L'Actu de la presse spécialisée

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation. These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector. "After an initial chat conversation, the attacker sent a ZIP file that contained
https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals
Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information. Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire
https://thehackernews.com/2024/09/fbi-cracks-down-on-dark-web-marketplace.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

September 07, 2024
September 07, 2024 Hash 195d598eb9bb06b0d1555f5ef80e4b9d6 29acc037398af11c76c7366f801d1a715 34d54b4575919972f387f92e8e5692b39 URL 1http[:]//cnc[.]pr333[.]ggm[.]kr/updates[.]arm5 2https[:]//cxl[.]topsoilconstruction[.]com/ 3https[:]//cargenesis[.]com/ IP 178[.]153[.]130[.]75 247[.]236[.]120[.]1 3106[.]14[.]195[.]48 225,904 63,872 222 Top1 Korea, Republic of 59,063 Top1 TCP 1433 56,338 게시물 September 07, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la presse

Cyber-attack targets St. Charles Parish Government | Crime/Police - NOLA.com
St. Charles leaders are just now learning about a cyber-attack involving a parish vendor.
https://www.nola.com/news/crime_police/cyber-scheme-hacker-st-charles-government-fbi/article_6563c322-6cb2-11ef-808e-0f3a6ad0054e.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille (Presse spécialisée)

