L'Actu de la presse spécialisée
Pas d'actualité
L'Actu de la presse
Lost world unearthed beneath Antarctica ice after 34 million years - LBC
M&S tells agency warehouse staff to stay at home after cyber attack · Latest UK News · See more Latest UK News · Eurofighter Typhoons Fly From RAF ...
https://www.lbc.co.uk/tech/lost-world-unearthed-beneath-antarctica-ice-34-000-000-years/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Logistic Regression for Binary Classification With Core APIs
This guide shows how to use TensorFlow Core APIs to build, train, and evaluate a logistic regression model for binary tumor classification using the Wisconsin Breast Cancer Dataset.
https://hackernoon.com/logistic-regression-for-binary-classification-with-core-apis?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quickstart Guide: TensorFlow Core APIs
This tutorial shows how to use TensorFlow Core's low-level APIs to build, train, and evaluate a multiple linear regression model that predicts car fuel efficiency.
https://hackernoon.com/quickstart-guide-tensorflow-core-apis?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT Codex Tutorial: AI Agent in the Cloud
OpenAI Codex is an AI model that turns your plain English instructions into code. It supports dozens of programming languages (including Python, JavaScript, Go, Ruby, and more) You connect it to your GitHub repository, give it tasks in plain English, and it goes to work.
https://hackernoon.com/chatgpt-codex-tutorial-ai-agent-in-the-cloud?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Japan's cautious approach to Web3's digital assets could attract Chinese capital flight
Japan's careful regulatory approach to digital assets, which includes strict consumer protections, asset localization, and a cautious rollout of its digital yen, is creating a stable and innovative environment for cryptocurrency investment. This has attracted significant capital flight from China, as investors seek refuge from domestic restrictions and market instability. Supported by both government initiatives and private sector investments, Japan is emerging as a leading Web3 hub in Asia alongside Hong Kong, balancing innovation with financial stability.
https://hackernoon.com/how-japans-cautious-approach-to-web3s-digital-assets-could-attract-chinese-capital-flight?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WestJet investigates cyberattack disrupting internal systems
WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. [...]
https://www.bleepingcomputer.com/news/security/westjet-investigates-cyberattack-disrupting-internal-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerNoon Newsletter: Happy Birthday, Mr. President (6/14/2025)
How are you, hacker?
🪐 What's happening in tech today, June 14, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
homepage
straight to your inbox.
On this day,
The US Census Dedicated the UNIVAC I Computer in 1956, Mauchly Met Atanasoff in a Historic Meeting in 1941, The Disneyland Monorail Opened in California in 1959, Fischer Jr. Patented the Sandpaper in Vermont in 1834, The Second Continental Congress Created the US Flag Design in 1777, A Large Asteroid Missed Hitting the Earth in 2002, The US Sent a Monkey on a Historic Rocket Flight in 1949,
and we present you with these top quality stories.
From
...
https://hackernoon.com/6-14-2025-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anubis ransomware adds wiper to destroy files beyond recovery
https://www.bleepingcomputer.com/news/security/anubis-ransomware-adds-wiper-to-destroy-files-beyond-recovery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 users want these five features back
When Windows 11 was first released, many long-time users felt features they loved had been taken away overnight. Three and a half years later, the same complaints still rise to the top of the Feedback Hub with tens of thousands of votes. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-users-want-these-five-features-back/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Monetize Unity Apps: Best Practices
Unity is one of the most popular game engines for mobile and cross-platform app development. It powers millions…
https://hackread.com/how-to-monetize-unity-apps-best-practices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting Zero-Day Vulnerabilities in .NET Assemblies With Claude AI
Cybersecurity researchers have achieved a significant breakthrough in automated vulnerability detection by successfully leveraging Claude AI to identify zero-day exploits in .NET assemblies. This innovative approach combines artificial intelligence with reverse engineering techniques to discover previously unknown security flaws in Microsoft-signed binaries, potentially revolutionizing how security professionals hunt for vulnerabilities at scale. The research demonstrates […]
The post Detecting Zero-Day Vulnerabilities in .NET Assemblies With Claude AI appeared first on Cyber Security News.
https://cybersecuritynews.com/zero-day-vulnerabilities-in-net-assemblies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit's Admin Panel Leak Exposes It's Affiliates & Millions in Crypto
The cybersecurity world witnessed an unprecedented breach on May 7, 2025 when an anonymous threat actor known as “xoxo from Prague” successfully infiltrated LockBit’s administrative panel, replacing their Tor website with the message “Don’t do crime CRIME IS BAD xoxo from Prague.” This audacious attack resulted in the complete compromise and public release of LockBit’s […]
The post LockBit’s Admin Panel Leak Exposes It's Affiliates & Millions in Crypto appeared first on Cyber Security News.
https://cybersecuritynews.com/lockbits-admin-panel-leak/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of WordPress Websites Hacked By VexTrio Viper Group to Run Massive TDS Services
A sophisticated cybercriminal enterprise known as VexTrio has orchestrated one of the most extensive WordPress compromise campaigns ever documented, hijacking hundreds of thousands of websites globally to operate massive traffic distribution systems (TDS) that funnel victims into elaborate scam networks. This malicious operation, which has been active since at least 2015, represents a paradigm shift […]
The post Hundreds of WordPress Websites Hacked By VexTrio Viper Group to Run Massive TDS Services appeared first on Cyber Security News.
https://cybersecuritynews.com/hundreds-of-wordpress-websites-hacked-by-vextrio-viper-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 24H2 KASLR Broken Using an HVCI-Compatible Driver with Physical Memory Access
A security researcher has published a detailed analysis demonstrating how Kernel Address Space Layout Randomization (KASLR) protections can be circumvented on Windows 11 24H2 systems through exploitation of an HVCI-compatible driver with physical memory access capabilities. The research, published by security researcher Yazid on June 9, 2025, presents a novel approach to obtaining the Windows […]
The post Windows 11 24H2 KASLR Broken Using an HVCI-Compatible Driver with Physical Memory Access appeared first on Cyber Security News.
https://cybersecuritynews.com/windows-11-24h2-kaslr-broken-using-an-hvci-compatible-driver/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI Is Revolutionizing Agile Program Management with Confluence & Streamlit
AI agent fetches & summarizes project data from Confluence, streamlining Agile program management with chat-powered reports, charts, and insights.
https://hackernoon.com/how-ai-is-revolutionizing-agile-program-management-with-confluence-and-streamlit?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Getblock Theory: A Developers Guide
The Big Bang Theory is a comic tv series that aired from 2007 to 2019 about a friend group of six science nerds. It's a fitting inspiration for this story in which I will carry you along as your loyal tech friend with a wacky sense of humor to navigate an exceptionally useful blockchain platform that could revolutionize your web 3 development ideology.
https://hackernoon.com/the-getblock-theory-a-developers-guide?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AMOS macOS Stealer Hides in GitHub With Advanced Sophistication Methods
A sophisticated new variant of the AMOS macOS stealer has emerged, demonstrating unprecedented levels of technical sophistication in its distribution and obfuscation methods. The malware leverages GitHub repositories as distribution platforms, exploiting the platform’s legitimacy to bypass security measures and target unsuspecting macOS users with cryptocurrency theft capabilities. The latest campaign involves a multi-layered attack […]
The post AMOS macOS Stealer Hides in GitHub With Advanced Sophistication Methods appeared first on Cyber Security News.
https://cybersecuritynews.com/amos-macos-stealer-hides-in-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Palo Alto Networks fixed multiple privilege escalation flaws
Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions. Palo Alto Networks fixed seven privilege escalation vulnerabilities and integrated the latest Chrome security patches into its products. Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser. The most severe vulnerability, tracked […]
https://securityaffairs.com/179000/security/palo-alto-networks-fixed-multiple-privilege-escalation-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files
Tenable, a prominent cybersecurity provider, has released version 10.8.5 of its Agent software to address three critical security vulnerabilities affecting Windows hosts running versions prior to 10.8.5. These flaws, identified as CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, could allow non-administrative users to exploit SYSTEM-level privileges, potentially leading to severe system compromise or local privilege escalation. Vulnerability Details […]
The post Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files appeared first on Cyber Security News.
https://cybersecuritynews.com/tenable-agent-for-windows-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST Released 19 Zero Trust Architecture Implementations Guide – What's New
The National Institute of Standards and Technology (NIST) has published a new resource to aid organizations in implementing zero trust architectures (ZTAs), a cybersecurity approach that assumes no user or device is inherently trustworthy. The guidance, titled Implementing a Zero Trust Architecture (NIST SP 1800-35), details 19 example ZTA implementations using commercially available technologies, offering […]
The post NIST Released 19 Zero Trust Architecture Implementations Guide – What’s New appeared first on Cyber Security News.
https://cybersecuritynews.com/nist-zero-trust-architecture-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Happy Birthday, Mr. President
Is Saturday's parade more about the US military or Trump's birthday?
https://hackernoon.com/happy-birthday-mr-president?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe: “Security Footage” CTF Challenge Writeup
Security FootagePerform digital forensics on a network capture to recover footage from a camera.Perform digital forensics on a network capture to recover footage from a camera.https://tryhackme.com/room/securityfootageSecurity FootageSomeone broke into our office last night, but they destroyed the hard drives with the security footage. Can you recover the footage?Security FootageHow I Rescued a Stolen Video — and the Flag — From a Lone “security-footage-1648933966395.pcap"A tale of packets, patience, and pixel-by-pixel triumphThe “Impossible” Challenge Lands on My DeskMonday, 23:47.A teammate drops a single file in our CTF channel:security-footage-1648933966395.pcapMy pulse spikes. No login creds, no docs, just 44 MB of raw network noise. Perfect.Cold Start, Hot TrailMost...
https://infosecwriteups.com/tryhackme-security-footage-ctf-challenge-writeup-e9b451cded7e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflective Kerberos Relay Attack (CVE-2025-33073): NT AUTHORITY\SYSTEM Privilege Escalation
How the Reflective Kerberos Relay Attack Bypassed NTLM Protections in 2025 (CVE-2025-33073).Reflective Kerberos Relay Attack (CVE-2025-33073): NT AUTHORITY\SYSTEM Privilege EscalationTable of ContentsWhat is the Reflective Kerberos Relay Attack?Who discovered the vulnerability?When was it found and patched?Where does the attack take place?How does the attack work (PoC)?What is the impact of CVE-2025-33073?What is the Reflective Kerberos Relay Attack?The Reflective Kerberos Relay Attack is a privilege escalation technique targeting Windows environments. Discovered in early 2025, this method bypasses Microsoft's long-standing NTLM reflection protections by leveraging Kerberos authentication instead. The core idea is deceptively simple: relay a Kerberos ticket back to the machine that...
https://infosecwriteups.com/reflective-kerberos-relay-attack-cve-2025-33073-nt-authority-system-privilege-escalation-bfab6cef1acc?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Container Escape Techniques: Breaking Out of the Digital Jail
How Attackers Break Free From Containerized Environments and What Defenders Need to KnowImagine you're running a modern web application. Instead of installing everything directly on your server, you package your app into a “container” ; think of it as a lightweight, portable box that contains everything your application needs to run. This is the magic of containerization technologies like Docker and Kubernetes.But here's the twist: what happens when someone malicious gets inside that box? Can they break out and access the host system? The answer is more unsettling than you might think.What Are Container Escapes?A container escape occurs when an attacker breaks out of the isolated container environment and gains access to the underlying host system. It's like a prisoner escaping...
https://infosecwriteups.com/container-escape-techniques-breaking-out-of-the-digital-jail-ad06962c5292?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Found an SQL Injection in an Internal API (Behind Cloudflare) — A Full Story from Discovery to…
Hello Medium family! I’m back — and I’m writing this blog with happiness and excitement.
As a penetration tester, few things are more…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/i-found-an-sql-injection-in-an-internal-api-behind-cloudflare-a-full-story-from-discovery-to-27a28d2beb68?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weak Regex, Big Mess: How I Escaped Input Validation with One Tiny Character
Hey there!😁Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/weak-regex-big-mess-how-i-escaped-input-validation-with-one-tiny-character-9ead1deccffa?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
(CVE-2025-33053) New 0-Day in WebDAV Exposes Servers to Remote Code Execution — Here's What You…
(CVE-2025-33053) New 0-Day in WebDAV Exposes Servers to Remote Code Execution — Here's What You Need to Know(CVE-2025-33053) WebDAV 0-Day Vulnerability: Remote Code Execution PoC, Risks, and Mitigation.CVE-2025-33053 New 0-Day in WebDAV Exposes Servers to Remote Code ExecutionTable of ContentsWhat is CVE‑2025‑33053?Who is Being Targeted?When and How Was It Discovered?How Can You Protect Your Systems?Impact and Risk ProfileWhat is CVE‑2025‑33053?CVE‑2025‑33053 is a zero-day remote code execution (RCE) vulnerability in Web Distributed Authoring and Versioning (WebDAV) within Windows. It stems from an external control of file path or name, enabling an unauthorized attacker to execute arbitrary code over the network. It's rated CVSS 3.1 score 8.8 (High severity).Who is...
https://infosecwriteups.com/cve-2025-33053-new-0-day-in-webdav-exposes-servers-to-remote-code-execution-heres-what-you-e12787fa559a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0 Bounty: XSS via javascript: URLs
A simple login redirect turned into a dangerous XSS vector — complete with video PoC and attack chain potential.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/500-bounty-xss-via-javascript-urls-a04900631701?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learning Cloud with HTB Business CTF 2025 — A Complete (cloud) Writeup: Part 2 (END)
Learning Cloud with HTB Business CTF 2025 — A Complete (cloud) Writeup: Part 2 (END)In the cloud, misconfigurations rain breaches — but knowledge clears the skies.Welcome back to Part 2 of Learning Cloud with HTB Business CTF 2025!In Part 1, we explored the fundamentals, handled the initial cloud challenges, and got familiar with the basic enumeration and AWS services involved.Now, in Part 2, we're moving forward into more advanced cloud attack paths, including:privilege escalationsabuse of cloud-native servicesand chaining multiple vulnerabilities together.As always, I'll break down each step with clear explanations, practical commands, and the reasoning behind every move — so even if you're still building your cloud hacking skills, you can follow along and hopefully...
https://infosecwriteups.com/learning-cloud-with-htb-business-ctf-2025-a-complete-cloud-writeup-part-2-end-4274d9ea2646?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learning Cloud with HTB Business CTF 2025 — A Complete (cloud) Writeup: Part 1
Learning Cloud with HTB Business CTF 2025 — A Complete (cloud) Writeup: Part 1The cloud hides complexity — but misconfigurations make it visible.Welcome!In this writeup, I'll walk you through all the cloud challenges from HTB Business CTF 2025. I competed with the ITSEC Asia team, and we ended up securing 16th place out of 795 companies. It was a fun experience competing alongside our colleagues, as it also gave us the chance to collaborate across borders between the Indonesia and Singapore branches.This writeup is aimed at beginners and intermediate cloud CTF players who want to:Understand the problem-solving process,Learn the basic cloud servicesEarn the tools and techniques used in cloud security,There are 5 cloud challenges in total, which all of them is AWS-based, from...
https://infosecwriteups.com/learning-cloud-with-htb-business-ctf-2025-a-complete-cloud-writeup-part-1-6188fa67219c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
{CyberDefenders Write-up} Lespion Lab : Lespion Lab
{CyberDefenders Write-up} Threat Intel: Lespion LabScenarioYou have been tasked by a client whose network was compromised and brought offline to investigate the incident and determine the attacker's identity.Incident responders and digital forensic investigators are currently on the scene and have conducted a preliminary investigation. Their findings show that the attack originated from a single user account, probably an insider. Investigate the incident, find the insider, and uncover the attack actions.Category: Threat IntelTools: Google Maps, Google Image Search, SherlockDOWNLOAD LAB FILEGITHUB https://github.com/EMarseille99officeWebCamQuestionsQ1: File -> Github.txt: What API key did the insider add to his GitHub repositories?📁 Repository Source:GitHub Repo: EMarseille99/Project-Build---Custom-Login-PageYou...
https://infosecwriteups.com/cyberdefenders-write-up-lespion-lab-lespion-lab-f6bbe3270696?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages
The cryptocurrency and blockchain development ecosystem is facing an unprecedented surge in sophisticated malware campaigns targeting the open source supply chain. Over the past year, threat actors have significantly escalated their attacks against Web3 developers by publishing malicious packages to trusted registries including npm and PyPI, exploiting the implicit trust developers place in these repositories. […]
The post Threat Actors Attacking Cryptocurrency and Blockchain Developers with Weaponized npm and PyPI Packages appeared first on Cyber Security News.
https://cybersecuritynews.com/threat-actors-attacking-cryptocurrency-and-blockchain-developers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Answer to Win Your Share of ,000: How Does GetBlock Simplify Full Node Hosting?
