L'Actu de la presse spécialisée
Saas Security Best Practices
Software as a Service (SaaS) is the prevalent software distribution model in the tech industry. Whether you are a young startup founder or a mature business owner, ensuring a robust...
The post Saas Security Best Practices appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/saas-security-best-practices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Target the Foundations of Crypto: Smart Contracts
A whole criminal ecosystem revolves around scamming users out of their crypto assets, but malicious — or vulnerable — smart contracts could be used against businesses as well.
https://www.darkreading.com/cyber-risk/attackers-target-crypto-smart-contracts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Columbia University Data Breach Exposes Personal and Financial Data of 870,000
Columbia University disclosed a significant cybersecurity incident that compromised personal and financial information of nearly 870,000 individuals, making it one of the largest data breaches affecting an educational institution this year. The breach, which occurred between May 16 and June 2025, was discovered on July 8, 2025, and affected individuals were notified on August 7, […]
The post Columbia University Data Breach Exposes Personal and Financial Data of 870,000 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/columbia-university-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VexTrio TDS Deploys Malicious VPN Apps on Google Play and App Store
VexTrio, a sophisticated threat actor known for operating a massive traffic distribution system (TDS), has expanded its malicious activities by deploying fake VPN applications on major app stores, including Google Play and the Apple App Store. Originating from a merger between Italian spammers and Eastern European developers around 2020, VexTrio’s TDS facilitates the redirection of […]
The post VexTrio TDS Deploys Malicious VPN Apps on Google Play and App Store appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/vextrio-tds-deploys-malicious-vpn-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Future-Proofing SMBs With Managed Security Services
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 8, 2025 – Read the full story in TMCNet A report by Cybersecurity Ventures predicts global damages from cybercrime could reach .5 trillion annually by the end of this year. Small and mid-sized
The post Future-Proofing SMBs With Managed Security Services appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/future-proofing-smbs-with-managed-security-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Confirms Shutdown of BlackSuit Ransomware That Hacked Over 450 Organizations
U.S. authorities have announced the successful dismantling of the BlackSuit ransomware operation, a notorious group linked to attacks on more than 450 organizations worldwide. The operation, led by Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI), involved seizing servers, domains, and digital assets used for deploying ransomware, extorting victims, and laundering illicit profits. BlackSuit, […]
The post US Confirms Shutdown of BlackSuit Ransomware That Hacked Over 450 Organizations appeared first on Cyber Security News.
https://cybersecuritynews.com/blacksuit-ransomware-dismantled/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal M from Victims
The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating […]
The post Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal M from Victims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/record-breaking-greedybear-attack-uses-650-hacking-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GreedyBear: 40 Fake Crypto Wallet Extensions Found on Firefox Marketplace
A new, coordinated cybercrime campaign called "GreedyBear" has stolen over million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security.
https://hackread.com/greedybear-fake-crypto-wallet-extensions-firefox-marketplace/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple Security Vulnerabilities Found in WWBN AVideo, MedDream, and Eclipse ThreadX
Cisco Talos’ Vulnerability Discovery & Research team has disclosed a total of 12 critical security vulnerabilities across three popular software platforms, highlighting significant security risks that could potentially impact millions of users worldwide. The disclosure includes seven vulnerabilities in WWBN AVideo, four in MedDream PACS Premium, and one in Eclipse ThreadX FileX, all of which […]
The post Multiple Security Vulnerabilities Found in WWBN AVideo, MedDream, and Eclipse ThreadX appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/multiple-security-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PyPI Released Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers
In recent months, security researchers have uncovered a novel attack vector targeting Python package installers through ambiguities in the ZIP archive format. By exploiting discrepancies between local file headers and the central directory, malicious actors can craft seemingly benign wheel distributions that, when unpacked by vulnerable installers, silently smuggle unauthorized files into the target environment. […]
The post PyPI Released Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers appeared first on Cyber Security News.
https://cybersecuritynews.com/pypi-released-advisory-to-prevent-zip-parser-confusion-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows UAC Bypass Exploits Character Map Tool for Privilege Escalation
Cybersecurity researchers have uncovered a new technique that allows attackers to bypass Windows User Account Control (UAC) protections by exploiting an unexpected vulnerability in the system’s Private Character Editor tool, potentially granting unauthorized administrative privileges without user consent. The exploit targets eudcedit.exe, Windows’ Private Character Editor located in C:\Windows\System32, which is typically used for creating […]
The post Windows UAC Bypass Exploits Character Map Tool for Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/windows-uac-bypass-exploits/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PyPI Issues Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers
The Python Package Index (PyPI) has announced new restrictions aimed at mitigating ZIP parser confusion attacks that could exploit discrepancies in how Python package installers and inspectors handle ZIP archives. This move comes in response to vulnerabilities identified in tools like the uv installer, which exhibits different extraction behaviors compared to Python-based installers relying on […]
The post PyPI Issues Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/pypi-issues-advisory-to-prevent-zip-parser-confusion-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leaked Credentials Up 160%: What Attackers Are Doing With Them
When an organization's credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password.
According to Verizon's 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches
https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Columbia University Data Breach – Hackers Stolen 870,000 Individuals Personal and Financial Data
Columbia University has disclosed a major cybersecurity incident where an unauthorized third party accessed and extracted a significant volume of personal and financial data. The breach, which affects a vast number of individuals connected to the university, was discovered following a technical outage in late June. According to a notice sent by the university, the […]
The post Columbia University Data Breach – Hackers Stolen 870,000 Individuals Personal and Financial Data appeared first on Cyber Security News.
https://cybersecuritynews.com/columbia-university-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes
A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users.
The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket. Cumulatively, the gems have been
https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft 365 apps to soon block file access via FPRPC by default
Microsoft has announced that the Microsoft 365 apps for Windows will start blocking access to files via the insecure FPRPC legacy authentication protocol by default starting late August. [...]
https://www.bleepingcomputer.com/news/security/microsoft-365-apps-to-soon-block-file-access-via-insecure-fprpc-legacy-auth-protocol-by-default/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chrome renderer code exec to kernel with MSG_OOB
Posted by Jann Horn, Google Project ZeroIntroduction
In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of MSG_OOB, and discovered a security bug (CVE-2025-38236) affecting Linux >=6.9. I reported the bug to Linux, and it got fixed. Interestingly, while the MSG_OOB feature is not used by Chrome, it was exposed in the Chrome renderer sandbox. (Since then, sending MSG_OOB messages has been blocked in Chrome renderers in response to this issue.)
The bug is pretty easy to trigger; the following sequence results in UAF:
char dummy;
int socks[2];
socketpair(AF_UNIX, SOCK_STREAM, 0, socks);
send(socks[1], "A", 1, MSG_OOB);
...
https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RubyGems Malware Attack Weaponizes 60+ Packages to Steal Credentials from Social Media and Marketing Tools
Threat actors began slipping malicious code into legitimate RubyGems packages, disguising infostealers as social media automation tools in early 2023. Over the past two years, attackers operating under aliases such as zon, nowon, kwonsoonje, and soonje have published more than 60 gems that deliver promised automation features—bulk posting, engagement amplification, and backlink creation—while covertly harvesting […]
The post RubyGems Malware Attack Weaponizes 60+ Packages to Steal Credentials from Social Media and Marketing Tools appeared first on Cyber Security News.
https://cybersecuritynews.com/rubygems-malware-attack-weaponizes-60-packages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft will kill the Lens PDF scanner app for iOS, Android
Microsoft announced that it will phase out the Microsoft Lens PDF scanner app for Android and iOS devices starting September 15, 2025. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-will-kill-the-microsoft-lens-pdf-scanner-app-for-ios-android-in-september/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Issues 10 ICS Advisories Detailing Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has released ten industrial control systems (ICS) advisories on August 7, 2025, highlighting critical vulnerabilities across various industrial automation and control platforms. These advisories represent a comprehensive effort to address security gaps that could potentially impact critical infrastructure operations across multiple sectors including manufacturing, energy, and transportation systems. […]
The post CISA Issues 10 ICS Advisories Detailing Vulnerabilities and Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/cisa-issues-10-ics-advisories-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows User Account Control Bypassed Using Character Editor to Escalate Privileges
A sophisticated new technique that exploits the Windows Private Character Editor to bypass User Account Control (UAC) and achieve privilege escalation without user intervention, raising significant concerns for system administrators worldwide. The attack disclosed by Matan Bahar leverages eudcedit.exeMicrosoft’s built-in Private Character Editor, located in C:\Windows\System32, which was originally designed to create and edit End-User […]
The post Windows User Account Control Bypassed Using Character Editor to Escalate Privileges appeared first on Cyber Security News.
https://cybersecuritynews.com/windows-user-account-control-bypassed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scammers mass-mailing the Efimer Trojan to steal crypto
The Efimer Trojan spreads through email and hacked WordPress websites, steals cryptocurrency, and substitutes wallets in the clipboard.
https://securelist.com/efimer-trojan/117148/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jeff Atwood on Writing, Optimism, and Fixing the Internet
Coding Horror/Stack Overflow/Discourse creator Jeff Atwood shares his blogging experiences and tips.
https://hackernoon.com/jeff-atwood-on-writing-optimism-and-fixing-the-internet?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Setting Up Pi Zero for Pi-Fi Hacking
The Raspberry Pi Zero is a low-cost, compact single-board computer that runs Linux. It's perfect for lightweight activities like scanning networks or capturing WPA handshakes. The first part of the series focuses on setting up and configuring the Pi as well as accessing it remotely.
https://hackernoon.com/setting-up-pi-zero-for-pi-fi-hacking?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI and the Prospect of a Post-Big Tech Internet
Putting all the hype around AI aside, the past five years in tech have been pretty boring.
https://hackernoon.com/ai-and-the-prospect-of-a-post-big-tech-internet?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Weaponize Malicious Gopackages to Deliver Obfuscated Remote Payloads
Cybersecurity researchers have uncovered a sophisticated malware campaign targeting the Go ecosystem through eleven malicious packages that employ advanced obfuscation techniques to deliver second-stage payloads. The campaign demonstrates a concerning evolution in supply chain attacks, leveraging the decentralized nature of Go’s module system to distribute malicious code that can compromise both Linux build servers and […]
The post Threat Actors Weaponize Malicious Gopackages to Deliver Obfuscated Remote Payloads appeared first on Cyber Security News.
https://cybersecuritynews.com/threat-actors-weaponize-malicious-gopackages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Streamlining Go Concurrency Using a Worker Pool
Before you start spawning thousands of goroutines, let's take a step back and understand how to do this efficiently.
https://hackernoon.com/streamlining-go-concurrency-using-a-worker-pool?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Highs and Lows of My First Real Startup, CoLaunchly
CoLaunchly is a tool to help solo founders plan, write, and launch their apps. It was built by one of the first solo founders in the tech industry. The product was a marketing tool... and still didn't reach enough people.
https://hackernoon.com/the-highs-and-lows-of-my-first-real-startup-colaunchly?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MariaDB Kubernetes Operator 25.08.0 Adds AI Vector Support and Disaster Recovery Enhancements
The latest MariaDB Kubernetes Operator release, version 25.08.0, is now available.
https://hackernoon.com/mariadb-kubernetes-operator-25080-adds-ai-vector-support-and-disaster-recovery-enhancements?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Columbia University data breach impacts nearly 870,000 individuals
An unknown threat actor has stolen the sensitive personal, financial, and health information of nearly 870,000 Columbia University current and former students and employees after breaching the university's network in May. [...]
https://www.bleepingcomputer.com/news/security/columbia-university-data-breach-impacts-nearly-870-000-students-applicants-employees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
15 Core Ideas Shaping the Future of AI—and Why They Matter Today
Artificial Super-Intelligence (AGI) is not a single marvel, but a relay race of inter-locking technologies. Raw data and the rights of the people who produced it are key to the success of AI. The internet may well be too small for AGI to emerge, and regulators are starting to care about data privacy.
https://hackernoon.com/15-core-ideas-shaping-the-future-of-aiand-why-they-matter-today?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Guide to OpenTelemetry Tracing for the JVM
Let's compare the different zero-code OpenTelemetry approaches on the JVM, covering the most widespread.
https://hackernoon.com/a-guide-to-opentelemetry-tracing-for-the-jvm?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Confirms Takedown of BlackSuit Ransomware Behind 450+ Hacks
Federal law enforcement agencies have successfully dismantled the critical infrastructure of BlackSuit ransomware, a sophisticated cybercriminal operation that has compromised over 450 victims across the United States since 2022 and collected more than 0 million in ransom payments. Major International Operation Targets Cyber Criminal Network ICE’s Homeland Security Investigations (HSI) led the coordinated takedown in […]
The post US Confirms Takedown of BlackSuit Ransomware Behind 450+ Hacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/us-confirms-takedown-of-blacksuit-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Your Digital Product Isn't Selling (And How to Turn That Around)
Struggling to sell your digital products? Discover why they are not moving and proven steps to turn browsers into loyal buyers.
https://hackernoon.com/why-your-digital-product-isnt-selling-and-how-to-turn-that-around?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
8 Mobile App Retention Strategies
This article shares eight things that work from onboarding and progress loops to identity and timing. Simple ideas, grounded in real experience.
https://hackernoon.com/8-mobile-app-retention-strategies?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tap to Morse Key, an App that Makes It Easier for People With Disabilities to Communicate
A simple communication tool built with the help of AI to solve the problems of people that can't communicate.
https://hackernoon.com/tap-to-morse-key-an-app-that-makes-it-easier-for-people-with-disabilities-to-communicate?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Making AI Agents Actually Do Stuff: Prompt Engineering That Works
https://hackernoon.com/making-ai-agents-actually-do-stuff-prompt-engineering-that-works?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ECScape: Exploiting ECS Protocol on EC2 to Exfiltrate Cross-Task IAM and Execution Role Credentials
A sophisticated technique dubbed “ECScape” that allows malicious containers running on Amazon Elastic Container Service (ECS) to steal AWS credentials from other containers sharing the same EC2 instance. The discovery highlights critical isolation weaknesses in multi-tenant ECS deployments and underscores the security advantages of AWS Fargate’s micro-VM architecture. The technique, developed by security researcher Naor […]
The post ECScape: Exploiting ECS Protocol on EC2 to Exfiltrate Cross-Task IAM and Execution Role Credentials appeared first on Cyber Security News.
https://cybersecuritynews.com/ecscape/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amazon ECS Internal Protocol Exploited to Steal AWS Credentials from Other Tasks
Security researchers have disclosed a critical vulnerability in Amazon Elastic Container Service (ECS) that allows malicious containers to steal AWS credentials from other tasks running on the same EC2 instance. The attack, dubbed “ECScape,” exploits an undocumented internal protocol to impersonate the ECS agent and harvest privileged credentials without requiring container breakout. Vulnerability Overview The […]
The post Amazon ECS Internal Protocol Exploited to Steal AWS Credentials from Other Tasks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/amazon-ecs-internal-protocol-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Biggest Ever GreedyBear Attack With 650 Hacking Tools Stolen Million from Victims
A sophisticated cybercriminal operation known as GreedyBear has orchestrated one of the most extensive cryptocurrency theft campaigns to date, deploying over 650 malicious tools across multiple attack vectors to steal more than million from unsuspecting victims. Unlike traditional threat groups that typically specialize in single attack methods, GreedyBear has adopted an industrial-scale approach, simultaneously […]
The post Biggest Ever GreedyBear Attack With 650 Hacking Tools Stolen Million from Victims appeared first on Cyber Security News.
https://cybersecuritynews.com/biggest-ever-greedybear-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Go Packages Used by Threat Actors to Deploy Obfuscated Remote Payloads
Socket’s Threat Research Team has identified eleven malicious Go packages distributed via GitHub, with ten remaining active on the Go Module Mirror, posing ongoing risks to developers and CI/CD pipelines. Eight of these packages employ typosquatting techniques, mimicking legitimate modules to exploit namespace confusion in Go’s decentralized ecosystem, where direct imports from repositories can lead […]
The post Malicious Go Packages Used by Threat Actors to Deploy Obfuscated Remote Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/malicious-go-packages-used-by-threat-actors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT-5 Released: What's New With the Next-Generation AI Agent
OpenAI has officially launched ChatGPT-5, a new generation of its AI agent that introduces a sophisticated, unified system designed to be faster, more intelligent, and significantly more useful for real-world applications. This release marks a significant evolution from its predecessors, offering a suite of models tailored for different tasks and complexities. At the core of […]
The post ChatGPT-5 Released: What's New With the Next-Generation AI Agent appeared first on Cyber Security News.
https://cybersecuritynews.com/chatgpt-5-released/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Royal and BlackSuit ransomware gangs hit over 450 US companies
The U.S. Department of Homeland Security (DHS) says the cybercrime gang behind the Royal and BlackSuit ransomware operations had breached hundreds of U.S. companies before their infrastructure was dismantled last month. [...]
https://www.bleepingcomputer.com/news/security/royal-and-blacksuit-ransomware-gangs-hit-over-450-us-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GreedyBear Steals M in Crypto Using 150+ Malicious Firefox Wallet Extensions
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than million in digital assets.