Chinese APT Abuses VSCode to Target Government in Asia
A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims' environments for Southeast Asian espionage. The post Chinese APT Abuses VSCode to Target Government in Asia appeared first on Unit 42.
https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Car rental company Avis discloses a data breach
Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information. Car rental company Avis notified customers impacted in an Augus data breach. Threat actors breached one of its business applications and gained access to some of the customers’ personal information. “We discovered on August […]
https://securityaffairs.com/168119/data-breach/car-rental-giant-avis-discloses-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Unlock 50K Views on Medium With This Winning Article Template
The template below has consistently brought me success; it's an outstanding method for organizing technical articles. The simplest trick is to divide the content into sub-topics and create a section for the same.Divide each section with a paragraph and code example for each of the sub-sections.
https://hackernoon.com/how-to-unlock-50k-views-on-medium-with-this-winning-article-template?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical GeoServer Vulnerability Exploited in Global Malware Campaign
A critical GeoServer vulnerability (CVE-2024-36401) is being actively exploited, allowing attackers to take control of systems for malware…
https://hackread.com/geoserver-vulnerability-exploited-global-malware-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Driving the Future of Web3 Gaming: A New Era With Portal and Immutable
Portal and Immutable have come together to redefine how games are distributed, monetized, and experienced in the Web3 space. Ezra Strauss, Head of Partnerships at Portal, says the partnership has the potential to accelerate the adoption of Web3 gaming. He explains the synergies between the two companies and why this collaboration is a personal milestone for him.
https://hackernoon.com/driving-the-future-of-web3-gaming-a-new-era-with-portal-and-immutable?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enhance Your UI/UX With These 16 Web Designer Resources🔥🎨
In this article, I've curated 16 essential resources across a variety of domains including icons, illustrations, colors, gradients, fonts, mockups, etc.
https://hackernoon.com/enhance-your-uiux-with-these-16-web-designer-resources?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mastering CORS in .NET: 10 Expert Tips for Secure API Configuration
Cross-Origin Resource Sharing (CORS) is a process which protects your APIs from defined domains, method types or headers. The CORS headers define which domains can access your APIs. You can configure CORS in Program.cs by using CORS middleware as shown below. Use WithOrigins to specify the array of domains that are allowed to access the APIs.
https://hackernoon.com/mastering-cors-in-net-10-expert-tips-for-secure-api-configuration?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 10-Day .Net Aspire Challenge - Day 9: Azure Key Vault
The.Net Aspire framework is used to develop cloud and production-ready distributed applications. It consists of components to handle cloud-native concerns such as Redis, Postgres etc. The solution structure is divided into the following projects: DotnetAspireChallenge.ApiService, Dotnet aspire.AppHost, and Dotnet Aspire.Web.
https://hackernoon.com/the-10-day-net-aspire-challenge-day-9-azure-key-vault?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 10-Day .Net Aspire Challenge - Day 8: Azure Queue Storage
The.Net Aspire framework is used to develop cloud and production-ready distributed applications. It consists of components to handle cloud-native concerns such as Redis, Postgres etc. The solution structure is divided into the following projects: DotnetAspireChallenge.ApiService, Dotnet aspire.AppHost and Dotnet Aspire.Web.
https://hackernoon.com/the-10-day-net-aspire-challenge-day-8-azure-queue-storage?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Transport for London staff faces systems disruptions after cyberattack
​Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. [...]
https://www.bleepingcomputer.com/news/security/transport-for-london-staff-faces-systems-disruptions-after-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Feds Warn on Russian Actors Targeting Critical Infrastructure
In the past, Putin's Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine.
https://www.darkreading.com/ics-ot-security/feds-warn-russian-actors-targeting-critical-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Do Privacy and Feudalism Have in Common?
Decentralized projects don't usually say “privacy'; rather, they say data is “owned by the user' (data ownership) What's the difference? I came up with a fun analogy and want to share it. If you own a plot of land, you have the right to get there whenever you want, build a house on it, make money with it, invite your friends to a party, and forbid anyone to enter.
https://hackernoon.com/what-do-privacy-and-feudalism-have-in-common?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA Flags ICS Bugs in Baxter, Mitsubishi Products
The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.
https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Dark Art of Unlocking AI's Full Creative Potential - Part 1/3
Mastering AI is about more than just learning new tools—it's about adopting the right mindset, setting clear objectives, and overcoming limiting beliefs. This first installment of a three-part series explores how to align your AI efforts with your purpose and achieve extraordinary results.
https://hackernoon.com/the-dark-art-of-unlocking-ais-full-creative-potential-part-13?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Could Fintech Investments Offer Added Value Following Wall Street's Recent Struggles?
While the industry has experienced some challenges in raising capital in 2024, investor sentiment is expected to improve as Wall Street anticipates further interest rate cuts.
https://hackernoon.com/could-fintech-investments-offer-added-value-following-wall-streets-recent-struggles?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Commercial Spyware Use Roars Back Despite Sanctions
Vendors of mercenary spyware tools used by nation-states to track citizens and enemies have gotten savvy about evading efforts to limit their use.
https://www.darkreading.com/threat-intelligence/commercial-spyware-use-roars-back-despite-sanctions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 Lessons From Hyperinflationary Periods: References
These major lessons can help managers, consumers, and societies better cope with and more successfully navigate their current inflationary challenges.
https://hackernoon.com/3-lessons-from-hyperinflationary-periods-references?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 Lessons From Hyperinflationary Periods: Reduce the Company's Costs of Changing Prices
These major lessons can help managers, consumers, and societies better cope with and more successfully navigate their current inflationary challenges.
https://hackernoon.com/3-lessons-from-hyperinflationary-periods-reduce-the-companys-costs-of-changing-prices?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 2025 Narrative In Crypto
Narratives are the main driver in crypto markets. 2025 will mark a structural shift in this. The narrative that might play out will be about value creation more than any other crypto narrative in the past. The timeline is likely one of the ‘best kept secrets' in markets.
https://hackernoon.com/the-2025-narrative-in-crypto?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SonicWall warns that SonicOS bug exploited in attacks
Recently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. SonicWall warns that a recently fixed access control flaw, tracked as CVE-2024-40766 (CVSS v3 score: 9.3), in SonicOS is now potentially exploited in attacks. “An improper access control vulnerability has been identified in the SonicWall SonicOS management […]
https://securityaffairs.com/168112/hacking/sonicwall-sonicos-bug-exploited.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Car rental giant Avis discloses data breach impacting customers
American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. [...]
https://www.bleepingcomputer.com/news/security/car-rental-giant-avis-discloses-data-breach-impacting-customers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 09/06/2024
Honey, I shrunk the PHP payloads This release contains more PHP payload improvements from Julien Voisen. Last week we landed a PR from Julien that added a datastore option to the php/base64 encoder that when enabled, will use zlib to compress the payload which significantly reduced the size, bringing
https://blog.rapid7.com/2024/09/06/metasploit-weekly-wrap-up-42/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Firm's Misconfigured Server Exposed 5.3 TB of Mental Health Records
A misconfigured server from a US-based AI healthcare firm Confidant Health exposed 5.3 TB of sensitive mental health…
https://hackread.com/ai-firm-misconfigured-server-exposed-mental-health-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Talent Shortage Prompts White House Action
The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.
https://www.darkreading.com/cybersecurity-operations/cybersecurity-talent-shortage-prompts-white-house-action
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Office 2024 to disable ActiveX controls by default
​After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2024-to-disable-activex-controls-by-default/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper access control vulnerability has been identified in the SonicWall SonicOS management
https://thehackernews.com/2024/09/sonicwall-urges-users-to-patch-critical.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zyxel Patched Numerous Security Flaws Across Different Products
Zyxel began the month by releasing numerous security fixes for flaws in its firewalls and… Zyxel Patched Numerous Security Flaws Across Different Products on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/06/zyxel-patched-numerous-security-flaws-across-different-products/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mozilla Released Firefox 130 With Handy AI Chatbot Feature And Security Fixes
Heads up, Firefox users! It's time to update your devices with the latest Firefox 130… Mozilla Released Firefox 130 With Handy AI Chatbot Feature And Security Fixes on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/06/mozilla-released-firefox-130-with-handy-ai-chatbot-feature-and-security-fixes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SpyAgent Android malware steals your crypto recovery phrases from images
A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. [...]
https://www.bleepingcomputer.com/news/security/spyagent-android-malware-steals-your-crypto-recovery-phrases-from-images/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances. In
https://thehackernews.com/2024/09/geoserver-vulnerability-targeted-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages. These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com). Adversaries targeting open-source repositories across
https://thehackernews.com/2024/09/github-actions-vulnerable-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected
Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions and judicial-related matters.  By leveraging trust and fear, respectively, these attacks often involve malicious links or file attachments that lead to malware infections, which include common tactics like embedded links in emails directing users to fake websites and malicious PDF and […] The post BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/bbtok-abuses-legitimate-windows-utility-command-tool-to-stay-undetected/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Predator Spyware Exploiting “one-click” & “zero-click” Flaws
Recent research indicates that the Predator spyware, once thought to be inactive due to US sanctions, has resurfaced with enhanced evasion techniques.  Despite efforts to curb its use, Predator continues to be employed in countries like the DRC and Angola, targeting high-profile individuals. The spyware’s new infrastructure makes it harder to track victims, emphasizing the […] The post Predator Spyware Exploiting “one-click” & “zero-click” Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/predator-spyware-zero-click-flaws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using Transparency & Sharing to Defend Critical Infrastructure
No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats
https://www.darkreading.com/vulnerabilities-threats/using-transparency-and-sharing-to-defend-critical-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Summer compliance webinar series: Understanding DORA compliance
In the third part of our Summer of Software Regulations & Compliance webinar series, the Digital Operations Resilience Act (DORA) took center stage with Ilkka Turunen, Field CTO at Sonatype joining Friso Schutte, the CTO of fintech leader SurePay for a discussion on what financial service providers can do to prepare.
https://www.sonatype.com/blog/summer-compliance-webinar-series-understanding-dora-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SonicWall SSLVPN access control flaw is now exploited in attacks
SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. [...]
https://www.bleepingcomputer.com/news/security/sonicwall-sslvpn-access-control-flaw-is-now-exploited-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unfilled Cybersecurity Jobs Can Lead To Utter Chaos
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Fortune Magazine Sausalito, Calif. – Sep. 6, 2024 Steve Morgan, founder of Cybersecurity Ventures, presents this scenario: Imagine if street crime exploded and society had millions of unfilled law The post Unfilled Cybersecurity Jobs Can Lead To Utter Chaos appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/unfilled-cybersecurity-jobs-can-lead-to-utter-chaos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How cyber criminals are compromising AI software supply chains
With the adoption of artificial intelligence (AI) soaring across industries and use cases, preventing AI-driven software supply chain attacks has never been more important. Recent research by SentinelOne exposed a new ransomware actor, dubbed NullBulge, which targets software supply chains by weaponizing code in open-source repositories like Hugging Face and GitHub. The group, claiming to […] The post How cyber criminals are compromising AI software supply chains appeared first on Security Intelligence.
https://securityintelligence.com/articles/cyber-criminals-compromising-ai-software-supply-chains/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SUSE: 2024:3151-1 important: buildah Security Advisory Updates
* bsc#1221243 * bsc#1221677 * bsc#1224117 Cross-References:
https://linuxsecurity.com/advisories/suse/suse-2024-3151-1-important-buildah-security-advisory-updates-kecfic5dvm6s
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SUSE: 2024:3152-1 important: MozillaFirefox Security Advisory Updates
* bsc#1229821 Cross-References: * CVE-2024-8381 * CVE-2024-8382
https://linuxsecurity.com/advisories/suse/suse-2024-3152-1-important-mozillafirefox-security-advisory-updates-hcmmlsuynvuh
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SUSE: 2024:3153-1 important: postgresql16 Security Advisory Updates
* bsc#1229013 Cross-References: * CVE-2024-7348
https://linuxsecurity.com/advisories/suse/suse-2024-3153-1-important-postgresql16-security-advisory-updates-hdrsjo3bkxvi
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SUSE: 2024:3154-1 important: postgresql16 Security Advisory Updates
* bsc#1229013 Cross-References: * CVE-2024-7348
https://linuxsecurity.com/advisories/suse/suse-2024-3154-1-important-postgresql16-security-advisory-updates-lc4zauxhc606
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SUSE: 2024:3155-1 important: kubernetes1.26 Security Advisory Updates
* bsc#1229869 Cross-References: * CVE-2023-45288
https://linuxsecurity.com/advisories/suse/suse-2024-3155-1-important-kubernetes1-26-security-advisory-updates-iczn9mjv6i1f
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SUSE: 2024:3156-1 low: python312-pip Security Advisory Updates
* bsc#1217353 Cross-References: * CVE-2023-5752
https://linuxsecurity.com/advisories/suse/suse-2024-3156-1-low-python312-pip-security-advisory-updates-hipn68qdvcea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New guidance for practitioners supporting victims of 'domestic cyber crime'
The NCSC produces advice for practitioners working with victims who are being tracked, stalked, or virtually monitored.
https://www.ncsc.gov.uk/blog-post/new-guidance-for-practitioners-supporting-victims-of-domestic-cyber-crime
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025
The 2024 State of the vCISO Report continues Cynomi's tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However,
https://thehackernews.com/2024/09/the-state-of-virtual-ciso-report.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data
Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group, and it has been active since 2011. This APT group primarily targets government institutions, military agencies, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong. Cybersecurity analysts at Kaspersky Lab recently discovered that Tropic Trooper has been actively […] The post Tropic Trooper Attacks Government Organizations to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/tropic-trooper-attack-steal-sensitive-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion
NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers made from White Gaussian Noise to create several targeted classes in the model, rather than just one, like most current methods.  This approach also helps avoid being easily detected, which makes it more effective than traditional single-target attacks. The following cybersecurity […] The post NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/noiseattack-is-a-novel-backdoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fog Ransomware Now Targeting the Financial Sector; Adlumin Thwarts Attack
The Fog Ransomware group, known for targeting education and recreation sectors, has expanded its scope to attack financial services organizations, where the attackers exploited compromised VPN credentials to deploy the ransomware, targeting both Windows and Linux endpoints.  It has detected the ransomware activity and isolated the affected machines, preventing data encryption and theft. While the […] The post Fog Ransomware Now Targeting the Financial Sector; Adlumin Thwarts Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/fog-ransomwarefinancial-sector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SonicWall Access Control Vulnerability Exploited in the Wild
SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management access and SSLVPN. The flaw, identified as CVE-2024-40766, is actively exploited in the wild. It potentially allows unauthorized access to resources and, under certain conditions, causes firewalls to crash. The vulnerability affects SonicWall Gen 5 and Gen 6 devices and Gen […] The post SonicWall Access Control Vulnerability Exploited in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/sonicwall-access-control-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apache OFBiz for Linux & Windows Vulnerability Allows Unauthenticated Remote Code Execution
A series of vulnerabilities affecting Apache OFBiz has come to light, raising significant cybersecurity concerns. These vulnerabilities, identified as Common Vulnerabilities and Exposures (CVEs), enable unauthenticated remote code execution on both Linux and Windows platforms. This article delves into the specifics of these vulnerabilities, their implications, and the steps taken to mitigate them. Apache OFBiz, […] The post Apache OFBiz for Linux & Windows Vulnerability Allows Unauthenticated Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/apache-ofbiz-linux-windows-unauthenticated/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apache fixed a new remote code execution flaw in Apache OFBiz
Apache addressed a remote code execution vulnerability affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache fixed a high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5) affecting the Apache OFBiz open-source enterprise resource planning (ERP) system. Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business […]
https://securityaffairs.com/168106/security/apache-ofbiz-rce-cve-2024-45195.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russia-linked GRU Unit 29155 targeted critical infrastructure globally
The United States and its allies state that Russia-linked threat actors operating under the GRU are behind global critical infrastructure attacks. The FBI, CISA, and NSA linked threat actors from Russia’s GRU Unit 29155 to global cyber operations since at least 2020. These operations include espionage, sabotage, and reputational damage. The United States and its […]
https://securityaffairs.com/168095/cyber-warfare-2/russia-gru-unit-29155-critical-infrastructure.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian Military Hackers Attacking US and Global Critical Infrastructure
Russian military hackers, identified as Unit 29155, have been actively targeting critical infrastructure in the United States and globally. This unit, known for its sophisticated cyber operations, has been linked to attacks aimed at disrupting and compromising vital sectors. The implications of these cyber intrusions are vast, affecting government services, financial institutions, transportation systems, energy […] The post Russian Military Hackers Attacking US and Global Critical Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/russian-military-hackers-attacking-us/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts. The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.  "The plugin suffers from an
https://thehackernews.com/2024/09/critical-security-flaw-found-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Classroom into Bug Bounty: Investigating Motivational Factors Among Swiss Students
Bug bounty programs have evolved into a critical element of modern cybersecurity. In this post, we give some answers to how bug bounty programs can attract students as hunters.
https://blog.compass-security.com/2024/09/from-classroom-into-bug-bounty-investigating-motivational-factors-among-swiss-students/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid
https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed
https://thehackernews.com/2024/09/paul-durov-criticizes-outdated-laws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group
FIN7 (aka Carbon Spider, ELBRUS, Sangria Tempest) is a Russian APT group that is primarily known for targeting the U.S. retail, restaurant, and hospitality sectors since mid-2015.  In their attacks, the FIN7 group primarily uses several tactics and techniques like spearphishing attachments and links, compromising software supply chains, and exploiting public-facing applications. FIN7’s “AvNeutralizer” anti-EDR […] The post Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/avneutralizer-edr-killer-unpacked/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