This writing template helps you explore how GetBlock simplifies full node hosting. Use it to enter the Web3 Development Contest and win from ,000.
https://hackernoon.com/answer-to-win-your-share-of-00-how-does-getblock-simplify-full-node-hosting?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unusual toolset used in recent Fog Ransomware attack
Fog ransomware operators used in a May 2025 attack unusual pentesting and monitoring tools, Symantec researchers warn. In May 2025, attackers hit an Asian financial firm with Fog ransomware, using rare tools like Syteca monitoring software and pentesting tools GC2, Adaptix, and Stowaway. Symantec researchers pointed out that the use of these tools is unusual […]
https://securityaffairs.com/178969/malware/unusual-toolset-used-in-recent-fog-ransomware-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The TechBeat: The Case for a Decentralized Cloud:
How Vendor Lock-in Broke Cloud Storage (6/14/2025)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## The Case for a Decentralized Cloud:
How Vendor Lock-in Broke Cloud Storage
By @siafoundation [ 7 Min read ]
Cloud storage once promised freedom, but turned into vendor lock-in. Learn how Sia's decentralized design is challenging this and rewriting the future of data. Read More.
What Conway, Ants, and Apache Kafka Can Teach Us About AI System Design
By @confluent [ 9 Min read ]
Learn how ant colonies, Conway's Game of Life, and Apache Kafka can inspire smarter, scalable AI through modular, multi-agent system design. Read More.
OrcaMind.ai: Time for AI to Get Hands-On
By @lumoz...
https://hackernoon.com/6-14-2025-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Missing Infrastructure Layer: Why AI's Next Evolution Requires Distributed Systems Thinking
Let's explore how investing in proven AI infrastructure yields a competitive advantage over those that continue trying to solve infrastructure problems at the app layer.
https://hackernoon.com/the-missing-infrastructure-layer-why-ais-next-evolution-requires-distributed-systems-thinking?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41: rust-sevctl 2025-c53905e83d
This release includes improvements and fixes, and updates crossbeam-channel dependency to address CVE-2025-4574
https://linuxsecurity.com/advisories/fedora/fedora-41-rust-sevctl-2025-c53905e83d-qnga4uyylqer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41: rust-sev 2025-c53905e83d
This release includes improvements and fixes, and updates crossbeam-channel dependency to address CVE-2025-4574
https://linuxsecurity.com/advisories/fedora/fedora-41-rust-sev-2025-c53905e83d-xg0ly0lygdef
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41: rust-kbs-types 2025-c53905e83d
This release includes improvements and fixes, and updates crossbeam-channel dependency to address CVE-2025-4574
https://linuxsecurity.com/advisories/fedora/fedora-41-rust-kbs-types-2025-c53905e83d-4wdwh4szt795
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41: libkrun 2025-c53905e83d
This release includes improvements and fixes, and updates crossbeam-channel dependency to address CVE-2025-4574
https://linuxsecurity.com/advisories/fedora/fedora-41-libkrun-2025-c53905e83d-ohmxvt9uvrww
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41: aerc 2025-5566a46596
Fix CVE-2025-49466 (fedora#2370375)
https://linuxsecurity.com/advisories/fedora/fedora-41-aerc-2025-5566a46596-fvgdg79keokv
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41: python3.12 2025-3436f3d2b4
Update to 3.12.11. gh-135034: [CVE 2024-12718] [CVE 2025-4138] [CVE 2025-4330] [CVE 2025-4435] [CVE 2025-4517] Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links.
https://linuxsecurity.com/advisories/fedora/fedora-41-python3-12-2025-3436f3d2b4-rbddkg9pamkc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Do Hackers Get Phishing Emails Past Filters?
While email security systems try to stay ahead of hackers, phishing emails still get through. To avoid filters, hackers exploit technical loopholes, mimic real emails, evade subject line and content filtering, and more.
https://hackernoon.com/how-do-hackers-get-phishing-emails-past-filters?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
The use of AI is now being used to help epilepsy patients | 9 News Australia - YouTube
Comments · WATCH High speed car chase across Sydney ends in violent crash | 9 News Australia · Was this the most impressive cyber attack of all time?
https://www.youtube.com/watch%3Fv%3DNkIpeWiJmvU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a Cyberattack at a Company You've Never Heard of Nearly Derailed My Anniversary ...
Cyber attack means this is not just a share price ... it's an M&S sale price. The Telegraph. Robert Stephens. Thu, June 12, 2025 at 9:00 PM PDT.
https://www.aol.com/cyberattack-company-youve-never-heard-200003162.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers are using Google.com to deliver malware by bypassing antivirus software. Here's ...
... Cyber attack, Malware Concept. Danger Symbol. Fake IT support voice calls lead to cyber extortion and stolen company data. Latest in Security. An AI ...
https://www.techradar.com/pro/security/hackers-are-using-google-com-to-deliver-malware-by-bypassing-antivirus-software-heres-how-to-stay-safe
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"Was Air India crash a cyber attack?" Shiv Sena (UBT)'s Raut questions possible sabotage
Was there any cyber attack on the system of the plane by any enemy country, as they try to target our military installations with their cyber attacks ...
https://www.bignewsnetwork.com/news/278280605/was-air-india-crash-a-cyber-attack-shiv-sena-ubt-raut-questions-possible-sabotage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
No quarter can be given in the war against Iran's deadly ambitions - Washington Times
... cyber attack. It could probably shut down most or all of Iran's military command and control structure. That should be coming in the next few days ...
https://www.washingtontimes.com/news/2025/jun/13/no-quarter-given-war-irans-deadly-ambitions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mali partners Russia to launch gold refinery amid mining sector overhaul - Businessday NG
Read also: Nigeria and Mali top West Africa's DDoS cyber attack list says NETSCOUT report. Related News. African Partners Unite against Neglected ...
https://businessday.ng/uncategorized/article/mali-partners-russia-to-launch-gold-refinery-amid-mining-sector-overhaul/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
On the frontline of the cyber Wild West - The Post
Foiling a serious cyber attack requires a co-ordinated detection operation much like a homicide investigation, Bradley, who spent 24 years on the ...
https://www.thepost.co.nz/business/360686567/frontline-cyber-wild-west
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Merseyside man in court in connection with Spanish bar shootings - Yahoo
M&S 'praying for sun' but full recovery from cyber-attack unlikely this summer. 11 hours ago. PA Media: UK News. Girls orphaned when father died in ...
https://uk.news.yahoo.com/merseyside-man-court-connection-spanish-121009021.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to lock your Nectar card after Sainsbury's shoppers have points stolen - Metro UK
'The attackers may also be using credential stuffing, a cyber-attack where hackers use breached account information, like usernames and passwords, to ...
https://metro.co.uk/2025/06/14/lock-nectar-card-sainsburys-shoppers-points-stolen-23413510/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIA chargesheets 17 accused including 16 absconders in Chattisgarh CPRF camps attack case
"Was Air India crash a cyber attack?" Shiv Sena (UBT)'s Raut questions possible sabotage. Updated: Jun 14, 2025 08:00 IST. "Stalin may take pride in ...
https://www.aninews.in/news/national/general-news/nia-chargesheets-17-accused-including-16-absconders-in-chattisgarh-cprf-camps-attack-case20250614123432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Foreign Office entry rules for Spain, Turkey and Cyprus - Liverpool Echo
M&S says 'we're bringing back' in update after cyber attack · M&S says 'we're bringing back' in update after cyber attack Comments · Find more ...
https://www.liverpoolecho.co.uk/news/uk-world-news/foreign-office-entry-rules-spain-31852868
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
A cyberattack on United Natural Foods caused bread shortages and bare shelves
Cyberattack on United Natural Foods Inc. (UNFI) disrupts deliveries, causing Whole Foods shortages nationwide after systems were taken offline on June 5. United Natural Foods, Inc. (UNFI) is a Providence, Rhode Island–based natural and organic food company. The largest publicly traded wholesale distributor of health and specialty food in the United States and Canada, it is Whole Foods Market‘s main supplier, with their traffic making up over […]
https://securityaffairs.com/178991/hacking/a-cyberattack-on-united-natural-foods-caused-bread-shortages-and-bare-shelves.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reevaluating Security in Open-Source: Is a Baseline Truly Sufficient?
When people talk about open-source software, it often comes with a certain level of trust''trust in the community, trust in transparent development, and trust that bugs and vulnerabilities are ''seen by many eyes'' and, therefore, will be caught before they do damage. But any Linux admin or security professional who's spent more than a few years in the trenches knows that trust isn't a substitute for actual security planning. It's not that simple, and it never has been. So, when something like the OpenSSF's Open Source Software Security (OSPS) Baseline comes along, people start asking: Is this enough?
https://linuxsecurity.com/features/features/evaluating-an-open-source-security-baseline
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Reveals 'Pattern' of Ransomware Attacks Against SimpleHelp RMM
A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January.
https://www.darkreading.com/cyberattacks-data-breaches/cisa-ransomware-attacks-simplehelp-rmm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google links massive cloud outage to API management issue
Google says an API management issue is behind Thursday's massive Google Cloud outage, which disrupted or brought down its services and many other online platforms. [...]
https://www.bleepingcomputer.com/news/google/google-links-massive-cloud-outage-to-api-management-issue/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web
Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web. Resecurity has identified 7.4 million records containing personally identifiable information (PII) of Paraguayan citizens leaked on the dark web today. Last week, cybercriminals have offered information about all citizens of Paraguay for sale, demanding .4 million in […]
https://securityaffairs.com/178970/data-breach/paraguay-suffered-data-breach-7-4-million-citizen-records-leaked-on-dark-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China and Taiwan Accuse Each Other for Cyberattacks Against Critical Infrastructure
Cross-strait tensions have escalated into a new domain as China and Taiwan engage in unprecedented mutual accusations of cyberwarfare targeting critical infrastructure systems. The diplomatic dispute has intensified following Taiwan President Lai Ching-te’s first year in office, during which both governments have publicly traded allegations of sophisticated cyber operations against each other’s governmental, military, and […]
The post China and Taiwan Accuse Each Other for Cyberattacks Against Critical Infrastructure appeared first on Cyber Security News.
https://cybersecuritynews.com/china-and-taiwan-accuse-each-other-for-cyberattacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Discord flaw lets hackers reuse expired invites in malware campaign
Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. [...]
https://www.bleepingcomputer.com/news/security/discord-flaw-lets-hackers-reuse-expired-invites-in-malware-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating prompt injection attacks with a layered defense strategy
Posted by Google GenAI Security TeamWith the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security...
http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your Meta AI chats might be public, and it's not a bug
Users of the Meta AI seem to be sharing their sensitive conversations with the entire world without being aware of it
https://www.malwarebytes.com/blog/news/2025/06/your-meta-ai-chats-might-be-public-and-its-not-a-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added
Kali Linux, the preferred distribution for security professionals, has launched its second major release of 2025, Kali Linux 2025.2, in June. This update introduces a restructured Kali Menu, upgraded desktop environments, 13 new tools, and significant Kali NetHunter advancements, including smartwatch Wi-Fi injection and a car hacking toolset. Here's a concise look at the key […]
The post Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/kali-linux-2025-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actor Abuses TeamFiltration for Entra ID Account Takeovers
Researchers discovered a large-scale campaign using the open source penetration-testing framework that has targeted more than 80,000 Microsoft accounts.
https://www.darkreading.com/cloud-security/threat-actor-teamfiltration-entra-id-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kali Linux 2025.2 Released: Smartwatch Wi-Fi Injection, Android Radio, and Hacking Tools
The penetration testing community has received a significant upgrade with the release of Kali Linux 2025.2, marking another milestone in the evolution of this essential cybersecurity platform. This latest version introduces groundbreaking smartwatch capabilities, a completely redesigned menu system, and a comprehensive suite of new tools that promise to enhance both red and blue team […]
The post Kali Linux 2025.2 Released: Smartwatch Wi-Fi Injection, Android Radio, and Hacking Tools appeared first on Cyber Security News.
https://cybersecuritynews.com/kali-linux-2025-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale
Paris, France, 13th June 2025, CyberNewsWire
https://hackread.com/arsen-launches-ai-powered-vishing-simulation-to-help-organizations-combat-voice-phishing-at-scale/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why CISOs Must Align Business Objectives & Cybersecurity
This alignment makes a successful CISO, but creating the same sentiment across business leadership creates a culture of commitment and greatly contributes to achieving goals.
https://www.darkreading.com/cybersecurity-operations/why-cisos-align-business-objectives-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures
The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help organizations implement Zero Trust Architectures (ZTAs) using commercially available technologies. Implementing a Zero Trust Architecture (NIST SP 1800-35) provides 19 real-world implementation models, technical configurations, and best practices developed through a four-year collaboration with 24 industry partners. This marks a significant […]
The post NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/nist-releases-new-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header
A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware’s Spring Framework has been patched, affecting multiple versions of the widely used Java framework. The flaw enables attackers to execute malicious code by exploiting improperly configured Content-Disposition headers in a web application. Technical Breakdown The vulnerability arises when applications use Spring’s org.springframework.http.ContentDisposition class to set […]
The post Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/spring-framework-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: KB5060533 update triggers boot errors on Surface Hub v1 devices
Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-kb5060533-update-triggers-boot-errors-on-surface-hub-v1-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyberattacks on Humanitarian Orgs Jump Worldwide
These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.
https://www.darkreading.com/cyberattacks-data-breaches/attacks-humanitarian-orgs-jump-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking the Status Quo: Tales From Leading Women in Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 13, 2025 – Learn More About The Panel The Black Hat USA 2025 two-day main conference on Aug. 6 and 7 will feature more than 100 selected Briefings. Some of the catchy Briefings are:
The post Hacking the Status Quo: Tales From Leading Women in Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/hacking-the-status-quo-tales-from-leading-women-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft confirms auth issues affecting Microsoft 365 users
Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-auth-issues-affecting-microsoft-365-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Victoria's Secret restores critical systems after cyberattack
Victoria's Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. [...]