The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said.
What makes the
https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SonicWall dismisses zero-day fears after Ransomware probe
SonicWall found no evidence of a new vulnerability after probing reports of a zero-day used in ransomware attacks. SonicWall investigated claims of a zero-day being used in ransomware attacks but found no evidence of any new vulnerability in its products. SonicWall launched the investigation after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN […]
https://securityaffairs.com/180940/security/sonicwall-dismisses-zero-day-fears-after-ransomware-probe.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pen Testing Cryptographic Implementations: Where Secrets Slip
Complimentary access to the Article:Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/pen-testing-cryptographic-implementations-where-secrets-slip-89526543514c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How GRC Must Evolve in the Age of Agentic AI and Generative AI
The Death of Excel Based Checklists Is Finally Here ..Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-grc-must-evolve-in-the-age-of-agentic-ai-and-generative-ai-b21dbca5f4d0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Methodology for Finding Bugs Easily
Welcome, bug bounty hunters! 🕵️♂️ Whether you’re just starting out or looking to sharpen your methodology, this guide will help you…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/bug-bounty-methodology-for-finding-bugs-easily-26e6bb3fc5a7?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ECScape: The Amazon ECS Vulnerability That Lets Attackers Steal AWS Credentials from Neighboring…
What If I Told You One Rogue Container Could Hijack Others on the Same Server?Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/ecscape-the-amazon-ecs-vulnerability-that-lets-attackers-steal-aws-credentials-from-neighboring-530a9f58a724?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wireless Hacking: From Aircrack-ng to WPA3
How a Coffee Shop's “Free Wi-Fi” Almost Cost Me ,000Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/wireless-hacking-from-aircrack-ng-to-wpa3-ec9ec6db34a5?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attack Surface: Exploiting Misconfigured Container Registries
Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/attack-surface-exploiting-misconfigured-container-registries-fcc4e964a902?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Robots Secret | Bugcrowd CTF 2025
CTF solving as a Beginner.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/robots-secret-bugcrowd-ctf-2025-afc40a16d6bb?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploiting XSS to Bypass CSRF Defenses: Change Victim's Email
Learn how a stored XSS flaw can be weaponized to defeat CSRF defenses and perform unauthorized actions on behalf of users.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/exploiting-xss-to-bypass-csrf-defenses-change-victims-email-dcdcbfe1d5df?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Bypassed a Strict WAF Using SQL Injection Tricks
The Silent SQL Injection Cloudflare Almost Hid From MeContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-i-bypassed-a-strict-waf-using-sql-injection-tricks-b0a500b712d8?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Day 5: SSRF — How I Hacked AWS Keys & Stole ,000 in Cloud Credits”
Three months ago, I found a “low-severity” SSRF (Server-Side Request Forgery) in a SaaS company’s API. What started as a simple internal…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/day-5-ssrf-how-i-hacked-aws-keys-stole-15-000-in-cloud-credits-ed521d7525f9?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Releases Emergency Advisory Urges Feds to Patch Exchange Server Vulnerability by Monday
CISA has issued an emergency advisory directing all Federal Civilian Executive Branch agencies to mitigate a newly disclosed Microsoft Exchange urgently hybrid-joined vulnerability, tracked as CVE-2025-53786, by 9:00 AM EDT on Monday, August 11, 2025. The flaw enables attackers who have already gained administrative access to an on‑premises Exchange server to laterally move into connected […]
The post CISA Releases Emergency Advisory Urges Feds to Patch Exchange Server Vulnerability by Monday appeared first on Cyber Security News.
https://cybersecuritynews.com/cisa-exchange-server-advisory/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unigame - 843,696 breached accounts
In December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 844k email addresses and salted MD5 password hashes.
https://haveibeenpwned.com/Breach/Unigame
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a SQLi Vulnerability?
SQL injection (SQLi) is one of those vulnerabilities that's deceptively simple in concept yet devastating in its impact. It's a family of security flaws tied to how applications interact with a relational database. In plain terms: if an application doesn't properly handle user-supplied input (think login fields, search bars, or even URL parameters), an attacker can manipulate SQL queries to execute unintended commands on the database. This can range from dumping entire tables of sensitive data to modifying, corrupting, or destroying it altogether.
https://linuxsecurity.com/features/features/what-is-a-sqli-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41: Firefox Update 141.0.2 Advisory 2025-aacceb8e35
New upstream version (140.0.2)
https://linuxsecurity.com/advisories/fedora/fedora-41-firefox-2025-aacceb8e35-fmdfstr2gysp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debian 12: yarnpkg Vulnerability Report CVE-2025-8263 CVE-2025-7784
Apply fixes for CVE-2025-8262 and CVE-2025-7783.
https://linuxsecurity.com/advisories/fedora/fedora-41-yarnpkg-2025-b19f3ed5f4-u0za2nzw9oze
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41: mingw-opencv Important Use After Free Fix FEDORA-2025-d308a84c10
Backport fix for CVE-2025-53644.
https://linuxsecurity.com/advisories/fedora/fedora-41-mingw-opencv-2025-d308a84c10-g0rhi6vpe0u9
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41 moby-engine v28.3.3 Critical Update FEDORA-2025-113fc513c3
Update to release v28.3.3
https://linuxsecurity.com/advisories/fedora/fedora-41-moby-engine-2025-113fc513c3-w292jl3egxsf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silver Fox APT Blurs the Line Between Espionage & Cybercrime
Silver Fox is the Hannah Montana of Chinese threat actors, effortlessly swapping between petty criminal and nation-state-type attacks.
https://www.darkreading.com/threat-intelligence/silver-fox-apt-espionage-cybercrime
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42: Critical Memory Corruption Vulnerability in webkitgtk 2.48.5
Update to 2.48.5. Changes since 2.48.3: Improve emoji font selection. Improve playback of multimedia streams from blob URLs. Fix crash when using a WebKitWebView widget in an offscreen window. Fix several crashes and rendering issues.
https://linuxsecurity.com/advisories/fedora/fedora-42-webkitgtk-2025-61ca72f430-smotzh8ef6yn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42: Xen Critical Exceptions and Scheduler Attacks 2025-ddaa63a0f5
update to xen-4.19.3 includes patches for x86: Incorrect stubs exception handling for flags recovery [XSA-470, CVE-2025-27465] x86: Transitive Scheduler Attacks [XSA-471, CVE-2024-36350,
https://linuxsecurity.com/advisories/fedora/fedora-42-xen-2025-ddaa63a0f5-woz81otmtpaf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Ecocide and Article 2(4): Envisioning Environmental Aggression as “Use of Force”
... cyber-attack meet the “scale and effect” of use of force under the Charter. Thus, the idea of a broader interpretation of “use of force” is not ...
http://opiniojuris.org/2025/08/08/ecocide-and-article-24-envisioning-environmental-aggression-as-use-of-force/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Optus sued over huge data breach - The New Daily
The Office of the Australian Information Commissioner has filed Federal Court proceedings against the telco for the September 2022 cyber attack ...
https://www.thenewdaily.com.au/news/2025/08/08/optus-data-breach-court-action
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Optus sued by regulator for data breach - ABC listen
The privacy watchdog is suing Optus over over the 2022 cyber attack that compromised the data of more than nine million Australians.
https://www.abc.net.au/listen/programs/pm/optus-sued-by-regulator-for-data-breach/105631022
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Video: Government tipped to use summit to develop housing reform blueprint - WAtoday
Brisbane Olympic chiefs warned of cyber attack risk. Up Next. Brisbane Olympic chiefs warned of cyber attack risk. Play video. Latest in Video. Why ...
https://www.watoday.com.au/national/government-tipped-to-use-summit-to-develop-housing-reform-blueprint-20250808-p5mlkv.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bouygues Telecom Data Breach Exposes 6.4 Million Customer Records
One of France's largest telecoms providers has been hit by a cyber-attack which has led to the personal data of 6.4 million customers being ...
https://www.infosecurity-magazine.com/news/bouygues-telecom-breach-customer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Horsham Society: A raid, rage and an opportunity
A major department store in Swan Walk came under cyber attack which froze its ability to take payment and threatened to strangle its stock management.
https://www.wscountytimes.co.uk/news/opinion/horsham-society-a-raid-rage-and-an-opportunity-5262477
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kenyan banks tighten oversight of third-party tech firms amid rising cyber threats
CBK moves to revise 2017 cyber rules as fraudsters exploit new technology · Kenya records historic cyber attack surge with 4.6 billion threats in four ...
https://eastleighvoice.co.ke/business/193031/kenyan-banks-tighten-oversight-of-third-party-tech-firms-amid-rising-cyber-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DDoS attacks surge 364% in APAC, driven by AI & hacktivists - SecurityBrief Australia
Apac city digital network server farm under massive cyber attack storm binary code. #. DDoS · #. AI · #. Cybersecurity. DDoS attacks surge 364% in ...
https://securitybrief.com.au/story/ddos-attacks-surge-364-in-apac-driven-by-ai-hacktivists
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pompeo: Russia is behind the cyber attack on the US - Telegrafi
So far, the US administration has not said who was behind the cyber attack, and US President Donald Trump has yet to speak publicly about it.
https://telegrafi.com/en/Pompeo-Russia-is-behind-the-cyber-attack-on-the-USA/%3Fnoamp%3Dmobile
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing Malaysia's Next-Gen Data Centres In The AI Age
As AI becomes more deeply integrated into workloads, the consequences of a cyber-attack can be far-reaching, affecting everything from data ...
https://www.businesstoday.com.my/2025/08/08/securing-malaysias-next-gen-data-centres-in-the-ai-age/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Australian Watchdog Sues Singtel's Optus for Alleged Privacy Breaches - Morningstar
Singtel's Australian unit Optus has been sued by an Australian privacy watchdog for alleged privacy breaches related to a September 2022 cyber attack.
https://www.morningstar.com/news/dow-jones/20250808168/australian-watchdog-sues-singtels-optus-for-alleged-privacy-breaches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy commissioner sues Optus over data breach | Southern Cross | Junee, NSW
The Office of the Australian Information Commissioner (OAIC) has filed Federal Court proceedings against the telco for the September 2022 cyber attack ...
https://www.juneesoutherncross.com.au/story/9036348/privacy-commissioner-sues-optus-over-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Air France and KLM disclosed data breaches following the hack of a third-party platform
Air France and KLM warn of a data breach exposing customer data via unauthorized access to a third-party platform. Air France and KLM reported a data breach after hackers accessed a third-party platform, potentially exposing some customers' personal information. Both airlines confirmed that threat actors gained access to the platform of an unnamed service provider […]
https://securityaffairs.com/180932/data-breach/air-france-and-klm-disclosed-data-breaches-following-the-hack-of-a-third-party-platform.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake WhatsApp developer libraries hide destructive data-wiping code
Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. [...]
https://www.bleepingcomputer.com/news/security/fake-whatsapp-developer-libraries-hide-destructive-data-wiping-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Air France, KLM Alert Authorities of Data Breach
While no sensitive financial data like credit card information was compromised, the threat actors were able to get away with names, email addresses, phone numbers, and more.
https://www.darkreading.com/cyberattacks-data-breaches/air-france-klm-data-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privilege Escalation Issue in Amazon ECS Leads to IAM Hijacking
A software developer discovered a way to abuse an undocumented protocol in Amazon's Elastic Container Service to escalate privileges, cross boundaries and gain access to other cloud resources.
https://www.darkreading.com/cloud-security/privilege-escalation-amazon-ecs-iam-hijacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agentic AI and Zero Trust
Agentic AI is a different kind of AI. It's not like the generative AI everyone's talking about—the one that stitches together an answer based on what it knows or guesses when it doesn't. That's great for content creation, for generating reports, for summarizing data, or for writing code. But that's not what Agentic AI is here to do. Agentic AI isn't about crafting answers. It's about taking action. It's about getting things done. Think of it as execution-first AI. It doesn't just sit b...
https://cloudsecurityalliance.org/articles/agentic-ai-and-zero-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA orders fed agencies to patch new Exchange flaw by Monday
CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM ET. [...]
https://www.bleepingcomputer.com/news/security/cisa-orders-fed-agencies-to-patch-new-cve-2025-53786-exchange-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Adult sites trick users into Liking Facebook posts using a clickjack Trojan
We found a host of blogspot pages involved in a malware campaign to promote their own content by using a LikeJack Trojan.
https://www.malwarebytes.com/blog/news/2025/08/adult-sites-trick-users-into-liking-facebook-posts-using-a-clickjack-trojan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT's GPT-5 models released: everything you need to know
After a long wait, GPT-5 is finally rolling out. It's available for free, Plus, Pro and Team users today. This means everyone gets to try GPT-5 today, but paid users get higher limits. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpts-gpt-5-models-released-everything-you-need-to-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'Samourai' Cryptomixer Founders Plead Guilty to Money Laundering
As part of their plea deal, the cybercriminal founders will also have to forfeit more than 0 million.
https://www.darkreading.com/threat-intelligence/cryptomixer-founders-guilty-money-laundering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content.
"The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations," Silent Push
https://thehackernews.com/2025/08/socgholish-malware-spread-via-ad-tools.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Citizen Lab Founder Flags Rise of US Authoritarianism
Citizen Lab director and founder Ron Deibert explained how civil society is locked in "vicious cycle," and human rights are being abused as a result, covering Israeli spyware, the Khashoggi killing, and an erosion of democratic norms in the US.
https://www.darkreading.com/vulnerabilities-threats/citizen-lab-founder-us-authoritarianism
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New EDR killer tool used by eight different ransomware groups
A new Endpoint Detection and Response (EDR) killer that is considered to be the evolution of 'EDRKillShifter,' developed by RansomHub, has been observed in attacks by eight different ransomware gangs. [...]
https://www.bleepingcomputer.com/news/security/new-edr-killer-tool-used-by-eight-different-ransomware-groups/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bouygues Telecom confirms data breach impacting 6.4 million customers
Bouygues Telecom warns it suffered a data breach after the personal information of 6.4 million customers was exposed in a cyberattack. [...]
https://www.bleepingcomputer.com/news/security/bouygues-telecom-confirms-data-breach-impacting-64-million-customers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Payback: 'ShinyHunters' Clocks Google via Salesforce
In 2024, it was Snowflake. In 2025, it's Salesforce. ShinyHunters is back, with low-tech hacks that nonetheless manage to bring down international megaliths like Google, Cisco, and Adidas.
https://www.darkreading.com/cyberattacks-data-breaches/payback-shinyhunters-google-salesforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need
Python is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn't write.
