware
Read how cyberattackers exploit domain controllers to gain privileged system access where they deploy ransomware that causes widespread damage and operational disruption. The post How cyberattackers exploit domain controllers using ransomware appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/09/how-cyberattackers-exploit-domain-controllers-using-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Alliance's Certificate of Competence in Zero Trust (CCZT) Selected as 2025 SC Awards Finalist
Award-winning program named finalist for Best Professional Certification Program SEATTLE – April 9, 2025 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is proud to announce that its award-winning Certificate of Competence in Zero Trust (CCZT) has been named a Best Professional Certification Program finalist by the 2025 SC Awards. The CCZT, the ind...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-s-certificate-of-competence-in-zero-trust-cczt-selected-as-2025-sc-awards-finalist
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Qraved - 984,519 breached accounts
In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.
https://haveibeenpwned.com/PwnedWebsites#Qraved
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 2, April 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, April 2025                     DragonForce’s Acquisition of RansomHub: A New Paradigm in the Ransomware Ecosystem Analysis of a Major Security Breach in a South Korean Automotive Infotainment Software Company Ransomware Group Kill Security: Exploiting CrushFTP Server Vulnerabilities […]
https://asec.ahnlab.com/en/87409/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

March 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during March 2025. Below is a summary of the report.   1. Data Sources and Collection Methods   To proactively repond to Infostealer, AhnLab SEcurity intelligence Center (ASEC) operates various systems that automatically […]
https://asec.ahnlab.com/en/87444/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Passkeys: A More Secure Future.
Why Passkeys Are the Future of Online Security: Moving Beyond Vulnerable Passwords –Alfred Bonilla, Vice President, Modern Access, Mastercard San Jose, Calif. – Apr. 9, 2025 At this point, we've all heard the old adage that passwords aren't secure. And the statistics prove it: The The post Passkeys: A More Secure Future. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/passkeys-a-more-secure-future/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investigative Journalist Deep Dives Into The Bybit Hack
This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the podcast Sausalito, Calif. – Apr. 9, 2025 Major media outlets globally reported Feb. 21, 2025 that a .5 billion (USD) hack of Bybit was a record-setting cyberattack. The attack has been linked to The post Investigative Journalist Deep Dives Into The Bybit Hack appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/investigative-journalist-deep-dives-into-the-bybit-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Prompt Attacks Exploit GenAI and How to Fight Back
GenAI boosts productivity but also poses security risks. Palo Alto Networks has a new whitepaper about prompt-based threats and how to defend against them. The post How Prompt Attacks Exploit GenAI and How to Fight Back appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-frontier-of-genai-threats-a-comprehensive-guide-to-prompt-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lobo Guará - Cyber Threat Intelligence Platform
Lobo Guará is a platform aimed at cybersecurity professionals, with various features focused on Cyber Threat Intelligence (CTI). It offers tools that make it easier to identify threats, monitor data leaks, analyze suspicious domains and URLs, and much more. Features 1. SSL Certificate Search Allows identifying domains and subdomains that may pose a threat to organizations. SSL certificates issued by trusted authorities are indexed in real-time, and users can search using keywords of 4 or more characters. Note: The current database contains certificates issued from September 5, 2024. 2. SSL Certificate Discovery Allows the insertion of keywords for monitoring. When a certificate is issued and the common name contains the keyword (minimum of 5 characters), it will be displayed to the user....
http://www.kitploit.com/2025/04/lobo-guara-cyber-threat-intelligence.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From M to 0M: Phaneesh Murthy's Blueprint for Exponential Growth in Technology Services
  In the competitive landscape of global technology services, few executives can claim the kind of transformative growth that Phaneesh Murthy has orchestrated throughout his career. His most remarkable achievement came during his tenure at Infosys, where he helped scale the company’s revenue from less than million to an impressive 0 million. Even more […] The post From M to 0M: Phaneesh Murthy’s Blueprint for Exponential Growth in Technology Services appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/09/from-2m-to-750m-phaneesh-murthys-blueprint-for-exponential-growth-in-technology-services/?utm_source=rss&utm_medium=rss&utm_campaign=from-2m-to-750m-phaneesh-murthys-blueprint-for-exponential-growth-in-technology-services
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

So your friend has been hacked: Could you be next?
When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.
https://www.welivesecurity.com/en/cybersecurity/so-your-friend-has-been-hacked-could-you-be-next/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A WinRAR Flaw Could Allow MotW Security Bypass
Heads up, WinRAR users! A recently patched security flaw in WinRAR could allow mark-of-the-web (MotW)… A WinRAR Flaw Could Allow MotW Security Bypass on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/09/a-winrar-flaw-could-allow-motw-security-bypass/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday, April 2025 Edition
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.
https://krebsonsecurity.com/2025/04/patch-tuesday-april-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Disinformation Epidemic and Its Cost to Modern Enterprises
Originally Published by Koat.   Summary Disinformation's Impact on Reputation and Finances: Disinformation can severely damage a company's reputation, erode consumer trust, and lead to significant financial losses. False narratives, such as rumors about product defects or unethical practices, can undermine brand integrity and customer loyalty. Role of Threat Intelligence in Combatting Disinformation: Threat intelligence tools help businesses proactively detect, analyze, a...
https://cloudsecurityalliance.org/articles/the-disinformation-epidemic-and-its-cost-to-modern-enterprises
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Multiplan to Multimodal: A CFO's 40-Year Tech Journey into AI
Written by Jeffrey Westcott, CFO, CSA.   I received one of the first Apple Macintoshes back in January 1984 when I attended Drexel University. It was branded the Apple DU with a whopping 128k of memory. And it was the same machine as the Apple Mac, soon to be released to the public. Many of you reading this are too young to remember the iconic Apple television commercial for the Apple Macintosh which aired only once during the 1984 Super Bowl, although many of you, like me, re...
https://cloudsecurityalliance.org/articles/from-multiplan-to-multimodal-a-cfo-s-40-year-tech-journey-into-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday - April 2025
CLFS zero-day. LDAP critical RCEs. RDS critical RCEs. Hyper-V critical RCE.
https://blog.rapid7.com/2025/04/08/patch-tuesday-april-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploitation of CLFS zero-day leads to ransomware activity
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to address the vulnerability, tracked as CVE 2025-29824, on April 8, 2025. The post Exploitation of CLFS zero-day leads to ransomware activity appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Boulanger - 2,077,078 breached accounts
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
https://haveibeenpwned.com/PwnedWebsites#Boulanger
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Found means fixed: Reduce security debt at scale with GitHub security campaigns
Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams. The post Found means fixed: Reduce security debt at scale with GitHub security campaigns appeared first on The GitHub Blog.
https://github.blog/security/application-security/found-means-fixed-reduce-security-debt-at-scale-with-github-security-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meet the Deputy CISOs who help shape Microsoft's approach to cybersecurity
Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy CISOs share their experiences in cybersecurity and how they are redefining protection. The post Meet the Deputy CISOs who help shape Microsoft's approach to cybersecurity appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/08/meet-the-deputy-cisos-who-help-shape-microsofts-approach-to-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

March 2025 APT Group Trends (South Korea)
Overview   AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks in South Korea that were identified in March 2025, as well as the attack types.     Figure 1. Statistics of APT attacks in South Korea […]
https://asec.ahnlab.com/en/87400/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Ransomware: Business as Usual, Business is Booming
Rapid7 Labs took a look at internal and publicly-available ransomware data for Q1 2025 and added our own insights to provide a picture of the year thus far—and what you can do now to reduce your attack surface against ransomware.
https://blog.rapid7.com/2025/04/08/2025-ransomware-business-as-usual-business-is-booming/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI + Security: The Past, Present, and Future. A Documentary.
This week in cybersecurity from the editors at Cybercrime Magazine –Watch the YouTube video Sausalito, Calif. – Apr. 8, 2025 Artificial Intelligence is everywhere. Seemingly overnight, the technology has transitioned from a sci-fi concept to a foundational pillar of modern business. While new developments are The post AI + Security: The Past, Present, and Future. A Documentary. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-security-the-past-present-and-future-a-documentary/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Telegram-Story-Scraper - A Python Script That Allows You To Automatically Scrape And Download Stories From Your Telegram Friends
A Python script that allows you to automatically scrape and download stories from your Telegram friends using the Telethon library. The script continuously monitors and saves both photos and videos from stories, along with their metadata. Important Note About Story Access ⚠️ Due to Telegram API restrictions, this script can only access stories from: - Users you have added to your friend list - Users whose privacy settings allow you to view their stories This is a limitation of Telegram's API and cannot be bypassed. Features 🚀 Automatically scrapes all available stories from your Telegram friends Downloads both photos and videos from stories Stores metadata in SQLite database Exports data to Excel spreadsheet Real-time monitoring with customizable intervals Timestamp is set to (UTC+2)...
http://www.kitploit.com/2025/04/telegram-story-scraper-python-script.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Campaign Targets Amazon EC2 Instance Metadata via SSRF
Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS.
https://www.f5.com/labs/articles/threat-intelligence/campaign-targets-amazon-ec2-instance-metadata-via-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attackers distributing a miner and the ClipBanker Trojan via SourceForge
Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques.
https://securelist.com/miner-clipbanker-sourceforge-campaign/116088/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1 billion reasons to protect your identity online
Corporate data breaches are a gateway to identity fraud, but they're not the only one. Here's a lowdown on how your personal data could be stolen – and how to make sure it isn't.
https://www.welivesecurity.com/en/cybersecurity/1-billion-reasons-protect-identity-online/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