September 06, 2024
September 06, 2024 Hash 157fec16c5ec610ca50a696a7f8f0cebf 2fc9a0c3f0e7b2f98ac158c04c5d9d7dc 3943c0a185bd1461fe7511cc959e81097 URL 1http[:]//amagiadoamor[.]com[.]br/tk/login[.]html 2https[:]//lanzhouyuanda[.]com/ 3http[:]//byruthub[.]org/index[.]php?do=download&id=38731 IP 1116[.]198[.]202[.]236 2103[.]1[.]100[.]53 3190[.]221[.]132[.]118 285,385 25,725 222 Top1 Korea, Republic of 128,864 Top1 TCP 1433 105,331 게시물 September 06, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82992/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille (Presse)

Cyber attack-hit Tewkesbury Borough Council 'rebuilding services' - BBC News
A council has said it is focusing on supporting vulnerable residents as it rebuilds services after a cyber attack.
https://www.bbc.co.uk/news/articles/c5y53y5l0mlo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Planned Parenthood of Montana confirms cyber-attack in late August
Planned Parenthood of Montana was targeted with a cybersecurity threat last month.An official with the organization confirmed a cyber attack ...
https://nbcmontana.com/news/local/planned-parenthood-of-montana-confirms-cyber-attack-in-late-august
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