But in 2025, that trust comes with a serious risk.
Every few weeks, we're seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)—many going undetected until after they've caused
https://thehackernews.com/2025/08/webinar-how-to-stop-python-supply-chain.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw
SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. [...]
https://www.bleepingcomputer.com/news/security/sonicwall-finds-no-sslvpn-zero-day-links-ransomware-attacks-to-2024-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Risk Has Moved Beyond Your Inbox
For years, email was the main security battleground. Phishing, scams, and account takeovers were problems companies knew how to fight—at least in theory. Secure email gateways, AI-driven detection, relentless user...
The post Risk Has Moved Beyond Your Inbox appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/risk-has-moved-beyond-your-inbox/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 1st Week of August, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of August, 2025”
https://asec.ahnlab.com/en/89492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Assessment Framework v4.0 released in response to growing threat
Updates to the CAF helps providers of essential services to better manage their cyber risks.
https://www.ncsc.gov.uk/blog-post/caf-v4-0-released-in-response-to-growing-threat
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.
https://www.hackmageddon.com/2025/08/07/february-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Confirms Salesforce Data Breach by ShinyHunters via Vishing Scam
Google confirms a data breach by ShinyHunters hackers, who used a vishing scam to access a Salesforce database with small business customer info.
https://hackread.com/google-salesforce-data-breach-shinyhunters-vishing-scam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786
CISA and Microsoft warn of CVE-2025-53786, a high-severity Exchange flaw allowing privilege escalation in hybrid cloud environments. CISA and Microsoft warn of a high-severity flaw, tracked as CVE-2025-53786, in Exchange hybrid deployments that allows attackers to escalate privileges in cloud setups. Microsoft address the vulnerability in Exchange Server 2016, 2019 and Subscription Edition RTM. The […]
https://securityaffairs.com/180923/security/cisa-microsoft-warn-of-critical-exchange-hybrid-flaw-cve-2025-53786.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wave of 150 crypto-draining extensions hits Firefox add-on store
A malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated ,000,000 from unsuspecting victims. [...]
https://www.bleepingcomputer.com/news/security/wave-of-150-crypto-draining-extensions-hits-firefox-add-on-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Critical Flaw in CVE Scoring
With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, without sacrificing innovation or productivity.
https://www.darkreading.com/vulnerabilities-threats/critical-flaw-cve-scoring
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chanel Alerts Clients of Third-Party Breach
The fashion house is added to a list of other companies that have been impacted by similar breaches, including Tiffany & Co. and Louis Vuitton.
https://www.darkreading.com/cyberattacks-data-breaches/chanel-alerts-third-party-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems.
"At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security
https://thehackernews.com/2025/08/malicious-go-npm-packages-deliver-cross.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Retail Budgets at Risk: Price-Scraping and Fraudulent Bot Attacks Are on The Rise
Competition in the eCommerce industry is becoming increasingly rivalled. As consumers turn to online stores, more and more retailers are making the jump themselves and pivoting towards digital. Joining such...
The post Retail Budgets at Risk: Price-Scraping and Fraudulent Bot Attacks Are on The Rise appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/retail-budgets-at-risk-price-scraping-and-fraudulent-bot-attacks-are-on-the-rise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Facebook users targeted in ‘login’ phish
Scammers are targeting Facebook users in this latest phishing campaign.
https://www.malwarebytes.com/blog/news/2025/08/facebook-users-targeted-in-login-phish
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Shadow Economy Fueling Ransomware Is Bigger Than You Think
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 7, 2025 – Read the full story in Gadget Review Behind every ransomware attack lurking in your news feed lies an uncomfortable truth: the victims are bankrolling their own tormentors, writes
The post The Shadow Economy Fueling Ransomware Is Bigger Than You Think appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-shadow-economy-fueling-ransomware-is-bigger-than-you-think/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cryptomixer founders pled guilty to laundering money for cybercriminals
The founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over 0 million for criminals. [...]
https://www.bleepingcomputer.com/news/security/samourai-cryptomixer-founders-pled-guilty-to-laundering-money-for-cybercriminals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ShinyHunters Target Chanel in Salesforce Linked Data Breach
ShinyHunters breached Chanel's US client database via Salesforce-linked access, exposing limited customer details through social engineering tactics.
https://hackread.com/shinyhunters-target-chanel-salesforce-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AccuKnox partners with SecuVerse.ai to deliver Zero Trust CNAPP Security for National Gaming Infrastructure
Menlo Park, California, USA, 7th August 2025, CyberNewsWire
https://hackread.com/accuknox-partners-with-secuverse-ai-to-deliver-zero-trust-cnapp-security-for-national-gaming-infrastructure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TeaOnHer, the male version of Tea, is leaking personal information on its users too
TeaOnHer turns out to be at least as leaky as its female counterpart, Tea Dating Advice app.
https://www.malwarebytes.com/blog/news/2025/08/teaonher-the-male-version-of-tea-is-leaking-personal-information-on-its-users-too
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft unveils Project Ire: AI that autonomously detects malware
Microsoft's Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign. Microsoft announced Project Ire, an autonomous artificial intelligence (AI) system that can autonomously reverse engineer and classify software. Project Ire is an LLM-powered autonomous malware classification system that uses decompilers and other tools, reviews their output, and determines the […]
https://securityaffairs.com/180908/malware/microsoft-unveils-project-ire-ai-that-autonomously-detects-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Promptware Attack Hijacks User's Gemini AI Via Google Calendar Invite
Cybersecurity researchers demonstrate a new attack on Google Gemini AI for Workspace. Discover how a simple calendar invite can be used to perform phishing, steal emails, and even control home appliances.
https://hackread.com/promptware-attack-hijack-gemini-ai-google-calendar-invite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Google, Adidas, and more were breached in a Salesforce scam
Hackers tricked workers over the phone at Google, Adidas, and more to grant access to Salesforce data.
https://www.malwarebytes.com/blog/news/2025/08/how-google-adidas-and-more-were-breached-in-a-salesforce-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense
Now that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden:
Secure AI embedded in every part of the business.
Use AI to defend faster and smarter.
Fight AI-powered threats that execute in minutes—or seconds.
Security
https://thehackernews.com/2025/08/the-ai-powered-security-shift-what-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups
Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions.
The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug.
"In an Exchange hybrid deployment, an
https://thehackernews.com/2025/08/microsoft-discloses-exchange-server.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.
"The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view
https://thehackernews.com/2025/08/6500-axis-servers-expose-remoting.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse.
"We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the company said. "Instead, there is a significant correlation with threat activity related to CVE-2024-40766."
https://thehackernews.com/2025/08/sonicwall-confirms-patched.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Places to Save Money on Secure Cloud Storage with iDrive Coupons
Cloud storage is essential for anyone handling digital data – whether you're a freelancer, student,…
5 Places to Save Money on Secure Cloud Storage with iDrive Coupons on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/07/5-places-to-save-money-on-secure-cloud-storage-with-idrive-coupons/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta accessed women’s health data from Flo app without consent, says court
A jury has ruled that Meta accessed sensitive information from women's reproductive health tracking app Flo without consent.
https://www.malwarebytes.com/blog/news/2025/08/meta-accessed-womens-health-data-from-flo-app-without-consent-says-court
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhatsApp Rolls Out Safety Overview As An Anti-Scam Feature
As scams continue to target users via messaging apps, Meta decided to jazz up the…
WhatsApp Rolls Out Safety Overview As An Anti-Scam Feature on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/07/whatsapp-rolls-out-safety-overview-as-an-anti-scam-feature/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Scam Involving Fake Online Gaming Sites Flood Discord, Social Media
A new online scam is around luring users towards fake online gaming sites via social…
New Scam Involving Fake Online Gaming Sites Flood Discord, Social Media on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/07/new-scam-involving-fake-online-gaming-sites-flood-discord-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine's defense sector
Ukraine’s CERT-UA warns of phishing attacks by UAC-0099 targeting defense sectors, using malware like MATCHBOIL, MATCHWOK, and DRAGSTARE. Ukraine’s CERT-UA warns of phishing attacks by threat actor UAC-0099 targeting government and defense sectors, delivering malware like MATCHBOIL and DRAGSTARE. The National Cyber Incident, Cyber Attack, and Cyber Threat Response Team CERT-UA investigated multiple attacks against […]
https://securityaffairs.com/180896/apt/cert-ua-warns-of-uac-0099-phishing-attacks-targeting-ukraines-defense-sector.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer
DarkCloud Stealer's delivery has shifted. We explore three different attack chains that use ConfuserEx obfuscation and a final payload in Visual Basic 6.
The post New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-darkcloud-stealer-infection-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection
Malwarebytes has been awarded the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security.
https://www.malwarebytes.com/blog/product/2025/08/malwarebytes-earns-mrg-effitas-android-360-certificate-for-mobile-threat-detection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7688-1: cifs-utils vulnerabilities
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discovered that cifs-utils incorrectly handled verbose logging. A
local attacker could possibly use this issue to obtain sensitive
information. (CVE-2022-29869)
https://ubuntu.com/security/notices/USN-7688-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Actions to take when the cyber threat is heightened
When organisations might face a greater threat, and the steps to take to improve security.
https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1.2 Million Healthcare Devices and Systems Found Exposed Online – Patient Records at Risk of Exposure, Latest Research from Modat
The Hague, Netherlands, 7th August 2025, CyberNewsWire
https://hackread.com/1-2-million-healthcare-devices-systems-exposed-modat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Over 100 Dell models exposed to critical ControlVault3 firmware bugs
ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access. Cisco Talos reported five vulnerabilities collectively named ReVault (tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919) in Dell’s ControlVault3 firmware that expose over 100 laptop models to firmware implants and Windows login bypass via physical […]
https://securityaffairs.com/180883/hacking/over-100-dell-models-exposed-to-critical-controlvault3-firmware-bugs.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments
CTEM is a continuous strategy that assesses risk from an attacker's view, helping orgs prioritize threats across cloud and hybrid environments. The attack surface has exploded. Between multi-cloud deployments, remote endpoints, SaaS platforms, shadow IT, and legacy infrastructure, the perimeter has not only become unrecognizable; in many ways, it no longer exists. For security teams, […]
https://securityaffairs.com/180871/security/how-ctem-boosts-visibility-and-shrinks-attack-surfaces-in-hybrid-and-cloud-environments.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical NestJS Vulnerability Exposes Developers to RCE Risk
Imagine this: You're a developer, working on your local machine, crunching out APIs, or perhaps debugging your ambitious NestJS-powered application. Harmless, right? What if I told you that a malicious link you just clicked on could plant a ticking time bomb on your system? That's the risk we're staring down with CVE-2025-54782 , a serious Remote Code Execution (RCE) vulnerability lurking in the widely used @nestjs/devtools-integration package.
https://linuxsecurity.com/news/security-vulnerabilities/critical-nestjs-rce-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researcher Deploys Fuzzer to Test Autonomous Vehicle Safety
As autonomous vehicles continue to evolve, new research highlights the importance of rigorous security testing to protect against both intentional attacks and unintentional unsafe commands in teleoperation systems.
https://www.darkreading.com/cyber-risk/researcher-deploys-fuzzer-to-test-autonomous-vehicle-safety
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults
Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.
https://www.darkreading.com/cybersecurity-operations/critical-zero-day-bugs-cyberark-hashicorp-password-vaults
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign
A SecAlliance report reveals Chinese smishing syndicates compromised 115M US payment cards by bypassing MFA to exploit Apple Pay and Google Wallet.
https://hackread.com/chinese-stole-115-million-us-cards-smishing-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Muddled Libra: Why Are We So Obsessed With You?
Muddled Libra gets media attention due to its consistent playbook and unique use of vishing. The group's English fluency is another major factor.
The post Muddled Libra: Why Are We So Obsessed With You? appeared first on Unit 42.
https://unit42.paloaltonetworks.com/why-the-focus-on-muddled-libra/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment.
The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the
https://thehackernews.com/2025/08/researchers-uncover-ecscape-flaw-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications.
These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive
https://thehackernews.com/2025/08/fake-vpn-and-spam-blocker-apps-tied-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Accesses Millions of IMDataCenter Records from Exposed AWS Bucket
Florida firm IMDataCenter exposed 38GB of sensitive data including names, emails and ownership info. At least one hacker accessed and downloaded the files.
https://hackread.com/hacker-accesses-imdatacenter-records-exposed-aws-bucket/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhatsApp cracks down on 6.8M scam accounts in global takedown
WhatsApp removed 6.8M accounts linked to global scam centers, mainly in Cambodia, in a crackdown with Meta and OpenAI. Meta announced that WhatsApp has removed 6.8 million accounts tied to criminal scam centers, mainly in Cambodia, in a joint effort with OpenAI. Scam centers run multiple schemes, often requiring upfront payment for fake returns. Fraudulent […]
https://securityaffairs.com/180864/cyber-crime/whatsapp-cracks-down-on-6-8m-scam-accounts-in-global-takedown.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trend Micro fixes two actively exploited Apex One RCE flaws
Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection. Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and CVE-2025-54987 (CVSS score of 9.4), in Apex One on-prem consoles. The cybersecurity vendor confirmed that both issues were actively exploited in the wild. Both […]
https://securityaffairs.com/180856/hacking/trend-micro-fixes-two-actively-exploited-apex-one-rce-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Effortless Cloud Security: A Beginner's Checklist for a Safer Cloud Environment
In the past few years, the world has embraced a new era of AI, introducing an array of security tools that leverage advanced technologies to automate deployments, conduct real-time scanning,...