No certificate name verification for fgfm connection
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice and FortiWeb may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device Revised on 2025-04-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-046
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Directory Traversal
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-474
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

EMS can send javascript code to client through messages
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiClient may allow the EMS administrator to send messages containing javascript code. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-344
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Incorrect user management in widgets dashboard
An Incorrect User Management vulnerability [CWE-286] in FortiWeb widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-184
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LDAP Clear-text credentials retrievable with IP modification
An insufficiently protected credentials [CWE-522] vulnerability in FortiOS may allow a privileged authenticated attacker to retrieve LDAP credentials via modifying the LDAP server IP address in the FortiOS configuration to point to a malicious attacker-controlled server. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-111
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Log Pollution via login page
An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiManager and FortiAnalyzer may allow an unauthenticated remote attacker to pollute the logs via crafted login requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-453
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OS command injection on diagnose feature (GUI)
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiIsolator may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-397
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OS command injection on gen-ca-cert command
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiIsolator CLI may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-392
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unverified password change via set_password endpoint
An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify admin passwords via a specially crafted request. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-435
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Use of uninitialized resource in SSLVPN websocket
Multiple potential issues, including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] in FortiOS & FortiProxy SSLVPN webmode may allow a VPN user to corrupt memory, potentially leading to code or commands execution via specifically crafted requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-165
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Simplifies Security Solutions Sales For Partners Through Ingram Micro Xvantage Platform

https://www.proofpoint.com/us/newsroom/news/proofpoint-simplifies-security-solutions-sales-partners-through-ingram-micro-xvantage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

March 2025 Trends Report on Phishing Emails
This report provides statistics, trends, and case details on the distribution volume and attachment threats of phishing emails collected and analyzed in March 2025. The following is a part of the statistics and cases included in the original report. 1. Phishing Email Threat Statistics In March 2025, the most common type of threat among phishing […]
https://asec.ahnlab.com/en/87401/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit and Traceable: Better Together
Get details on Legit's new partnership with Traceable.
https://www.legitsecurity.com/blog/legit-and-traceable-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SpyCloud Research Shows that Endpoint Detection and Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections
Austin, TX, USA, 7th April 2025, CyberNewsWire SpyCloud Research Shows that Endpoint Detection and Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/07/spycloud-research-shows-that-endpoint-detection-and-antivirus-solutions-miss-two-thirds-66-of-malware-infections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don't Miss Out: What You Need to Know Before Take Command 2025
Join Rapid7's Take Command 2025 on April 9 for expert insights into ransomware, threat trends, and live discussions with top security leaders.
https://blog.rapid7.com/2025/04/07/dont-miss-out-what-you-need-to-know-before-take-command-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How ToddyCat tried to hide behind AV software
While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky expert discovered the CVE 2024-11859 vulnerability in a component of ESET's EPP solution.
https://securelist.com/toddycat-apt-exploits-vulnerability-in-eset-software-for-dll-proxying/116086/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

March 2025 Security Issues in Korean & Global Financial Sector
This report comprehensively covers actual cyber threats and security issues that have occurred in the financial industry in South Korea and abroad. This includes an analysis of malware and phishing cases targeting the financial industry, a list of the top 10 malware strains that target the industry, and statistics on the industries of the Korean […]
https://asec.ahnlab.com/en/87360/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor
AhnLab SEcurity intelligence Center (ASEC) uncovered that attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware targeting Korean victims since April 1, 2025. ViperSoftX is typically spread through cracked software or torrents, masquerading as legitimate programs. The main characteristic of ViperSoftX is that it operates as a PowerShell script. During the C&C communication […]
https://asec.ahnlab.com/en/87398/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Key Cybersecurity Challenges In 2025—Trends And Observations

https://www.proofpoint.com/us/newsroom/news/key-cybersecurity-challenges-2025-trends-and-observations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kubernetes Ingress-nginx Controller RCE
What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as "IngressNightmare,” affecting Ingress-nginx, one of the popular ingress controllers available for Kubernetes. Using Ingress-NGINX is one of the most common methods for exposing Kubernetes applications externally.CVE-2025-1974 is considered the most serious of the five and has been assigned a CVSS score of 9.8 (critical). When chained with one of the lower severity vulnerabilities, it allows for unauthenticated remote code execution. This exploitation could result in the exposure of sensitive information that the controller can access. Consequently, unauthenticated attackers have the potential to compromise the system by executing unauthorized code.What is the recommended Mitigation?Kubernetes...
https://fortiguard.fortinet.com/threat-signal-report/6061
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Wrap-Up 04/04/2025
New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution (RCE). Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813 garnered a lot of attention when it was disclosed;
https://blog.rapid7.com/2025/04/04/metasploit-wrap-up-04-04-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google announces Sec-Gemini v1, a new experimental cybersecurity model
Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini teamToday, we're announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before. Effectively powering SecOps workflows requires state-of-the-art reasoning capabilities and extensive current cybersecurity knowledge. Sec-Gemini v1 achieves...
http://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Taming the Wild West of ML: Practical Model Signing with Sigstore
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers. In this blog post we will illustrate why this release is important from Google's point of view.With the advent of LLMs, the ML field has entered an era of rapid evolution. We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical...
http://security.googleblog.com/2025/04/taming-wild-west-of-ml-practical-model.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the expert's testimony may have been pivotal.
https://krebsonsecurity.com/2025/04/cyber-forensic-expert-in-2000-cases-faces-fbi-probe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Power of Identifying Continuously Vulnerable Repositories (CVRs)
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/identifying-continuously-vulnerable-repositories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentales: Red Team vs. N-Day (and How We Won)
While the organization involved remains anonymous, the events described are real. This story reflects how our always-on testing approach closely mirrors the creativity and persistence of actual threat actors.
https://blog.rapid7.com/2025/04/04/pentales-red-team-vs-n-day-and-how-we-won/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 December 2024 Cyber Attacks Timeline
In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated...
https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A journey into forgotten Null Session and MS-RPC interfaces, part 2
Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.
https://securelist.com/ms-rpc-security-mechanism-step-by-step/116036/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OH-MY-DC: OIDC Misconfigurations in CI/CD
We found three key attack vectors in OpenID Connect (OIDC) implementation and usage. Bad actors could exploit these to access restricted resources. The post OH-MY-DC: OIDC Misconfigurations in CI/CD appeared first on Unit 42.
https://unit42.paloaltonetworks.com/oidc-misconfigurations-in-ci-cd/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Triada Malware Variant Comes Pre-Loaded On Sham Android Phones
Heads up, Android users! Before buying a new phone, make sure to verify the device's… New Triada Malware Variant Comes Pre-Loaded On Sham Android Phones on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/04/new-triada-malware-variant-comes-pre-loaded-on-sham-android-phones/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti Connect Secure CVE-2025-22457 exploited in the wild
On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical a stack-based buffer overflow vulnerability that allows for remote code execution on affected devices.
https://blog.rapid7.com/2025/04/03/etr-ivanti-connect-secure-cve-2025-22457-exploited-in-the-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Localhost dangers: CORS and DNS rebinding
What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we'll describe some common CORS issues as well as how you can find and fix them. The post Localhost dangers: CORS and DNS rebinding appeared first on The GitHub Blog.
https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The good, the bad and the unknown of AI: A Q&A with Mária Bieliková
The computer scientist and AI researcher shares her thoughts on the technology's potential and pitfalls – and what may lie ahead for us
https://www.welivesecurity.com/en/we-live-science/good-bad-unknown-ai-qa-maria-bielikova/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New guidance on securing HTTP-based APIs
Why it's essential to secure your APIs to build trust with your customers and partners.
https://www.ncsc.gov.uk/blog-post/new-guidance-on-securing-http-based-apis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Preview the Action: Two New Sessions Available Before Take Command 2025
Join Take Command 2025, a free virtual cybersecurity event on April 9. Hear from industry experts on AI-driven security, real-world attack simulations, and frontline SOC threat hunting strategies. Register now!
https://blog.rapid7.com/2025/04/02/preview-the-action-two-new-sessions-available-before-take-command-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TookPS: DeepSeek isn't the only game in town
The TookPS malicious downloader is distributed under the guise of DeepSeek, and further mimics UltraViewer, AutoCAD, SketchUp, Ableton, and other popular tools.
https://securelist.com/tookps/116019/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New online training helps board members to govern cyber risk
The NCSC's CEO, Richard Horne on the new cyber governance resources giving Boards the tools they need to govern cyber security risks.
https://www.ncsc.gov.uk/blog-post/new-online-training-helps-board-members-govern-cyber-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Discover Malicious Android Apps Exploiting .NET MAUI
The threat actors targeting Android users now employ a new technique to stay under the… Researchers Discover Malicious Android Apps Exploiting .NET MAUI on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/02/researchers-discover-malicious-android-apps-exploiting-net-maui/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Open Source Malware Index Q1 2025: Data exfil threats rising sharply
Sonatype's ongoing mission is to equip organizations with the most up-to-date information on open source security threats. As part of that commitment, we will be sharing data and insights on a quarterly basis, diving into how the open source malware space is evolving, including diving into notable malicious packages.
https://www.sonatype.com/blog/open-source-malware-index-q1-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub found 39M secret leaks in 2024. Here's what we're doing to help
Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today's launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes. The post GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help appeared first on The GitHub Blog.
https://github.blog/security/application-security/next-evolution-github-advanced-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon
Phishing with QR codes: New tactics described here include concealing links with redirects and using Cloudflare Turnstile to evade security crawlers. The post Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon appeared first on Unit 42.
https://unit42.paloaltonetworks.com/qr-code-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protective DNS for the private sector
Advice on the selection and deployment of Protective Domain Name Systems (DNS).
https://www.ncsc.gov.uk/guidance/protective-dns-for-private-sector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I wannabe Red Team Operator
Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often. “Hey there, how can I become a Red Team Operator? Yours sincerely, a recent graduate.” To us, this is like asking how to become a regular starter on a Premier League football team. There's nothing wrong with […]
https://blog.compass-security.com/2025/04/i-wannabe-red-team-operator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's My Daily Life Like (in OT DFIR)?
One of the most common questions I get asked by aspiring (and current) cybersecurity professionals is what my odd niche of the universe in critical infrastructure incident response is really like, day to day. So let me give a brief overview of what my work life is like. The first thing one needs to understand […]
https://tisiphone.net/2025/03/31/whats-my-daily-life-like-in-ot-dfir/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without explicit registry access could deploy new revisions of Cloud Run services that pulled private container images stored in the same GCP project. This was possible because Cloud Run uses a service agent with the necessary registry read permissions to retrieve these images, regardless of the caller's access level. By updating a service revision and injecting malicious commands into the container's arguments (e.g., using Netcat for reverse shell access), attackers could extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's trust model, which did not enforce a separate registry permission check on the deploying identity. Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities?Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a local authenticated attacker to escalate their privileges.According to a blog released by Mandiant, it has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. Ivanti Connect...
https://fortiguard.fortinet.com/threat-signal-report/5612
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
http://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors
New proposals will combat the growing threat to UK critical national infrastructure (CNI).
https://www.ncsc.gov.uk/blog-post/cyber-security-resilience-bill-policy-statement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)
Publication Date: 2025/03/31 08:10 AM PDT Description The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. We have identified the following issues within the AWS SAM CLI. A fix has been released and we recommend users upgrade to the latest version to address these issues. Additionally, users should ensure any forked or derivative code is patched to incorporate the new fixes. CVE-2025-3047: When running the AWS SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to...
https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using Sonatype Nexus Repository with the new Docker Hub rate limits
Beginning April 1, 2025, Docker is going to introduce new pull rate limits in Docker Hub, which follow previous limits introduced in 2020. In this blog, we will discuss how Docker Hub's upcoming pull rate limits will impact software development life cycles and how Sonatype Nexus Repository can help.
https://www.sonatype.com/blog/using-sonatype-nexus-repository-with-the-new-docker-hub-rate-limits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This month in security with Tony Anscombe – March 2025 edition
From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-march-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Resilience in the face of ransomware: A key to business survival
Your company's ability to tackle the ransomware threat head-on can ultimately be a competitive advantage
https://www.welivesecurity.com/en/business-security/resilience-face-ransomware-key-business-survival/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Each Pillar of the 1st Amendment is Under Attack
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.
https://krebsonsecurity.com/2025/03/how-each-pillar-of-the-1st-amendment-is-under-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