https://www.bleepingcomputer.com/news/security/victorias-secret-restores-critical-systems-after-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access
A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of critical Directory Service Accounts (DSAs), potentially compromising Active Directory environments. Rated 6.5 (Medium) on the CVSS v3.1 scale, this flaw exploits MDI's Lateral Movement Paths (LMPs) feature and has been actively addressed in Microsoft's May […]
The post Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/microsoft-defender-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic
A critical vulnerability (CVE-2025-6031) has been identified in Amazon Cloud Cam devices, which reached end-of-life (EOL) status in December 2022. The flaw allows attackers to bypass SSL pinning during device pairing, enabling man-in-the-middle (MitM) attacks and network traffic manipulation. Technical Analysis SSL Pinning Bypass Mechanism The Cloud Cam's deprecated service infrastructure forces the device into […]
The post Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/amazon-cloud-cam-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unusual Toolset Behind Fog Ransomware Prompts Fresh Security Concerns
A newly discovered ransomware operation dubbed Fog is raising fresh concerns in the cybersecurity community after researchers found it leveraging a highly unusual mix of legitimate business software and open-source offensive security tools. The campaign, observed in June 2025, is part of a growing trend where cybercriminals are repurposing trusted programs to evade traditional detection […]
The post Unusual Toolset Behind Fog Ransomware Prompts Fresh Security Concerns appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/13/unusual-toolset-behind-fog-ransomware-prompts-fresh-security-concerns/?utm_source=rss&utm_medium=rss&utm_campaign=unusual-toolset-behind-fog-ransomware-prompts-fresh-security-concerns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe service. Acer has released patched versions (4.00.3058+) to address […]
The post Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/acer-control-center-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://www.hackmageddon.com/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Developers Beware – Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens
A sophisticated and increasing wave of cyberattacks now targets software developers through a little-known yet legitimate GitHub feature: the OAuth 2.0 Device Code Flow. Security experts, notably from Praetorian, have warned that threat actors are leveraging this mechanism to trick developers into surrendering access to their most sensitive code repositories and CI/CD pipelines. The attacks […]
The post Developers Beware – Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/sophisticated-phishing-scams-exploit-github-device-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation
HashiCorp disclosed a critical security flaw (CVE-2025-4922) in its Nomad workload orchestration tool on June 11, 2025, exposing clusters to privilege escalation risks through improper ACL policy enforcement. The vulnerability, rated 8.1 CVSS, enables attackers to bypass namespace restrictions via strategic job naming conventions. Technical Analysis Nomad’s Access Control List (ACL) system uses prefix-based matching […]
The post HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/hashicorp-nomad-acl-lookup/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple confirmed that Messages app flaw was actively exploited in the wild
Apple confirmed that a security flaw in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. Apple confirmed that a now-patched vulnerability, tracked as CVE-2025-43200, in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. The IT giant addressed the flaw […]
https://securityaffairs.com/178962/mobile-2/apple-confirmed-messages-app-flaw-actively-exploited.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM
Cybersecurity professionals and business leaders are on high alert following a confirmed breach of a utility billing software provider, traced to unpatched vulnerabilities in the widely used SimpleHelp Remote Monitoring and Management (RMM) platform. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning that ransomware actors have leveraged these security gaps […]
The post Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/hackers-breach-billing-software-firm-via-simplehelp-rmm/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare: Outage not caused by security incident, data is safe
Cloudflare has confirmed that the massive service outage yesterday was not caused by a security incident and no data has been lost. [...]
https://www.bleepingcomputer.com/news/security/cloudflare-outage-not-caused-by-security-incident-data-is-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Serverless Tokens in the Cloud: Exploitation and Detections
Understand the mechanics of serverless authentication: three simulated attacks across major CSPs offer effective approaches for application developers.
The post Serverless Tokens in the Cloud: Exploitation and Detections appeared first on Unit 42.
https://unit42.paloaltonetworks.com/serverless-authentication-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7550-7: Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Sun RPC protocol;
(CVE-2024-56551, CVE-2024-56608, CVE-2024-53168)
https://ubuntu.com/security/notices/USN-7550-7
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer
Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. Trend Micro address remote code execution and authentication bypass vulnerabilities impacting its Endpoint Encryption (TMEE) PolicyServer and Apex Central solutions. Trend Micro Endpoint Encryption PolicyServer is a centralized management server used in Trend Micro’s Endpoint Encryption solution. It acts […]
https://securityaffairs.com/178952/security/trend-micro-fixes-critical-bugs-in-apex-central-and-tmee-policyserver.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ualabee - 472,296 breached accounts
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
https://haveibeenpwned.com/Breach/Ualabee
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fingwit: Biometric Authentication & Dynamic Security on Linux
Fingerprint scanners aren't new, but let's be honest''Linux's experience with biometric authentication has historically been a mixed bag. Between a tangled web of drivers, compatibility concerns, and fussy implementations, it hasn't necessarily been smooth terrain.
https://linuxsecurity.com/news/security-projects/fingwit-biometric-authentication
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Talos Linux: Redefining Security for Kubernetes Environments
If you've spent any time dealing with Linux in Kubernetes clusters, you know that simplicity is hard to achieve without compromises. Managing nodes in distributed systems often means balancing operational control with security, wrestling with configuration drift, and resolving unexpected inconsistencies across environments.
https://linuxsecurity.com/features/features/talos-linux-redefining-kubernetes-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.
https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Detail Zero-Click Copilot Exploit 'EchoLeak'
Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.
https://www.darkreading.com/application-security/researchers-detail-zero-click-copilot-exploit-echoleak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New COPPA Rules to Take Effect Over Child Data Privacy Concerns
New regulations and compliance standards for the Children's Online Privacy Protection Act reflect how much technology has grown since the Federal Trade Commission last updated it in 2013.
https://www.darkreading.com/data-privacy/new-coppa-rules-children-data-privacy-concerns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking the Hackers: When Bad Guys Let Their Guard Down
A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders.
https://www.darkreading.com/threat-intelligence/hacking-hackers-bad-guys-guard-down
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists' iPhones
Security researchers at Citizen Lab revealed that Paragon’s Graphite spyware can hack fully updated iPhones via zero-click attacks. Citizen Lab has confirmed that Paragon's Graphite spyware was used to hack fully updated iPhones, targeting at least two journalists in Europe. The group found forensic evidence showing the phones had communicated with the same spyware server. […]
https://securityaffairs.com/178940/mobile-2/paragon-graphite-spyware-used-a-zero-day-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam
Scope: Amazon Content Type: Informational Publication Date: 2025/06/12 10:30 AM PDT
Description
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
Affected version: All
Resolution:
This product was end of life as of December 2, 2022 and should not be used.
References:
CVE-2025-6031
Acknowledgement:
We would like to...
https://aws.amazon.com/security/security-bulletins/AWS-2025-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trend Micro fixes critical vulnerabilities in multiple products
Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. [...]
https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserver/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud and Cloudflare hit by widespread service outages
Google Cloud and Cloudflare are investigating ongoing outages impacting access to sites and various services across multiple regions. [...]
https://www.bleepingcomputer.com/news/technology/google-cloud-and-cloudflare-hit-by-widespread-service-outages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Graphite spyware used in Apple iOS zero-click attacks on journalists
Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. [...]
https://www.bleepingcomputer.com/news/security/graphite-spyware-used-in-apple-ios-zero-click-attacks-on-journalists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security Named Overall Leader on GigaOm Radar Report for Enterprise Password Management
Keeper Security has announced its placement as the Overall Leader in GigaOm's Radar Report for Enterprise Password Management for the fourth consecutive year. With this designation, Keeper is proud to represent the balance between GigaOm's highlighted traits of maturity and innovation, as well as feature and platform capabilities. Vendors are rated on key features that […]
The post Keeper Security Named Overall Leader on GigaOm Radar Report for Enterprise Password Management appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/12/keeper-security-named-overall-leader-on-gigaom-radar-report-for-enterprise-password-management/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-named-overall-leader-on-gigaom-radar-report-for-enterprise-password-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Industry Veterans and New Talent Recognised at European Cybersecurity Blogger Awards 2025
The winners of the European Cybersecurity Blogger Awards were announced at a ceremony held at Novotel ExCeL, as part of Pulse Conference's Cyber 100 event on the 4th June 2025. The awards celebrated the industry's best blogs, podcasts and vlogs, as well as the exceptional talent who contribute to these forums. The award ceremony was […]
The post Industry Veterans and New Talent Recognised at European Cybersecurity Blogger Awards 2025 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/12/industry-veterans-and-new-talent-recognised-at-european-cybersecurity-blogger-awards-2025/?utm_source=rss&utm_medium=rss&utm_campaign=industry-veterans-and-new-talent-recognised-at-european-cybersecurity-blogger-awards-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber resilience begins before the crisis
Hear directly from Microsoft's Deputy CISO for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents.
The post Cyber resilience begins before the crisis appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/12/cyber-resilience-begins-before-the-crisis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 2st Week of June, 2025
ASEC Blog publishes ” Mobile Security & Malware Issue 2st Week of June, 2025″
https://asec.ahnlab.com/en/88458/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
State of Data Security Report 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 12, 2025 – Get the Report from Varonis AI is everywhere. Copilots help employees boost productivity and agents provide front-line customer support. LLMs enable businesses to extract deep insights from their
The post State of Data Security Report 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/state-of-data-security-report-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Foundations of Cybersecurity: Reassessing What Matters
To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands.
https://www.darkreading.com/cyber-risk/foundations-cybersecurity-reassessing-what-matters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LLM vector and embedding risks and how to defend against them
As large language model (LLM) applications mature, the line between model performance and model vulnerability continues to blur.
https://www.sonatype.com/blog/llm-vector-and-embedding-risks-and-how-to-defend-against-them
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data
Aim Labs uncovers EchoLeak, a zero-click AI flaw in Microsoft 365 Copilot that allows data theft via email. Learn how this vulnerability enables sensitive information exfiltration without user interaction and its implications for AI security.
https://hackread.com/zero-click-ai-flaw-microsoft-365-copilot-expose-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SinoTrack GPS device flaws allow remote vehicle control and location tracking
Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns. U.S. CISA warns of two vulnerabilities in SinoTrack GPS devices that remote attackers can exploit to access a vehicle's device profile without permission. The researchers warn that potential exploitation could allow attackers to track its location […]
https://securityaffairs.com/178922/security/sinotrack-gps-device-flaws-allow-remote-vehicle-control-and-location-tracking.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Tops List of Unsecured Cameras Exposing Homes and Offices
A BitSight report reveals over 40,000 internet-connected security cameras globally are exposed, streaming live footage without protection. Learn how common devices, from home cameras to factory surveillance, pose privacy and security risks and get simple tips to secure your own.
https://hackread.com/us-tops-list-unsecured-cameras-exposing-homes-offices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique
In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content.
The post JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Akamai researchers warned that […]
https://securityaffairs.com/178923/security/u-s-cisa-adds-wazuh-and-webdav-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
Sensor Intel Series: June 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exposed eyes: 40,000 security cameras vulnerable to remote hacking
Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks. Bitsight warns that over 40,000 security cameras worldwide are exposed to remote hacking due to unsecured HTTP or RTSP (Real-Time Streaming Protocol) access. These cameras stream live feeds openly via IP addresses, making them easy targets for spying, […]
https://securityaffairs.com/178908/iot/40000-security-cameras-remote-hacking.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing CCM: Interoperability & Portability Controls
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. The CCM is created and updated by CSA and aligned to CSA best practices.
You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls. Both cloud service customers (CSCs) and cloud service providers (CSPs) use CCM in many ways.
CSCs use...
https://cloudsecurityalliance.org/articles/implementing-ccm-interoperability-portability-controls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Closer Look at Apples Native macOS Container Tool
For years, macOS has been more of a bystander in the containerization world''a useful client tool for developers but rarely the platform of choice for running production-grade workloads. Docker Desktop filled that gap, albeit with a layer of abstraction devs tolerated rather than embraced. And now? Apple is stepping directly into the arena with its new container tooling , which integrates natively with macOS technologies.
https://linuxsecurity.com/news/vendors-products/apples-native-macos-container-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US airline industry quietly selling flight data to DHS
Flight data of US customers is being sold by several airlines through a joint data broker sending contracts to ICE and CBP.
https://www.malwarebytes.com/blog/news/2025/06/us-airline-industry-quietly-selling-flight-data-to-dhs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infostealer Ring Bust-up Takes Down 20,000 Malicious IPs
Interpol's Operation Secure arrested more than 30 suspects across Vietnam, Sri Lanka, and Nauru, and seized 117 command-and-control servers allegedly used to run widespread phishing, business email compromise, and other cyber scams.
https://www.darkreading.com/threat-intelligence/infostealer-ring-bust-20000-malicious-ips
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers
The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to secure your device.
https://hackread.com/cisa-remote-control-flaws-sinotrack-gps-trackers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ConnectWise to Rotate Code-Signing Certificates
The move is unrelated to a recent nation-state attack the vendor endured but stems from a report by a third-party researcher.
https://www.darkreading.com/remote-workforce/connectwise-rotate-code-signing-certificates
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Closing the Blind Spot in Enterprise DNS Security: Why DNS Posture Management Matters
Originally published by CheckRed.
Written by Derek Hammack, VP, Operations and Customer Success, CheckRed.
As enterprise security teams work to protect sprawling multi-cloud environments, one foundational layer remains dangerously underprotected: the Domain Name System (DNS).
DNS is the backbone of modern digital infrastructure—translating domain names into IP addresses and routing traffic between users, applications, and services. Despite this critical role, DNS is ...
https://cloudsecurityalliance.org/articles/closing-the-blind-spot-in-enterprise-dns-security-why-dns-posture-management-matters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authentication methods: choosing the right type
Recommended authentication models for organisations looking to move 'beyond passwords'.
https://www.ncsc.gov.uk/guidance/authentication-methods-choosing-the-right-type
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agentic AI Takes Over Gartner's SRM Summit
Agentic AI was everywhere at Gartner's Security & Risk Management Summit in Washington, DC, this year, as the AI security product engine chugs ahead at full speed.
https://www.darkreading.com/cloud-security/agentic-ai-gartner-srm-summit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
23andMe raked by Congress on privacy, sale of genetic data
In a senate hearing, 23andMe was questioned about the impending take-over of the company and its trove of genetic data
https://www.malwarebytes.com/blog/news/2025/06/23andme-raked-by-congress-on-privacy-sale-of-genetic-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Bug Allowed Brute-Forcing of Any User Phone Number
The weakness in Google's password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.
https://www.darkreading.com/vulnerabilities-threats/google-bug-brute-forcing-phone-number
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, June 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, June 2025 1.1 million customer records from a South Korean mobile coupon platform company are being sold on the DarkWeb forums French government agencies have been listed as new victims of the STORMOUS ransomware. New […]
https://asec.ahnlab.com/en/88441/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7566-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
https://ubuntu.com/security/notices/USN-7566-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Secure: INTERPOL Disrupts 20,000 Infostealer Domains, 32 Arrested
INTERPOL disrupts 20,000 infostealer domains in major cybercrime crackdown across Asia-Pacific, 32 arrested, 216K victims notified in Operation Secure.
https://hackread.com/operation-secure-interpol-disrupts-infostealer-domains/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Young Western Hackers Collaborate with Russians Increasing Ransomware Threats
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 11, 2025 – Read the full story in MSN In today's highly interconnected world, the threat landscape is evolving rapidly. One of the most significant and alarming trends is the collaboration
The post Young Western Hackers Collaborate with Russians Increasing Ransomware Threats appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/young-western-hackers-collaborate-with-russians-increasing-ransomware-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KnowBe4 Wins Multiple 2025 Top Rated Awards From TrustRadius
KnowBe4, the security awareness training provider, have announced that TrustRadius has recognised KnowBe4 with multiple 2025 Top Rated Awards. KnowBe4's Security Awareness Training won in the Security Awareness Training category, PhishER won in Incident Response, Security Orchestration Automation and Response, and Phishing Detection and Response categories, and for the first time ever, Compliance Plus won […]
The post KnowBe4 Wins Multiple 2025 Top Rated Awards From TrustRadius appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/11/knowbe4-wins-multiple-2025-top-rated-awards-from-trustradius/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-wins-multiple-2025-top-rated-awards-from-trustradius
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salesforce Industry Cloud Hit by 20 Vulnerabilities Including 0days
AppOmni research reveals over 20 security vulnerabilities, including zero-days, in the Salesforce Industry Cloud. Learn about critical risks, customer responsibilities, and how to protect sensitive data.