City of Flint restores online bill pay services following cyber attack | Local - ABC12
FLINT, Mich. (WJRT) - The city of Flint announced that online bill pay services have been restored following last month's cyber attack.
https://www.abc12.com/news/local/city-of-flint-restores-online-bill-pay-services-following-cyber-attack/article_e593c476-6c8e-11ef-907f-5bfa0ee98341.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CTIIC's Dana Madsen to Keynote 2024 Intel Summit - GovCon Wire
CTIIC was established under the auspices of ODNI in response to a 2014 cyber attack on Sony Pictures. The Cyber Threat Landscape. Attacks on ...
https://govconwire.com/2024/09/ctiics-dana-madsen-to-keynote-2024-intel-summit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Transport for London still affected by 'ongoing cyber incident' - BBC
Transport for London (TfL) has restricted its online services as its computer systems continue to be affected by a cyber attack. The organisation ...
https://www.bbc.com/news/articles/cwyjezrne3go
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber attack-hit Tewkesbury Borough Council 'rebuilding services' - BBC
A council has said it is focusing on supporting vulnerable residents as it rebuilds services after a cyber attack. A major incident was declared ...
https://www.bbc.com/news/articles/c5y53y5l0mlo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CrowdStrike – a cyber cat of sorts - Global Reinsurance
Because these losses were not caused by a cyber-attack, claims will be made under 'systems failure' coverage, which is becoming standard coverage ...
https://www.globalreinsurance.com/home/crowdstrike-a-cyber-cat-of-sorts/1452954.article
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber attack forces TfL to restrict website and booking system access - full list of what's affected
Transport for London (TfL) has issued an update in relation to an ongoing cyber attack targeting the authority. It has taken the precaution to ...
https://www.mylondon.news/news/transport/cyber-attack-forces-tfl-restrict-29880831
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber-attack victim obtains injunction to prevent publication of stolen data - A&O Shearman
Following a high-profile cyber-attack earlier in the year which impacted the medical data of NHS patients, the English High Court granted Synnovis ...
https://www.aoshearman.com/insights/ao-shearman-on-data/cyber-attack-victim-obtains-injunction-to-prevent-publication-of-stolen-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Estonia says Russian military intelligence behind cyber-attacks - Euractiv
... cyber-attack ... cyber attack. Four years after Estonian ministries' IT services, including the foreign ministry, were hit by cyberattacks ...
https://www.euractiv.com/section/defence-and-security/news/estonia-says-russian-military-intelligence-behind-cyber-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Charles Darwin School Bromley closes due to cyber attack | News Shopper
A Biggin Hill school has closed its doors as it tackles a major cyber-attack.
https://www.newsshopper.co.uk/news/24568640.charles-darwin-school-bromley-closes-due-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

RansomHub Claims Planned Parenthood Hack, Steals 93GB of Sensitive Data
RansomHub claims to have breached Intermountain Planned Parenthood, stealing 93GB of data. The healthcare provider is investigating the…
https://hackread.com/ransomhub-planned-parenthood-hack-steals-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is the Shared Fate Model?
New threats, an overburdened workforce, and regulatory pressures mean cloud service providers need a more resilient model than the shared responsibility framework. That's where "shared fate" comes in.
https://www.darkreading.com/cloud-security/what-is-the-shared-fate-model
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apache fixes critical OFBiz remote code execution vulnerability
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. [...]
https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Appoints Kara Sprague As CEO

https://www.darkreading.com/vulnerabilities-threats/hackerone-appoints-kara-sprague-as-ceo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kiteworks Bolsters Its Secure Data Collection Capabilities With 123FormBuilder Acquisition

https://www.darkreading.com/cloud-security/kiteworks-bolsters-its-secure-data-collection-capabilities-with-123formbuilder-acquisition
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Palo Alto Networks® Closes Acquisition of IBM's QRadar SaaS Assets