German Doner Kebab - 162,373 breached accounts
In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals.
https://haveibeenpwned.com/PwnedWebsites#GermanDonerKebab
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apache Tomcat RCE
What is the Vulnerability?On March 10, 2025, Apache issued a security advisory regarding a critical vulnerability (CVE-2025-24813) affecting the Apache Tomcat web server. This flaw could allow attackers to view or inject arbitrary content into security-sensitive files and potentially achieve remote code execution.Exploit code for this vulnerability is publicly available, and no authentication is required to launch an attack, making prompt mitigation essential. According to Apache, successful exploitation requires specific conditions, which may allow attackers to manipulate and view sensitive files or execute remote code.What is the recommended Mitigation?Impacted users should implement the recommended mitigations provided by Apache and follow the instructions outlined in the vendor's advisory:https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq-...
https://fortiguard.fortinet.com/threat-signal-report/6053
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive
How much do scraper bots affect your industry?
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bot-report-scraper-bots-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Prevent Web Scraping by Applying the Pyramid of Pain
The Bots Pyramid of Pain: a framework for effective bot defense.
https://www.f5.com/labs/articles/threat-intelligence/prevent-web-scraping-by-applying-the-pyramid-of-pain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How SBOMs drive a smarter SCA strategy
Modern software is largely assembled from open source components, constituting up to 90% of today's codebases. Managing the security and compliance risks associated with this external code is no longer optional — it's a core part of software development.
https://www.sonatype.com/blog/how-sboms-drive-a-smarter-sca-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Making it stick: How to get the most out of cybersecurity training
Security awareness training doesn't have to be a snoozefest – games and stories can help instill ‘sticky' habits that will kick in when a danger is near
https://www.welivesecurity.com/en/business-security/making-it-stick-get-most-cybersecurity-training/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with tough, versions prior to 0.20.0 (Multiple CVEs)
Publication Date: 2025/03/27 02:30PM PDT Description The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software. tough is a Rust client library for TUF repositories. AWS is aware of the following issues within tough, versions prior to 0.20.0. On March 27, 2025, we released a fix in tough 0.20.0 and recommend customers upgrade to address these issues and ensure any forked or derivative code is patched to incorporate the new fixes. CVE-2025-2885 relates to an issue with missing validation of the root metadata version number which could allow an actor to supply an unexpected version number to the client instead of the intended version in the root metadata file, altering the version fetched by...
https://aws.amazon.com/security/security-bulletins/AWS-2025-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New security requirements adopted by HTTPS certificate industry
Posted by Chrome Root Program, Chrome Security Team The Chrome Root Program launched in 2022 as part of Google's ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying security assurances provided by Transport Layer Security (TLS). Many of these initiatives are described on our forward looking, public roadmap named “Moving Forward, Together.” At a high-level, “Moving Forward, Together” is our vision of the future. It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy. It's focused on themes that we feel are essential...
http://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Getting Phished Puts You in Mortal Danger
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.
https://krebsonsecurity.com/2025/03/when-getting-phished-puts-you-in-mortal-danger/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple crypto packages hijacked, turned into info-stealers
Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims.
https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