https://hackread.com/salesforce-industry-cloud-20-vulnerabilities-0days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Huntress Unveils Immersive Cybersecurity Training That Puts Users in the Shoes of Hackers
In an effort to overhaul traditional security awareness training (SAT), cybersecurity firm Huntress has introduced Threat Simulator, a new feature of its Managed Security Awareness Training (SAT) platform, designed to immerse users in the tactics, techniques, and mindset of cyber attackers. Old-school SAT methods are falling short, according to Huntress, which cites passive, oversimplified video content and one-size-fits-all […]
The post Huntress Unveils Immersive Cybersecurity Training That Puts Users in the Shoes of Hackers appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/11/huntress-unveils-immersive-cybersecurity-training-that-puts-users-in-the-shoes-of-hackers/?utm_source=rss&utm_medium=rss&utm_campaign=huntress-unveils-immersive-cybersecurity-training-that-puts-users-in-the-shoes-of-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CybaVerse Acquires SecureAck to Expand Next-Gen Security Operations Platform for SMEs and MSPs
CybaVerse has today announced it has acquired SecureAck, a scalable automation platform designed to simplify security across IT and OT environments. The acquisition will accelerate the development of CybaVerse's proprietary platform, CybaVerse AI, and expand support for small to mid-sized enterprises (SMEs) and managed service providers (MSPs), who are seeking flexible, resilient cyber security solutions, whether […]
The post CybaVerse Acquires SecureAck to Expand Next-Gen Security Operations Platform for SMEs and MSPs appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/11/cybaverse-acquires-secureack-to-expand-next-gen-security-operations-platform-for-smes-and-msps/?utm_source=rss&utm_medium=rss&utm_campaign=cybaverse-acquires-secureack-to-expand-next-gen-security-operations-platform-for-smes-and-msps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Toxic trend: Another malware threat targets DeepSeek
Kaspersky GReAT experts discovered a new malicious implant: BrowserVenom. It enables a proxy in browsers like Chrome and Mozilla and spreads through a DeepSeek-mimicking phishing website.
https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Products on your perimeter considered harmful (until proven otherwise)
As attackers' tactics change, so must network defenders'.
https://www.ncsc.gov.uk/blog-post/products-on-your-perimeter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Valid-AI-ted: A Major Step Towards Real-Time Cloud Assurance
Written by Jim Reavis, CEO & Co-Founder, Cloud Security Alliance.
Today, at our Cloud Trust Summit, we officially launched Valid-AI-ted, the industry's first AI-assisted quality check for STAR Level 1 self-assessments. Within hours of opening the submission portal, providers were uploading CAIQs to see how they measure up, while enterprise risk teams asked how the new badge can sharpen their due-diligence process.
In this post, I'd like to share where we're headed next—an...
https://cloudsecurityalliance.org/articles/valid-ai-ted-a-major-step-towards-real-time-cloud-assurance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Boost Cloud Security Without Bugging Your Developers
Originally published by CyberArk.
Written by Brooke Jameson, Senior Product Marketing Manager, CyberArk.
Developers are incredibly valuable to an organization's progress and evolution. They must innovate quickly while simultaneously navigating changes to their day-to-day operations as companies heighten security requirements in the cloud.
If developers find these security measures cumbersome, creating hurdles that plague their progress, they will likely bypass them al...
https://cloudsecurityalliance.org/articles/boost-cloud-security-without-bugging-your-developers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TBK DVRs Botnet Attack
What is the Attack?Threat Actors are actively exploiting CVE-2024-3721, a command injection vulnerability in TBK DVR devices (Digital Video Recorders). This flaw allows unauthenticated remote code execution (RCE) via crafted HTTP requests to the endpoint. The compromised devices are being conscripted into a botnet capable of conducting DDoS attacks.If successfully exploited, there is a potential for significant disruption from DDoS attacks, lateral movement, or further malware delivery.FortiGuard sensors observes critical level of network telemetry related to the attack attempts targeting this vulnerability (CVE-2024-3721). In the past FortiGuard has release an Outbreak Alert for a different TBK vulnerability (CVE-2018-9995) exploited to spread Remote Access Trojan called HiatusRAT. TBK DVR...
https://fortiguard.fortinet.com/threat-signal-report/6127
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7565-1: libsoup vulnerabilities
It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS. (CVE-2024-52531)
It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2024-52532)
It was discovered that libsoup could be made to read out of bounds. An
attacker could possibly use this issue to cause applications using
libsoup to crash, resulting in a denial of service. (CVE-2025-2784,
CVE-2025-32050, CVE-2025-32052, CVE-2025-32053)
https://ubuntu.com/security/notices/USN-7565-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, June 2025 Edition
Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.
https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
June 2025 Patch Tuesday: Microsoft Fixes 66 Bugs, Including Active 0-Day
June 2025 Patch Tuesday fixes 66 bugs, including a zero-day in WebDAV. Update Windows, Office, and more now to block active threats.
https://hackread.com/june-2025-patch-tuesday-microsoft-bugs-active-0-day/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing
Valid-AI-ted provides an automated quality check of STAR Level 1 self-assessments using state-of-the-art LLM technology
SEATTLE – June 11, 2025 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an A...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-brings-ai-assisted-auditing-to-cloud-computing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GirlsDoPorn owner faces life in jail after pleading guilty to sex trafficking
GirlsDoPorn owner pleaded guilty to sex trafficking through his coercive pornographic websites. He now faces life in prison.
https://www.malwarebytes.com/blog/news/2025/06/girlsdoporn-owner-faces-life-in-jail-after-pleading-guilty-to-sex-trafficking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Two Mirai Botnets, Lzrd and Resgod Spotted Exploiting Wazuh Flaw
Akamai's latest report reveals two Mirai botnets exploiting the critical CVE-2025-24016 flaw in Wazuh. Learn about these fast-spreading IoT threats and urgent patching advice.
https://hackread.com/two-mirai-botnets-lzrd-resgod-exploiting-wazuh-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - June 2025
WebDAV & SMB client zero-days. KDC Proxy Service & Office critical RCEs.
https://blog.rapid7.com/2025/06/10/patch-tuesday-june-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance's AI Safety Initiative Named a 2025 CSO Awards Winner
Program recognized for driving innovation and strategic vision
SEATTLE – June 12, 2025 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is excited to announce that its AI Safety Initiative has been named a winner of the 2025 CSO Awards, which recognize organizations for their exceptional security projects and initiatives that showcase substantial ...
https://cloudsecurityalliance.org/articles/csa-ai-safety-initiative-named-a-2025-cso-awards-winner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond IPs: Addressing organizational overconsumption in Maven Central
When we published Maven Central and the Tragedy of the Commons, we highlighted a disturbing pattern: just 1% of IP addresses accounted for 83% of Maven Central's total bandwidth, often traced back to some of the world's largest organizations.
https://www.sonatype.com/blog/beyond-ips-addressing-organizational-overconsumption-in-maven-central
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7563-1: .NET vulnerability
It was discovered that .NET did not properly validate search path in
Microsoft.NETCore.App.Runtime. An attacker could possibly use this issue
to execute arbitrary code.
https://ubuntu.com/security/notices/USN-7563-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI Shuts Down 10 Malicious AI Ops Linked to China, Russia, Iran, N. Korea
OpenAI, a leading artificial intelligence company, has revealed it is actively fighting widespread misuse of its AI tools…
https://hackread.com/openai-shuts-down-ai-ops-china-russia-iran-nkorea/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
APIContext Releases Guide to Enterprise API Readiness for Autonomous AI Agents
In 2025, agentic AI has rapidly moved from theoretical promise to real-world implementation, reshaping the digital infrastructure of enterprises worldwide. These autonomous systems, capable of making decisions, initiating actions, and interacting with APIs at machine speed, are unlocking extraordinary efficiencies across industries. But with innovation comes risk and with that in mind, APIContext have today […]
The post APIContext Releases Guide to Enterprise API Readiness for Autonomous AI Agents appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/10/apicontext-unveils-guide-to-preparing-enterprise-apis-for-autonomous-ai-agents/?utm_source=rss&utm_medium=rss&utm_campaign=apicontext-unveils-guide-to-preparing-enterprise-apis-for-autonomous-ai-agents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Comparing Enterprise Browsers: Key Features to Look For
Organizations have big problems securing their digital platforms and being productive. Choosing an enterprise browser…
Comparing Enterprise Browsers: Key Features to Look For on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/06/10/comparing-enterprise-browsers-key-features-to-look-for/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May 2025 Security Issues in Korean & Global Financial Sector
This report comprehensively covers actual cyber threats and security issues that have taken place targeting financial companies in Korea and abroad. This report includes an analysis of malware and phishing cases distributed to the financial industry, the top 10 malware strains targeting the financial sector, and statistics on the industries of the leaked Korean accounts. […]
https://asec.ahnlab.com/en/88437/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta's Internal Conflict
Despite a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024, Rapid7 has observed sustained social engineering attacks. Evidence suggests that BlackSuit affiliates have either adopted Black Basta's strategy or absorbed its members.
https://blog.rapid7.com/2025/06/10/blacksuit-continues-social-engineering-attacks-in-wake-of-black-bastas-internal-conflict/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7564-1: Samba vulnerability
It was discovered that Samba incorrectly handled certain group membership
changes when using Kerberos authentication. A remote user could possibly
use this issue to continue to access resources after being removed by an
administrator.
https://ubuntu.com/security/notices/USN-7564-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure mobile applications with Dart, Flutter, and Sonatype
The Dart coding language and the Flutter framework architecture are gaining traction among developers looking to build fast, reliable, cross-platform applications.
https://www.sonatype.com/blog/secure-mobile-applications-with-dart-flutter-and-sonatype
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR
Explore key takeaways from Take Command 2025 on modern cloud detection and response. Learn how SOCs are adapting. Watch the full session on demand.
https://blog.rapid7.com/2025/06/10/key-takeaways-from-the-take-command-summit-2025-demystifying-cloud-detection-response-the-future-of-soc-and-mdr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
44% of people encounter a mobile scam every single day, Malwarebytes finds
A mobile scam finds most people at least once a week, new Malwarebytes research reveals. The financial and emotional consequences are dire.
https://www.malwarebytes.com/blog/scams/2025/06/44-of-people-encounter-a-mobile-scam-every-single-day-malwarebytes-finds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Duck Elevates Leadership with New Chief Product & Technology Officer
Black Duck has announced the appointment of Dipto Chakravarty as Chief Product & Technology Officer. Mr. Chakravarty brings a 30+ year track record of leading product development and technology teams, with domain expertise in AI, data intelligence, cloud security, and open-source technologies. At Black Duck, he will drive the product strategy, product management, and R&D […]
The post Black Duck Elevates Leadership with New Chief Product & Technology Officer appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/10/black-duck-elevates-leadership-with-new-chief-product-technology-officer/?utm_source=rss&utm_medium=rss&utm_campaign=black-duck-elevates-leadership-with-new-chief-product-technology-officer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google bug allowed phone number of almost any user to be discovered
Google has fixed a vulnerability in its account recovery flow which could have allowed attackers to find linked phone numbers.
https://www.malwarebytes.com/blog/news/2025/06/google-bug-allowed-phone-number-of-almost-any-user-to-be-discovered
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity: Stop tricking employees. Start training them.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 10, 2025 – Read the full story CyberHoot helps businesses of all sizes, from scrappy startups to global enterprises, automate security awareness training for its employees using a fun, reward-based approach that
The post Cybersecurity: Stop tricking employees. Start training them. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-stop-tricking-employees-start-training-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
High Stakes Privacy: A Guide to Data Security in Gambling
When signing into a real money online casino, your deposits are not the only things at risk—your data is, too. All sorts of sensitive information, ranging from signing up to making a payment, are collected and managed by online gambling platforms and must be secured at all times. Because privacy concerns and cyber threats are […]
The post High Stakes Privacy: A Guide to Data Security in Gambling appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/10/high-stakes-privacy-a-guide-to-data-security-in-gambling/?utm_source=rss&utm_medium=rss&utm_campaign=high-stakes-privacy-a-guide-to-data-security-in-gambling
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Evolution of Linux Binaries in Targeted Cloud Operations
Using data from machine learning tools, we predict a surge in cloud attacks leveraging reworked Linux Executable and Linkage Format (ELF) files.
The post The Evolution of Linux Binaries in Targeted Cloud Operations appeared first on Unit 42.
https://unit42.paloaltonetworks.com/elf-based-malware-targets-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WiredBucks - 918,529 breached accounts
In May 2022, the now defunct social media influencer platform WiredBucks suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed over 900k email and IP addresses alongside names, usernames, earnings via the platform, physical addresses and passwords stored as plain text.
https://haveibeenpwned.com/Breach/WiredBucks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LinkedIn for OSINT: tips and tricks
When it comes to open source intelligence (OSINT), LinkedIn is a treasure trove of information. With millions of professionals voluntarily sharing details about their careers, connections, personal achievements, or keeping up to date with what is happening in their professional sphere, the famous networking platform is not to be underestimated when it comes to OSINT. […]
https://blog.compass-security.com/2025/06/linkedin-for-osint-tips-and-tricks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blind SSRF in API
A server-side request forgery vulnerability [CWE-918] in FortiClientEMS may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-342
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall session injection in FGSP
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-287
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IPsec improper validation of certificate with host mismatch
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiClient Windows may allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-365
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper Handling of Insufficient Permissions or Privileges in GUI websocket
An Improper Handling of Insufficient Permissions or Privileges Vulnerability [CWE-280] in FortiPAM and FortiSRA GUI websocket could allow a low privileged user to access to a unauthorized resources via specially crafted http requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-008
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Information Disclosure on SSLVPN endpoint
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-257
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insufficient Access Control Over API Endpoints
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiPortal may allow an authenticated attacker to view unauthorized device information via key modification in API requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-274
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insufficient Session Expiration in SSL-VPN cookie
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-339
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple OS command injection in Web Vulnerability Scanner
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-099
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privilege escalation in GUI websocket module
An Improper Privilege Management vulnerability [CWE-269] affecting FortiOS, FortiProxy & FortiWeb may allow an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-006
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privilege escalation in automation-stitch
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS and FortiProxy may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-385
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SSH key is added even if operation is aborted
An incomplete cleanup vulnerability [CWE-459] in FortiOS & FortiProxy may allow a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-008
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Erlang/OTP RCE
What is the Vulnerability?A critical SSH vulnerability has recently been identified in the Erlang/Open Telecom Platform (OTP). The vulnerability, tracked as CVE-2025-32433, has been assigned a CVSS score of 10.0. It is unauthenticated, remotely exploitable, and requires low complexity to execute.Erlang/OTP is commonly found in IoT devices and telecommunications platforms, and is prominently used by companies such as Ericsson, WhatsApp, and Cisco, among others.Update: June 9, 2025: CISA has added CVE-2025-32433 Erlang/OTP SSH Server Missing Authentication to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. What is the recommended Mitigation?A security patch for OTP has been made available via GitHub. FortiGuard Labs strongly recommends that organizations...
https://fortiguard.fortinet.com/threat-signal-report/6077
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How and where to report an online scam
Find out where and how victims can report online scams to prevent more victims and possibly recover funds.
https://www.malwarebytes.com/blog/news/2025/06/how-and-where-to-report-an-online-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Been scammed online? Here’s what to do
Have you been scammed online? Here are some tips to limit the damage and follow up steps you may find useful
https://www.malwarebytes.com/blog/news/2025/06/been-scammed-online-heres-what-to-do
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Stop Expired Secrets from Disrupting Your Operations
Originally published by Aembit.