The post Effortless Cloud Security: A Beginner’s Checklist for a Safer Cloud Environment appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/effortless-cloud-security-a-beginners-checklist-for-a-safer-cloud-environment/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, August 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, August 2025 Emergence of New Ransomware Groups: BQTLock, Pear, and Black Nevas Increase in Cyberattacks Targeting South Korea [1], [2], [3] Ongoing Identity Information Leaks Targeting Hotels in Europe [1], [2], [3], [4]
https://asec.ahnlab.com/en/89452/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building Resilience and DORA Compliance: Lessons, Gaps, What's Next
Operational resilience is more than a nice-to-have. It's a business imperative. For financial institutions, this principle has been codified by the European Union's Digital Operational Resilience Act (DORA), which aims to ensure that the financial sector can withstand and recover from ICT-related disruptions.
https://www.sonatype.com/blog/building-resilience-and-dora-compliance-lessons-gaps-whats-next
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Role of Security Policies in Shaping Organisational Culture and Risk Awareness
Organisational culture, as we know it, isn't built overnight. It takes shape over time through decisions, habits and…
https://hackread.com/security-policies-role-organisational-culture-risk-awareness/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7687-1: poppler vulnerabilities
Jieyong Ma discovered that poppler incorrectly handled certain malformed
PDF files. A remote attacker could possibly use this issue to cause poppler
to crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2022-27337)
Kevin Backhouse discovered that poppler incorrectly handled documents with
a large number of annotations. If a user or automated system were tricked
into opening a specially crafted document, a remote attacker could use
this issue to cause poppler to consume resources, leading to a denial of
service, or possibly execute arbitrary code. (CVE-2025-52886)
https://ubuntu.com/security/notices/USN-7687-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Duck Announces Enhancements to AI Powered Application Security Assistant
Black Duck has unveiled Black Duck Assist, which enables developers to find and fix security and compliance issues in human and AI-generated code in real time. Black Duck Assist is now woven into the company's Code Sight™ IDE plugin. These updates introduce automated scanning of AI-generated code and AI-powered remediation guidance, bringing continuous code protection […]
The post Black Duck Announces Enhancements to AI Powered Application Security Assistant appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/06/black-duck-announces-enhancements-to-ai-powered-application-security-assistant/?utm_source=rss&utm_medium=rss&utm_campaign=black-duck-announces-enhancements-to-ai-powered-application-security-assistant
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weight loss scams, or why ‘Jodie Foster’ wants me to lose weight
Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.
https://www.malwarebytes.com/blog/news/2025/08/weight-loss-scams-or-why-jodie-foster-wants-me-to-lose-weight
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Preventing Costly Data Breaches Requires a Robust Physical and Digital Security Posture
Independent market research firm Vanson Bourne recently conducted a study querying 1,000 senior IT decision-makers across the US and EMEA regarding their organizations' security policies for reducing and preventing data...
The post Preventing Costly Data Breaches Requires a Robust Physical and Digital Security Posture appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/preventing-costly-data-breaches-requires-a-robust-physical-and-digital-security-posture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Perplexity AI ignores no-crawling rules on websites, crawls them anyway
Perplexity ignores robots.txt files on websites that say they do not want to be crawled.
https://www.malwarebytes.com/blog/news/2025/08/perplexity-ai-ignores-no-crawling-rules-on-websites-crawls-them-anyway
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KLM Confirms Customer Data Breach Linked to Third-Party System
KLM confirms a data breach exposing customer info via a third-party system, affecting names, contact details and Flying Blue membership data.
https://hackread.com/klm-customer-data-breach-linked-third-party-system/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hashcat 7.0.0: Redefining Password Recovery & Security on Linux
Every now and then, a tool you already rely on gets an upgrade that makes you stop what you're doing and reevaluate how you've been using it. That's exactly the vibe Hashcat 7.0.0 is bringing to the table. If you're a Linux admin''or anyone remotely serious about infosec''you already know Hashcat's reputation as the Swiss Army knife of password recovery. It's fast, it's versatile, and frankly, it's intimidating in its scope. But with this 7.0.0 release, we're not just getting your standard performance tweaks or a few shiny new features. What we're seeing here is a recalibration of what's possible for admins juggling the dual responsibilities of securing systems and recovering credentials.
https://linuxsecurity.com/features/features/hashcat-7-0-0-password-recovery-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Growing Impact Of AI And Quantum On Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 6, 2025 – Read the full story in Forbes The amalgamation of artificial intelligence (AI) with quantum computing will transform existing computational paradigms, heralding a promising future, but with risks, writes
The post The Growing Impact Of AI And Quantum On Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-growing-impact-of-ai-and-quantum-on-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Got Arrested in the Raid on the XSS Crime Forum?
On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.
https://krebsonsecurity.com/2025/08/who-got-arrested-in-the-raid-on-the-xss-crime-forum/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyCloud Enhances Investigations Solution with AI-Powered Insights – Revolutionizing Insider Threat and Cybercrime Analysis
Austin, TX, USA, 6th August 2025, CyberNewsWire
SpyCloud Enhances Investigations Solution with AI-Powered Insights – Revolutionizing Insider Threat and Cybercrime Analysis on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/06/spycloud-enhances-investigations-solution-with-ai-powered-insights-revolutionizing-insider-threat-and-cybercrime-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jen Easterly Joins Huntress Strategic Advisory Board
Jen Easterly, the former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), has taken up a seat on the Strategic Advisory Board of Huntress. In this new role, she will help drive the company's innovation efforts, foster key partnerships, and support its mission to safeguard businesses of all sizes against the ever-evolving landscape […]
The post Jen Easterly Joins Huntress Strategic Advisory Board appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/06/jen-easterly-joins-huntress-strategic-advisory-board/?utm_source=rss&utm_medium=rss&utm_campaign=jen-easterly-joins-huntress-strategic-advisory-board
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory
BadSuccessor is an attack vector in Windows Server 2025. Under certain conditions it allows privilege elevation via dMSAs. We analyze its mechanics.
The post When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory appeared first on Unit 42.
https://unit42.paloaltonetworks.com/badsuccessor-attack-vector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Driver of destruction: How a legitimate driver is being used to take down AV processes
In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. Kaspersky solutions successfully counter and detect this threat.
https://securelist.com/av-killer-exploiting-throttlestop-sys/117026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anthropic Restrict Claude API Access To OpenAI Engineers
Reportedly, Anthropic has restricted OpenAI from accessing the Claude API after noticing an apparent breach…
Anthropic Restrict Claude API Access To OpenAI Engineers on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/06/anthropic-restrict-claude-api-access-to-openai-engineers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational Directive (BOD) 22-01: […]
https://securityaffairs.com/180833/security/u-s-cisa-adds-d-link-cameras-and-network-video-recorder-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wing FTP Remote Code Execution Vulnerability
What is the Vulnerability?CVE-2025-47812 is a recently disclosed Remote Code Execution (RCE) vulnerability impacting Wing FTP Server, a cross-platform file transfer solution. This critical flaw affects versions prior to 7.4.4, and, if successfully exploited, may allow remote attackers to execute arbitrary code within the context of the vulnerable application. The vulnerability stems from null byte handling issues and a Lua injection flaw, which can lead to root or SYSTEM-level code execution.CISA has added CVE-2025-47812 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation on July 14, 2025.What is the recommended Mitigation?The vendor has released a patch addressing the issue. There are already reports of the vulnerability being actively exploited...
https://fortiguard.fortinet.com/threat-signal-report/6154
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Startup Spotlight: Twine Security Tackles the Execution Gap
The company, one of four finalists in this year's Black Hat USA Startup Spotlight competition, uses multi-agent system to build AI Digital Employees.
https://www.darkreading.com/cybersecurity-operations/startup-spotlight-twine-security-closes-execution-gap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks
Project AK47, a toolset including ransomware, was used to leverage SharePoint exploit chain ToolShell. This activity overlaps with Storm-2603.
The post Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ak47-activity-linked-to-sharepoint-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
The post Snowflake Data Breach: What Happened and How to Prevent It appeared first on Hacker Combat.
https://www.hackercombat.com/snowflake-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Build a Ransomware Kill Chain Strategy for Linux Security
Ransomware isn't slowing down. If anything, it's getting sharper, more selective, coordinated, and much harder to clean up after. From healthcare systems to supply chains, attackers know exactly where to hit and how long they need to hold a business hostage.
https://linuxsecurity.com/news/server-security/ransomware-kill-chain-linux-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7686-1: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PA-RISC architecture;
- PowerPC architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Serial ATA and Parallel ATA drivers;
- Bluetooth drivers;
- Bus devices;
- CPU frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- ARM SCMI message protocol;
- GPU drivers;
- HID subsystem;
- HSI subsystem;
- I2C subsystem;
- I3C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- MCB driver;
- Multiple devices driver;
- Media drivers;
- Multifunction device drivers;
...
https://ubuntu.com/security/notices/USN-7686-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Post Quantum Threats – The Encryption Apocalypse That Isn't
Preface RSA Conference just wrapped up, and while phrases like “We are an Agentic AI solution for XYZ,” “AI in Cybersecurity,” and “Risks of AI Adoption” echoed across the expo...
The post Post Quantum Threats – The Encryption Apocalypse That Isn't appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/post-quantum-threats-the-encryption-apocalypse-that-isnt/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Android vulnerabilities patched—update as soon as you can
Google has patched 6 vulnerabilities in Android including two critical ones, one of which can compromise a device without the user needing to do anything.
https://www.malwarebytes.com/blog/news/2025/08/android-critical-vulnerabilities-patched-update-as-soon-as-you-can
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alleged ‘tap-in’ scammer advertised services on social media
A 24-year-old woman who allegedly advertised her services on social media has been arrested for her part in a "tap-in" scam.
https://www.malwarebytes.com/blog/news/2025/08/alleged-tap-in-scammer-advertised-services-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2025 Cyber Attacks Timeline
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.
https://www.hackmageddon.com/2025/08/05/16-28-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top Cybersecurity CEOs On The Cybercrime Magazine YouTube Channel
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 5, 2025 – Watch the YouTube video In May 2025 YouTube presented the Cybercrime Magazine channel with a Gold Creator Award for surpassing one million subscribers. To celebrate, we released a video featuring
The post Top Cybersecurity CEOs On The Cybercrime Magazine YouTube Channel appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/top-cybersecurity-ceos-on-the-cybercrime-magazine-youtube-channel/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There Are Plenty of Phish in The Sea: Here's How to Avoid Them
When was the last time you revisited your organization’s email security practices? Is your current software up to the task of defending your data against newer and more sophisticated cyber...
The post There Are Plenty of Phish in The Sea: Here's How to Avoid Them appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/there-are-plenty-of-phish-in-the-sea-heres-how-to-avoid-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unexpected snail mail packages are being sent with scammy QR codes, warns FBI
Receiving an unexpected package in the post is not always a pleasant surprise.
https://www.malwarebytes.com/blog/news/2025/08/unexpected-snail-mail-packages-are-being-sent-with-scammy-qr-codes-warns-fbi
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/articles/threat-intelligence/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7685-4: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-38541, CVE-2024-49883, CVE-2023-52757, CVE-2024-49950,
CVE-2024-53239, CVE-2023-52885, CVE-2024-56748, CVE-2023-52975,
CVE-2024-50073, CVE-2025-37797)
https://ubuntu.com/security/notices/USN-7685-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is an antivirus product? Do I need one?
Detect and prevent malicious software and viruses on your computer or laptop.
https://www.ncsc.gov.uk/guidance/what-is-an-antivirus-product
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Surge in zero-day exploits identified in Forescout's latest threat report
Forescout Technologies, Inc. today released its 2025H1 Threat Review, an analysis of more than 23,000 vulnerabilities and 885 threat actors across 159 countries worldwide during the first half of 2025. Among the key findings: ransomware attacks are averaging 20 incidents per day, zero-day exploits increased 46 percent, and attackers increasingly targeting non-traditional equipment, such as […]
The post Surge in zero-day exploits identified in Forescout’s latest threat report appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/05/surge-in-zero-day-exploits-identified-in-forescouts-latest-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=surge-in-zero-day-exploits-identified-in-forescouts-latest-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch
Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another
https://www.welivesecurity.com/en/podcasts/eset-threat-report-h1-2025-clickfix-infostealer-disruptions-ransomware-deathmatch/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7685-3: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2023-52975, CVE-2024-56748, CVE-2023-52885, CVE-2025-37797,
CVE-2024-50073, CVE-2024-49950, CVE-2024-49883, CVE-2024-38541,
CVE-2023-52757, CVE-2024-53239)
https://ubuntu.com/security/notices/USN-7685-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7685-2: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2023-52975, CVE-2024-38541, CVE-2024-50073, CVE-2024-53239,
CVE-2023-52757, CVE-2024-49883, CVE-2025-37797, CVE-2023-52885,
CVE-2024-49950, CVE-2024-56748)
https://ubuntu.com/security/notices/USN-7685-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7685-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-53239, CVE-2023-52975, CVE-2024-38541, CVE-2023-52885,
CVE-2024-49883, CVE-2025-37797, CVE-2023-52757, CVE-2024-56748,
CVE-2024-49950, CVE-2024-50073)
https://ubuntu.com/security/notices/USN-7685-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sunsetting Circle: Where CSA Communities Are Headed and How to Join
The Cloud Security Alliance (CSA) is evolving in how we connect, collaborate, and engage with our community. Over the past few years, our Circle community has served as a central hub for working groups, chapters, and training communities. While it's been a valuable platform, we're moving toward a more streamlined experience across our main website and Slack channels.This transition will create clearer pathways to join working groups, connect with local chapters, and engage with traini...
https://cloudsecurityalliance.org/articles/sunsetting-circle-where-csa-communities-are-headed-and-how-to-join
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint and Optiv Surpass Billion in Historical Sales
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-and-optiv-surpass-1-billion-historical-sales
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proton Authenticator Rolls Out As A Free Login Security App
After presenting numerous security apps for privacy-savvy users, Proton has now launched the Proton Authenticator…
Proton Authenticator Rolls Out As A Free Login Security App on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/04/proton-authenticator-rolls-out-as-a-free-login-security-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DoD-Ready Software: Embracing the SWFT Initiative with Confidence
The Department of Defense's (DoD) new Software Fast Track (SWFT) Initiative is more than a policy shift — it's a transformation in how software is evaluated, acquired, and deployed across defense agencies.
https://www.sonatype.com/blog/dod-ready-software-embracing-the-swft-initiative-with-confidence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Neural Hijacking: Is Your Brain Making Security Decisions Without You?
Introduction: The Battlefield Inside Your Head In cybersecurity, we master firewalls and encryption. But are we neglecting the most critical vulnerability? The human brain. Every day, you make thousands of split-second...
The post Neural Hijacking: Is Your Brain Making Security Decisions Without You? appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/neural-hijacking-is-your-brain-making-security-decisions-without-you/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Makop Ransomware Identified in Attacks in South Korea
AhnLab SEcurity intelligence Center (ASEC) recently identified cases of Makop ransomware attacks targeting South Korean users. The Makop ransomware has been distributed to South Korean users by disguising as resumes or emails related to copyrights for several years. Recently, it has been reported that the ransomware is exploiting RDP for attacks. 1. Installing Malware […]
https://asec.ahnlab.com/en/89397/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Cyber Defence (ACD) - the fourth year
The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence programme.
https://www.ncsc.gov.uk/report/acd-report-year-four
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Cyber Defence (ACD) - The Third Year
The year three report covers 2019 and aims to highlight the achievements and efforts made by the Active Cyber Defence programe.
https://www.ncsc.gov.uk/report/acd-report-year-three
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7671-3: Linux kernel (IoT) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ACPI drivers;
- GPU drivers;
- SMB network file system;
- Memory management;
- Netfilter;
- Network traffic control;
(CVE-2024-53051, CVE-2024-46787, CVE-2024-50047, CVE-2024-56662,
CVE-2025-37890, CVE-2025-38001, CVE-2025-37997, CVE-2025-37932,
CVE-2025-37798, CVE-2025-38177, CVE-2025-38000)
https://ubuntu.com/security/notices/USN-7671-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
French Telecom Orange Disclosed Suffering A Cyberattack
The France-based telecommunication giant Orange recently disclosed suffering a serious cyberattack on its IT infrastructure.…
French Telecom Orange Disclosed Suffering A Cyberattack on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/04/french-telecom-orange-disclosed-suffering-a-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multifaceted Cyber-Attacks Require a Unified Defense Approach
Gone are the days of attacks hitting a single product or vulnerability. Today, we're seeing the increasing use of multi-vector attacks and multi-stage approaches. For example, a DDoS attack in...