G2 Names INE 2025 Cybersecurity Training Leader
Cary, North Carolina, 27th March 2025, CyberNewsWire G2 Names INE 2025 Cybersecurity Training Leader on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/27/g2-names-ine-2025-cybersecurity-training-leader/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RansomHub affiliates linked to rival RaaS gangs
ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutions
https://www.welivesecurity.com/en/videos/ransomhub-affiliates-linked-rival-raas-providers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration
Understanding trends amidst noise: tracking shifts in security alerts allows cloud defenders to parse threats from attackers targeting IAM, storage and more. The post Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration appeared first on Unit 42.
https://unit42.paloaltonetworks.com/2025-cloud-security-alert-trends/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FamousSparrow resurfaces to spy on targets in the US, Latin America
Once thought to be dormant, the China-aligned group has also been observed using the privately-sold ShadowPad backdoor for the first time
https://www.welivesecurity.com/en/videos/famoussparrow-resurfaces-spy-targets-us-latin-america/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
http://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit Announces New Vulnerability Prevention Capabilities
Get details on Legit's new capabilities that allow AppSec teams to prevent introducing vulnerabilities.
https://www.legitsecurity.com/blog/legit-announces-new-vulnerability-prevention-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued an out-of-band security update for iOS: Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild": "[The target was] an individual employed by a Washington DC-based civil society organization with international offices... The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim. The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim." The day before,...
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Titan Security Keys now available in more countries
Posted by Christiaan Brand, Group Product ManagerWe're excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.What is a Titan Security Key?A Titan Security Key is a small, physical device that you can use to verify your identity when you sign in to your Google Account. It's like a second password that's much harder for cybercriminals to steal.Titan Security Keys allow you to store your passkeys on a strong, purpose-built...
http://security.googleblog.com/2025/03/titan-security-keys-now-available-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apache Tomcat: Vulnerable versions downloaded nearly 100K times since PoC
A rapidly exploited vulnerability with a major blast radius A recently disclosed vulnerability in Apache Tomcat, CVE-2025-24813, is drawing significant attention due to its ease of exploitation, rapid adoption by attackers, and widespread usage across enterprise environments. This vulnerability is a blend of path traversal issues and deserialization flaws, potentially allowing for remote code execution (RCE) or the exfiltration of sensitive data.
https://www.sonatype.com/blog/apache-tomcat-vulnerability-widespread-exploitation-and-key-insights-from-sonatype
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub Actions Supply Chain Attack
What is the Attack?Recently, a popular third-party GitHub Action tj-actions/changed-files (CVE-2025-30066), used by over 23,000 repositories, was compromised, potentially exposing sensitive workflow secrets in any pipeline that integrated it.Subsequent investigation revealed that the compromise of tj-actions/changed-files may be linked to a similar breach of another GitHub Action, reviewdog/action-setup@v1 (CVE-2025-30154). Multiple Reviewdog actions were affected during a specific timeframe, raising further concerns about the scope of the attack. CVE-2025-30154 · GitHub Advisory DatabaseGitHub Actions, a widely used CI/CD platform, enables developers to automate software development pipelines with reusable workflow components. The supply chain compromise in this case poses a serious security...
https://fortiguard.fortinet.com/threat-signal-report/6052
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CodeQLEAKED - CodeQL Supply Chain Attack via Exposed Secret
A publicly exposed GitHub token in CodeQL workflow artifacts could allow attackers to execute malicious code in repositories using CodeQL, potentially leading to source code exfiltration, secrets compromise, and supply chain attacks. The vulnerability stemmed from a debug artifact containing environment variables, which could be downloaded and exploited within a 1-2 second window.
https://www.cloudvulndb.org/codeql-supply-chain-attack-exposed-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome.
https://securelist.com/operation-forumtroll/115989/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BlueSky InfoSec News List
Hello all, happy Tuesday. I’ve migrated my cybersecurity news feed list to BlueSky and it can now be found here: https://web-cdn.bsky.app/profile/hacks4pancakes.com/lists/3ll6ownhbuz2o I hope you find this useful. If you’re using Mastodon, the import process is a bit more manual: @Updated InfoSec Mastodon Lists!
https://tisiphone.net/2025/03/25/bluesky-infosec-news-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Active Roles Wins 2025 Cybersecurity Excellence Award for Hybrid Active Directory Protection
Alisa Viejo, United States, 25th March 2025, CyberNewsWire Active Roles Wins 2025 Cybersecurity Excellence Award for Hybrid Active Directory Protection on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/25/active-roles-wins-2025-cybersecurity-excellence-award-for-hybrid-active-directory-protection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Troy Hunt's Mailchimp List - 16,627 breached accounts
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
https://haveibeenpwned.com/PwnedWebsites#TroyHuntMailchimpList
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Financial cyberthreats in 2024
The Kaspersky financial threat report for 2024 contains the main trends and statistics on financial phishing and scams, mobile and PC banking malware, as well as recommendations on how to protect yourself and your business.
https://securelist.com/financial-threat-report-2024/115966/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issues with Kubernetes ingress-nginx controller (Multiple CVEs)
Publication Date: 2025/03/24 09:00AM PDT Description Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function. AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller. Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version. We have proactively notified customers who were identified as having this controller installed. References: CVE-2025-1098 - GitHub Issue CVE-2025-1974 - GitHub Issue CVE-2025-1097 - GitHub Issue CVE-2025-24514 - GitHub Issue...
https://aws.amazon.com/security/security-bulletins/AWS-2025-006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Next.js Vulnerability: What You Need to Know
Get details on this recent vulnerability, how to respond, and how Legit can help. 
https://www.legitsecurity.com/blog/next-js-vulnerability-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A maintainer's guide to vulnerability disclosure: GitHub tools to make it simple
A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start. The post A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/a-maintainers-guide-to-vulnerability-disclosure-github-tools-to-make-it-simple/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CyberFirst Girls Competition: a proud milestone and exciting future
The future of the CyberFirst Girls Competition and reflecting on brilliant progress.
https://www.ncsc.gov.uk/blog-post/cyberfirst-girls-competition-milestone-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privileged access workstations: introducing our new set of principles
Principles-based guidance for organisations setting up a PAW solution.
https://www.ncsc.gov.uk/blog-post/introducing-new-paws-principles
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Passkeys: they're not perfect but they're getting better
Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.
https://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Passkeys: the promise of a simpler and safer alternative to passwords
The merits of choosing passkeys over passwords to help keep your online accounts more secure, and explaining how the technology promises to do this
https://www.ncsc.gov.uk/blog-post/passkeys-promise-simpler-alternative-passwords
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Arrests in Tap-to-Pay Scheme Powered by Phishing
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China.
https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Human Factor: Redefining Cybersecurity In The Age Of AI

https://www.proofpoint.com/us/newsroom/news/human-factor-redefining-cybersecurity-age-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with the AWS CDK CLI and custom credential plugins (CVE-2025-2598)
Publication Date: 2025/03/21 07:00 AM PDT Description AWS identified CVE-2025-2598, an issue in the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI), versions 2.172.0 through 2.178.1. The AWS CDK CLI is a command line tool that deploys AWS CDK applications onto AWS accounts. When customers run AWS CDK CLI commands with credential plugins and configure those plugins to return temporary credentials by including an expiration property, this issue can potentially result in the AWS credentials retrieved by the plugin to be printed to the console output. Any user with access to where the CDK CLI was ran would have access to this output. We have released a fix for this issue and recommend customers upgrade to version 2.178.2 or later to address this issue....
https://aws.amazon.com/security/security-bulletins/AWS-2025-005/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/articles/threat-intelligence/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat landscape for industrial automation systems in Q4 2024
The report contains statistics on malware, initial infection vectors and other threats to industrial automation systems in Q4 2024.
https://securelist.com/ics-cert-q4-2024-report/115944/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 4/2)
A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains. The post GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 4/2) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Timelines for migration to post-quantum cryptography
Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.
https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beyond open vs. closed: Understanding the spectrum of AI transparency
Artificial intelligence (AI) is transforming industries, from software development to cybersecurity. But as AI adoption grows, so does the discussion around its accessibility and transparency. Unlike traditional software, where the concept of open source is well-defined, AI introduces additional complexities — particularly around training data, model parameters, and architecture openness.
https://www.sonatype.com/blog/beyond-open-vs.-closed-understanding-the-spectrum-of-ai-transparency
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Setting direction for the UK's migration to post-quantum cryptography
Why the key milestones for PQC migration are part of building and maintaining good cyber security practice.
https://www.ncsc.gov.uk/blog-post/setting-direction-uk-migration-to-pqc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses
In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve learned, these techniques can be detected by proxies employing TLS inspection, by checking whether the hostname in the SNI matches the one in the HTTP Host header. If they […]
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A different future for telecoms in the UK
NCSC Technical Director Dr Ian Levy explains the technical impact of the recent US sanctions on the security of Huawei equipment in the UK.
https://www.ncsc.gov.uk/blog-post/a-different-future-for-telecoms-in-the-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Yes, That's Me on Your Radio!
I had the honor of another short segment on NPR’s Marketplace this morning. I spoke about the state of cyber crime, and the impact of US government changes on cyber defense.
https://tisiphone.net/2025/03/19/yes-thats-me-on-your-radio/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DOGE to Fired CISA Staff: Email Us Your Personal Data
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment -- presumably with the password needed to view the file included in the body of the email.
https://krebsonsecurity.com/2025/03/doge-to-fired-cisa-staff-email-us-your-personal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SpyX - 1,977,011 breached accounts
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
https://haveibeenpwned.com/PwnedWebsites#SpyX
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff.
https://tisiphone.net/2025/03/18/updated-infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lexipol - 672,546 breached accounts
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
https://haveibeenpwned.com/PwnedWebsites#Lexipol
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint enhances cybersecurity by expanding partnership with Microsoft Azure

https://www.proofpoint.com/us/newsroom/news/proofpoint-enhances-cybersecurity-expanding-partnership-microsoft-azure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MSFT 'Strengthens' Cybersecurity Partnership with Proofpoint

https://www.proofpoint.com/us/newsroom/news/msft-strengthens-cybersecurity-partnership-proofpoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Darren Lee, EVP + GM at Proofpoint joins LIVE on NYSE TV

https://www.proofpoint.com/us/newsroom/news/darren-lee-evp-gm-proofpoint-joins-live-nyse-tv
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Github Actions tj-actions/changed-files Attack
Get details on this recent supply chain attack and how to prevent similar attacks in the future.
https://www.legitsecurity.com/blog/github-actions-tj-actions-changed-files-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks. The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 3: Domain Fronting
The last two blog posts in this series were about SNI spoofing and Host header spoofing. We also learned that the latter is addressed by some vendors with a technique called "Domain Fronting Detection". But what exactly is domain fronting? This will be explained in this blog post.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Establishes Global Strategic Alliance with Microsoft to Build on Azure and Strengthen Human-Centric Cybersecurity for Organizations