https://www.darkreading.com/cybersecurity-operations/palo-alto-networks-closes-acquisition-of-ibm-s-qradar-saas-assets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malvertising Campaign Builds a Phish for Lowe's Employees
Retail employees are being duped into divulging their credentials by typosquatting malvertisements.
https://www.darkreading.com/threat-intelligence/malvertising-campaign-phish-lowes-employees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft removes revenge porn from Bing search using new tool
Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. [...]
https://www.bleepingcomputer.com/news/security/microsoft-removes-revenge-porn-from-bing-search-using-new-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese 'Tropic Trooper' APT Targets Mideast Governments
In the past, the group has targeted different sectors in East and Southeast Asia, but recently has pivoted its focus to the Middle East, specifically to entities that publish human rights studies.
https://www.darkreading.com/cyberattacks-data-breaches/chinese-tropic-trooper-apt-targets-mideast-governments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6991-1: AIOHTTP vulnerability
It was discovered that AIOHTTP did not properly restrict file access when the 'follow_symlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system.
https://ubuntu.com/security/notices/USN-6991-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China's 'Earth Lusca' Propagates Multiplatform Backdoor
The malware, KTLVdoor, has already been found on more than 50 command-and-control servers and enables full control of any environment it compromises.
https://www.darkreading.com/threat-intelligence/chinas-earth-lusca-propagates-multiplatform-backdoor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Veeam fixed a critical flaw in Veeam Backup & Replication software
Veeam addressed 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. Veeam security updates to address multiple vulnerabilities impacting its products, the company fixed 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. The most severe flaw included in the September 2024 security bulletin is a critical, […]
https://securityaffairs.com/168088/security/veeam-backup-replication-cve-2024-40711.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fighting AI with AI: Tools for the Twenty-First Century
AI is the most effective tool in our arsenal to identify and regulate AI-generated content. – Aimei Wei, Chief Technical Officer, Stellar Cyber San Jose, Calif. – Sep. 5, 2024 In a recent conversation with a major educational institution's CIO, the following circumstance arose: a The post Fighting AI with AI: Tools for the Twenty-First Century appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/stellar-test-fighting-ai-with-ai-tools-for-the-twenty-first-century/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pioneering Transparency: Oklahoma's Proposed Artificial Intelligence Bill of Rights
Originally published by Truyo.In the ever-evolving landscape of technology, the emergence of artificial intelligence (AI) has brought both promise and challenge. With AI permeating various aspects of our lives, from customer service interactions to content creation, ensuring transparency, accountability, and user control becomes paramount. Recognizing this need, Oklahoma stands at the forefront of innovation with its proposed legislation, the Oklahoma HB 3453, also known as the Artificial Int...
https://cloudsecurityalliance.org/articles/pioneering-transparency-oklahoma-s-proposed-artificial-intelligence-bill-of-rights
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian military hackers linked to critical infrastructure attacks
The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces (also known as GRU). [...]
https://www.bleepingcomputer.com/news/security/us-and-allies-link-russian-military-hackers-behind-critical-infrastructure-attacks-to-gru-unit-29155/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The DORA Quest: Beware of Vendors with Magic Beans
Originally published by Own Company.Written by Matthew O'Neill, Field CTO, Own Company.You can't escape the sheer volume of vendors sharing information about the Digital Operational Resilience Act (DORA) and how buying their tooling will make you compliant, which we all know is nonsense. DORA is upon us, and crafting the right outcome will require new processes and focus. Amongst the endless press releases and whitepapers, here are two of my unanswered questions: "Will DORA be an excuse to ra...
https://cloudsecurityalliance.org/articles/the-dora-quest-beware-of-vendors-with-magic-beans
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. [...]
https://www.bleepingcomputer.com/news/security/litespeed-cache-bug-exposes-6-million-wordpress-sites-to-takeover-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WordPress Mandates 2FA, SVN Passwords for Plugin, Theme Authors
Starting October 2024, WordPress requires plugin and theme authors to enable two-factor authentication (2FA) and use SVN-specific passwords…
https://hackread.com/wordpress-2fa-svn-passwords-plugin-theme-authors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Musician charged with M streaming royalties fraud using AI and bots
North Carolina musician Michael Smith was indicted for collecting over million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. [...]
https://www.bleepingcomputer.com/news/security/musician-charged-with-10m-streaming-royalties-fraud-using-ai-and-bots/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky
https://thehackernews.com/2024/09/chinese-speaking-hacker-group-targets.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution. The list of shortcomings is below - CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution. CVE-2024-42024 (CVSS score: 9.1
https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lowe’s employees phished via Google ads
Criminals are impersonating MyLowesLife, Lowes' HR portal for current and former employees.
https://www.malwarebytes.com/blog/cybercrime/2024/09/lowes-employees-phished-via-google-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Planned Parenthood partly offline after ransomware attack
Intermountain Planned Parenthood of Montana suffered a cyberattack which has been claimed by a ransomware group
https://www.malwarebytes.com/blog/news/2024/09/planned-parenthood-partly-offline-after-ransomware-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution (CVE-2024-45195) on Linux and Windows. Exploitation is facilitated by bypassing previous patches.
https://blog.rapid7.com/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusix Launches Guardian: Cutting-Edge Security Platform for Email and Network Providers
Boston, MA, 5th September 2024, CyberNewsWire
https://hackread.com/abusix-guardian-security-platform-email-network-providers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. [...]
https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-rce-flaw-in-backup-and-replication-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Defending Against Remote Code Execution in Google Chrome: A Critical Update
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe vulnerabilities can occur that threaten the security of its users.
https://linuxsecurity.com/news/security-vulnerabilities/chrome-update-mitigates-rce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal
The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted […]
https://securityaffairs.com/168078/malware/earth-lusca-malware-ktlvdoor.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New report shows ongoing gender pay gap in cybersecurity
The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary. The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the […] The post New report shows ongoing gender pay gap in cybersecurity appeared first on Security Intelligence.
https://securityintelligence.com/articles/new-report-shows-gender-pay-gap-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Wealth Advisors Will Soon Be Required To Disclose Cyber Breaches To Clients, Prospects
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Financial Advisor Magazine Sausalito, Calif. – Sep. 5, 2024 Wealth managers face a new reality. Cybercrime will soon be a .5 trillion annual business — larger than the sale of all The post Wealth Advisors Will Soon Be Required To Disclose Cyber Breaches To Clients, Prospects appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/wealth-advisors-will-soon-be-required-to-disclose-cyber-breaches-to-clients-prospects/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown
The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 32 internet domains used by a pro-Russian propaganda operation called Doppelganger as part of a sweeping set of actions. Accusing the Russian government-directed foreign malign influence campaign of violating U.S. money laundering and criminal trademark laws, the agency called out companies Social Design Agency (SDA),
https://thehackernews.com/2024/09/us-seizes-32-pro-russian-propaganda.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake OnlyFans Checker Tool Infects Hackers with Lummac Stealer Malware
OnlyFans account hackers are finding themselves on the receiving end of a nasty cyber surprise.
https://hackread.com/onlyfans-checker-tool-hackers-lummac-stealer-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Identify and Stop Scrapers
Fighting sophisticated scrapers requires advanced detection methods. Discover the techniques needed to identify and manage these hidden threats outlined in our investigation.
https://www.f5.com/labs/articles/threat-intelligence/how-to-identify-and-stop-scrapers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is Russian group APT28 behind the cyber attack on the German air traffic control agency (DFS)?
A cyber attack hit the German air traffic control agency (DFS) disrupting its operations, experts attribute it to Russia-linked group APT28. A cyber attack targeted the German Air Traffic Control Agency (DFS), as reported by Spiegel and European Truth. DFS, based in Langen near Frankfurt, confirmed that attackers breached its office connection but confirmed that […]
https://securityaffairs.com/168070/apt/apt28-cyber-attack-german-air-traffic-control-agency-dfs.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESET Research Podcast: HotPage
ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver
https://www.welivesecurity.com/en/podcasts/eset-research-podcast-hotpage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker trap: Fake OnlyFans tool backstabs cybercriminals, steals passwords
Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. [...]
https://www.bleepingcomputer.com/news/security/hacker-trap-fake-onlyfans-tool-backstabs-cybercriminals-steals-passwords/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Quishing, an insidious threat to electric car owners
Quishing is a type of phishing attack where crooks use QR codes to trick users into providing sensitive information or downloading malware. In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of […]
https://securityaffairs.com/168059/hacking/quishing-electric-car-owners.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tropic Trooper spies on government entities in the Middle East
Kaspersky experts found a new variant of the China Chopper web shell from the Tropic Trooper group that imitates an Umbraco CMS module and targets a government entity in the Middle East.
https://securelist.com/new-tropic-trooper-web-shell-infection/113737/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6993-1: Vim vulnerabilities
It was discovered that Vim incorrectly handled memory when closing a window, leading to a double-free vulnerability. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. (CVE-2024-41957) It was discovered that Vim incorrectly handled memory when adding a new file to an argument list, leading to a use-after-free. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. (CVE-2024-43374)
https://ubuntu.com/security/notices/USN-6993-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6992-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-8382, CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389) Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-8381) It was discovered that Firefox did not properly manage memory during garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-8384) Seunghyun...
https://ubuntu.com/security/notices/USN-6992-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

September 05, 2024
September 05, 2024 Hash 1b58d6d6c2a31a27889caffc34e7323df 26a252bfff840c7020b904bf10bf61399 3e92d4025ab9e3813fc40cfb198b595a2 URL 1http[:]//mem[.]mcgnu[.]kro[.]kr/0821_pprbss/d[.]php?na=mnfst 2https[:]//fasrint299[.]weebly[.]com/los-filosofos-mundanos-robert-heilbroner-pdf[.]html 3http[:]//185[.]215[.]113[.]16/inc/CnyvVl[.]exe IP 143[.]153[.]68[.]27 2112[.]111[.]6[.]45 3202[.]29[.]229[.]132 257,027 16,514 225 Top1 Korea, Republic of 37,253 Top1 TCP 80 48,731 게시물 September 05, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82931/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Family Security Update Advisory
Overview   An update has been released to address vulnerabilities in Android Product line. Users of the affected versions are advised to update to the latest version.   Affected Products   CVE-2024-33042 References [1] See CVE-2024-33042/Affected Chipsets* section   CVE-2024-33052 Reference [1] See CVE-2024-33052/Affected Chipsets* section   CVE-2024-33035 Reference [1] See CVE-2024-33035/Affected Chipsets* section   […] 게시물 Android Family Security Update Advisory이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82948/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Edge browser 128.0.6613.84/.85 (Chromium-based) version security update advisory
Overview   Microsoft (https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected products are advised to update to the latest version.   Affected Products   Microsoft Edge 128.0.6613.84/.85 (Chromium-based) or below   Resolved Vulnerabilities   Remote code execution vulnerability in Microsoft Edge 128.0.6613.84/.85 (Chromium-based) or below […] 게시물 Microsoft Edge browser 128.0.6613.84/.85 (Chromium-based) version security update advisory이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82949/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco Products September 2024 First Security Update Advisory
Overview   Cisco (https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version.   Affected Products   CVE-2024-20439, CVE-2024-20440 Cisco Smart Licensing Utility version: 2.0.0 Cisco Smart Licensing Utility version: 2.1.0 Cisco Smart Licensing Utility version: 2.2.0   […] 게시물 Cisco Products September 2024 First Security Update Advisory이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82950/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 1, September 2024
ASEC Blog publishes Ransom & Dark Web Issues Week 1, September 2024         A global Japanese automobile manufacturer has been listed as a new victim of RansomHub ransomware. Recent activities of the Anon Black hacktivist group targeting South Korean government agencies. Data and access rights of the largest beauty platform in the […] 게시물 Ransom & Dark Web Issues Week 1, September 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82963/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers
JFrog's cybersecurity researchers have identified a new PyPI attack technique called "Revival Hijack," which exploits package deletion policies. Over 22,000 packages are at risk, potentially impacting thousands of users. Stay informed!
https://hackread.com/supply-chain-attack-revival-hijack-pypi-takeovers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Extends Archiving and Compliance Leadership with New AI-Powered Digital Communications Governance Offering Across All Channels