The post Multifaceted Cyber-Attacks Require a Unified Defense Approach appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/multifaceted-cyber-attacks-require-a-unified-defense-approach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Threats: Unmanaged Network Resources Rival Ransomware
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 4, 2025 – Read the full story in Forbes Cybersecurity discussions in today's increasingly connected world often emphasize software vulnerabilities, phishing schemes, and ransomware threats. According to Cybersecurity Ventures, ransomware damages
The post Cyber Threats: Unmanaged Network Resources Rival Ransomware appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cyber-threats-unmanaged-network-resources-rival-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7545-4: Apport regression
USN-7545-1 fixed vulnerabilities in Apport. The update incorrectly
handled logging if a crashing process was killed while Apport was
analyzing it. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Qualys discovered that Apport incorrectly handled metadata when
processing application crashes. An attacker could possibly use this issue
to leak sensitive information.
https://ubuntu.com/security/notices/USN-7545-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Post SMTP Plugin Flaw Risked 400K+ WordPress Sites To Hijacking
WordPress admins need to update their websites with the latest Post SMTP plugin release, as…
Post SMTP Plugin Flaw Risked 400K+ WordPress Sites To Hijacking on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/04/post-smtp-plugin-flaw-risked-400k-wordpress-sites-to-hijacking/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Identity Security: The New Perimeter for Cloud Security Companies Using CNAPP
In a cloud-native world, your network is no longer your perimeter; identity is. Every user, workload and service account is an entry point. And every entry point has permissions. The problem? Most of those permissions are excessive, unnecessary or never revoked. In fact, according to Tenable research, more than 90% of cloud identities use […]
The post Identity Security: The New Perimeter for Cloud Security Companies Using CNAPP appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/04/identity-security-the-new-perimeter-for-cloud-security-companies-using-cnapp/?utm_source=rss&utm_medium=rss&utm_campaign=identity-security-the-new-perimeter-for-cloud-security-companies-using-cnapp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Managed Security Operations Center For SMBs: Is It Worth It?
Small and medium-sized businesses (SMBs) face increasing cybersecurity threats, often with limited resources to defend…
Managed Security Operations Center For SMBs: Is It Worth It? on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/04/managed-security-operations-center-for-smbs-is-it-worth-it/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitel Fixed Multiple Vulnerabilities Including An Auth Bypass Flaw
Canadian telecommunication giant Mitel Networks patched serious vulnerabilities across different products. One of these includes…
Mitel Fixed Multiple Vulnerabilities Including An Auth Bypass Flaw on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/04/mitel-fixed-multiple-vulnerabilities-including-an-auth-bypass-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (July 28 – August 3)
A list of topics we covered in the week of July 28 to August 3 of 2025
https://www.malwarebytes.com/blog/news/2025/08/a-week-in-security-july-28-august-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mind the Middle
In an era where digital threats can cripple a business overnight, where threat actors can use AI to customize and automate attacks at scale, and where enterprises face constant budget...
The post Mind the Middle appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/mind-the-middle/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malware Disguised as A Cryptocurrency Exchange Being Distributed Through Facebook Ads
AhnLab SEcurity intelligence Center (ASEC) has identified malware being distributed through Facebook ads targeting cryptocurrency users. The identified malware is disguised as a specific cryptocurrency exchange to prompt users to install the malicious program. When users download a file from the disguised website, a file named “installer.msi” is saved and installed. During the installation process, […]
https://asec.ahnlab.com/en/89383/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One Week of the Online Safety Act: Cyber Experts Weigh In
The conversation around the UK’s Online Safety Act has transformed over the past week. Since it came into force last Friday (25th July 2025), there has been a lot of public outcry, including a petition, which was signed by over 400,000 people, calling for The Act to be scrapped altogether. The UK government has since […]
The post One Week of the Online Safety Act: Cyber Experts Weigh In appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/01/one-week-of-the-online-safety-act-cyber-experts-weigh-in/?utm_source=rss&utm_medium=rss&utm_campaign=one-week-of-the-online-safety-act-cyber-experts-weigh-in
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actor Groups Tracked by Palo Alto Networks Unit 42 (Updated Aug. 1, 2025)
A comprehensive list of threat actor groups tracked by Unit 42, along with information such as summaries and industries typically impacted.
The post Threat Actor Groups Tracked by Palo Alto Networks Unit 42 (Updated Aug. 1, 2025) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime Rising: Actionable Insights for Ransomware Defense
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 1, 2025 – Read the full story in Communications of the ACM (CACM) Cybersecurity Ventures projects ransomware costs could top 5 billion a year by 2031, while total cybercrime damages may hit .5 trillion globally
The post Cybercrime Rising: Actionable Insights for Ransomware Defense appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-rising-actionable-insights-for-ransomware-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)
Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much
https://www.welivesecurity.com/en/videos/is-your-phone-spying-on-you-unlocked-403-cybersecurity-podcast-s2e5/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7682-4: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network traffic control;
(CVE-2025-38083, CVE-2025-37797)
https://ubuntu.com/security/notices/USN-7682-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why the tech industry needs to stand firm on preserving end-to-end encryption
Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity
https://www.welivesecurity.com/en/privacy/tech-industry-end-to-end-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pi-hole - 29,926 breached accounts
In July 2025, a vulnerability in the GiveWP WordPress plugin exposed the names and email addresses of approximately 30k donors to the Pi-hole network-wide ad blocking project. Pi-hole subsequently self-submitted the list of impacted donors to HIBP.
https://haveibeenpwned.com/Breach/ThePi-Hole
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 31)
Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here's how you can protect your organization.
The post Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 31) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salt Security Unveils Salt Surface to Expose Hidden API Risks
API security company Salt Security has announced the launch of Salt Surface, a new capability integrated into its existing API Protection Platform. Salt Surface provides organisations with a comprehensive API attack surface assessment, delivering an attacker’s-eye view of their public-facing APIs to uncover specific, actionable risks before they can be exploited. Salt Surface is an […]
The post Salt Security Unveils Salt Surface to Expose Hidden API Risks appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/31/salt-security-unveils-salt-surface-to-expose-hidden-api-risks/?utm_source=rss&utm_medium=rss&utm_campaign=salt-security-unveils-salt-surface-to-expose-hidden-api-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 5st Week of July, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 5st Week of July, 2025”
https://asec.ahnlab.com/en/89333/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Payment Bans: Prevention Strategy or Misguided Policy?
It's no secret that ransomware is on the rise, as this escalation is echoed across numerous industry reports. The Verizon 2025 Data Breach Investigations Report (DBIR), for instance, starkly illustrates this reality, revealing that ransomware (with or without encryption) was present in 44% of all breaches reviewed. This marks a substantial 37% increase from their […]
The post Ransomware Payment Bans: Prevention Strategy or Misguided Policy? appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/31/ransomware-payment-bans-prevention-strategy-or-misguided-policy/?utm_source=rss&utm_medium=rss&utm_campaign=ransomware-payment-bans-prevention-strategy-or-misguided-policy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 10 Cybersecurity Companies in 2025: Keeping the Digital World Safe
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 31, 2025 – Read the full story in Analytics Insight With the global cost of cybercrime expected to exceed .5 trillion this year, according to Cybersecurity Ventures, the demand for strong and innovative
The post Top 10 Cybersecurity Companies in 2025: Keeping the Digital World Safe appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/top-10-cybersecurity-companies-in-2025-keeping-the-digital-world-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Unit 42's Attribution Framework
Peel back the layers on Unit 42's Attribution Framework. We offer a rare inside view into the system used to ultimately assign attribution to threat groups.
The post Introducing Unit 42's Attribution Framework appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unit-42-attribution-framework/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – July 2025 edition
Here's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-july-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SAP Netweaver Zero-Day Attack
What is the Attack?A zero-day SAP vulnerability, CVE-2025-31324, with CVSS score of 10.0 is being actively exploited in the wild. This vulnerability affects SAP Visual Composer, allowing unauthenticated threat actors to upload arbitrary files, resulting in full compromise of the targeted system that could significantly affect the confidentiality, integrity, and availability of the targeted system.The vulnerability stems from the SAP NetWeaver Visual Composer Metadata Uploader lacking proper authorization protection, which allows unauthenticated agents to upload potentially malicious executable binaries.CISA has added the CVE to their Known Exploited Vulnerabilities Catalog on April 29, 2025.What is the recommended Mitigation?The vulnerability exists in the SAP Visual Composer component for...
https://fortiguard.fortinet.com/threat-signal-report/6089
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Names Google Cloud as First Company to be Valid-AI-ted, Setting New Benchmark for Data-driven Cloud Assurance
Milestone recognizes Google Cloud's leadership in transparent and trusted cloud computing services
SEATTLE – August 4, 2025 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, proudly announced today that Google Cloud has become the first organization to earn CSA's Valid-AI-ted designation, based on CSA's new AI-powered validation tool for evaluatin...
https://cloudsecurityalliance.org/articles/csa-names-google-cloud-as-first-company-to-be-valid-ai-ted
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strategic Implementation of the CSA AI Controls Matrix: A CISO's Guide to Trustworthy AI Governance
The rapid proliferation of generative artificial intelligence (GenAI) across enterprise environments has created an unprecedented governance challenge for Chief Information Security Officers (CISOs) and GRC professionals. Traditional cybersecurity frameworks, while foundational, are insufficient to address the unique risks introduced by AI systems, including model manipulation, data poisoning, algorithmic bias, and AI supply chain vulnerabilities.
The Cloud Security Alliance's AI Cont...
https://cloudsecurityalliance.org/articles/strategic-implementation-of-the-csa-ai-controls-matrix-a-ciso-s-guide-to-trustworthy-ai-governance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Aware to Actionable: Closing the Cloud Security Resilience Gap
At a period when cloud adoption is at an all-time high and the attack surface continues to expand, most organizations still have not turned cybersecurity awareness into action. According to PwC's 2025 Global Digital Trust Insights, only 2% of businesses have implemented cyber resilience measures across all surveyed areas. And while 42% of executives cite cloud-related threats as their top concern, those same threats are the ones security leaders feel least prepared to defend against.
...
https://cloudsecurityalliance.org/articles/from-aware-to-actionable-closing-the-cloud-security-resilience-gap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing RiskRubric.ai: A Clear Scorecard for Every AI Model
Originally published on RiskRubric.ai.
As data science and AI engineering teams mix general purpose LLMs from foundation model developers with dozens of specialist models like Mistral and Qwen, they leave their security leaders asking:
“Can I trust this model for my data and my customers?”
This question of trust isn't just academic; it creates daily operational hurdles and tangible business risks. Approval bottlenecks, engineers waiting, and risk decisions becoming guesswo...
https://cloudsecurityalliance.org/articles/announcing-riskrubric-ai-a-clear-scorecard-for-every-ai-model
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Treasury Access Incident: Five Critical Lessons for Modern Identity Security
Executive Summary
The recent Treasury Department breach, caused by unauthorized access privileges, highlights the persistent risks organizations face with identity security and access governance. This breach was not the result of an advanced cyberattack but rather stemmed from simple misconfigurations and gaps in access controls. It underscores the urgency for organizations to rethink their identity security practices—moving from traditional, manual approaches to automated, continuous ...
https://cloudsecurityalliance.org/articles/the-treasury-access-incident-five-critical-lessons-for-modern-identity-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are Your Hypervisors SOC 2 Ready? Why Virtualization Security is Crucial for Compliance
Originally published by Vali Cyber.
As virtualization continues to shape enterprise IT environments, hypervisors have become foundational to infrastructure operations. But their central role also makes them a high-value target for cyber attackers. This blog explores how aligning hypervisor security with System and Organization Controls 2 (SOC 2) can help mitigate these risks—by applying the Trust Services Criteria to strengthen access controls, monitoring, and incident response...
https://cloudsecurityalliance.org/articles/are-your-hypervisors-soc-2-ready-why-virtualization-security-is-crucial-for-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drift Happens: Why Continuous IaC Validation is Non-Negotiable
Alright, let's talk about promises. Infrastructure as Code (IaC) – Terraform, CloudFormation, you name it – promised us the holy grail: consistent, repeatable, controlled environments. And honestly? For the most part, it delivered. We waved goodbye (mostly) to snowflake servers and configuration spaghetti. Life was good.
But here's the dirty little secret of today's cloud: drift happens. No matter how pristine your IaC templates are, no matter how strict your deployment pipelines seem, ...
https://cloudsecurityalliance.org/articles/drift-happens-why-continuous-iac-validation-is-non-negotiable
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scammers Unleash Flood of Slick Online Gaming Sites
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.
https://krebsonsecurity.com/2025/07/scammers-unleash-flood-of-slick-online-gaming-sites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 5, July 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 5, July 2025 Reemergence of the Shut-Down Cybercrime Forum BreachForums Two Data Listings from South Korea by the Same Threat Actor Sequential Attacks: French Telecom Subsidiary Breach Leads to Parent Company Compromise
https://asec.ahnlab.com/en/89316/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime Magazine's Radio Station Celebrates Its 4-Year Anniversary
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 30, 2025 – Listen to Cybercrime Radio In Jul. 2021, Newsday visited Cybercrime Magazine’s HQ and studios and ran the headline “Live from Long Island: Northport radio station rolls out round-the-clock
The post Cybercrime Magazine’s Radio Station Celebrates Its 4-Year Anniversary appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-magazines-radio-station-celebrates-its-4-year-anniversary/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Unit 42 Global Incident Response Report: Social Engineering Edition
Social engineering thrives on trust and is now boosted by AI. Unit 42 incident response data explains why it's surging. We detail eight critical countermeasures.
The post 2025 Unit 42 Global Incident Response Report: Social Engineering Edition appeared first on Unit 42.
https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Uncovers Global Espionage Campaign in Open Source Ecosystems
Sonatype's automated malware detection systems uncovered a massive and ongoing infiltration of open source ecosystems by the North Korea-backed Lazarus Group, exposing a chilling truth: open source software is now a central battleground in geopolitical cyber conflict.
https://www.sonatype.com/blog/sonatype-uncovers-global-espionage-campaign-in-open-source-ecosystems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security Releases Mobile Platform Updates for iOS and Android
Keeper Security has announced significant updates to its mobile apps for iOS and Android. The updates will bring users a smarter, smoother and more secure way to manage passwords, passkeys and sensitive data on the go. The updated Keeper mobile apps will be available in app stores soon. As smartphones become a primary point of […]
The post Keeper Security Releases Mobile Platform Updates for iOS and Android appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/30/keeper-security-releases-mobile-platform-updates-for-ios-and-android/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-releases-mobile-platform-updates-for-ios-and-android
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cobalt Strike Beacon delivered via GitHub and social media
A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon.
https://securelist.com/cobalt-strike-attacks-using-quora-github-social-media/117085/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Covert Operator's Playbook: Infiltration of Global Telecom Networks
Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth.