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-establishes-global-strategic-alliance-microsoft-build-azure-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to protect your Gmail, Outlook after FBI warning on Medusa ransomware

https://www.proofpoint.com/us/newsroom/news/how-protect-your-gmail-outlook-after-fbi-warning-medusa-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing OSV-Scanner V2: Vulnerability scanner and remediation tool for open source
Posted by Rex Pan and Xueqin Cui, Google Open Source Security TeamIn December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities. Our goal is to simplify and streamline vulnerability management for developers and security teams alike.Today, we're thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with...
http://security.googleblog.com/2025/03/announcing-osv-scanner-v2-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.
https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Text scams warning of unpaid road tolls fueled by cybercriminal salesmen on Telegram

https://www.proofpoint.com/us/newsroom/news/text-scams-warning-unpaid-road-tolls-fueled-cybercriminal-salesmen-telegram
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Application security trends: Shift-left security, AI, and open source malware
Software is at the heart of business operations across most industries, which means application security has never been more critical. However, as organizations embrace cloud-native architectures, microservices, and open source components, the attack surface continues to expand. The result: an ever-growing number of vulnerable and malicious dependencies that adversaries are eager to exploit.
https://www.sonatype.com/blog/application-security-trends-shift-left-security-ai-and-open-source-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Off the Beaten Path: Recent Unusual Malware
Three unusual malware samples analyzed here include an ISS backdoor developed in a rare language, a bootkit and a Windows implant of a post-exploit framework. The post Off the Beaten Path: Recent Unusual Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unusual-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/threat-intelligence/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims
We identified a campaign spreading thousands of sca crypto investment platforms through websites and mobile apps, possibly through a standardized toolkit. The post Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fraud-crypto-platforms-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 2: Host Header Spoofing
In the last post about bypassing web filters, I discussed how SNI spoofing works and how this can also be prevented by web filters. This post is about another bypass technique called Host Header spoofing.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we'll shed light on how these vulnerabilities that rely on a parser differential were uncovered. The post Sign in as anyone: Bypassing SAML SSO authentication with parser differentials appeared first on The GitHub Blog.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing picklescan: Sonatype discovers four vulnerabilities
Sonatype has discovered and disclosed four vulnerabilities in picklescan, a tool designed to help developers scan Python pickle files for malicious content. Pickle files, used for serializing and deserializing Python AI/ML models, can be a security risk as they allow for arbitrary code execution during the deserialization process.
https://www.sonatype.com/blog/bypassing-picklescan-sonatype-discovers-four-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 1: SNI Spoofing
This is the first part of a series of blog posts about techniques to bypass web filters, looking at increasingly advanced techniques with each part. The first part is about how SNI spoofing can be used to bypass web filters.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VMware Multiple Products Zero-day Vulnerabilities
What is the Vulnerability?Multiple zero-day vulnerabilities have been identified in VMware's ESXi, Workstation, and Fusion products. VMware has confirmed that these vulnerabilities are being actively exploited in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) has included them in its Known Exploited Vulnerabilities Catalog due to evidence of such exploitation.The vendor advisory indicates that these vulnerabilities were reported to VMware by the Microsoft Threat Intelligence Center.• CVE-2025-22225: Arbitrary Write Vulnerability in VMware ESXi • CVE-2025-22224: TOCTOU Race Condition Vulnerability in VMware ESXi and Workstation • CVE-2025-22226: Information Disclosure Vulnerability in VMware ESXi, Workstation, and FusionWhat is the recommended Mitigation?Updates...
https://fortiguard.fortinet.com/threat-signal-report/6026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders. The post Full exposure: A practical approach to handling sensitive data leaks appeared first on The GitHub Blog.
https://github.blog/security/full-exposure-a-practical-approach-to-handling-sensitive-data-leaks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Reward Program: 2024 in Review
Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who's reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who've recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and related initiatives:The Google VRP revamped its reward structure, bumping rewards up to a maximum...
http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple Vulnerabilities Discovered in a SCADA System
We identified multiple vulnerabilities in ICONICS Suite, SCADA software used in numerous OT applications. This article offers a technical analysis of our findings. The post Multiple Vulnerabilities Discovered in a SCADA System appeared first on Unit 42.
https://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit SLA Management & Governance – Built for Enterprise-Scale AppSec
Get details on Legit's powerful SLA management capabilities.
https://www.legitsecurity.com/blog/legit-sla-management-and-governance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Next Level: Typo DGAs Used in Malicious Redirection Chains
A graph intelligence-based pipeline and WHOIS data are among the tools we used to identify this campaign, which introduced a variant of domain generation algorithms. The post The Next Level: Typo DGAs Used in Malicious Redirection Chains appeared first on Unit 42.
https://unit42.paloaltonetworks.com/typo-domain-generation-algorithms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enterprises Should Consider Replacing Employees' Home TP-Link Routers
An examination of CVE trends from February 2025 scanning data.
https://www.f5.com/labs/articles/threat-intelligence/enterprises-should-consider-replacing-employees-home-tp-link-routers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Citrix NetScaler ADC and NetScaler Gateway Unauthenticated Remote Code Execution Vulnerability (CVE-2023-3519)
What is Citrix NetScaler ADC and NetScaler Gateway?Citrix NetScaler ADC, previously known as Citrix ADC, is an Application Delivery Controller (ADC) designed to achieve secure and optimized network traffic. Citrix NetScaler Gateway, previously known as Citrix Gateway, is an SSL-VPN solution designed to provide secure and optimized remote access. What is the Attack?According to the advisory published by Citrix, CVE-2023-3519 is an unauthenticated remote code execution vulnerability that affects the unmitigated Citrix NetScaler ADC and NetScaler Gateway products. For these products to be vulnerable, they must be configured either as a gateway or as an authentication, authorization, and auditing (AAA) virtual server. The advisory also confirms that Citrix-managed servers have already been mitigated,...
https://fortiguard.fortinet.com/threat-signal-report/5227
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