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-extends-archiving-and-compliance-leadership-new-ai-powered
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google fixed actively exploited Android flaw CVE-2024-32896
Google addressed a security vulnerability in its Android operating system that is actively exploited in attacks in the wild. Google addressed a high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), in its Android operating system that is under active exploitation in the wild. The vulnerability CVE-2024-32896 is a privilege escalation in the Android Framework component. […]
https://securityaffairs.com/168047/mobile-2/google-fixed-actively-exploited-android-flaw-cve-2024-32896.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Quantifying the Value of Bug Bounty Programs: ROI, ROM, or Both?
Is ROI the right method to measure bug bounty value? Check out the cost-benefit analysis of ROI vs. ROM.
https://www.hackerone.com/vulnerability-management/quantifying-value-bug-bounty-programs-roi-rom-or-both
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6990-1: znc vulnerability
Johannes Kuhn (DasBrain) discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server.
https://ubuntu.com/security/notices/USN-6990-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Introduces End-to-End Information Protection Framework to Address Complex Data Loss Prevention Challenges

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-introduces-end-end-information-protection-framework-address
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Harry Potter-named malware strikes, revealing global espionage campaign

https://www.proofpoint.com/us/newsroom/news/new-harry-potter-named-malware-strikes-revealing-global-espionage-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DDoS Attacks Hit France Over Telegram's Pavel Durov Arrest
Hacktivists unite for the #FreeDurov campaign to launch a massive cyber campaign against France in response to Telegram…
https://hackread.com/ddos-attacks-france-telegrams-pavel-durov-arrest/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Discover Cloud Security Services That are Enabled with CSA STAR
Cloud computing security services help organizations protect their cloud environments from threats, unauthorized access, data breaches, and other security risks. With a myriad of offerings out there, choosing the right cloud security service can be a daunting task. Fortunately, CSA's Security, Trust, Assurance, and Risk (STAR) program provides a list of trusted and vetted solutions.The STAR Program: A Public Resource for Cloud SecurityCSA's STAR program is the most complete and largest cloud ...
https://cloudsecurityalliance.org/articles/discover-cloud-security-services-that-are-enabled-with-csa-star
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home
" Hello pervert" sextortion mails keep adding new features to their email to increase credibility and urge victims to pay
https://www.malwarebytes.com/blog/news/2024/09/hello-pervert-sextortion-scam-includes-new-threat-of-pegasus-and-a-picture-of-your-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6989-1: OpenStack vulnerability
Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data.
https://ubuntu.com/security/notices/USN-6989-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deploying Rust in Existing Firmware Codebases
Posted by Ivan Lozano and Dominik Maier, Android Team Android's use of safe-by-design principles drives our adoption of memory-safe languages like Rust, making exploitation of the OS increasingly difficult with every release. To provide a secure foundation, we're extending hardening and the use of memory-safe languages to low-level firmware (including in Trusty apps).In this blog post, we'll show you how to gradually introduce Rust into your existing firmware, prioritizing new code and the most security-critical code. You'll see how easy it is to boost security with drop-in Rust replacements, and we'll even demonstrate how the Rust toolchain can handle specialized bare-metal targets.Drop-in Rust replacements for C code are not a novel idea and have been used in other cases, such as librsvg's...
http://security.googleblog.com/2024/09/deploying-rust-in-existing-firmware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to avoid election related scams
With the elections at full throttle we are seeing several types of scams resurfacing and undoubtedly more will come
https://www.malwarebytes.com/blog/news/2024/09/how-to-avoid-election-related-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them!
D-Link warns of multiple remote code execution vulnerabilities impacting its discontinued DIR-846 router series. Networking hardware vendor D-Link wars of multiple remote code execution (RCE) vulnerabilities in its discontinued DIR-846 router model. The vulnerabilities CVE-2024-44341 and CVE-2024-44342 (CVSS score of 9.8) are two OS command injection issues. A remote attacker could exploit them to execute […]
https://securityaffairs.com/168041/security/d-link-dir-846-routers-code-execution-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rage Stealer Rebranded as Angry Stealer, Now Uses Telegram Bot for Data Theft
Beware of “Angry Stealer,” a new malware targeting your online accounts. This rebranded version of Rage Stealer steals…
https://hackread.com/rage-stealer-angry-stealer-telegram-bot-data-theft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OSCP is not the same anymore
A few days ago, Offsec announced a change in the OSCP certification, which will now be called OSCP+. OffSec will replace the current OSCP exam with an updated version that includes the following changes:Changes in the Active Directory portionRemoval of bonus points1. Changes in the Active Directory portionTo meet the changing cybersecurity landscape and prepare candidates for real-world challenges, they have updated the Active Directory portion of the exam. This change is based on the “Assumed Compromised Model,” where you will be provided authorized access to a domain or user. With this initial access to the AD domain, your goal will be the full domain compromise.What are the Bonus points:Bonus points were a way to drive engagement and adoption, but most learners did not require bonus...
https://infosecwriteups.com/oscp-is-not-the-same-anymore-82b93a7aca58?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Criminal IP Secures PCI DSS v4.0 Certification, Enhancing Payment Security with Top-Level Compliance
Torrance, United States / California, 4th September 2024, CyberNewsWire
https://hackread.com/criminal-ip-secures-pci-dss-v4-0-certification-enhancing-payment-security-with-top-level-compliance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Discover SQL Injection Issue That Can Bypass Airport Security
Researchers highlighted a serious security threat posed to airports and flight cockpits due to a… Researchers Discover SQL Injection Issue That Can Bypass Airport Security on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/04/researchers-discover-sql-injection-issue-that-can-bypass-airport-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6985-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.
https://ubuntu.com/security/notices/USN-6985-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Supply Chain Resilience: Protecting Against Business Payment Attacks
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Forbes Sausalito, Calif. – Sep. 4, 2024 A Forbes article reports that attacks on the supply chain are a pervasive issue plaguing enterprises. Gartner estimates that 45 percent of organizations worldwide The post Supply Chain Resilience: Protecting Against Business Payment Attacks appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/supply-chain-resilience-protecting-against-business-payment-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating the Linux Kernel's Latest DMA Security Vulnerability
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant kernel vulnerability, CVE-2024-43856 . The issue involves race conditions in the dmam_free_coherent() function, which could allow race condition-based attacks against various kernel versions.
https://linuxsecurity.com/news/security-vulnerabilities/linux-kernel-dma-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Learning, Sharing, and Exploring with NIST's New Human-Centered Cybersecurity Community of Interest
Human-centered cybersecurity (also known as ‘usable security') involves the social, organizational, and technological influences on people's understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity (HCC) approach, we can both improve people's cybersecurity experiences and achieve better cybersecurity outcomes, which is so important in today's digitally interconnected world. At NIST, we understand the value of making connections, listening, and interactivity. We also understand that researchers and practitioners want to hear directly from each other—and
https://www.nist.gov/blogs/cybersecurity-insights/learning-sharing-and-exploring-nists-new-human-centered-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Preventing an SBOM F-bomb: Streamline compliance in your software supply chain
Amidst increasing regulations and compliance requirements, organizations now must focus more on securing their software supply chains to meet evolving cybersecurity standards.
https://www.sonatype.com/blog/preventing-an-sbom-f-bomb-streamline-compliance-in-your-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mallox ransomware: in-depth analysis and evolution
In this report, we provide an in-depth analysis of the Mallox ransomware, its evolution, ransom strategy, encryption scheme, etc.
https://securelist.com/mallox-ransomware/113529/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The key considerations for cyber insurance: A pragmatic approach
Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options
https://www.welivesecurity.com/en/business-security/the-key-considerations-for-cyber-insurance-a-pragmatic-approach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6988-1: Twisted vulnerabilities
It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671) It was discovered that Twisted did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection leading to a cross-site scripting (XSS) attack. (CVE-2024-41810)
https://ubuntu.com/security/notices/USN-6988-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NCSC's Cyber Advisor scheme milestone
Cyber Advisor scheme for small organisations welcomes its 100th advisor, but more still needed!
https://www.ncsc.gov.uk/blog-post/ncsc-cyber-advisor-scheme-milestone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zyxel Product Line Security Update Advisory
Overview An update has been released to address vulnerabilities in Zyxel Product Line. Users of the affected versions are advised to update to the latest version.   Affected Products   CVE-2024-7261 AP NWA50AX versions: ~ 7.00 (ABYW.1) (inclusive) AP NWA50AX PRO versions: ~ 7.00 (ACGE.1) (inclusive) AP NWA55AXE versions: ~ 7.00 (ABZL.1) (inclusive) AP NWA90AX […] 게시물 Zyxel Product Line Security Update Advisory이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82919/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mozilla Products September 2024 1st Security Update Advisory
Overview   An update has been released to address vulnerabilities in Mozilla Products. Users of the affected versions are advised to update to the latest version.   Affected Products   CVE-2024-8381, CVE-2024-8385 Firefox versions: ~ 130 (excluded) Firefox ESR versions: ~ 128.2 (excluded)   CVE-2024-8387 Firefox versions: ~ 130 (excluded) Firefox ESR versions: ~ 128.2 […] 게시물 Mozilla Products September 2024 1st Security Update Advisory이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82920/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OpenSSL Vulnerability Security Update Advisory (CVE-2024-6119)
Overview   An update has been released to address vulnerabilities in OpenSSL. Users of the affected versions are advised to update to the latest version.   Affected Products   CVE-2024-6119 OpenSSL version: 3.3 OpenSSL version: 3.2 OpenSSL version: 3.1 OpenSSL version: 3.0   Resolved Vulnerabilities   A denial-of-service vulnerability (CVE-2024-6119) where an application could read […] 게시물 OpenSSL Vulnerability Security Update Advisory (CVE-2024-6119)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82926/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