Written by Dan Kaplan.
You and your team have just received that dreaded late-night alert: “Authentication failure in production.” Your team's carefully built service is down, not because of a sophisticated ransomware attack or some complex virus, but something far more mundane: an expired API key that nobody remembered to rotate.
In modern cloud-native environments, authentication isn't just about users logging in, it's about machines, serv...
https://cloudsecurityalliance.org/articles/how-to-stop-expired-secrets-from-disrupting-your-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Early Adoption of ISO 42001 Matters
Originally published by A-LIGN.
As AI governance grows in importance, many organizations are planning for compliance. The 2025 Compliance Benchmark Report, which gathered insights from over 1000 compliance professionals across various industries, found that 76% of organizations plan to pursue AI compliance soon with a framework like ISO 42001. Although ISO 42001 isn't yet the definitive standard due to the dynamic nature of AI governance, it offers a comprehensive solution,...
https://cloudsecurityalliance.org/articles/why-early-adoption-of-iso-42001-matters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7553-6: Linux kernel (Azure FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-56551, CVE-2024-47701, CVE-2024-57850, CVE-2024-26966,
CVE-2021-47211, CVE-2024-56596, CVE-2024-53155, CVE-2024-42301,
CVE-2024-53168)
https://ubuntu.com/security/notices/USN-7553-6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7553-5: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-56596, CVE-2024-47701, CVE-2024-26966, CVE-2021-47211,
CVE-2024-42301, CVE-2024-57850, CVE-2024-53168, CVE-2024-53155,
CVE-2024-56551)
https://ubuntu.com/security/notices/USN-7553-5
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7553-4: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-57850, CVE-2024-42301, CVE-2024-53155, CVE-2024-53168,
CVE-2024-26966, CVE-2021-47211, CVE-2024-56596, CVE-2024-56551,
CVE-2024-47701)
https://ubuntu.com/security/notices/USN-7553-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7550-6: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Sun RPC protocol;
(CVE-2024-56608, CVE-2024-53168, CVE-2024-56551)
https://ubuntu.com/security/notices/USN-7550-6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May 2025 Deep Web and Dark Web Trends Report
Disclaimer This trend report on the deep web and dark web of May 2025 is sectioned into Ransomware, Data Breach, DarkWeb, CyberAttack, and Threat Actor. Please note that there are some parts of the content that cannot be verified for accuracy. Key Issue 1) Ransomware 1. Overview In […]
https://asec.ahnlab.com/en/88428/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7562-1: Tomcat vulnerabilities
It was discovered that Tomcat did not include the secure attribute for
session cookies when using the RemoteIpFilter with requests from a reverse
proxy. An attacker could possibly use this issue to leak sensitive
information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for
tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04.
(CVE-2023-28708)
It was discovered that Tomcat incorrectly recycled
certain objects, which could lead to information leaking from one request
to the next. An attacker could potentially use this issue to leak sensitive
information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for
tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04.
(CVE-2023-42795)
It was discovered that Tomcat incorrectly handled HTTP
trailer headers. A remote...
https://ubuntu.com/security/notices/USN-7562-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Things Security Leaders Need to Know About Agentic AI
Generative AI has already transformed the way businesses work. But we're now entering a new phase where AI doesn't just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI', and it's moving fast.
https://blog.rapid7.com/2025/06/09/5-things-security-leaders-need-to-know-about-agentic-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating AWS Migration: Achieving Clarity and Confidence
Migrating workloads to Amazon Web Services (AWS) represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy introduce unforeseen risks, operational delays, and more.
https://blog.rapid7.com/2025/06/09/navigating-aws-migration-achieving-clarity-and-confidence-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Greatest Internet Pioneer You've Never Heard Of
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 09, 2025 – Listen to the podcast After watching the documentary “We Live in Public,” a hyperventilated account of the rise and weird fall of the dot-com millionaire turned self-declared artist Josh
The post The Greatest Internet Pioneer You’ve Never Heard Of appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-greatest-internet-pioneer-youve-never-heard-of/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Can Online Casino Accounts Be Hacked?
Online casino platforms are not immune to compromise, but the most successful breaches don't happen through the front door. They happen when users bring bad habits to high-risk environments. For hackers, it's rarely about breaking encryption, it's about exploiting behavior. Exposed Credentials Still Drive Most Attacks The majority of online casino account breaches don't start […]
The post Can Online Casino Accounts Be Hacked? appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/09/can-online-casino-accounts-be-hacked/?utm_source=rss&utm_medium=rss&utm_campaign=can-online-casino-accounts-be-hacked
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sleep with one eye open: how Librarian Ghouls steal data by night
According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.
https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere
This examination of the Amazon Web Services (AWS) Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives.
The post Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere appeared first on Unit 42.
https://unit42.paloaltonetworks.com/aws-roles-anywhere/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (June 1 – June 7)
A list of topics we covered in the week of June 1 to June 7 of 2025
https://www.malwarebytes.com/blog/news/2025/06/a-week-in-security-june-1-june-7
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Marks a New Chapter in AI Governance with the AI Trustworthy Pledge
Pledge identifies those organizations truly committed to responsible, trustworthy AI
SEATTLE – June 11, 2025 – The AI revolution is reshaping every sector of our economy. But even as AI systems are making decisions that affect millions of lives, organizations are grappling with a host of issues ranging from AI hallucinations to privacy concerns. The traditional approach of building first and securing later won't work in the AI era. Instead, what's needed is a proactive framework that e...
https://cloudsecurityalliance.org/articles/csa-marks-a-new-chapter-in-ai-governance-with-ai-trustworthy-pledge
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Disk Union - 690,667 breached accounts
In June 2022, the Japanese record chain store Disk Union suffered a data breach. The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords.
https://haveibeenpwned.com/Breach/DiskUnion
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-up 06/06/25
This release adds new modules targeting ThinManager vulnerabilities (CVE-2023-27855, CVE-2023-2917, CVE-2023-27856), a udev persistence module for Linux, an Ivanti EPMM authentication bypass and remote code execution module (CVE-2025-4427, CVE-2025-4428), PHP payload adapters, and more
https://blog.rapid7.com/2025/06/06/metasploit-wrapup-76/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to update Chrome on every operating system
How to update Chrome on every Operating System (Windows, Mac, Linux, Chrome OS, Android, iOS)
https://www.malwarebytes.com/blog/explained/2025/06/how-to-update-chrome-on-every-operating-system
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI forced to preserve ChatGPT chats
ChatGPT developer Open AI has been ordered to maintain user chats as it battle a lawsuit from The New York Times and other publishers.
https://www.malwarebytes.com/blog/news/2025/06/openai-forced-to-preserve-chatgpt-chats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sausages and incentives: rewarding a resilient technology future
Why ‘thinking big' is required to shift the dynamics of the technology market.
https://www.ncsc.gov.uk/blog-post/sausages-incentives-rewarding-resilient-technology-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Booking.com reservation abused as cybercriminals steal from travelers
Cybercriminals are abusing the hospitality industry and its booking platforms to defraud the travelers that visit them
https://www.malwarebytes.com/blog/news/2025/06/booking-com-abused-by-cybercriminals-to-steal-from-travelers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cultivating Growth and Development at Rapid7
At Rapid7, we're pushing the boundaries on what a cybersecurity company can be. With more than a dozen offices around the world, Rapid7's culture provides a foundation where people can grow their skills and progress in their careers, while driving meaningful impact to the business.
https://blog.rapid7.com/2025/06/06/cultivating-growth-and-development-at-rapid7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity For SMBs: Huge Market Opportunity for MSPs
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 06, 2025 – Read the Full Story in CRN “Cybercrime is rising and SMBs rely on MSPs to provide the security tools and services they can't staff or build themselves,” Bill Campbell,
The post Cybersecurity For SMBs: Huge Market Opportunity for MSPs appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-for-smbs-huge-market-opportunity-for-msps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blitz Malware: A Tale of Game Cheats and Code Repositories
Blitz malware, active since 2024 and updated in 2025, was spread via game cheats. We discuss its infection vector and abuse of Hugging Face for C2.
The post Blitz Malware: A Tale of Game Cheats and Code Repositories appeared first on Unit 42.
https://unit42.paloaltonetworks.com/blitz-malware-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
Kaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721.
https://securelist.com/mirai-botnet-variant-targets-dvr-devices-with-cve-2024-3721/116742/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
India's Cyber Leaders Prepare for AI-Driven Threats
As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders to address the most pressing cyber threats facing organizations in 2025.
https://blog.rapid7.com/2025/06/06/indias-cyber-leaders-prepare-for-ai-driven-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SimpleHelp Path Traversal Vulnerability
What is the Vulnerability?FortiGuard Labs continues to observe ongoing attack attempts targeting SimpleHelp, a Remote Monitoring and Management (RMM) software, due to a critical unauthenticated path traversal vulnerability (CVE-2024-57727) affecting versions 5.5.7 and earlier. This flaw allows remote attackers to access and download arbitrary files from the server without authentication, simply by sending specially crafted HTTP requests. The exposed files may contain highly sensitive information, including server configuration data, hashed administrator passwords, API keys, and other credentials. The root cause is improper input validation, which lets attackers manipulate file paths to reach files outside the intended directories. Due to active exploitation, this vulnerability was added to...
https://fortiguard.fortinet.com/threat-signal-report/6107
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proxy Services Feast on Ukraine's IP Address Exodus
Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America's largest Internet service providers (ISPs).
https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agentic AI is Redefining Identity Security in the Cloud
Originally published by Britive.
The emergence of agentic AI is rapidly reshaping how modern enterprises think about automation, autonomy, and security.
Unlike traditional generative AI, which focuses on creating content or identifying patterns, agentic AI represents a more proactive, decision-making force embedded within digital ecosystems.
These AI agents are designed to independently pursue (human-provided) goals, take actions on behalf of users or systems, and even make...
https://cloudsecurityalliance.org/articles/agentic-ai-is-redefining-identity-security-in-the-cloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Connect with us at the Gartner Security & Risk Management Summit
Microsoft will spotlight its AI-first, end-to-end security platform at the Gartner Security & Risk Management Summit. Read our blog post for details on how to connect with us there and a teaser of what to expect from our sessions.
The post Connect with us at the Gartner Security & Risk Management Summit appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/connect-with-us-at-the-gartner-security--risk-management-summit/4420744
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Detail Bitter APT's Evolving Tactics as Its Geographic Scope Expands
https://www.proofpoint.com/us/newsroom/news/researchers-detail-bitter-apts-evolving-tactics-its-geographic-scope-expands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet the Deputy CISOs who help shape Microsoft's approach to cybersecurity: Part 3
Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee.
The post Meet the Deputy CISOs who help shape Microsoft's approach to cybersecurity: Part 3 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/05/meet-the-deputy-cisos-who-help-shape-microsofts-approach-to-cybersecurity-part-3/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open source policy management: How Sonatype supports security at scale
As organizations rely more heavily on open source components, software composition analysis (SCA) has become essential for identifying risks. But visibility alone is not enough. What turns insight into action is effective policy management: the ability to define and enforce rules that govern how software is built.
https://www.sonatype.com/blog/open-source-policy-management-how-sonatype-supports-security-at-scale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity: Are We Doing Our Part?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 05, 2025 – Read the Full Story in New Age Cybersecurity is not just about protecting data — it is about protecting livelihoods, economies, and trust, writes BM Zahid ul Haque, a global
The post Cybersecurity: Are We Doing Our Part? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-are-we-doing-our-part/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q1 2025. Non-mobile statistics
The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q1 2025.
https://securelist.com/malware-report-q1-2025-pc-iot-statistics/116686/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q1 2025. Mobile statistics
The number of attacks on mobile devices involving malware, adware, or unwanted apps saw a significant increase in the first quarter.
https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BladedFeline: Whispering in the dark
ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig
https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Runtime Integrity Measurement Overview
Originally published by Invary.
Written by Dr. Wesley Peck.
Runtime Integrity Measurement
In this article we'll dive into the technical details of a real world rootkit, explore how that rootkit compromises an operating system, and then learn how Kernel Integrity Measurement technology detects even novel rootkits that exploit zero day vulnerabilities in systems.
Integrity Measurement applied to operating systems provides a powerful security mechanism to ensure that infra...
https://cloudsecurityalliance.org/articles/runtime-integrity-measurement-overview
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Trust Imperative: Why the CSA AI Trustworthy Pledge Matters Now More Than Ever
Written by Daniele Catteddu, Chief Technology Officer, CSA.
Many of us have witnessed firsthand the transformative power of artificial intelligence and the urgent need for responsible innovation that keeps pace with technological advancement.
The artificial intelligence revolution is no longer on the horizon; it's reshaping every sector of our economy today. From healthcare diagnostics to financial services, from autonomous vehicles to content generation, AI systems are ...
https://cloudsecurityalliance.org/articles/the-ai-trust-imperative-why-the-csa-ai-trustworthy-pledge-matters-now-more-than-ever
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-5688 - Out of Bounds Write in FreeRTOS-Plus-TCP
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/06/04 10:00 AM PDT
Description
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR, mDNS, NBNS, RA, ND, ICMP, and ICMPv6. FreeRTOS-Plus-TCP offers two Buffer Allocation Schemes for buffer management:
Buffer Allocation Scheme 1 - Allocates buffers from a pre-defined pool of fixed-size buffers.
Buffer Allocation Scheme 2 - Allocates buffers of required size dynamically from the heap.
We identified CVE-2025-5688, that may allow out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This...
https://aws.amazon.com/security/security-bulletins/AWS-2025-012/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://www.hackmageddon.com/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 1st Week of June, 2025
ASEC Blog publishes ” Mobile Security & Malware Issue 1st Week of June, 2025″
https://asec.ahnlab.com/en/88343/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, June 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, June 2025 Germany’s largest automobile manufacturer listed as a new victim of Stormous ransomware. Dark web carding market BidenCash shut down through international joint investigation. New ransomware group ‘Global’ emerges.
https://asec.ahnlab.com/en/88346/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Expert Guide to Ransomware Recovery
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 04, 2025 – Download the Guide from Redmond Is your business prepared to recover quickly from a ransomware attack and minimize data loss? An expert guide from Redmond, the independent voice of the
The post Expert Guide to Ransomware Recovery appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/expert-guide-to-ransomware-recovery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automation you can trust: Cut backlogs without breaking builds
Engineering teams live in a paradox — under pressure to ship software faster than ever, yet every new open source component introduces hidden risk. Security backlogs pile up as developers scramble to fix vulnerabilities, balance new feature work, and try not to disrupt critical builds.
https://www.sonatype.com/blog/automation-you-can-trust-cut-backlogs-without-breaking-builds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Q1 2025 Incident Response Findings
Rapid7's 2025Q1 incident response data highlights several key IAV trends, shares salient examples of incidents investigated by the Rapid7 IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware.
https://blog.rapid7.com/2025/06/04/rapid7-q1-2025-incident-response-findings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
The lines between ideologically-driven hacktivism and financially motivated cybercriminals are blurring. Some hacktivist groups are evolving into ransomware operations – even becoming ransomware affiliates – merging the disruptive zeal of hacktivism with the ruthless efficiency of cybercrime.
https://blog.rapid7.com/2025/06/03/from-ideology-to-financial-gain-exploring-the-convergence-from-hacktivism-to-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack the model: Build AI security skills with the GitHub Secure Code Game
Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills.