The post The Covert Operator's Playbook: Infiltration of Global Telecom Networks appeared first on Unit 42.
https://unit42.paloaltonetworks.com/infiltration-of-global-telecom-networks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Incidents impacting retailers – recommendations from the NCSC
A joint blog post by the NCSC's National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.
https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero
In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals were to drive faster yet thorough patch development, and improve patch adoption. While we’ve seen progress, a significant challenge remains: the time it takes for a fix to actually reach an end-user's device.This delay, often called the "patch gap," is a complex problem. Many consider the patch gap to be the time between a fix being released for a security vulnerability and the user installing the relevant update. However, our work has highlighted a critical, earlier delay: the "upstream patch gap". This is the period where an upstream vendor has a fix available, but downstream dependents, who are ultimately responsible...
https://googleprojectzero.blogspot.com/2025/07/reporting-transparency.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Saviynt Accelerates Global Expansion in Europe, Asia Pacific, Japan, and the Middle East
Identity security leader Saviynt has announced a major global expansion, opening new offices in London and Singapore, launching dedicated customer operations in Europe, and preparing for a significantly larger presence in India. The moves come amid growing demand for its AI-powered Identity Cloud platform and follow a record-breaking 2024. The expanded footprint underscores Saviynt's ambitions […]
The post Saviynt Accelerates Global Expansion in Europe, Asia Pacific, Japan, and the Middle East appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/29/saviynt-accelerates-global-expansion-in-europe-asia-pacific-japan-and-the-middle-east/?utm_source=rss&utm_medium=rss&utm_campaign=saviynt-accelerates-global-expansion-in-europe-asia-pacific-japan-and-the-middle-east
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Governing Open Source and AI in Mitigating Modern Risks in Software Development
The explosion in generative AI has dominated conversations from the server room to the boardroom. As organizations race to build the next wave of intelligent applications, technology leaders are increasingly turning to AI models to gain an edge.
https://www.sonatype.com/blog/governing-open-source-and-ai-in-mitigating-modern-risks-in-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Professional — Developer, Data Scientist, Designer — Needs To Know Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 29, 2025 – Read the full story in BusinessMirror Cybercrime is expected to cost trillion globally by the end of this year alone, according to Cybersecurity Ventures. By 2030, every
The post Every Professional — Developer, Data Scientist, Designer — Needs To Know Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/every-professional-developer-data-scientist-designer-needs-to-know-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The hidden risks of browser extensions – and how to stay safe
Not all browser add-ons are handy helpers – some may contain far more than you have bargained for
https://www.welivesecurity.com/en/cybersecurity/hidden-risks-browser-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Demonstrates Long-term Commitment to India with Local Data Centre and Strategic Regional Investments
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-demonstrates-long-term-commitment-india-local-data-centre
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Point CloudGuard WAF Expands in UK With New PoP
Check Point is accelerating its Web Application and API Protection (WAAP) expansion with the launch of new CloudGuard WAF Points of Presence (PoPs) in key strategic markets. The new instance is part of a broader CloudGuard WAF expansion, with additional launches planned in Brazil, Germany, and Taiwan in 2025. Today, the company announced the activation […]
The post Check Point CloudGuard WAF Expands in UK With New PoP appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/28/check-point-cloudguard-waf-expands-in-uk-with-new-pop/?utm_source=rss&utm_medium=rss&utm_campaign=check-point-cloudguard-waf-expands-in-uk-with-new-pop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free Isn't Free: The Hidden Costs of Tooling Decisions in Open Source Infrastructure
When I first wrote about the tragedy of the commons and Maven Central, I called attention to a startling reality: a small percentage of users — mostly large enterprises — were unknowingly flooding a public resource.
https://www.sonatype.com/blog/free-isnt-free-the-hidden-costs-of-tooling-decisions-in-open-source-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ηоmоgraph Illusion: Not Everything Is As It Seems
A subtle yet dangerous email attack vector: homograph attacks. Threat actors are using visually similar, non-Latin characters to bypass security filters.
The post The Ηоmоgraph Illusion: Not Everything Is As It Seems appeared first on Unit 42.
https://unit42.paloaltonetworks.com/homograph-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat USA 2025: AI In The Mojavi Desert
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 25, 2025 – Listen to the podcast With a week left before boarding your flight to Las Vegas, it’s time to prep for the Black Hat USA 2025 experience Aug. 2-7. The conference’s Welcome
The post Black Hat USA 2025: AI In The Mojavi Desert appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/black-hat-usa-2025-ai-in-the-mojavi-desert/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful
Muddled Libra (Scattered Spider, UNC3944) is evolving. Get the latest insights and defensive recommendations based on Unit 42 incident response cases.
The post Muddled Libra Threat Assessment: Further-Reaching, Faster, More Impactful appeared first on Unit 42.
https://unit42.paloaltonetworks.com/muddled-libra/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SharePoint under fire: ToolShell attacks hit organizations worldwide
The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks
https://www.welivesecurity.com/en/videos/sharepoint-under-fire-toolshell-attacks-hit-organizations-worldwide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.
https://securelist.com/toolshell-explained/117045/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows CLFS Driver Elevation of Privilege
What is the Vulnerability?A zero-day vulnerability has recently been identified in the Common Log File System (CLFS) kernel driver. CLFS is a general-purpose logging subsystem within the Windows operating system that provides a high-performance way to store log data for various applications. If successfully exploited, an attacker operating under a standard user account can elevate their privileges.Furthermore, Microsoft has observed that the exploit has been utilized by PipeMagic malware and has attributed this exploitation activity to Storm-2460, which has also leveraged PipeMagic to distribute ransomware. Microsoft has published a blog that provides an in-depth analysis of Microsoft's findings regarding the CLFS exploit and the associated activities. Exploitation of CLFS zero-day leads to...
https://fortiguard.fortinet.com/threat-signal-report/6073
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proof-of-Concept Code Now Available for an Exploited Windows Local Privilege Escalation Vulnerability
FortiGuard Labs is aware that a Proof-of-Concept (POC) code for a newly patched Windows vulnerability (CVE-2022-21882) that is reported to have been exploited in the wild was released to a publicly available online repository. CVE-2022-21882 is a local privilege (LPE) escalation vulnerability which allows a local, authenticated attacker to gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. The vulnerability is rated as Important by Microsoft and has CVSS score of 7.0.Why is this Significant?This is significant because now that the POC for CVE-2022-21882 has become available to the public attacks leveraging the vulnerability will likely increase. Because CVE-2022-21882 is a local privilege escalation the vulnerability will be used by an...
https://fortiguard.fortinet.com/threat-signal-report/4390
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Joint CyberSecurity Advisory Alert on PrintNightmare Vulnerability and Default MFA Protocols Exploited by Russian State-Sponsored Cyber Actors (AA22-074A)
FortiGuard Labs is aware of a recent report issued by the U.S. Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) that Russian state-sponsored cyber actors have gained network access to a non-governmental organization (NGO) through exploitation of default Multi-Factor Authentication (MFA) protocols and the "PrintNightmare" vulnerability (CVE-2021-34527). The attack resulted in data exfiltration from cloud and email accounts of the target organization.Why is this Significant?This is significant because the advisory describes how a target organization was compromised by Russian state-sponsored cyber actors. The advisory also provides mitigations.How did the Attack Occur?The advisory provides the following attack sequence:"Russian state-sponsored...
https://fortiguard.fortinet.com/threat-signal-report/4453
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ethical and Societal Considerations of an AI Impact Analysis
Originally published by Schellman.
Written by Charles Goss, SOC Senior Associate, Schellman.
The use of artificial intelligence is rapidly expanding across businesses and industries, driving innovation, improving efficiency, and unlocking new opportunities. However, as AI systems become more integrated into critical decision-making processes and daily business operations, concerns about their ethical and responsible use also continue to rise. Questions surrounding fair...
https://cloudsecurityalliance.org/articles/the-ethical-and-societal-considerations-of-an-ai-impact-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inadequate Database Security: A Case Study of the 2023 Darkbeam Incident
CSA's Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we're reflecting on the fifth incident covered in the Deep Dive: Darkbeam 2023.
Bob Diachenko, CEO of SecurityDiscovery, uncovered a public exposure of Darkbeam's Elasticsearch and Kibana interface. This exposure was the result of human error—a misconfigu...
https://cloudsecurityalliance.org/articles/inadequate-database-security-a-case-study-of-the-2023-darkbeam-incident
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jurassic Access: What Jurassic Park Teaches Us About Identity and Access Management
This weekend, I watched Jurassic Park for the first time, and while most people might walk away from the film seeing it as a cautionary tale about the dangers of unchecked scientific ambition and the unpredictability of life, the cybersecurity professional in me saw something else entirely. I saw a textbook case study in failed Identity and Access Management (IAM).
Let's be honest, Jurassic Park didn't fall apart because of dinosaurs. It collapsed because Dennis Nedry had too much ...
https://cloudsecurityalliance.org/articles/jurassic-access-what-jurassic-park-teaches-us-about-identity-and-access-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishers Target Aviation Execs to Scam Customers
KrebsOnSecurity recently heard from a reader whose boss's email account got phished and was used to trick one of the company's customers into sending a large payment to scammers. An investigation into the attacker's infrastructure points to a long-running Nigerian cybercrime group that is actively targeting established companies in the transportation and aviation industries.
https://krebsonsecurity.com/2025/07/phishers-target-aviation-execs-to-scam-customers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding SWFT, the Latest Effort to Modernize DoD Software Procurement
Software bill of materials (SBOMs) have become essential tools in securing today's software supply chains. Their ability to provide a unified, shareable, and machine-readable record of an application's components is extremely valuable. This is particularly true in the context of cybersecurity, where documenting known vulnerabilities enables organizations to assess and mitigate risks much more quickly than they could without an SBOM.
https://www.sonatype.com/blog/understanding-swft-the-latest-effort-to-modernize-dod-software-procurement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 4st Week of July, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of July, 2025”
https://asec.ahnlab.com/en/89242/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ToolShell: An all-you-can-eat buffet for threat actors
ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities
https://www.welivesecurity.com/en/eset-research/toolshell-an-all-you-can-eat-buffet-for-threat-actors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rogue CAPTCHAs: Look out for phony verification pages spreading malware
Before rushing to prove that you're not a robot, be wary of deceptive human verification pages as an increasingly popular vector for delivering malware
https://www.welivesecurity.com/en/cybersecurity/rogue-captchas-look-out-phony-verification-pages-spreading-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache TomCat AJP File Inclusion Vulnerability
FortiGuard Labs is aware of a new attack on Apache Tomcat Servers dubbed "GhostCat." Discovered by Chaitin Tech, a vulnerability in Apache Tomcat exists where an attacker has the ability to read and write in the webapp directory of Apache Tomcat. It addition to this, an attacker has the ability to upload files to the host to ultimately perform remote code execution. Assigned CVE-2020-1938, this vulnerability affects every version of Tomcat released over the past 13 years.What are the specifics of the vulnerability?Due to a flaw in the Apache Tomcat JServ Protocol, or AJP, a file inclusion vulnerability exists where an attacker has the ability to read and write privileges in the webapp directory of Apache Tomcat. Also, if a web application has file upload function capability; an attacker may...
https://fortiguard.fortinet.com/threat-signal-report/3404
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attacks Observed in the Wild Exploiting CVE-2020-0688 (Microsoft Exchange Validation Key Remote Code Execution Vulnerability)
FortiGuard Labs is aware of reports of active exploitation of CVE-2020-0688 - Microsoft Exchange Validation Key Remote Code Execution Vulnerability. Active in the wild attacks were first observed by Twitter user Troy Mursch (@bad_packets). The vulnerability was disclosed by an anonymous researcher to the Zero Day Initiative. According to the original February Microsoft Security Advisory for CVE-2020-0688, a remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.Essentially, the proof of concept highlights that an attacker who has obtained the...
https://fortiguard.fortinet.com/threat-signal-report/3403
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability in Zyxel Network Attached Storage (NAS) Devices
FortiGuard Labs is aware of a newly disclosed vulnerability in Zyxel network attached storage (NAS) devices in an advisory published today by CERT/CC. Multiple Zyxel devices contain a pre authentication command injection vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the device. The vulnerability was reported by security journalist Brian Krebs (Krebs on Security) who learned about the flaw from a researcher who had obtained the exploit code from a reseller on the underground forums. This vulnerability has been assigned CVE-2020-9054.What are the details of this vulnerability exactly?The vulnerability is in (weblogin.cgi), which is a cgi script used by Zyxel NAS devices to perform authentication. The script fails to properly sanitize the username...
https://fortiguard.fortinet.com/threat-signal-report/3398
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Exploitation Against Adobe Commerce and Magento Through CVE-2022-24086/CVE-2022-24087
UPDATE February 17: Added reference to CVE-2022-24087, which Adobe disclosed and issues an out-of-band patch for on February 17th, 2022.FortiGuard Labs is aware of reports that Magento Open Source and Adobe Commerce are actively being targeted and exploited through CVE-2022-24086. This vulnerability can lead to remote code execution (RCE) on an exploited server which means an attacker will be able to execute arbitrary commands remotely. The vulnerability is rated as Critical by Adobe and has CVSS score of 9.8 out of 10.On February 17th, Adobe released an out-of-band security fix for CVE-2022-24087. This vulnerability can also lead to remote code execution (RCE) on an exploited server which means an attacker will be able to execute arbitrary commands remotely. The vulnerability is rated as...
https://fortiguard.fortinet.com/threat-signal-report/4419
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-22718 on CISA's Known Exploited Vulnerabilities Catalog
FortiGuard Labs is aware that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-22718 to the Known Exploited Vulnerabilities Catalog. CVE-2022-24481 is a local privilege escalation vulnerability in the Windows Print Spooler and affects multiple versions of Windows OS. Microsoft issued a patch for the vulnerability as part of the February 2022 Patch Tuesday updates.Why is this Significant?This is significant because CISA's Known Exploited Vulnerabilities Catalog lists vulnerabilities that are known to be exploited in the wild. Although Microsoft rated CVE-2022-22718 as "Exploitation More Likely" in their advisory, the vulnerability is now on the active exploitation list as such the patch for CVE-2022-22718 should be applied as soon as possible.What is CVE-2022-22718?CVE-2022-22718...
https://fortiguard.fortinet.com/threat-signal-report/4504
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 6:00 PM PDT
Description:
AWS is aware of and has addressed an issue in the Amazon Q Developer Extension for Visual Studio Code (VSC). Security researchers reported a potentially unapproved code modification was attempted in the open-source VSC extension that targeted Q Developer CLI command execution. This issue did not affect any production services or end-users.
Once we were made aware of this issue, we immediately revoked and replaced the credentials, removed the unapproved code from the codebase, and subsequently released Amazon Q Developer Extension version 1.85 to the marketplace.
Affected version: Amazon Q Developer Extension for Visual Studio Code (versions 1.84)
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-015/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS-2025-014
Scope: Amazon/AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 8:30 AM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We identified CVE-2025-###, an issue in AWS Client VPN. During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, July 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, July 2025 Pro-Russian Hacktivist Group NoName057(16) Launches DDoS Attack on Europol Website Data from French Defense Contractor for Sale on DarkForums XSS Forum Shutdown: Analyzing the Impact on the Russian-Speaking Cybercrime Ecosystem
https://asec.ahnlab.com/en/89213/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2025 Cyber Attacks Timeline
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.
https://www.hackmageddon.com/2025/07/23/1-15-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Creams Cafe - 159,652 breached accounts
In May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK's favourite dessert parlour". The data included email and physical addresses, names and phone numbers. Creams Cafe did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP subscribers confirmed the legitimacy and accuracy of the data.
https://haveibeenpwned.com/Breach/CreamsCafe
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Logging for Security and Beyond
Cloud logging is essential for security and compliance. Learn best practices when navigating AWS, Azure or GCP for comprehensive visibility into your environment.