November 2024 Cyber Attacks Statistics
In November 2024, Cyber Crime continued to lead the Motivations chart with 72%, up from 68% of October. Operations driven...
https://www.hackmageddon.com/2025/03/05/november-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems
A topological analysis and case studies add nuance to a study of malicious traffic distribution systems. We compare their use by attackers to benign systems. The post Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems appeared first on Unit 42.
https://unit42.paloaltonetworks.com/detect-block-malicious-traffic-distribution-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hitachi Vantara Pentaho BA Server Vulnerabilities
What is the Vulnerability?Threat actors are actively exploiting vulnerabilities in the Hitachi Vantara Pentaho Business Analytics Server. FortiGuard network sensors have detected attack attempts on over 500 devices, and CISA has added these vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation.The Pentaho Business Analytics Server is widely used, trusted by 73% of Fortune 100 companies, and plays a crucial role in data analysis and business intelligence.Affected VulnerabilitiesCVE-2022-43939: Hitachi Vantara Pentaho BA Server Authorization Bypass VulnerabilityCVE-2022-43769: Hitachi Vantara Pentaho BA Server Special Element Injection VulnerabilityWhat is the recommended Mitigation?Apply the latest patch or update from the vendor. [CVE-2022-43769...
https://fortiguard.fortinet.com/threat-signal-report/6025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with Temporary elevated access management (TEAM) - CVE-2025-1969
Publication Date: 2025/03/04 10:30 AM PST Description Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. We recommend customers upgrade TEAM to the latest release, version 1.2.2. Affected versions: <1.2.2 Resolution A fix has been released in version 1.2.2. Please refer to the "Update TEAM solution" documentation for instructions on upgrading. References GHSA-x9xv-r58p-qh86 CVE-2025-1969 Acknowledgement We would like to thank Redshift Cyber Security for collaborating on this issue through the coordinated vulnerability disclosure process. Please email aws-security@amazon.com with any security questions or concerns....
https://aws.amazon.com/security/security-bulletins/AWS-2025-004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New AI-Powered Scam Detection Features to Help Protect You on Android
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse Google has been at the forefront of protecting users from the ever-growing threat of scams and fraud with cutting-edge technologies and security expertise for years. In 2024, scammers used increasingly sophisticated tactics and generative AI-powered tools to steal more than trillion from mobile consumers globally, according to the Global Anti-Scam Alliance. And with the majority of scams now delivered through phone calls and text messages, we've been focused on making Android's safeguards even more intelligent with powerful Google AI to help keep your financial information and data safe. Today, we're launching two new industry-leading...
http://security.googleblog.com/2025/03/new-ai-powered-scam-detection-features.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Color Dating - 220,503 breached accounts
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
https://haveibeenpwned.com/PwnedWebsites#ColorDating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Flat Earth Sun, Moon and Zodiac App - 33,294 breached accounts
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.
https://haveibeenpwned.com/PwnedWebsites#FlatEarthDave
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Palo Alto PAN-OS Authentication Bypass
What is the Vulnerability?A recent authentication bypass vulnerability (CVE-2025-0108) in the Palo Alto Networks PAN-OS software is under active exploitation as has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog. Successful exploitation of CVE-2025-0108 enables an unauthenticated attacker with network access to the management web interface to bypass the authentication required by the PAN-OS management web interface and invoke certain PHP scripts that can impact its integrity and confidentiality. According to the vendor advisory, Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces. A detailed Outbreak report including the attack using CVE-2024-9474 was released...
https://fortiguard.fortinet.com/threat-signal-report/6019
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spyzie - 518,643 breached accounts
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#Spyzie
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 2025 State of Application Risk Report: Understanding Toxic Combinations in Application Security
Get details on the most common toxic combinations Legit unearthed in enterprises' software factories.
https://www.legitsecurity.com/blog/understanding-toxic-combinations-in-application-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-30 November 2024 Cyber Attacks Timeline
In the second timeline of November 2024 I collected 117 events (7.8 events/day) with a threat landscape dominated by malware
https://www.hackmageddon.com/2025/02/27/16-30-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Orange Romania - 556,557 breached accounts
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
https://haveibeenpwned.com/PwnedWebsites#OrangeRomania
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why AI Can't Replace Cybersecurity Analysts
As we face an extreme downturn in cybersecurity hiring which entry level candidates bear the brunt of, I want to address an elephant in the room: AI. I spend a lot of my time providing career clinics and mentorship, and I truly understand this is one of the worst cybersecurity job markets for young people […]
https://tisiphone.net/2025/02/26/why-ai-cant-replace-cybersecurity-analysts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Phillip Wylie Show!
I made an appearance on the wonderful Phillip Wylie show! It was incredibly kind of him to have me on. We talked about a kind of niche area of ICS – how to do digital forensics in that space – especially weird and legacy stuff – and what that actually means during incident response. Check […]
https://tisiphone.net/2025/02/26/the-phillip-wylie-show/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silent Reaper (Azure LogicApp Secrets Control Plane Exfiltration)
Azure iPaaS services, such as Logic Apps, separate the Control Plane (management) from the Data Plane (execution), but a flaw in this model enabled undetectable data harvesting. An attacker with Azure Reader access to workflow run history can silently extract sensitive data from executions, including secrets and API responses. This is possible because execution details are exposed via the Control Plane, bypassing Data Plane access controls. The root cause of this issue is the unintended exposure of runtime data through metadata endpoints, which could allow an attacker to passively collect information without triggering alerts or requiring direct execution privileges.
https://www.cloudvulndb.org/azure-logic-apps-secrets-control-plane-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vault Recon (Azure KeyVault Secrets Metadata Control Plane Exfiltration)
Azure Key Vault enforces a separation between the Control Plane (management) and Data Plane (secrets access). However, a flaw in this isolation allows unauthorized users to enumerate secrets and keys within a vault. By having Reader access or lesser privileges on a Key Vault, an attacker could leverage Azure Resource Explorer to access metadata about stored secrets. This is due to unintended exposure through the Control Plane, which should not provide insight into Data Plane resources. The root cause of this issue is insufficient isolation between the two planes, where metadata retrieval is permitted even when direct access to secrets is restricted. This allows attackers to gain information about sensitive assets without full permissions.
https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing tomorrow's software: the need for memory safety standards
Posted by Alex Rebert, Security Foundations, Ben Laurie, Research, Murali Vijayaraghavan, Research and Alex Richardson, SiliconFor decades, memory safety vulnerabilities have been at the center of various security incidents across the industry, eroding trust in technology and costing billions. Traditional approaches, like code auditing, fuzzing, and exploit mitigations – while helpful – haven't been enough to stem the tide, while incurring an increasingly high cost.In this blog post, we are calling for a fundamental shift: a collective commitment to finally eliminate this class of vulnerabilities, anchored on secure-by-design practices – not just for ourselves but for the generations that follow.The shift we are calling for is reinforced by a recent ACM article calling to standardize...
http://security.googleblog.com/2025/02/securing-tomorrows-software-need-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ALIEN TXTBASE Stealer Logs - 284,132,969 breached accounts
In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website.
https://haveibeenpwned.com/PwnedWebsites#AlienStealerLogs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Passkeys
Don't we all know the hassle of managing loads of passwords, trying to come up with secure and unique ones only to try afterwards to remember them? Or always staying on high alert whether the URL is definitely the valid one for the website we are trying to visit? What if all this could be over soon? Welcome to Passkeys!
https://blog.compass-security.com/2025/02/passkeys/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Last chance for online career mentorship, for a while
As I turn my attention to the major life change of moving to Australia, this will be the last opportunity to take advantage of my free, weekly cybersecurity career mentorship sessions for the indefinite future. I’ve really enjoyed providing this service on top of my normal career clinics at conferences, and I hope I can […]
https://tisiphone.net/2025/02/19/last-chance-for-online-career-mentorship-for-a-while/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Podcast: Expanding Frontiers Research
In this podcast, I’m asked about current and future trends in industrial cyberattacks, as well as a variety of community and social issues facing our industry in the future.
https://tisiphone.net/2025/02/19/podcast-expanding-frontiers-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint ranked #1 in Four out of Five Use Cases in the 2025 Gartner® Critical Capabilities™ Report for Email Security Platforms

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-ranked-1-four-out-five-use-cases-2025-gartnerr-critical
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 Vulnerability Scanning Surges 91%
Scans intensify, looking for a critical vulnerability in TBK DVR devices.
https://www.f5.com/labs/articles/threat-intelligence/2024-vulnerability-scanning-surges-91
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Out with the Old, In with the Bold: Gen Threat Labs
For years, Avast Decoded has been your go-to for the latest in cybersecurity insights and research. But as cybercriminals evolve, so do we. Starting now, our groundbreaking research, expert analysis and the stories that keep the digital world safe are moving to one place: the Gen Insights Blog. By uniting our expertise under the Gen […] The post Out with the Old, In with the Bold: Gen Threat Labs appeared first on Avast Threat Labs.
https://decoded.avast.io/salat/out-with-the-old-in-with-the-bold-gen-threat-labs/?utm_source=rss&utm_medium=rss&utm_campaign=out-with-the-old-in-with-the-bold-gen-threat-labs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How GitHub uses CodeQL to secure GitHub
How GitHub's Product Security Engineering team manages our CodeQL implementation at scale and how you can, too. The post How GitHub uses CodeQL to secure GitHub appeared first on The GitHub Blog.
https://github.blog/engineering/how-github-uses-codeql-to-secure-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stealthy AD CS Reconnaissance
Introducing a certipy parse command to perform stealthy offline AD CS enumeration based on local registry data.
https://blog.compass-security.com/2025/02/stealthy-ad-cs-reconnaissance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA
The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing. The post From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA appeared first on The GitHub Blog.
https://github.blog/security/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 November 2024 Cyber Attacks Timeline
In the first timeline of November 2024 I collected 128 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/02/06/1-15-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers. LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail. However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article. Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not just those implemented in the service, but any other object compatible with being remoted. For example, if you wanted to expose an XML document across the client-server boundary, you could use a pre-existing COM or .NET library and return that object back to the client. By default when the object is returned it's marshaled by reference, which results in the object staying in the out-of-process server. This flexibility has a number of downsides, one of which is the topic of this...
https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel. The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn't going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities...
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Path traversal issue in Deep Java Library - (CVE-2025-0851)
Publication Date: 2025/01/29 1:30 PM PST AWS identified CVE-2025-0851, a path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms that allows a bad actor to write files to arbitrary locations. If leveraged, an actor could gain SSH access by injecting an SSH key into the authorized_keys file, or upload HTML files to leverage cross-site scripting issues. We can confirm that this issue has not been leveraged. A fix for this issue has been released and we recommend the users of DJL upgrade to version 0.31.1 or later. Affected versions: 0.1.0 - 0.31.0 Resolution The patches are included in DJL 0.31.1. Reference CVE-2025-0851 GHSA-6h2x-4gjf-jc5w Please email aws-security@amazon.com with any security questions or concerns.
https://aws.amazon.com/security/security-bulletins/AWS-2025-003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How we kept the Google Play & Android app ecosystems safe in 2024
Posted by Bethel Otuteye and Khawaja Shams (Android Security and Privacy Team), and Ron Aquino (Play Trust and Safety) Android and Google Play comprise a vibrant ecosystem with billions of users around the globe and millions of helpful apps. Keeping this ecosystem safe for users and developers remains our top priority. However, like any flourishing ecosystem, it also attracts its share of bad actors. That's why every year, we continue to invest in more ways to protect our community and fight bad actors, so users can trust the apps they download from Google Play and developers can build thriving businesses. Last year, those investments included AI-powered threat detection, stronger privacy policies, supercharged developer tools, new industry-wide alliances, and more. As a result, we...
http://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How we estimate the risk from prompt injection attacks on AI systems
Posted by the Agentic AI Security Team at Google DeepMindModern AI systems, like Gemini, are more capable than ever, helping retrieve data and perform actions on behalf of users. However, data from external sources present new security challenges if untrusted sources are available to execute instructions on AI systems. Attackers can take advantage of this by hiding malicious instructions in data that are likely to be retrieved by the AI system, to manipulate its behavior. This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.To mitigate the risk posed by this class of attacks, we are actively deploying defenses within our AI systems along with measurement and monitoring tools. One of these tools is a robust evaluation...
http://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BloodHound Community Edition Custom Queries
This blog post introduces our new custom queries for BloodHound Community Edition (CE) and explains how you can use them effectively to analyze your Active Directory infrastructure. TL;DR: Check out our new BloodHound CE custom queries! Active Directory and BloodHound The majority of our customers run a Microsoft Active Directory infrastructure, either exclusively on-prem or […]
https://blog.compass-security.com/2025/01/bloodhound-community-edition-custom-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android enhances theft protection with Identity Check and expanded features
Posted by Jianing Sandra Guo, Product Manager, Android, Nataliya Stanetsky, Staff Program Manager, Android Today, people around the world rely on their mobile devices to help them stay connected with friends and family, manage finances, keep track of healthcare information and more – all from their fingertips. But a stolen device in the wrong hands can expose sensitive data, leaving you vulnerable to identity theft, financial fraud and privacy breaches. This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft. As part of our commitment to help you stay safe on Android, we're expanding and enhancing these features to deliver even more robust protection...
http://security.googleblog.com/2025/01/android-theft-protection-identity-check-expanded-features.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2 ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in: 1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue. 1.0.8 ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
http://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