The post Hack the model: Build AI security skills with the GitHub Secure Code Game appeared first on The GitHub Blog.
https://github.blog/security/hack-the-model-build-ai-security-skills-with-the-github-secure-code-game/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Only Malware in the Building: The great CoGUI caper.
https://www.proofpoint.com/us/newsroom/news/only-malware-building-great-cogui-caper
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Microsoft Defender for Endpoint is redefining endpoint security
Learn why many CISOs prefer Microsoft Defender for Endpoint for comprehensive cyberthreat protection across devices and platforms.
The post How Microsoft Defender for Endpoint is redefining endpoint security appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/03/how-microsoft-defender-for-endpoint-is-redefining-endpoint-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DNS rebinding attacks explained: The lookup is coming from inside the house!
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.
The post DNS rebinding attacks explained: The lookup is coming from inside the house! appeared first on The GitHub Blog.
https://github.blog/security/application-security/dns-rebinding-attacks-explained-the-lookup-is-coming-from-inside-the-house/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Disguised as Password Cracker (Extension Changed to .NS1419)
The AhnLab SEcurity intelligence Center (ASEC) recently discovered ransomware being distributed disguised a password cracker tool. Such tools are typically used in brute force attacks. Brute force attacks involve by trying every possible combination to find the correct password. Attackers repeatedly attempt to breach a system's authentication procedure to steal passwords. This method is particularly […]
https://asec.ahnlab.com/en/88371/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing AI Attack Coverage in Exposure Command: Secure what traditional AppSec Tools miss
Introducing AI Attack Coverage in Exposure Command and InsightAppSec, bringing purpose built protection for AI driven applications into your existing AppSec workflows. Uncover vulnerabilities that legacy tools miss – and stop AI specific threats before they become business problems.
https://blog.rapid7.com/2025/06/03/introducing-ai-attack-coverage-in-exposure-command-secure-what-traditional-appsec-tools-miss/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top DSPM Challenges and How to Tackle Them
Data Security Posture Management is key as you move workloads to the cloud. It helps…
Top DSPM Challenges and How to Tackle Them on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/06/03/top-dspm-challenges-and-how-to-tackle-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons from Ireland on closing the cybersecurity talent gap
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 03, 2025 – Read the full story in Forbes There are an estimated 3.5 million unfilled cybersecurity roles worldwide as of 2025. That figure has remained steady since 2021, according to Cybersecurity
The post Lessons from Ireland on closing the cybersecurity talent gap appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/lessons-from-ireland-on-closing-the-cybersecurity-talent-gap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Creating the right organisational culture for cyber security
Calling cyber security professionals, culture specialists and leaders to drive uptake of new Cyber security culture principles.
https://www.ncsc.gov.uk/blog-post/creating-the-right-organisational-culture-for-cyber-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Host-based logs, container-based threats: How to tell where an attack began
Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization's logs lack container visibility.
https://securelist.com/host-based-logs-container-based-threats/116643/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lost in Resolution: Azure OpenAI's DNS Resolution Issue
We discovered an Azure OpenAI misconfiguration allowing shared domains, potentially leading to data leaks. Microsoft quickly resolved the issue.
The post Lost in Resolution: Azure OpenAI's DNS Resolution Issue appeared first on Unit 42.
https://unit42.paloaltonetworks.com/azure-openai-dns-resolution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ColoCrossing - 7,183 breached accounts
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
https://haveibeenpwned.com/Breach/ColoCrossing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms
We compare the effectiveness of content filtering guardrails across major GenAI platforms and identify common failure cases across different systems.
The post How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms appeared first on Unit 42.
https://unit42.paloaltonetworks.com/comparing-llm-guardrails-across-genai-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Alert: .6 Billion in Cyber Losses Underscore Critical Need for Advanced Security Training
Cary, North Carolina, 2nd June 2025, CyberNewsWire
INE Security Alert: .6 Billion in Cyber Losses Underscore Critical Need for Advanced Security Training on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/06/02/ine-security-alert-16-6-billion-in-cyber-losses-underscore-critical-need-for-advanced-security-training/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Discover how automatic attack disruption protects critical assets while ensuring business continuity
To help security teams protect critical assets while ensuring business continuity, Microsoft Defender developed automatic attack disruption: a built-in self-defense capability.
The post Discover how automatic attack disruption protects critical assets while ensuring business continuity appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/discover-how-automatic-attack-disruption-protects-critical-assets-while-ensuring/4416597
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing a new strategic collaboration to bring clarity to threat actor naming
Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster.
The post Announcing a new strategic collaboration to bring clarity to threat actor naming appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/02/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management
Learn how security teams are evolving risk strategies with exposure management. Hear insights from Rapid7 and ESG. Watch the full session on demand.
https://blog.rapid7.com/2025/06/02/key-takeaways-from-the-take-command-summit-2025-risk-revolution-proactive-strategies-for-exposure-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to land an entry-level cybersecurity job
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 02, 2025 – Read the full story in Spiceworks Want to work in cybersecurity but can't get past the “experience required” roadblock? You're not alone in this frustrating catch-22. The cybersecurity field
The post How to land an entry-level cybersecurity job appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/how-to-land-an-entry-level-cybersecurity-job/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't let dormant accounts become a doorway for cybercriminals
Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.
https://www.welivesecurity.com/en/cybersecurity/dont-let-dormant-accounts-become-doorway-cybercriminals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ViperSoftX Stealing Cryptocurrencies
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the ViperSoftX attacker is continuously distributing malware to users in Korea. ViperSoftX is a type of malware that resides in infected systems and is responsible for executing threat actors' commands and stealing cryptocurrencies. ASEC previously published an analysis of a ViperSoftX attack case in May 2024, which […]
https://asec.ahnlab.com/en/88336/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SAP Netweaver Zero-Day Attack
What is the Attack?A zero-day SAP vulnerability, CVE-2025-31324, with CVSS score of 10.0 is being actively exploited in the wild. This vulnerability affects SAP Visual Composer, allowing unauthenticated threat actors to upload arbitrary files, resulting in full compromise of the targeted system that could significantly affect the confidentiality, integrity, and availability of the targeted system.The vulnerability stems from the SAP NetWeaver Visual Composer Metadata Uploader lacking proper authorization protection, which allows unauthenticated agents to upload potentially malicious executable binaries.CISA has added the CVE to their Known Exploited Vulnerabilities Catalog on April 29, 2025.What is the recommended Mitigation?The vulnerability exists in the SAP Visual Composer component for...
https://fortiguard.fortinet.com/threat-signal-report/6089
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team
Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025.
The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don't go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.
Chrome's confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners included in the Chrome Root Store has diminished due to patterns...
http://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploits and vulnerabilities in Q1 2025
This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.
https://securelist.com/vulnerabilities-and-exploits-in-q1-2025/116624/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – May 2025 edition
From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-may-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. Sanctions Cloud Provider ‘Funnull' as Top Source of ‘Pig Butchering' Scams
The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.
https://krebsonsecurity.com/2025/05/u-s-sanctions-cloud-provider-funnull-as-top-source-of-pig-butchering-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defending against evolving identity attack techniques
Threat actors continue to develop and leverage various techniques that aim to compromise cloud identities. Despite advancements in protections like multifactor authentication (MFA) and passwordless solutions, social engineering remains a key aspect of phishing attacks. Implementing phishing-resistant solutions, like passkeys, can improve security against these evolving threats.
The post Defending against evolving identity attack techniques appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/05/29/defending-against-evolving-identity-attack-techniques/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to deploy AI safely
Microsoft Deputy CISO Yonatan Zunger shares tips and guidance for safely and efficiently implementing AI in your organization.
The post How to deploy AI safely appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/05/29/how-to-deploy-ai-safely/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 5st Week of May, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 5st Week of May, 2025”
https://asec.ahnlab.com/en/88247/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Streamline SCA with Sonatype's build-safe automation
As open source adoption accelerates across the enterprise, so too does its complexity. Development teams are building software with hundreds of components, each carrying its own risks, release cycles, and dependencies.
https://www.sonatype.com/blog/streamline-sca-with-sonatype-build-safe-automation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pakistan Arrests 21 in ‘Heartsender' Malware Service
Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.
https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 5, May 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 5, May 2025 New ransomware group DATACARRY emerges: Victim companies in 8 countries disclosed 65,000 records of Korean individuals leaked on cybercrime forum A South Korean university listed as a new victim of NOVA ransomware
https://asec.ahnlab.com/en/88240/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zanubis in motion: Tracing the active evolution of the Android banking malware
A comprehensive historical breakdown of Zanubis' changes, including RC4 and AES encryption, credentials stealing and new targets in Peru, provided by Kaspersky GReAT experts.
https://securelist.com/evolution-of-zanubis-banking-trojan-for-android/116588/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security and RedTeam Hacker Academy Announce Partnership to Advance Cybersecurity Skills in the Middle East
Cary, North Carolina, 28th May 2025, CyberNewsWire
INE Security and RedTeam Hacker Academy Announce Partnership to Advance Cybersecurity Skills in the Middle East on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/28/ine-security-and-redteam-hacker-academy-announce-partnership-to-advance-cybersecurity-skills-in-the-middle-east/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-5279 - Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/05/27 11:30 AM PDT
Description
Amazon Redshift Python Connector is a pure Python connector to Redshift (i.e., driver) that implements the Python Database API Specification 2.0.
We identified CVE-2025-5279 an issue in the Amazon Redshift Python Connector, version 2.0.872 through 2.1.6. When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider (IdP). An insecure connection could allow an actor to intercept the token exchange process and retrieve an access token.
This issue has been addressed in driver version 2.1.7. Users should upgrade to address this issue and ensure...
https://aws.amazon.com/security/security-bulletins/AWS-2025-011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Evolving Role of the Modern CISO
https://www.proofpoint.com/us/newsroom/news/evolving-role-modern-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The future of AI agents—and why OAuth must evolve
Our industry needs to continue working together on identity standards for agent access across systems. Read about how Microsoft is building a robust and sophisticated set of agents.
The post The future of AI agents—and why OAuth must evolve appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-entra-blog/the-future-of-ai-agents%E2%80%94and-why-oauth-must-evolve/3827391
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SBOM management and generation: How Sonatype leads in software supply chain visibility
As software supply chain threats become more complex, organizations need more than just vulnerability scanning — they need complete visibility into the components that make up their applications.
https://www.sonatype.com/blog/sbom-management-and-generation-how-sonatype-leads-in-software-supply-chain-visibility
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside GitHub: How we hardened our SAML implementation
Maintaining and developing complex and risky code is never easy. See how we addressed the challenges of securing our SAML implementation with this behind-the-scenes look at building trust in our systems.
The post Inside GitHub: How we hardened our SAML implementation appeared first on The GitHub Blog.
https://github.blog/security/web-application-security/inside-github-how-we-hardened-our-saml-implementation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Authorities Charge 16 in Operation to Disrupt DanaBot Malware
https://www.proofpoint.com/us/newsroom/news/us-authorities-charge-16-operation-disrupt-danabot-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May Patch Tuesday From Microsoft Fixed 5 Zero-Days
With May Patch Tuesday updates, Microsoft addressed dozens of security vulnerabilities important for customers' systems.…
May Patch Tuesday From Microsoft Fixed 5 Zero-Days on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/27/may-patch-tuesday-from-microsoft-fixed-5-zero-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard's cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America.
The post New Russia-affiliated actor Void Blizzard targets critical sectors for espionage appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Word to the wise: Beware of fake Docusign emails
Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data
https://www.welivesecurity.com/en/scams/personal-data-fraudsters-docusign-scam-emails/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to look for in USA-based dedicated server solutions
If your business is scaling up and shared hosting isn't cutting it anymore, there's a…
What to look for in USA-based dedicated server solutions on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/27/what-to-look-for-in-usa-based-dedicated-server-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free - 13,926,173 breached accounts
In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, IBAN bank account numbers. Free advised that the numbers were "not enough to make a direct debit from a bank".
https://haveibeenpwned.com/Breach/FreeMobile
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Renovate – Keeping Your Updates Secure?
Renovate is an OSS CLI/bot that updates your software dependencies automatically. It is usually integrated into the CI/CD process and runs on a schedule. It will create a Pull Request / Merge Request (PR/MR) to your repository with dependency updates. It can optionally auto-merge them. If you host it for several repositories or an organization, it […]
https://blog.compass-security.com/2025/05/renovate-keeping-your-updates-secure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of T-Rex CoinMiner Attacks Targeting Internet Cafés in Korea
AhnLab SEcurity intelligence Center (ASEC) has recently identified cases of attacks installing CoinMiners in Korean Internet cafés. The threat actor is believed to have been active since 2022, and the attacks against Internet cafés have been occurring since the second half of 2024. The method of initial access is unknown, and most attacks targeted systems […]
https://asec.ahnlab.com/en/88245/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trimble Cityworks Remote Code Execution Attack
What is the Attack?Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server, potentially resulting in downtime and potential loss of service. According to Trimble Cityworks website, it provides a Geographic Information System (GIS)-centric solution for local governments, utilities, airports, and public works agencies to manage and maintain infrastructure across the full lifecycle. Trimble has investigated customer reports of hackers exploiting the vulnerability to gain unauthorized access to networks, confirming that active exploitation is occurring. CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog on February...
https://fortiguard.fortinet.com/threat-signal-report/5997
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti EPMM Zero Day Vulnerabilities
What is the Vulnerability?On May 15, 2025, Ivanti disclosed two critical vulnerabilities, CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. When chained together, these vulnerabilities can allow unauthenticated remote code execution (RCE) on vulnerable systems.According to a report by EclecticIQ, attackers are actively exploiting the Ivanti EPMM vulnerability (CVE-2025-4428) in the wild. EclecticIQ attributes this activity with high confidence to UNC5221, a China-nexus espionage group. Read more at: [China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability]What is the recommended Mitigation?Ivanti has released updates for Endpoint Manager Mobile (EPMM). Customers should install one...
https://fortiguard.fortinet.com/threat-signal-report/6104
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Endgame 2.0 - 15,436,844 breached accounts
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
https://haveibeenpwned.com/Breach/OperationEndgame2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Java at 30: From portable promise to critical infrastructure
Thirty years ago, Java introduced the world to "write once, run anywhere." What began as a bold promise of portability and simplicity soon transformed into a defining force in modern software.
https://www.sonatype.com/blog/java-at-30-from-portable-promise-to-critical-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking the Cost of Quantum Factoring
Posted by Craig Gidney, Quantum Research Scientist, and Sophie Schmieg, Senior Staff Cryptography Engineer Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems. For decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able to break many of today's secure public key cryptography algorithms, such as Rivest–Shamir–Adleman (RSA). Google has long worked with the U.S. National Institute of Standards and Technology (NIST) and others in government, industry, and academia to develop and transition to post-quantum cryptography (PQC), which is expected to be resistant to quantum computing attacks. As quantum computing technology continues to advance, ongoing...
http://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Danabot under the microscope
ESET Research has been tracking Danabot's activity since 2018 as part of a global effort that resulted in a major disruption of the malware's infrastructure
https://www.welivesecurity.com/en/videos/danabot-microscope/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: CVE-2025-31324 (Updated May 23)
CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry.