The post Cloud Logging for Security and Beyond appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cloud-logging-for-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gunra Ransomware Emerges with New DLS
AhnLab TIP monitors the current ransomware group activities across dark web forums, marketplaces, and other sources. Through the Live View > Dark Web Watch menu, users can track the most active ransomware groups, uncover their collaborations, and gain insights into planned attacks and techniques—enabling user organizations to anticipate threats, prepare defenses, and prevent damage before […]
https://asec.ahnlab.com/en/89206/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)
Behind every free online service, there's a price being paid. Learn why your digital footprint is so valuable, and when you might actually be the product.
https://www.welivesecurity.com/en/videos/why-is-your-data-worth-so-much-unlocked-403-cybersecurity-podcast-s2e4/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST)Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers.The project comprises:Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages.SLSA Provenance for thousands of packages across our supported ecosystems, meeting SLSA Build Level 3 requirements with no publisher intervention.Build observability and verification tools that security teams can integrate into their existing vulnerability management...
http://security.googleblog.com/2025/07/introducing-oss-rebuild-open-source.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious LNK Disguised as Credit Card Security Email Authentication Pop-up
AhnLab SEcurity intelligence Center (ASEC) has recently identified a case where a malicious LNK file is disguised as the credit card security email authentication pop-up to steal user information. The identified malicious LNK file has the following file name, disguising itself as the credit card company. **card_detail_20250610.html.lnk The threat actor has been using PowerShell scripts for keylogging […]
https://asec.ahnlab.com/en/89156/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Fix Targets Attacks on SharePoint Zero-Day
On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.
https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The SOC files: Rumble in the jungle or APT41's new target in Africa
Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa.
https://securelist.com/apt41-in-africa/116986/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 3st Week of July, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of July, 2025”
https://asec.ahnlab.com/en/89114/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Variant of ACRStealer Actively Distributed with Modifications
ACRStealer is an Infostealer that has been distributed since last year. It began to be actively distributed from early this year. AhnLab SEcurity intelligence Center (ASEC) has previously covered ACRStealer, which utilizes Google Docs and Steam as a C2 via a Dead Drop Resolver (DDR) technique. [AhnLab SEcurity intelligence Center (ASEC) Blog] ACRStealer Infostealer […]
https://asec.ahnlab.com/en/89128/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4 Chinese APTs Attack Taiwan's Semiconductor Industry
https://www.proofpoint.com/us/newsroom/news/4-chinese-apts-attack-taiwans-semiconductor-industry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story.
https://krebsonsecurity.com/2025/07/poor-passwords-tattle-on-ai-hiring-bot-maker-paradox-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Backed Hackers Intensify Attacks on Taiwan Chipmakers
https://www.proofpoint.com/us/newsroom/news/china-backed-hackers-intensify-attacks-taiwan-chipmakers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors
https://www.proofpoint.com/us/newsroom/news/chinese-hackers-target-taiwans-semiconductor-sector-cobalt-strike-custom-backdoors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
In an incident response case in Asia, Kaspersky researchers discovered a new backdoor for Microsoft Exchange servers, based on open-source tools and dubbed "GhostContainer".
https://securelist.com/ghostcontainer/116953/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam
Scope: Amazon Content Type: Informational Publication Date: 2025/06/12 10:30 AM PDT
Description
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
Affected version: All
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to catch GitHub Actions workflow injections before attackers do
Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.
The post How to catch GitHub Actions workflow injections before attackers do appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-catch-github-actions-workflow-injections-before-attackers-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exclusive: China-linked hackers target Taiwan's chip industry with increasing attacks, researchers say
https://www.proofpoint.com/us/newsroom/news/exclusive-china-linked-hackers-target-taiwans-chip-industry-increasing-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking AsyncRAT: Navigating the labyrinth of forks
ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants
https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NoBooze1 Malware Targets TP-Link Routers via CVE-2019-9082
Sensor Intel Series: July 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/nobooze1-malware-targets-tp-link-routers-via-cve-2019-9082
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'NCSC Cyber Series' podcast now available
Listen to all five episodes now, covering a wide range of cyber security topics.
https://www.ncsc.gov.uk/blog-post/cyber-series-podcast
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MaReads - 74,453 breached accounts
In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.
https://haveibeenpwned.com/Breach/MaReads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DOGE Denizen Marko Elez Leaked API Key for xAI
Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.
https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web-Inject Campaign Debuts Fresh Interlock RAT Variant
https://www.proofpoint.com/us/newsroom/news/web-inject-campaign-debuts-fresh-interlock-rat-variant
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Forensic journey: Breaking down the UserAssist artifact structure
A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool.
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Getting your organisation ready for Windows 11 upgrade before Autumn 2025
Why you should act now to ensure you meet the new hardware standards, and prioritise security.
https://www.ncsc.gov.uk/blog-post/getting-your-organisation-ready-for-windows-11-upgrade-before-autumn-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Omnicuris - 215,298 breached accounts
In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training progress. Omnicuris is aware of the incident.
https://haveibeenpwned.com/Breach/Omnicuris
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Click here to steal.
https://www.proofpoint.com/us/newsroom/news/click-here-steal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modeling CORS frameworks with CodeQL to find security vulnerabilities
Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.
The post Modeling CORS frameworks with CodeQL to find security vulnerabilities appeared first on The GitHub Blog.
https://github.blog/security/application-security/modeling-cors-frameworks-with-codeql-to-find-security-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UK Arrests Four in ‘Scattered Spider' Ransom Group
Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.
https://krebsonsecurity.com/2025/07/uk-charges-four-in-scattered-spider-ransom-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Upwind and Legit Security Partner to Deliver True Code-to-Cloud Application Security
Get details on the benefits of the Legit + Upwind combination.
https://www.legitsecurity.com/blog/upwind-and-legit-partner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing and Scaling InnerSource with Automation
As organizations strive for greater collaboration and innovation in their software development processes, practices like "InnerSource" are taking center stage.
https://www.sonatype.com/blog/securing-and-scaling-innersource-with-automation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Code highlighting with Cursor AI for 0,000
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, July 2025 Edition
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.
https://krebsonsecurity.com/2025/07/microsoft-patch-tuesday-july-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team
Android recently announced Advanced Protection, which extends Google's Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're better protected against the most sophisticated threats.
Advanced Protection acts as a single control point for at-risk users on Android that enables important security settings across applications, including many of your favorite Google apps, including Chrome. In this post, we'd like to do a deep dive into the Chrome...
http://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.
https://securelist.com/zos-mainframe-pentesting-resource-access-control-facility/116873/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Source Malware Index Q2 2025: Data Exfiltration Remains a Leading Threat
In the second quarter of 2025, Sonatype uncovered 16,279 pieces of open source malware, bringing the total number of malicious packages identified by our automated detection systems to 845,204 and counting. Once again, data exfiltration emerged as the dominant tactic, reinforcing a persistent and growing trend in software supply chain attacks targeting developers and CI/CD environments.
https://www.sonatype.com/blog/open-source-malware-index-q2-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]
https://blog.compass-security.com/2025/07/xvulnhuntr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unauthenticated SQL injection in GUI
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.Fortinet has observed this to be exploited in the wild on FortiWeb. Revised on 2025-07-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-151
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SQL injection in forward module
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager and FortiAnalyzer may allow an authenticated attacker with high privilege to extract database information via crafted requests. Revised on 2025-07-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-437
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Access control bypass in logging component
An improper access control vulnerability [CWE-284] in FortiIsolator logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request. Revised on 2025-07-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-045
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Command injection vulnerability
Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in FortiVoice may allow a privileged attacker to execute arbitrary code or commands via crafted HTTP/HTTPS or CLI requests. Revised on 2025-07-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-250
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DNS type 65 resource record requests bypass DNS filter
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS and FortiProxy may allow a remote unauthenticated user to bypass the DNS filter via Apple devices. Revised on 2025-07-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-053
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heap-based buffer overflow in cw_stad daemon
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS cw_stad daemon may allow an authenticated attacker to execute arbitrary code or commands via specifically crafted requests. Revised on 2025-07-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PKI via API: Authentication granted with an invalid certificate
A missing critical step in authentication vulnerability [CWE-304] in FortiOS & FortiProxy may allow an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid Revised on 2025-07-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-511
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Session still active for deleted admin
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox & FortiIsolator may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted. Revised on 2025-07-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-035
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Batavia spyware steals data from Russian organizations
Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices.
https://securelist.com/batavia-spyware-steals-data-from-russian-organizations/116866/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)
Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.
https://www.welivesecurity.com/en/videos/how-get-cybersecurity-unlocked-403-cybersecurity-podcast-s2e3/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Task scams: Why you should never pay to get paid
Some schemes might sound unbelievable, but they're easier to fall for than you think. Here's how to avoid getting played by gamified job scams.
https://www.welivesecurity.com/en/scams/task-scams-why-you-should-never-pay-to-get-paid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Catwatchful - 61,641 breached accounts
In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.
https://haveibeenpwned.com/Breach/Catwatchful
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.
The post CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Big Tech's Mixed Response to U.S. Treasury Sanctions
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.
https://krebsonsecurity.com/2025/07/big-techs-mixed-response-to-u-s-treasury-sanctions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Joining the FINOS AI Security Initiative
It's only been four months since I last posted about Sonatype's contributions to the open source security ecosystem — not too bad!
https://www.sonatype.com/blog/joining-the-finos-ai-security-initiative
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TA829, UNK_GreenSec malware campaigns underpinned by same infrastructure
https://www.proofpoint.com/us/newsroom/news/ta829-unkgreensec-malware-campaigns-underpinned-same-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understand your software's supply chain with GitHub's dependency graph
The GitHub dependency graph maps every direct and transitive dependency in your project, so you can identify risks, prioritize fixes, and keep your code secure.
The post Understand your software's supply chain with GitHub's dependency graph appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/understand-your-softwares-supply-chain-with-githubs-dependency-graph/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Quantum Computing?
Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.
https://www.f5.com/labs/learning-center/what-is-quantum-computing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insecure LLM Output Handling and How to Build Safe Defenses
As large language models (LLMs) increasingly shape how modern software is built and used, organizations must heed new categories of risk.
https://www.sonatype.com/blog/insecure-llm-output-handling-and-how-to-build-safe-defenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Senator Chides FBI for Weak Advice on Mobile Security
Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate's most tech-savvy lawmakers says the feds aren't doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.
https://krebsonsecurity.com/2025/06/senator-chides-fbi-for-weak-advice-on-mobile-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scammers have a new tactic: impersonating DOGE
https://www.proofpoint.com/us/newsroom/news/scammers-have-new-tactic-impersonating-doge
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet Legit MCP: AI-Powered Security That Works Where Your Team Works
Get details on the newly released Legit MCP Server.
https://www.legitsecurity.com/blog/meet-legit-mcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them
Use these insights to automate software security (where possible) to keep your projects safe.
The post GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them appeared first on The GitHub Blog.
https://github.blog/security/github-advisory-database-by-the-numbers-known-security-vulnerabilities-and-what-you-can-do-about-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]
https://blog.compass-security.com/2025/06/pwn2own-ireland-2024-ubiquiti-ai-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Creating the right organisational culture for cyber security
Calling cyber security professionals, culture specialists and leaders to drive uptake of new Cyber security culture principles.
https://www.ncsc.gov.uk/blog-post/creating-the-right-organisational-culture-for-cyber-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Robinsons Malls - 195,597 breached accounts
In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.
https://haveibeenpwned.com/Breach/RobinsonsMalls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Have you got what it takes to be a 'Cyber Advisor'?
Become a Cyber Advisor consultant and provide hands-on security advice tailored for SMEs.
https://www.ncsc.gov.uk/blog-post/have-you-got-what-it-takes-to-be-a-cyber-advisor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The State of Post-Quantum Cryptography (PQC) on the Web
We analyze the world’s most popular websites and most widely used web browsers to determine the current state of PQC adoption on the web.
https://www.f5.com/labs/articles/threat-intelligence/the-state-of-pqc-on-the-web
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Have Fun Teaching - 27,126 breached accounts
In August 2021, the teaching resources website Have Fun Teaching suffered a data breach that leaked 80k WooCommerce transactions which were later posted to a popular hacking forum. The data contained 27k unique email addresses along with physical and IP addresses, names, payment methods and the item purchased. Have Fun Teaching is aware of the incident.
https://haveibeenpwned.com/Breach/HaveFunTeaching
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trusting the tech: using password managers and passkeys to help you stay secure online
How today's secure tools simplify your digital life, and reduce login stress and password fatigue
https://www.ncsc.gov.uk/blog-post/trust-the-tech-using-password-managers-passkeys-to-help-you-stay-secure-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Azure Identity & Access Management – 5 IAM & Entra ID Security Risks You Can't Ignore
Microsoft Azure is probably the most widely used cloud platform in Switzerland, powering businesses of all sizes, from startups to multinational companies. According the the official Microsoft page over 95% of Fortune 500 companies rely on Microsoft Azure in one form or another. With this industry-wide adoption, it has become a critical component of modern-day […]
https://blog.compass-security.com/2025/06/the-dark-side-of-azure-identity-access-management-5-iam-entra-id-security-risks-you-cant-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer overflow in fgfmd
A stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM and FortiSwitchManager may allow a remote attacker to execute arbitrary code or command via crafted packets reaching the fgfmd daemon, under certain conditions which are outside the control of the attacker. Revised on 2025-06-23 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-036
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Timelines for migration to post-quantum cryptography
Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.
https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating prompt injection attacks with a layered defense strategy
Posted by Google GenAI Security TeamWith the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security...
http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://www.hackmageddon.com/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ualabee - 472,296 breached accounts
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
https://haveibeenpwned.com/Breach/Ualabee
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
Sensor Intel Series: June 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - June 2025
WebDAV & SMB client zero-days. KDC Proxy Service & Office critical RCEs.
https://blog.rapid7.com/2025/06/10/patch-tuesday-june-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta's Internal Conflict
Despite a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024, Rapid7 has observed sustained social engineering attacks. Evidence suggests that BlackSuit affiliates have either adopted Black Basta's strategy or absorbed its members.
https://blog.rapid7.com/2025/06/10/blacksuit-continues-social-engineering-attacks-in-wake-of-black-bastas-internal-conflict/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR
Explore key takeaways from Take Command 2025 on modern cloud detection and response. Learn how SOCs are adapting. Watch the full session on demand.
https://blog.rapid7.com/2025/06/10/key-takeaways-from-the-take-command-summit-2025-demystifying-cloud-detection-response-the-future-of-soc-and-mdr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WiredBucks - 918,529 breached accounts
In May 2022, the now defunct social media influencer platform WiredBucks suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed over 900k email and IP addresses alongside names, usernames, earnings via the platform, physical addresses and passwords stored as plain text.
https://haveibeenpwned.com/Breach/WiredBucks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LinkedIn for OSINT: tips and tricks
When it comes to open source intelligence (OSINT), LinkedIn is a treasure trove of information. With millions of professionals voluntarily sharing details about their careers, connections, personal achievements, or keeping up to date with what is happening in their professional sphere, the famous networking platform is not to be underestimated when it comes to OSINT. […]
https://blog.compass-security.com/2025/06/linkedin-for-osint-tips-and-tricks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blind SSRF in API
A server-side request forgery vulnerability [CWE-918] in FortiClientEMS may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-342
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall session injection in FGSP
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-287
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Things Security Leaders Need to Know About Agentic AI
Generative AI has already transformed the way businesses work. But we're now entering a new phase where AI doesn't just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI', and it's moving fast.
https://blog.rapid7.com/2025/06/09/5-things-security-leaders-need-to-know-about-agentic-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating AWS Migration: Achieving Clarity and Confidence
Migrating workloads to Amazon Web Services (AWS) represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy introduce unforeseen risks, operational delays, and more.
https://blog.rapid7.com/2025/06/09/navigating-aws-migration-achieving-clarity-and-confidence-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Disk Union - 690,667 breached accounts
In June 2022, the Japanese record chain store Disk Union suffered a data breach. The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords.
https://haveibeenpwned.com/Breach/DiskUnion
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-up 06/06/25
This release adds new modules targeting ThinManager vulnerabilities (CVE-2023-27855, CVE-2023-2917, CVE-2023-27856), a udev persistence module for Linux, an Ivanti EPMM authentication bypass and remote code execution module (CVE-2025-4427, CVE-2025-4428), PHP payload adapters, and more
https://blog.rapid7.com/2025/06/06/metasploit-wrapup-76/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cultivating Growth and Development at Rapid7
At Rapid7, we're pushing the boundaries on what a cybersecurity company can be. With more than a dozen offices around the world, Rapid7's culture provides a foundation where people can grow their skills and progress in their careers, while driving meaningful impact to the business.
https://blog.rapid7.com/2025/06/06/cultivating-growth-and-development-at-rapid7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
India's Cyber Leaders Prepare for AI-Driven Threats
As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders to address the most pressing cyber threats facing organizations in 2025.
https://blog.rapid7.com/2025/06/06/indias-cyber-leaders-prepare-for-ai-driven-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://www.hackmageddon.com/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Q1 2025 Incident Response Findings
Rapid7's 2025Q1 incident response data highlights several key IAV trends, shares salient examples of incidents investigated by the Rapid7 IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware.
https://blog.rapid7.com/2025/06/04/rapid7-q1-2025-incident-response-findings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
The lines between ideologically-driven hacktivism and financially motivated cybercriminals are blurring. Some hacktivist groups are evolving into ransomware operations – even becoming ransomware affiliates – merging the disruptive zeal of hacktivism with the ruthless efficiency of cybercrime.
https://blog.rapid7.com/2025/06/03/from-ideology-to-financial-gain-exploring-the-convergence-from-hacktivism-to-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack the model: Build AI security skills with the GitHub Secure Code Game
Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills.