September 04, 2024
September 04, 2024 Hash 11cf3b00c2803757dd2d2086abe8b6384 2cec0fd1b6d769123e0bec67c84f58623 3c389f8bb3a1e268e57a90f00d8e3d287 URL 1http[:]//89[.]32[.]41[.]95/arm4 2http[:]//89[.]32[.]41[.]95/mpsl 3https[:]//i-2-paopaoche[.]csd02[.]cn/2023/0319/2ce9a90d23224154aefc906ea08412db[.]png IP 143[.]133[.]227[.]69 2165[.]154[.]54[.]236 3116[.]198[.]216[.]131 296,130 25,207 278 Top1 Korea, Republic of 34,722 Top1 TCP 80 46,941 게시물 September 04, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82895/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Roundcube Webmail Security Update Advisory
Overview   An update has been released to address vulnerabilities in Roundcube Webmail. Users of the affected versions are advised to update to the latest version.   Affected Products   CVE-2024-42008, CVE-2024-42009, CVE-2024-42010 Roundcube Webmail version: 1.5.7 Roundcube Webmail versions: 1.6.x (inclusive) ~ 1.6.7 (inclusive)     Resolved Vulnerabilities   Cross-site scripting vulnerability in rcmail_action_mail_get->run() […] 게시물 Roundcube Webmail Security Update Advisory이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/82911/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crushing FUD: Embracing Ethical Hackers to Strengthen Cybersecurity
FUD can overshadow proactive collaboration with ethical hackers. Let's explore how to combat FUD and get organizational buy-in for bug bounty and VDP.
https://www.hackerone.com/vulnerability-management/crushing-fud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Cyber Security Breaches Are Inevitable, It's Time To Call For A New Approach

https://www.proofpoint.com/us/newsroom/news/when-cyber-security-breaches-are-inevitable-its-time-call-new-approach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RATs in the tunnel: Uncovering the cyber underworld.

https://www.proofpoint.com/us/newsroom/news/rats-tunnel-uncovering-cyber-underworld
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero Footprint Attacks: 3 Steps to Bypass EDR with Reflective Loading
Originally published by Pentera.EDR (Endpoint Detection and Response) evasion techniques are becoming increasingly common amongst attackers as they evolve their strategies to bypass security measures without being detected. There are many different types of EDR evasion techniques, many of which are listed on the MITRE ATT&CK website. The complexity and evolution of these methods vary widely; some can be quite simple, exploiting known vulnerabilities or configuration errors, while others i...
https://cloudsecurityalliance.org/articles/zero-footprint-attacks-3-steps-to-bypass-edr-with-reflective-loading
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Five Levels of Vulnerability Prioritization: From Basic to Advanced
Originally published by Dazz.Vulnerabilities are being disclosed at record pace. Since the common vulnerabilities and exposures (CVE) program was established by MITRE in 1999, there have been over 300,000 unique vulnerabilities published - and a significant portion of these have been found in the last few years.Since many of these vulnerabilities are disclosed in software and operating systems that are incredibly common, security teams have found themselves drowning in vulnerability findings ...
https://cloudsecurityalliance.org/articles/five-levels-of-vulnerability-prioritization-from-basic-to-advanced
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