The post Threat Brief: CVE-2025-31324 (Updated May 23) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-brief-sap-netweaver-cve-2025-31324/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing MTE with CVE-2025-0072
In this post, I'll look at CVE-2025-0072, a vulnerability in the Arm Mali GPU, and show how it can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
The post Bypassing MTE with CVE-2025-0072 appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #7: Attack surface analysis
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Kill Chain Whacked As FBI, Secret Service And Europol Attack
https://www.proofpoint.com/us/newsroom/news/ransomware-kill-chain-whacked-fbi-secret-service-and-europol-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fédération Francaise de Rugby - 281,977 breached accounts
In June 2023, the Fédération Francaise de Rugby (French Rugby Federation) suffered a data breach and attempted ransom. The breach exposed 282k unique email addresses along with names, dates of birth and phone numbers. The Federation subsequently published a disclosure notice and stated that the attack primarily affected email servers. The data was provided to HIBP by a source who requested it be attributed to "atix".
https://haveibeenpwned.com/Breach/FFR
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oops: DanaBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.
https://krebsonsecurity.com/2025/05/oops-danabot-malware-devs-infected-their-own-pcs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Danabot: Analyzing a fallen empire
ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation
https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 4st Week of May, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of May, 2025”
https://asec.ahnlab.com/en/88128/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lumma Stealer: Down for the count
The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companies
https://www.welivesecurity.com/en/videos/lumma-stealer-disruption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New ETSI standard protects AI systems from evolving cyber threats
The NCSC and DSIT work with ETSI to ‘set a benchmark for securing AI'.
https://www.ncsc.gov.uk/blog-post/new-etsi-standard-protects-ai-systems-from-evolving-cyber-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Feds Charge 16 Russians Allegedly Tied to Botnets Used in Ransomware, Cyberattacks, and Spying
https://www.proofpoint.com/us/newsroom/news/feds-charge-16-russians-allegedly-tied-botnets-used-ransomware-cyberattacks-and-spying
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
Get details on the vulnerabilities the Legit research team unearthed in GitLab Duo.
https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia
Cary, North Carolina, 22nd May 2025, CyberNewsWire
INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/22/ine-security-partners-with-abadnet-institute-for-cybersecurity-training-programs-in-saudi-arabia/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding Multisig Security for Enhanced Protection of Digital Assets
To boost the safeguarding of your cryptocurrencies, opt for a configuration that utilizes an N-of-M…
Understanding Multisig Security for Enhanced Protection of Digital Assets on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/21/understanding-multisig-security-for-enhanced-protection-of-digital-assets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET takes part in global operation to disrupt Lumma Stealer
Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation
https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Facing the cyber threat behind the headlines
NCSC CEO urges all businesses to face the stark reality of the cyber threat they face, whether in the spotlight or not.
https://www.ncsc.gov.uk/blog-post/cyber-threat-behind-the-headlines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When open source bites back: Data and model poisoning
Artificial intelligence (AI) continues to redefine what is possible in software, from predictive models to generative content. But as AI systems grow in power, so too do the threats targeting their foundations, including a particularly insidious category: data and model poisoning.
https://www.sonatype.com/blog/the-owasp-llm-top-10-and-sonatype-data-and-model-poisoning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dero miner zombies biting through Docker APIs to build a cryptojacking horde
Kaspersky experts break down an updated cryptojacking campaign targeting containerized environments: a Dero crypto miner abuses the Docker API.
https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Acquires Nuclei for Enhanced Communications Capture and Archiving Across Modern Workspace
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-acquires-nuclei-enhanced-communications-capture-and-archiving
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.
https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Software Security Code of Practice - Assurance Principles and Claims (APCs)
Helps vendors measure how well they meet the Software Security Code of Practice, and suggests remedial actions should they fall short.
https://www.ncsc.gov.uk/guidance/software-security-code-of-practice-assurance-principles-claims
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decommissioning assets
How to retire digital assets (such as data, software, or hardware) from operation.
https://www.ncsc.gov.uk/guidance/decommissioning-assets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The who, where, and how of APT attacks in Q4 2024–Q1 2025
ESET Chief Security Evangelist Tony Anscombe highlights key findings from the latest issue of the ESET APT Activity Report
https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q4-2024-q1-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Developing with Docker and Sonatype: Building secure software at scale
Docker remains a cornerstone of modern development environments, helping teams containerize applications, speed up delivery pipelines, and standardize across systems. But as container usage grows, so do concerns about software supply chain security, dependency management, and image provenance.
https://www.sonatype.com/blog/developing-with-docker-and-sonatype
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET APT Activity Report Q4 2024–Q1 2025
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q4-2024-q1-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Impact of AI on cyber threat from now to 2027
An NCSC assessment highlighting the impacts on cyber threat from AI developments between now and 2027.
https://www.ncsc.gov.uk/report/impact-ai-cyber-threat-now-2027
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber dealmaking is hot after another B deal
https://www.proofpoint.com/us/newsroom/news/cyber-dealmaking-hot-after-another-1b-deal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Group Assessment: Muddled Libra (Updated May 16, 2025)
Muddled Libra continues to evolve. From social engineering to adaptation of new technologies, significant time is spent breaking down organizational defenses.
The post Threat Group Assessment: Muddled Libra (Updated May 16, 2025) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/muddled-libra/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breachforums Boss to Pay 0k in Healthcare Breach
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly 0,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).
https://krebsonsecurity.com/2025/05/breachforums-boss-to-pay-700k-in-healthcare-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sednit abuses XSS flaws to hit gov't entities, defense companies
Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU
https://www.welivesecurity.com/en/videos/sednit-xss-govt-entities-defense-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat landscape for industrial automation systems in Q1 2025
Kaspersky ICS CERT shares trends and statistics on industrial threats in Q1 2025.
https://securelist.com/industrial-threat-report-q1-2025/116505/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint to acquire Hornetsecurity in move to expand Microsoft 365 threat protection
https://www.proofpoint.com/us/newsroom/news/proofpoint-acquire-hornetsecurity-move-expand-microsoft-365-threat-protection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint to acquire Hornetsecurity for over billion
https://www.proofpoint.com/us/newsroom/news/proofpoint-acquire-hornetsecurity-over-1-billion
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data breaches: guidance for individuals and families
How to protect yourself from the impact of data breaches
https://www.ncsc.gov.uk/guidance/data-breaches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation RoundPress
ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities
https://www.welivesecurity.com/en/eset-research/operation-roundpress/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, May 2025 Edition
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available.
https://krebsonsecurity.com/2025/05/patch-tuesday-may-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
A new DarkCloud Stealer campaign is using AutoIt obfuscation for malware delivery. The attack chain involves phishing emails, RAR files and multistage payloads.
The post DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt appeared first on Unit 42.
https://unit42.paloaltonetworks.com/darkcloud-stealer-and-obfuscated-autoit-scripting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense
Cary, North Carolina, 14th May 2025, CyberNewsWire
INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/14/ine-security-alert-continuous-cve-practice-closes-critical-gap-between-vulnerability-alerts-and-effective-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Android Security and Privacy in 2025
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Android's intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.Android is always developing new protections to keep you, your device, and your data safe. Today, we're announcing new features and enhancements that build on our industry-leading protections to help keep you safe from scams, fraud, and theft on Android.
Smarter protections against phone call scams
Our research shows that phone scammers often try to trick people into performing specific actions to initiate a scam, like changing...
http://security.googleblog.com/2025/05/whats-new-in-android-security-privacy-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Protection: Google's Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security
Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google's strongest protections against targeted attacks.To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users. Whether you're an at-risk individual – such as a journalist, elected official, or public figure – or you just prioritize security, Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're protected against the most sophisticated threats.
Simple to activate, powerful in protectionAdvanced...
http://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Timelines for migration to post-quantum cryptography
Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.
https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Alert: Top 5 Takeaways from RSAC 2025
Cary, North Carolina, 13th May 2025, CyberNewsWire
INE Security Alert: Top 5 Takeaways from RSAC 2025 on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/13/ine-security-alert-top-5-takeaways-from-rsac-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing BitLocker Encryption: Bitpixie PoC and WinPE Edition
Depending on the customer’s preference, possible initial access vectors in our red teaming exercises typically include deployment of dropboxes, (device code) phishing or a stolen portable device. The latter is usually a Windows laptop protected by BitLocker for full disk encryption without pre-boot authentication i.e. without a configured PIN or an additional key file. While […]
https://blog.compass-security.com/2025/05/bypassing-bitlocker-encryption-bitpixie-poc-and-winpe-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 2025 State of Application Risk Report: Understanding AI Risk in Software Development
Get details on the AI risks Legit unearthed in enterprises' software factories.
https://www.legitsecurity.com/blog/understanding-ai-risk-in-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero
Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes.
In this blog post, I’ll explore using Mach IPC messages as an attack vector to find and exploit sandbox escapes. I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. Along the way, I’ll discuss some of the difficulties and tradeoffs I encountered.
Transparently, this was my first venture into the world of MacOS security research and building...
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources
Unit 42 details a new malware obfuscation technique where threat actors hide malware in bitmap resources within .NET applications. These deliver payloads like Agent Tesla or XLoader.
The post Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malicious-payloads-as-bitmap-resources-hide-net-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using AI to stop tech support scams in Chrome
Posted by Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security
Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. In a tech support scam, the goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infection, and then convince you to pay for unnecessary services, software, or grant them remote access to your device. Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts. We've also observed them to use full-screen takeovers and disable keyboard and mouse input to create a sense of crisis.
Chrome has always worked with Google Safe Browsing to help...
http://security.googleblog.com/2025/05/using-ai-to-stop-tech-support-scams-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware: 'WannaCry' guidance for home users and small businesses
Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).
https://www.ncsc.gov.uk/guidance/wannacry-guidance-for-home-users-and-small-businesses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OnRPG - 1,047,640 breached accounts
In July 2016, the now defunct free online games list website OnRPG suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed just over 1M email and IP addresses alongside usernames and passwords stored as salted MD5 hashes.
https://haveibeenpwned.com/Breach/OnRPG
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti Connect Buffer Overflow Vulnerability
What is the Vulnerability?CVE-2025-22457 is identified as a buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure and ZTA Gateways. If successfully exploited, can result in remote code execution. This exploitation poses significant risks, potentially allowing unauthorized remote access to systems.The Google Threat Intelligence Group (GTIG) has linked the exploitation of CVE-2025-22457 and the subsequent malware deployment to the suspected espionage group known as UNC5221, which is believed to have connections to China.What is the recommended Mitigation?Ivanti customers are strongly encouraged to implement the recommended actions outlined in the Security Advisory to ensure their systems are secured promptly. Ivanti AdvisoryA patch addressing CVE-2025-22457 was made available...
https://fortiguard.fortinet.com/threat-signal-report/6086
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Commvault Command Center Path Traversal Vulnerability
What is the Vulnerability?A critical path traversal vulnerability has been identified in Commvault's Command Center Innovation Release. The vulnerability, tracked as CVE-2025-34028, has been assigned a CVSS score of 10.0. This flaw allows unauthenticated remote attackers to upload specially crafted ZIP files. When these files are expanded by the server, they can lead to arbitrary code execution, potentially resulting in a complete system compromise.Commvault serves a diverse range of industries, including Healthcare, Financial Services, Manufacturing, and more. for securing data management and compliance, protecting financial data and efficiently backing up data.What is the recommended Mitigation?Commvault has addressed this vulnerability in the following patched versions: 11.38 and 11.38.25....
https://fortiguard.fortinet.com/threat-signal-report/6081
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pakistani Firm Shipped Fentanyl Analogs, Scams to US
A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.
https://krebsonsecurity.com/2025/05/pakistani-firm-shipped-fentanyl-analogs-scams-to-us/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation
A suspected Iranian espionage campaign impersonated a model agency site for data collection, including fictitious models as possible social engineering lures.
The post Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation appeared first on Unit 42.
https://unit42.paloaltonetworks.com/iranian-attackers-impersonate-model-agency/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Langflow Missing Authentication Vulnerability
What is the Vulnerability?A critical missing authentication vulnerability, identified as CVE-2025-3248, has been discovered in Langflow, a web application designed for creating AI-driven agents. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code on the vulnerable instance by sending a specially crafted HTTP request with a malicious payload to the endpoint.The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that this vulnerability is currently being exploited by attackers in the wild. As a result, it has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgency for organizations using Langflow to address this security issue promptly.What is the recommended Mitigation?Organizations using Langflow in their...
https://fortiguard.fortinet.com/threat-signal-report/6085
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kubernetes Ingress-nginx Controller RCE
What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as "IngressNightmare,” affecting Ingress-nginx, one of the popular ingress controllers available for Kubernetes. Using Ingress-NGINX is one of the most common methods for exposing Kubernetes applications externally.CVE-2025-1974 is considered the most serious of the five and has been assigned a CVSS score of 9.8 (critical). When chained with one of the lower severity vulnerabilities, it allows for unauthenticated remote code execution. This exploitation could result in the exposure of sensitive information that the controller can access. Consequently, unauthenticated attackers have the potential to compromise the system by executing unauthorized code.What is the recommended Mitigation?Kubernetes...
https://fortiguard.fortinet.com/threat-signal-report/6061
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-4318 - Input validation issue in AWS Amplify Studio UI component properties
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/05/05 11:00 AM PDT
Description
The AWS Amplify Studio amplify-codegen-ui is an AWS package that generates front-end code from UI Builder entities (components, forms, views, and themes), primarily used in Amplify Studio for component previews and in AWS Command Line Interface (AWS CLI) for generating component files in customers' local applications
We identified CVE-2025-4318, an input validation issue in Amplify Studio UI component properties. When importing a component schema using the create-component command, Amplify Studio will import and generate the component on the users' behalf. The expression-binding function does not validate the component schema properties before converting them to expressions....
https://aws.amazon.com/security/security-bulletins/AWS-2025-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge
This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more.
The post Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge appeared first on The GitHub Blog.
https://github.blog/open-source/maintainers/welcome-to-maintainer-month-events-exclusive-discounts-and-a-new-security-challenge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening Software Security Under the EU Cyber Resilience Act: A High-Level Guide for Security Leaders and CISOs
Get guidance on key tenets of the EU CRA and how Legit can help address them.
https://www.legitsecurity.com/blog/strengthening-software-security-under-eu-cra
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/articles/threat-intelligence/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TehetségKapu - 54,357 breached accounts
In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.
https://haveibeenpwned.com/Breach/TehetsegKapu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cutting through the noise: How to prioritize Dependabot alerts
Learn how to effectively prioritize alerts using severity (CVSS), exploitation likelihood (EPSS), and repository properties, so you can focus on the most critical vulnerabilities first.
The post Cutting through the noise: How to prioritize Dependabot alerts appeared first on The GitHub Blog.
https://github.blog/security/application-security/cutting-through-the-noise-how-to-prioritize-dependabot-alerts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments
TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations. https://github.com/CompassSecurity/EntraFalcon Entra ID environments can contain thousands of objects – users, groups, service principals, and more – each with unique properties and complex relationships. While manual reviews through the Entra portal might be feasible in smaller environments, they […]
https://blog.compass-security.com/2025/04/introducing-entrafalcon-a-tool-to-enumerate-entra-id-objects-and-assignments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing New Legit ASPM AI Capabilities
Get details on Legit's new AI capabilities.
https://www.legitsecurity.com/blog/announcing-new-legit-aspm-ai-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphone.net/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-3857 - Infinite loop condition in Amazon.IonDotnet
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/04/21 08:00 AM PDT
Description
Amazon.IonDotnet (ion-dotnet) is a .NET library with an implementation of the Ion data serialization format.
We identified CVE-2025-3857, an infinite loop condition in Amazon.IonDotnet. When reading binary Ion data through this library using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service.