The post Hack the model: Build AI security skills with the GitHub Secure Code Game appeared first on The GitHub Blog.
https://github.blog/security/hack-the-model-build-ai-security-skills-with-the-github-secure-code-game/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DNS rebinding attacks explained: The lookup is coming from inside the house!
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.
The post DNS rebinding attacks explained: The lookup is coming from inside the house! appeared first on The GitHub Blog.
https://github.blog/security/application-security/dns-rebinding-attacks-explained-the-lookup-is-coming-from-inside-the-house/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing AI Attack Coverage in Exposure Command: Secure what traditional AppSec Tools miss
Introducing AI Attack Coverage in Exposure Command and InsightAppSec, bringing purpose built protection for AI driven applications into your existing AppSec workflows. Uncover vulnerabilities that legacy tools miss – and stop AI specific threats before they become business problems.
https://blog.rapid7.com/2025/06/03/introducing-ai-attack-coverage-in-exposure-command-secure-what-traditional-appsec-tools-miss/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ColoCrossing - 7,183 breached accounts
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
https://haveibeenpwned.com/Breach/ColoCrossing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management
Learn how security teams are evolving risk strategies with exposure management. Hear insights from Rapid7 and ESG. Watch the full session on demand.
https://blog.rapid7.com/2025/06/02/key-takeaways-from-the-take-command-summit-2025-risk-revolution-proactive-strategies-for-exposure-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team
Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025.
The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don't go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.
Chrome's confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners included in the Chrome Root Store has diminished due to patterns...
http://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside GitHub: How we hardened our SAML implementation
Maintaining and developing complex and risky code is never easy. See how we addressed the challenges of securing our SAML implementation with this behind-the-scenes look at building trust in our systems.
The post Inside GitHub: How we hardened our SAML implementation appeared first on The GitHub Blog.
https://github.blog/security/web-application-security/inside-github-how-we-hardened-our-saml-implementation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Renovate – Keeping Your Updates Secure?
Renovate is an OSS CLI/bot that updates your software dependencies automatically. It is usually integrated into the CI/CD process and runs on a schedule. It will create a Pull Request / Merge Request (PR/MR) to your repository with dependency updates. It can optionally auto-merge them. If you host it for several repositories or an organization, it […]
https://blog.compass-security.com/2025/05/renovate-keeping-your-updates-secure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking the Cost of Quantum Factoring
Posted by Craig Gidney, Quantum Research Scientist, and Sophie Schmieg, Senior Staff Cryptography Engineer Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems. For decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able to break many of today's secure public key cryptography algorithms, such as Rivest–Shamir–Adleman (RSA). Google has long worked with the U.S. National Institute of Standards and Technology (NIST) and others in government, industry, and academia to develop and transition to post-quantum cryptography (PQC), which is expected to be resistant to quantum computing attacks. As quantum computing technology continues to advance, ongoing...
http://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing MTE with CVE-2025-0072
In this post, I'll look at CVE-2025-0072, a vulnerability in the Arm Mali GPU, and show how it can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
The post Bypassing MTE with CVE-2025-0072 appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #7: Attack surface analysis
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
Get details on the vulnerabilities the Legit research team unearthed in GitLab Duo.
https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Android Security and Privacy in 2025
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Android's intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.Android is always developing new protections to keep you, your device, and your data safe. Today, we're announcing new features and enhancements that build on our industry-leading protections to help keep you safe from scams, fraud, and theft on Android.
Smarter protections against phone call scams
Our research shows that phone scammers often try to trick people into performing specific actions to initiate a scam, like changing...
http://security.googleblog.com/2025/05/whats-new-in-android-security-privacy-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Protection: Google's Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security
Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google's strongest protections against targeted attacks.To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users. Whether you're an at-risk individual – such as a journalist, elected official, or public figure – or you just prioritize security, Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're protected against the most sophisticated threats.
Simple to activate, powerful in protectionAdvanced...
http://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing BitLocker Encryption: Bitpixie PoC and WinPE Edition
Depending on the customer’s preference, possible initial access vectors in our red teaming exercises typically include deployment of dropboxes, (device code) phishing or a stolen portable device. The latter is usually a Windows laptop protected by BitLocker for full disk encryption without pre-boot authentication i.e. without a configured PIN or an additional key file. While […]
https://blog.compass-security.com/2025/05/bypassing-bitlocker-encryption-bitpixie-poc-and-winpe-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 2025 State of Application Risk Report: Understanding AI Risk in Software Development
Get details on the AI risks Legit unearthed in enterprises' software factories.
https://www.legitsecurity.com/blog/understanding-ai-risk-in-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero
Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes.
In this blog post, I’ll explore using Mach IPC messages as an attack vector to find and exploit sandbox escapes. I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. Along the way, I’ll discuss some of the difficulties and tradeoffs I encountered.
Transparently, this was my first venture into the world of MacOS security research and building...
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using AI to stop tech support scams in Chrome
Posted by Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security
Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. In a tech support scam, the goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infection, and then convince you to pay for unnecessary services, software, or grant them remote access to your device. Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts. We've also observed them to use full-screen takeovers and disable keyboard and mouse input to create a sense of crisis.
Chrome has always worked with Google Safe Browsing to help...
http://security.googleblog.com/2025/05/using-ai-to-stop-tech-support-scams-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge
This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more.
The post Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge appeared first on The GitHub Blog.
https://github.blog/open-source/maintainers/welcome-to-maintainer-month-events-exclusive-discounts-and-a-new-security-challenge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening Software Security Under the EU Cyber Resilience Act: A High-Level Guide for Security Leaders and CISOs
Get guidance on key tenets of the EU CRA and how Legit can help address them.
https://www.legitsecurity.com/blog/strengthening-software-security-under-eu-cra
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/articles/threat-intelligence/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments
TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations. https://github.com/CompassSecurity/EntraFalcon Entra ID environments can contain thousands of objects – users, groups, service principals, and more – each with unique properties and complex relationships. While manual reviews through the Entra portal might be feasible in smaller environments, they […]
https://blog.compass-security.com/2025/04/introducing-entrafalcon-a-tool-to-enumerate-entra-id-objects-and-assignments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing New Legit ASPM AI Capabilities
Get details on Legit's new AI capabilities.
https://www.legitsecurity.com/blog/announcing-new-legit-aspm-ai-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphone.net/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://www.safetydetectives.com/blog/lesley-carhart-dragos/
https://tisiphone.net/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 December 2024 Cyber Attacks Timeline
In the second timeline of December 2024, I collected 94 events with a threat landscape dominated by malware with...
https://www.hackmageddon.com/2025/04/18/16-31-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Legit Is Using Classic Economic Tools to Prevent Application Vulnerabilities
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/how-legit-is-using-classic-economic-models-to-prevent-application-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to Look for in Application Security Posture Management (ASPM)
Get details on the key capabilities for an ASPM platform.
https://www.legitsecurity.com/blog/what-to-look-for-in-application-security-posture-management-aspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)
As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you were given a customer laptop and the aim was to “find something interesting”, perhaps a misconfiguration on the customer side. The problem was that the laptop […]
https://blog.compass-security.com/2025/04/3-milliseconds-to-admin-mastering-dll-hijacking-and-hooking-to-win-the-race-cve-2025-24076-and-cve-2025-24994/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Scans for Secrets in SharePoint
Get details on Legit's new ability to scan for secrets in SharePoint.
https://www.legitsecurity.com/blog/legit-scans-for-secrets-in-sharepoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Campaign Targets Amazon EC2 Instance Metadata via SSRF
Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS.
https://www.f5.com/labs/articles/threat-intelligence/campaign-targets-amazon-ec2-instance-metadata-via-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit and Traceable: Better Together
Get details on Legit's new partnership with Traceable.
https://www.legitsecurity.com/blog/legit-and-traceable-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google announces Sec-Gemini v1, a new experimental cybersecurity model
Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini teamToday, we're announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before. Effectively powering SecOps workflows requires state-of-the-art reasoning capabilities and extensive current cybersecurity knowledge. Sec-Gemini v1 achieves...
http://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming the Wild West of ML: Practical Model Signing with Sigstore
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers. In this blog post we will illustrate why this release is important from Google's point of view.With the advent of LLMs, the ML field has entered an era of rapid evolution. We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical...
http://security.googleblog.com/2025/04/taming-wild-west-of-ml-practical-model.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 December 2024 Cyber Attacks Timeline
In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated...
https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I wannabe Red Team Operator
Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often. “Hey there, how can I become a Red Team Operator? Yours sincerely, a recent graduate.” To us, this is like asking how to become a regular starter on a Premier League football team. There's nothing wrong with […]
https://blog.compass-security.com/2025/04/i-wannabe-red-team-operator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's My Daily Life Like (in OT DFIR)?
One of the most common questions I get asked by aspiring (and current) cybersecurity professionals is what my odd niche of the universe in critical infrastructure incident response is really like, day to day. So let me give a brief overview of what my work life is like. The first thing one needs to understand […]
https://tisiphone.net/2025/03/31/whats-my-daily-life-like-in-ot-dfir/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive
How much do scraper bots affect your industry?
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bot-report-scraper-bots-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prevent Web Scraping by Applying the Pyramid of Pain
The Bots Pyramid of Pain: a framework for effective bot defense.
https://www.f5.com/labs/articles/threat-intelligence/prevent-web-scraping-by-applying-the-pyramid-of-pain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New security requirements adopted by HTTPS certificate industry
Posted by Chrome Root Program, Chrome Security Team
The Chrome Root Program launched in 2022 as part of Google's ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying security assurances provided by Transport Layer Security (TLS). Many of these initiatives are described on our forward looking, public roadmap named “Moving Forward, Together.”
At a high-level, “Moving Forward, Together” is our vision of the future. It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy. It's focused on themes that we feel are essential...
http://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit
Posted by Ian Beer, Google Project Zero
On September 7, 2023 Apple issued an out-of-band security update for iOS:
Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild":
"[The target was] an individual employed by a Washington DC-based civil society organization with international offices...
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
The day before,...
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Titan Security Keys now available in more countries
Posted by Christiaan Brand, Group Product ManagerWe're excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.What is a Titan Security Key?A Titan Security Key is a small, physical device that you can use to verify your identity when you sign in to your Google Account. It's like a second password that's much harder for cybercriminals to steal.Titan Security Keys allow you to store your passkeys on a strong, purpose-built...
http://security.googleblog.com/2025/03/titan-security-keys-now-available-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQLEAKED - CodeQL Supply Chain Attack via Exposed Secret
A publicly exposed GitHub token in CodeQL workflow artifacts could allow attackers to execute malicious code
in repositories using CodeQL, potentially leading to source code exfiltration, secrets compromise, and supply
chain attacks. The vulnerability stemmed from a debug artifact containing environment variables, which could be
downloaded and exploited within a 1-2 second window.
https://www.cloudvulndb.org/codeql-supply-chain-attack-exposed-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlueSky InfoSec News List
Hello all, happy Tuesday. I’ve migrated my cybersecurity news feed list to BlueSky and it can now be found here: https://web-cdn.bsky.app/profile/hacks4pancakes.com/lists/3ll6ownhbuz2o I hope you find this useful. If you’re using Mastodon, the import process is a bit more manual: @Updated InfoSec Mastodon Lists!
https://tisiphone.net/2025/03/25/bluesky-infosec-news-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID Bug Creates Immutable Users
A bug in Entra ID restricted management administrative units allowed creating immutable users that couldn't be modified or disabled, even by Global Administrators. This could enable an attacker to protect a compromised account from containment. The issue was caused by a timing vulnerability when removing users from restricted AUs and required specific steps to remediate affected accounts.
https://www.cloudvulndb.org/entra-id-immutable-users-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/articles/threat-intelligence/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS CDK CLI Issue with Custom Credential Plugins
AWS identified a security issue in the AWS CDK CLI versions 2.172.0-2.178.1 where temporary credentials from custom credential plugins could be printed to console output. This potentially exposes sensitive information to users with access to the console. The issue affects plugins that include an expiration property when returning temporary credentials.
https://www.cloudvulndb.org/aws-cdk-cli-credential-plugin-issue
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses
In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve learned, these techniques can be detected by proxies employing TLS inspection, by checking whether the hostname in the SNI matches the one in the HTTP Host header. If they […]
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Yes, That's Me on Your Radio!
I had the honor of another short segment on NPR’s Marketplace this morning. I spoke about the state of cyber crime, and the impact of US government changes on cyber defense.
https://tisiphone.net/2025/03/19/yes-thats-me-on-your-radio/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff.
https://tisiphone.net/2025/03/18/updated-infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not just those implemented in the service, but any other object compatible with being remoted. For example, if you wanted to expose an XML document across the client-server boundary, you could use a pre-existing COM or .NET library and return that object back to the client. By default when the object is returned it's marshaled by reference, which results in the object staying in the out-of-process server.
This flexibility has a number of downsides, one of which is the topic of this...
https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel.
The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn't going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities...
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero
As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as...
https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RADIUS Protocol CVE-2024-3596
A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server. Revised on 2025-07-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-255
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
https://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors.
In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
https://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
https://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
https://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first.
As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon.
Update (2025-01-12): Added Lemmy endpoint which has been fixed by now. Also mentioned...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)