October 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for October 2024 where I collected and analyzed 240 events...
https://www.hackmageddon.com/2025/01/21/october-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3. As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OSV-SCALIBR: A library for Software Composition Analysis
Posted by Erik Varga, Vulnerability Management, and Rex Pan, Open Source Security TeamIn December 2022, we announced OSV-Scanner, a tool to enable developers to easily scan for vulnerabilities in their open source dependencies. Together with the open source community, we've continued to build this tool, adding remediation features, as well as expanding ecosystem support to 11 programming languages and 20 package manager formats. Today, we're excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning. OSV-SCALIBR combines Google's internal vulnerability management expertise into one scanning library with significant new capabilities such as:SCA for installed packages, standalone binaries, as well as source codeOSes...
http://security.googleblog.com/2025/01/osv-scalibr-library-for-software.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 October 2024 Cyber Attacks Timeline
In the second timeline of October 2024 I collected 120 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/01/16/16-31-october-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hitchhiker's Guide to Managed Security
Over the past few years, we have had the opportunity to conduct several Purple Teaming exercises together with our customers. Particularly after Purple Teaming exercises involving external providers, we often see a mismatch between the customer's expectations and the service provided. This blog post attempts to summarize how to prevent the most prevalent issues with a managed security service as early as possible.
https://blog.compass-security.com/2025/01/hitchhikers-guide-to-managed-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hardcoded Encryption Key Used for Named Pipe Communication
A use of hard-coded cryptographic key (CWE-321) vulnerability in FortiClient Windows may allow a low-privileged user to decrypt interprocess communication via monitoring named pipe. Revised on 2025-04-16 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-216
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Integer Overflow in ipsec ike
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS and FortiSASE FortiOS tenant IPsec IKEv1 service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. Revised on 2025-04-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-267
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe? Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email. Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors. This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years. Screenshot of claims on the BIScience website Contents Who is BIScience? BIScience collects data from millions of users BIScience buys data from partner third-party extensions BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Dangers of DNS Hijacking
How expired domains and improper DNS management can lead to severe security risks like MitM attacks, fraudulent TLS/SSL certifications, and more.
https://www.f5.com/labs/articles/threat-intelligence/the-dangers-of-dns-hijacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
http://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list: I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon: Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then? Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 October 2024 Cyber Attacks Timeline
In the first timeline of October 2024, I collected 120 events (8 events/day) with a threat landscape...
https://www.hackmageddon.com/2025/01/07/1-15-october-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q3 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in the third quarter of 2024. In this period, I collected...
https://www.hackmageddon.com/2024/12/23/q3-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as...
https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

September 2024 Cyber Attacks Statistics
After the corresponding cyber attacks timelines, it's time to publish the statistics for September 2024 where I collected and analyzed 257 events. During September 2024...
https://www.hackmageddon.com/2024/12/19/september-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Cybersecurity Predictions
&ldquo;I never think of the future. It comes soon enough.&rdquo;
https://www.f5.com/labs/articles/cisotociso/2025-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Posted by Seth Jenkins, Google Project ZeroThis blog post provides a technical analysis of exploit artifacts provided to us by Google's Threat Analysis Group (TAG) from Amnesty International. Amnesty’s report on these exploits is available here. Thanks to both Amnesty International and Google's Threat Analysis Group for providing the artifacts and collaborating on the subsequent technical analysis!IntroductionEarlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered,...
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dirty DAG - Azure Apache Airflow Integration Vulnerabilities
Unit 42 researchers identified vulnerabilities in the Azure Data Factory's integration with Apache Airflow. These vulnerabilities include misconfigured Kubernetes Role-Based Access Control (RBAC), improper secret handling in Azure's internal Geneva service, and weak authentication mechanisms. Exploiting these flaws, attackers could gain shadow admin control over Azure infrastructure by crafting malicious DAG files or compromising service principals, leading to unauthorized access, data exfiltration, malware deployment, and persistent control of the cluster. Once attackers gain access, they can escalate privileges within the Azure Kubernetes Service (AKS) cluster, compromise containerized environments, and exploit Azure's Geneva service to manipulate logs and metrics. The research highlighted...
https://www.cloudvulndb.org/azure-airflow-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the... The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Tooling Updates: OleView.NET
Posted by James Forshaw, Google Project ZeroThis is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such as privilege escalation and remote code execution. The updates were recently presented at the Microsoft Bluehat conference in Redmond under the name "DCOM Research for Everyone!". This blog expands on the topics discussed to give a bit more background and detail that couldn't be fit within the 45-minute timeslot. This post assumes a knowledge of COM as I'm only going to describe a limited number of terms.Using the OleView.NET Tooling Before we start the discussion it's important...
https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with DynamoDB local - CVE-2022-1471
Publication Date: 2024/12/11 2:00PM PST AWS is aware of CVE-2022-1471 in SnakeYaml software, included in DynamoDB local jar and Docker distributions from version 1.21 and version 2.0. If leveraged, this issue could allow an actor to perform remote code execution using the SnakeYaml's Constructor(), as the software does not restrict the types that can be instantiated during deserialization. AWS has found no evidence that this issue has been leveraged, however, customers should still take action. On November 6, 2024, we released a fix for this issue. Customers should upgrade DynamoDB local to the latest version: v1.25.1 and above, or 2.5.3 and above. Please email aws-security@amazon.com with any security questions or concerns.
https://aws.amazon.com/security/security-bulletins/AWS-2024-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scanning For Credentials, and BotPoke Changes IPs Again
Nearly 50% of observed traffic is looking for accidentally exposed data.
https://www.f5.com/labs/articles/threat-intelligence/scanning-for-credentials-and-botpoke-changes-ips-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Predictions 2025: The Future of Cybersecurity Unveiled
The digital world is evolving at breakneck speed. In 2025, we're set to witness transformative changes in cybersecurity that will redefine trust, security, and how we navigate our digital lives. Here's what we see coming: Read the full blog to explore the trends in depth. The future of cybersecurity will demand both solutions and vigilance. […] The post Predictions 2025: The Future of Cybersecurity Unveiled appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/predictions-2025-the-future-of-cybersecurity-unveiled/?utm_source=rss&utm_medium=rss&utm_campaign=predictions-2025-the-future-of-cybersecurity-unveiled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and... The post Zero Trust Architecture  appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before... The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to... The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),... The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go... The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Posted by Ivan Fratric, Google Project Zero Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware. However, despite this, during decoding, a large part of the AV1 format parsing happens in software, inside the kernel, more specifically inside the AppleAVD kernel extension (or at least, that used to be the case in macOS 14/ iOS 17). As fuzzing is one of the techniques we employ regularly, the question of how to effectively fuzz this code inevitably came up. It should be noted that I wasn’t the first person to look into the problem of Apple kernel extension fuzzing, so before going...
https://googleprojectzero.blogspot.com/2024/11/simple-macos-kernel-extension-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gen Q3/2024 Threat Report
The third quarter threat report is here—and it's packed with answers. Our Threat Labs team had uncovered some heavy stories behind the stats, exposing the relentless tactics shaping today's threat landscape. Here's what you need to know: This is just the surface. Read the full report and see how our Threat Labs team is relentlessly […] The post Gen Q3/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/gen-q3-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=gen-q3-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates. One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking Cybersecurity Talent: The Power of Apprenticeships
Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there's no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let's commit to supporting this important talent development approach
https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver's license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver's license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ModeLeak: LLM Model Exfiltration Vulnerability in Vertex AI
A vulnerability in GCP's Vertex AI service allows privilege escalation and unauthorized access to sensitive LLM models. Attackers can exfiltrate these models by exploiting misconfigurations in access controls and service bindings. By exploiting custom job permissions, researchers were able to escalate their privileges and gain unauthorized access to all data services in the project. In addition, deploying a poisoned model in Vertex AI led to the exfiltration of all other fine-tuned models, posing a proprietary and sensitive data exfiltration attack risk.
https://www.cloudvulndb.org/gcp-vertexai-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with data.all (Multiple CVEs)
Publication Date: 2024/11/8 4:00 PM PDT Data.all is an open source development framework to help customers build a data marketplace on AWS. We have identified the following issues within data.all version 1.0.0 through 2.6.0. On November 8, 2024, we released a fix and recommend customers upgrade to version 2.6.1 or later and ensure any forked or derivative code are patched to incorporate the new fixes. CVE-2024-52311 relates to an issue where data.all does not invalidate authentication token upon user logout. CVE-2024-52312 relates to an issue where data.all authenticated users can perform restricted operations against DataSets and Environments. CVE-2024-52313 relates to an issue where data.all authenticated users can obtain incorrect object level authorizations. CVE-2024-52314...
https://aws.amazon.com/security/security-bulletins/AWS-2024-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind. Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered the vulnerability and reported it to the developers in early October, who fixed it on the same day. Fortunately, we found...
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Repo swatting attack deletes/blocks GitHub and GitLab accounts
A technique called "repo swatting" allows attackers to delete GitHub and block GitLab accounts by exploiting file upload features and abuse reporting mechanisms. Attackers upload malicious files to a target's repository, then report the account for hosting malicious content, potentially resulting in account deletion. The vulnerability was partially mitigated by October 2024 via changes in upload URL paths and requirement for each uploader to be authenticated (in GitHub).
https://www.cloudvulndb.org/repo-swatting-attack-deletes-github-gitlab-accounts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet. While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse. While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? Now more than ever, the use of technology is central to our lives. It is the means by which we are
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –... The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity... The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system. But as one tries to dig deeper and understand how the registry really works internally, things may get confusing really fast. What are hives? How do they map or relate to the top-level keys? Why are some HKEY root keys pointing inside of other root keys (e.g. HKCU being located under HKU)? These are all valid questions, but they are difficult to answer without fully understanding the interactions between the user-mode Registry API and the kernel-mode registry...
https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an... The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS CDK Bucket Squatting Risk
The AWS Cloud Development Kit (CDK) is a way of deploying infrastructure-as-code. The vulnerability involves AWS CDK's use of a predictable S3 bucket name format (cdk-{Qualifier}-assets-{Account-ID}-{Region}), where the default “random” qualifier (hnb659fds) is common and easily guessed. If an AWS customer deletes this bucket and reuses CDK, an attacker who claims the bucket can inject malicious CloudFormation templates, potentially gaining admin access. Attackers supposedly only need the AWS account ID to prepare the bucket in various regions, exploiting the default naming convention. However, it is important to note that the additional conditions greatly lower the likelihood of exploitation. The victim must use the CDK, having deleted the bucket, and then subsequently attempt to...
https://www.cloudvulndb.org/aws-cdk-squatting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a
https://www.nist.gov/blogs/cybersecurity-insights/iot-assignment-completed-report-barriers-us-iot-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-10125 - missing JWT issuer and signer validation in aws-alb-identity-aspnetcore
Publication Date: 2024/10/21 4:00 PM PDT Description: The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET Core deployment scenario, including AWS Fargate, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Compute Cloud (Amazon EC2), and AWS Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity...
https://aws.amazon.com/security/security-bulletins/AWS-2024-012/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Missing JWT issuer and signer validation in ALB middleware