We released a fix in version 1.3.1 and recommend users upgrade to address this issue. Additionally, ensure any forked or derivative code is patched...
https://aws.amazon.com/security/security-bulletins/AWS-2025-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://www.safetydetectives.com/blog/lesley-carhart-dragos/
https://tisiphone.net/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 December 2024 Cyber Attacks Timeline
In the second timeline of December 2024, I collected 94 events with a threat landscape dominated by malware with...
https://www.hackmageddon.com/2025/04/18/16-31-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Legit Is Using Classic Economic Tools to Prevent Application Vulnerabilities
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/how-legit-is-using-classic-economic-models-to-prevent-application-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to Look for in Application Security Posture Management (ASPM)
Get details on the key capabilities for an ASPM platform.
https://www.legitsecurity.com/blog/what-to-look-for-in-application-security-posture-management-aspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)
As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you were given a customer laptop and the aim was to “find something interesting”, perhaps a misconfiguration on the customer side. The problem was that the laptop […]
https://blog.compass-security.com/2025/04/3-milliseconds-to-admin-mastering-dll-hijacking-and-hooking-to-win-the-race-cve-2025-24076-and-cve-2025-24994/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Samsung Germany Customer Tickets - 216,333 breached accounts
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
https://haveibeenpwned.com/Breach/SamsungGermany
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we're making security easier for the average developer
Security should be native to your workflow, not a painful separate process.
The post How we're making security easier for the average developer appeared first on The GitHub Blog.
https://github.blog/security/application-security/how-were-making-security-easier-for-the-average-developer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to request a change to a CVE record
Learn how to identify which CVE Numbering Authority is responsible for the record, how to contact them, and what to include with your suggestion.
The post How to request a change to a CVE record appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-request-a-change-to-a-cve-record/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Scans for Secrets in SharePoint
Get details on Legit's new ability to scan for secrets in SharePoint.
https://www.legitsecurity.com/blog/legit-scans-for-secrets-in-sharepoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Qraved - 984,519 breached accounts
In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.
https://haveibeenpwned.com/Breach/Qraved
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Boulanger - 2,077,078 breached accounts
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
https://haveibeenpwned.com/Breach/Boulanger
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Found means fixed: Reduce security debt at scale with GitHub security campaigns
Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams.
The post Found means fixed: Reduce security debt at scale with GitHub security campaigns appeared first on The GitHub Blog.
https://github.blog/security/application-security/found-means-fixed-reduce-security-debt-at-scale-with-github-security-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Campaign Targets Amazon EC2 Instance Metadata via SSRF
Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS.
https://www.f5.com/labs/articles/threat-intelligence/campaign-targets-amazon-ec2-instance-metadata-via-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit and Traceable: Better Together
Get details on Legit's new partnership with Traceable.
https://www.legitsecurity.com/blog/legit-and-traceable-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google announces Sec-Gemini v1, a new experimental cybersecurity model
Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini teamToday, we're announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before. Effectively powering SecOps workflows requires state-of-the-art reasoning capabilities and extensive current cybersecurity knowledge. Sec-Gemini v1 achieves...
http://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming the Wild West of ML: Practical Model Signing with Sigstore
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers. In this blog post we will illustrate why this release is important from Google's point of view.With the advent of LLMs, the ML field has entered an era of rapid evolution. We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical...
http://security.googleblog.com/2025/04/taming-wild-west-of-ml-practical-model.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Power of Identifying Continuously Vulnerable Repositories (CVRs)
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/identifying-continuously-vulnerable-repositories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 December 2024 Cyber Attacks Timeline
In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated...
https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Localhost dangers: CORS and DNS rebinding
What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we'll describe some common CORS issues as well as how you can find and fix them.
The post Localhost dangers: CORS and DNS rebinding appeared first on The GitHub Blog.
https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I wannabe Red Team Operator
Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often. “Hey there, how can I become a Red Team Operator? Yours sincerely, a recent graduate.” To us, this is like asking how to become a regular starter on a Premier League football team. There's nothing wrong with […]
https://blog.compass-security.com/2025/04/i-wannabe-red-team-operator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's My Daily Life Like (in OT DFIR)?
One of the most common questions I get asked by aspiring (and current) cybersecurity professionals is what my odd niche of the universe in critical infrastructure incident response is really like, day to day. So let me give a brief overview of what my work life is like. The first thing one needs to understand […]
https://tisiphone.net/2025/03/31/whats-my-daily-life-like-in-ot-dfir/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
http://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/31 08:10 AM PDT
Description
The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker.
We have identified the following issues within the AWS SAM CLI. A fix has been released and we recommend users upgrade to the latest version to address these issues. Additionally, users should ensure any forked or derivative code is patched to incorporate the new fixes.
CVE-2025-3047: When running the AWS SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the...
https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive
How much do scraper bots affect your industry?
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bot-report-scraper-bots-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prevent Web Scraping by Applying the Pyramid of Pain
The Bots Pyramid of Pain: a framework for effective bot defense.
https://www.f5.com/labs/articles/threat-intelligence/prevent-web-scraping-by-applying-the-pyramid-of-pain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with tough, versions prior to 0.20.0 (Multiple CVEs)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/27 02:30PM PDT
Description
The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software. tough is a Rust client library for TUF repositories.
AWS is aware of the following issues within tough, versions prior to 0.20.0. On March 27, 2025, we released a fix in tough 0.20.0 and recommend customers upgrade to address these issues and ensure any forked or derivative code is patched to incorporate the new fixes.
CVE-2025-2885 relates to an issue with missing validation of the root metadata version number which could allow an actor to supply an unexpected version number to the client instead of the intended version in...
https://aws.amazon.com/security/security-bulletins/AWS-2025-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issues with Kubernetes ingress-nginx controller (Multiple CVEs)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/24 09:00AM PDT
Description
Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function.
AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller. Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version.
We have proactively notified customers who were identified as having this controller installed.
References:
CVE-2025-1098 - GitHub Issue
CVE-2025-1974 - GitHub Issue
CVE-2025-1097...
https://aws.amazon.com/security/security-bulletins/AWS-2025-006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New security requirements adopted by HTTPS certificate industry
Posted by Chrome Root Program, Chrome Security Team
The Chrome Root Program launched in 2022 as part of Google's ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying security assurances provided by Transport Layer Security (TLS). Many of these initiatives are described on our forward looking, public roadmap named “Moving Forward, Together.”
At a high-level, “Moving Forward, Together” is our vision of the future. It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy. It's focused on themes that we feel are essential...
http://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
http://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Announces New Vulnerability Prevention Capabilities
Get details on Legit's new capabilities that allow AppSec teams to prevent introducing vulnerabilities.
https://www.legitsecurity.com/blog/legit-announces-new-vulnerability-prevention-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit
Posted by Ian Beer, Google Project Zero
On September 7, 2023 Apple issued an out-of-band security update for iOS:
Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild":
"[The target was] an individual employed by a Washington DC-based civil society organization with international offices...
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
The day before,...
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Titan Security Keys now available in more countries
Posted by Christiaan Brand, Group Product ManagerWe're excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.What is a Titan Security Key?A Titan Security Key is a small, physical device that you can use to verify your identity when you sign in to your Google Account. It's like a second password that's much harder for cybercriminals to steal.Titan Security Keys allow you to store your passkeys on a strong, purpose-built...
http://security.googleblog.com/2025/03/titan-security-keys-now-available-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQLEAKED - CodeQL Supply Chain Attack via Exposed Secret
A publicly exposed GitHub token in CodeQL workflow artifacts could allow attackers to execute malicious code
in repositories using CodeQL, potentially leading to source code exfiltration, secrets compromise, and supply
chain attacks. The vulnerability stemmed from a debug artifact containing environment variables, which could be
downloaded and exploited within a 1-2 second window.
https://www.cloudvulndb.org/codeql-supply-chain-attack-exposed-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlueSky InfoSec News List
Hello all, happy Tuesday. I’ve migrated my cybersecurity news feed list to BlueSky and it can now be found here: https://web-cdn.bsky.app/profile/hacks4pancakes.com/lists/3ll6ownhbuz2o I hope you find this useful. If you’re using Mastodon, the import process is a bit more manual: @Updated InfoSec Mastodon Lists!
https://tisiphone.net/2025/03/25/bluesky-infosec-news-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID Bug Creates Immutable Users
A bug in Entra ID restricted management administrative units allowed creating immutable users that couldn't be modified or disabled, even by Global Administrators. This could enable an attacker to protect a compromised account from containment. The issue was caused by a timing vulnerability when removing users from restricted AUs and required specific steps to remediate affected accounts.
https://www.cloudvulndb.org/entra-id-immutable-users-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with the AWS CDK CLI and custom credential plugins (CVE-2025-2598)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/21 07:00 AM PDT
Description
AWS identified CVE-2025-2598, an issue in the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI), versions 2.172.0 through 2.178.1. The AWS CDK CLI is a command line tool that deploys AWS CDK applications onto AWS accounts.
When customers run AWS CDK CLI commands with credential plugins and configure those plugins to return temporary credentials by including an expiration property, this issue can potentially result in the AWS credentials retrieved by the plugin to be printed to the console output. Any user with access to where the CDK CLI was ran would have access to this output. We have released a fix for this issue and recommend customers...
https://aws.amazon.com/security/security-bulletins/AWS-2025-005/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/articles/threat-intelligence/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS CDK CLI Issue with Custom Credential Plugins
AWS identified a security issue in the AWS CDK CLI versions 2.172.0-2.178.1 where temporary credentials from custom credential plugins could be printed to console output. This potentially exposes sensitive information to users with access to the console. The issue affects plugins that include an expiration property when returning temporary credentials.
https://www.cloudvulndb.org/aws-cdk-cli-credential-plugin-issue
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with Temporary elevated access management (TEAM) - CVE-2025-1969
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/04 10:30 AM PST
Description
Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. We recommend customers upgrade TEAM to the latest release, version 1.2.2.
Affected versions: <1.2.2
Resolution
A fix has been released in version 1.2.2.
Please refer to the "Update TEAM solution" documentation for instructions on upgrading.
References
GHSA-x9xv-r58p-qh86
CVE-2025-1969
Acknowledgement
We would like to thank Redshift Cyber Security for collaborating on this issue through the coordinated vulnerability disclosure process.
Please email aws-security@amazon.com...
https://aws.amazon.com/security/security-bulletins/AWS-2025-004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses
In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve learned, these techniques can be detected by proxies employing TLS inspection, by checking whether the hostname in the SNI matches the one in the HTTP Host header. If they […]
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Yes, That's Me on Your Radio!
I had the honor of another short segment on NPR’s Marketplace this morning. I spoke about the state of cyber crime, and the impact of US government changes on cyber defense.
https://tisiphone.net/2025/03/19/yes-thats-me-on-your-radio/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff.
https://tisiphone.net/2025/03/18/updated-infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 3: Domain Fronting
The last two blog posts in this series were about SNI spoofing and Host header spoofing. We also learned that the latter is addressed by some vendors with a technique called "Domain Fronting Detection". But what exactly is domain fronting? This will be explained in this blog post.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing OSV-Scanner V2: Vulnerability scanner and remediation tool for open source
Posted by Rex Pan and Xueqin Cui, Google Open Source Security TeamIn December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities. Our goal is to simplify and streamline vulnerability management for developers and security teams alike.Today, we're thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with...
http://security.googleblog.com/2025/03/announcing-osv-scanner-v2-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/threat-intelligence/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 2: Host Header Spoofing
In the last post about bypassing web filters, I discussed how SNI spoofing works and how this can also be prevented by web filters. This post is about another bypass technique called Host Header spoofing.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 1: SNI Spoofing
This is the first part of a series of blog posts about techniques to bypass web filters, looking at increasingly advanced techniques with each part.
The first part is about how SNI spoofing can be used to bypass web filters.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Reward Program: 2024 in Review
Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who's reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who've recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and related initiatives:The Google VRP revamped its reward structure, bumping rewards up to a maximum...
http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprises Should Consider Replacing Employees' Home TP-Link Routers
An examination of CVE trends from February 2025 scanning data.
https://www.f5.com/labs/articles/threat-intelligence/enterprises-should-consider-replacing-employees-home-tp-link-routers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
November 2024 Cyber Attacks Statistics
In November 2024, Cyber Crime continued to lead the Motivations chart with 72%, up from 68% of October. Operations driven...
https://www.hackmageddon.com/2025/03/05/november-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-30 November 2024 Cyber Attacks Timeline
In the second timeline of November 2024 I collected 117 events (7.8 events/day) with a threat landscape dominated by malware
https://www.hackmageddon.com/2025/02/27/16-30-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why AI Can't Replace Cybersecurity Analysts
As we face an extreme downturn in cybersecurity hiring which entry level candidates bear the brunt of, I want to address an elephant in the room: AI. I spend a lot of my time providing career clinics and mentorship, and I truly understand this is one of the worst cybersecurity job markets for young people […]
https://tisiphone.net/2025/02/26/why-ai-cant-replace-cybersecurity-analysts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Phillip Wylie Show!
I made an appearance on the wonderful Phillip Wylie show! It was incredibly kind of him to have me on. We talked about a kind of niche area of ICS – how to do digital forensics in that space – especially weird and legacy stuff – and what that actually means during incident response. Check […]
https://tisiphone.net/2025/02/26/the-phillip-wylie-show/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Vulnerability Scanning Surges 91%
Scans intensify, looking for a critical vulnerability in TBK DVR devices.
https://www.f5.com/labs/articles/threat-intelligence/2024-vulnerability-scanning-surges-91
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Out with the Old, In with the Bold: Gen Threat Labs
For years, Avast Decoded has been your go-to for the latest in cybersecurity insights and research. But as cybercriminals evolve, so do we. Starting now, our groundbreaking research, expert analysis and the stories that keep the digital world safe are moving to one place: the Gen Insights Blog. By uniting our expertise under the Gen […]
The post Out with the Old, In with the Bold: Gen Threat Labs appeared first on Avast Threat Labs.
https://decoded.avast.io/salat/out-with-the-old-in-with-the-bold-gen-threat-labs/?utm_source=rss&utm_medium=rss&utm_campaign=out-with-the-old-in-with-the-bold-gen-threat-labs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 November 2024 Cyber Attacks Timeline
In the first timeline of November 2024 I collected 128 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/02/06/1-15-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not just those implemented in the service, but any other object compatible with being remoted. For example, if you wanted to expose an XML document across the client-server boundary, you could use a pre-existing COM or .NET library and return that object back to the client. By default when the object is returned it's marshaled by reference, which results in the object staying in the out-of-process server.
This flexibility has a number of downsides, one of which is the topic of this...
https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel.
The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn't going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities...
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
http://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
http://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero
As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as...
https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Predictions 2025: The Future of Cybersecurity Unveiled
The digital world is evolving at breakneck speed. In 2025, we're set to witness transformative changes in cybersecurity that will redefine trust, security, and how we navigate our digital lives. Here's what we see coming: Read the full blog to explore the trends in depth. The future of cybersecurity will demand both solutions and vigilance. […]
The post Predictions 2025: The Future of Cybersecurity Unveiled appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/predictions-2025-the-future-of-cybersecurity-unveiled/?utm_source=rss&utm_medium=rss&utm_campaign=predictions-2025-the-future-of-cybersecurity-unveiled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gen Q3/2024 Threat Report
The third quarter threat report is here—and it's packed with answers. Our Threat Labs team had uncovered some heavy stories behind the stats, exposing the relentless tactics shaping today's threat landscape. Here's what you need to know: This is just the surface. Read the full report and see how our Threat Labs team is relentlessly […]
The post Gen Q3/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/gen-q3-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=gen-q3-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unlocking Cybersecurity Talent: The Power of Apprenticeships
Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there's no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let's commit to supporting this important talent development approach
https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver's license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver's license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? This theme resonates strongly with me. I am very fortunate to have the role of leading and
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to...
The post Protecting Your Website From DDoS Attack appeared first on Hacker Combat.
https://www.hackercombat.com/ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars.
The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]
The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild. Diamorphine is a well-known […]
The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors.
In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign
The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.
The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […]
The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first.
As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon.
Update (2025-01-12): Added Lemmy endpoint which has been fixed by now. Also mentioned...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OS command injection
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-167
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)
https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...]
The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)