https://www.cloudvulndb.org/missing-jwt-issuer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data exfil via VPC endpoint denials in CloudTrail
CloudTrail delivered events to the resource owner and API caller even when the API action was denied by the VPC endpoint policy. This could have enabled a stealthy data exfiltration method in cases where an attacker had previously compromised a VPC, by smuggling data through the user agent field in denied requests.
https://www.cloudvulndb.org/vpc-endpoint-log-data-exfil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to... The post Protecting Your Website From DDoS Attack appeared first on Hacker Combat.
https://www.hackercombat.com/ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Subdomain Takeover Vulnerability in GitLab Pages
A vulnerability in GitLab Pages allowed attackers to take over dangling custom domains pointing to 'instanceX.gitlab.io'. The issue occured when adding an unverified custom domain to GitLab Pages, which serves content for 7 days before disabling. This could lead to cookie stealing, phishing campaigns, and bypassing of Content-Security Policies and CORS.
https://www.cloudvulndb.org/subdomain-takeover-vulnerability-gitlab-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. After the disclosure, I received some questions about how this issue was discovered, since dav1d is already being fuzzed by at least oss-fuzz. This blog post explains what happened. It’s a useful case study in how to construct fuzzers to exercise as much code as possible. But first, some background...BackgroundDav1d Dav1d is a highly-optimized AV1 decoder. AV1 is a royalty-free video coding format developed by the Alliance...
https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133)
Publication Date: 2024/10/01 6:35 PM PDT AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin. Amazon Elastic Container Service (Amazon ECS) Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with the patched NVIDIA container toolkit v1.16.2. We recommend that ECS customers update to these AMIs (or the latest available). Additional information on the ECS-optimized AMI is available at in our "Amazon ECS-optimized Linux AMIs" developer guide. Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images...
https://aws.amazon.com/security/security-bulletins/AWS-2024-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment. Colibri Hero (also known as allcolibri) is a company with a noble mission: We want to create a world where organizations can make a positive impact on people and communities. One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website: Plantation financed by our partners So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CloudImposer
Google Cloud Composer is a managed service for Apache Airflow. Tenable discovered that the Cloud Composer package was vulnerable to dependency confusion, which could have allowed attackers to inject malicious code when the package was compiled from source. This could have led to remote code execution on machines running Cloud Composer, which include various other GCP services as well as internal servers at Google. The dependency confusion stemmed from Google's risky recommendation in their documentation to use the --extra-index-url argument when installing private Python packages. Following disclosure, Google fixed the dependency confusion vulnerability and also updated their documentation.
https://www.cloudvulndb.org/cloudimposer-gcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars. The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 0.103 LTS End of Life Announcement
The ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security vulnerability fix support from our team. This end of life date will be Sept. 14, 2024. ClamAV 0.103 users will be able to update signatures from the official database mirror for an additional one year after the EOL date. After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature updates. We recommend that users update to the newest LTS release, ClamAV 1.0.6. For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1. The most recent version of ClamAV can be found here: https://www.clamav.net/downloads The following is a list of major changes available to users in the newest versions of ClamAV. Since ClamAV 0.103, ClamAV 1.0 LTS adds: ·                     A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean. Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary. But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers. Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The  cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […] The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. In that case, tidbits of valuable data can lurk in forgotten documentation, out-of-print books, and dusty open-source code – each potentially offering a critical piece of the puzzle. Uncovering them takes some effort, but the payoff is often immense. Scraps of information can contain hints as to how certain parts of the software are implemented, as well as why – what were ...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild.  Diamorphine is a well-known […] The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same  threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests. As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs. We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors. In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package.  But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […] The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system. We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators. Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing. I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack). It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sponsored Ad Fraud: Mystery Box Scams Flood Social Media
Social media platforms are overflowing with scams. In the past couple of months, Bitdefender Labs has been monitoring a steep increase in fraudulent social media ads on Facebook promoting various swindles ranging from crypto-doubling to AI-generated celebrity-endorsed giveaways. Our latest analysis has spotted a consistent trend, with fraudsters continuing to exploit Meta's ad system to deceive consumers. The hustle? A long-established ruse that involves peddling so-called mystery boxes from
https://www.bitdefender.com/en-us/blog/labs/sponsored-ad-fraud-mystery-box-scams-flood-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro. The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Stealers Converge: New Variant of Atomic Stealer in the Wild
Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our malware zoo. During routine verifications, we were able to isolate multiple suspicious and undetected macOS disk image files surprisingly small for files of this kind (1.3 MB per file). A short look into the code revealed that these files are significantly similar to other samples analysed in the
https://www.bitdefender.com/en-us/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first. As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon. Update (2025-01-12): Added Lemmy endpoint which has been fixed by now. Also mentioned...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)

https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...] The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...] The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...] The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...] The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The three most important AWS WAF rate-based rules
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […] The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […] The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […] The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […] The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […] The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […] The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […] The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […] The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […] The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […] The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...] The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...] The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...] The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...] The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...] The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...] The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)