London's city transport hit by cybersecurity incident
Transport for London (TfL) is apparently fighting a cybersecurity incident but is rather sparing in providing details
https://www.malwarebytes.com/blog/news/2024/09/londons-city-transport-hit-by-cybersecurity-incident
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6987-1: Django vulnerabilities
It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-45230) It was discovered that Django incorrectly handled certain email sending failures. A remote attacker could possibly use this issue to enumerate user emails by issuing password reset requests and observing the outcomes. (CVE-2024-45231)
https://ubuntu.com/security/notices/USN-6987-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sextortion Scams Now Include Photos of Your Home
An old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the videos more frightening and convincing.
https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6981-2: Drupal vulnerabilities
USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-13671) It was discovered that Drupal incorrectly sanitized archived filenames. A remote attacker could possibly use this issue to overwrite arbitrary files, or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949)
https://ubuntu.com/security/notices/USN-6981-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

City of Columbus tries to silence security researcher
The City of Columbus filed a lawsuit against a researcher for trying to inform the public about the nature data stolen by a ransomware group
https://www.malwarebytes.com/blog/news/2024/09/city-of-columbus-tries-to-silence-security-researcher
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating new regulations and the role of SBOMs in software security
Recently in our webinar series with Amazon Web Services (AWS) and Fortify by OpenText™, our third installment, "The Power of SBOMs: Regulations Looming," brought the panel together to discuss the evolving role of software bills of materials (SBOMs) amidst tightening global regulations.
https://www.sonatype.com/blog/navigating-new-regulations-and-the-role-of-sboms-in-software-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6986-1: OpenSSL vulnerability
David Benjamin discovered that OpenSSL incorrectly handled certain X.509 certificates. An attacker could possible use this issue to cause a denial of service or expose sensitive information.
https://ubuntu.com/security/notices/USN-6986-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cost of a data breach: Cost savings with law enforcement involvement
For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures […] The post Cost of a data breach: Cost savings with law enforcement involvement appeared first on Security Intelligence.
https://securityintelligence.com/articles/cost-of-a-data-breach-cost-savings-law-enforcement/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking Stereotypes: Women In Hollywood Films
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full CIO Africa Story Sausalito, Calif. – Sep. 3, 2024 Only 25 percent of global cybersecurity workers identify as a woman, according to data from Cybersecurity Ventures. CIO Africa reports that in Hollywood films, cultural The post Hacking Stereotypes: Women In Hollywood Films appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/hacking-stereotypes-women-in-hollywood-films/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A deep dive into the most interesting incident response cases of last year
Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more.
https://securelist.com/incident-response-interesting-cases-2023/113611/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

In plain sight: Malicious ads hiding in search results
Sometimes there's more than just an enticing product offer hiding behind an ad
https://www.welivesecurity.com/en/malware/in-plain-sight-malicious-ads-hiding-in-search-results/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IT threat evolution in Q2 2024. Non-mobile statistics
This report presents statistics on PC threats for Q2 2024, including data on ransomware, miners, threats to macOS and IoT devices.
https://securelist.com/it-threat-evolution-q2-2024-pc-statistics/113683/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IT threat evolution in Q2 2024. Mobile statistics
The report gives statistics on mobile malware and unwanted software for Q2 2024, including mobile banking Trojans and ransomware.
https://securelist.com/it-threat-evolution-q2-2024-mobile-statistics/113678/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IT threat evolution Q2 2024
In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc.
https://securelist.com/it-threat-evolution-q2-2024/113669/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Blooms Today - 3,184,010 breached accounts
In April 2024, 15M records from the online florist Blooms Today were listed for sale on a popular hacking forum. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data (card type, 4 digits of the number and expiry date). The breach did not expose sufficient card data to make purchases. Blooms Today did not respond when contacted about the incident.
https://haveibeenpwned.com/PwnedWebsites#BloomsToday
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cox Media Group To Listen To Users Devices For Ad Targeting
A leaked pitch deck exposed the sneaky plans of Cox Media Group to listen to… Cox Media Group To Listen To Users Devices For Ad Targeting on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/02/cox-media-group-to-listen-to-users-devices-for-ad-targeting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Owners of 1-Time Passcode Theft Service Plead Guilty
Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites. Scammers would enter the target's phone number and name, and the service would initiate an automated phone call to the target that alerts them about unauthorized activity on their account.
https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

High-Severity DoS Flaw Patched In Cisco NX-OS Software
A serious denial of service (DoS) flaw affected the Cisco NX-OS software that empowers Cisco… High-Severity DoS Flaw Patched In Cisco NX-OS Software on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/02/high-severity-dos-flaw-patched-in-cisco-nx-os-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oil Giant Halliburton Partly Went Offline Following Cyberattack
A major player in the global oil industry, Halliburton, endured a severe cyberattack that caused… Oil Giant Halliburton Partly Went Offline Following Cyberattack on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/02/oil-giant-halliburton-partly-went-offline-following-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant
Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies. The post Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant appeared first on Unit 42.
https://unit42.paloaltonetworks.com/global-protect-vpn-spoof-distributes-wikiloader/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Head Mare: adventures of a unicorn in Russia and Belarus
Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore.
https://securelist.com/head-mare-hacktivists/113555/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Implant Backdoor via Fake Palo Alto GlobalProtect Lure
Researchers warns enterprise users about a latest malware campaign targeting Middle East-based firms. The campaign… Hackers Implant Backdoor via Fake Palo Alto GlobalProtect Lure on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/02/hackers-implant-backdoor-via-fake-palo-alto-globalprotect-lure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

France Arrested Telegram Owner Charging For Criminal Activity Support
In a rare move, France recently arrested Telegram owner Pavel Durov, soon charging him for… France Arrested Telegram Owner Charging For Criminal Activity Support on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/02/france-arrested-telegram-owner-charging-for-criminal-activity-support/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (August 26 – September 1)
A list of topics we covered in the week of August 26 to September 1 of 2024
https://www.malwarebytes.com/blog/news/2024/09/a-week-in-security-august-26-september-1-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Writeup: Path mapping for web cache deception @ PortSwigger Academy
APPRENTICE-LABBefore starting, configure FoxyProxy to intercept requests through Burp Suite. Ensure that ‘Intercept' is turned off in Burp Suite while FoxyProxy is active, so that all requests are logged in the HTTP history. Then, log in to the application using the credentials wiener:peter.Please note that the response will include your API key.LoginGo to Burpuite Proxy > HTTP history, right-click the GET /my-account request and select Send to Repeater.HTTP historyNavigate to the Repeater tab. Modify the base path by adding an arbitrary segment; for example, change the path to /my-account/hanzala. Send the request and observe that you still receive a response containing your API key. This indicates that the origin server abstracts the URL path to /my-account. Additionally, ensure...
https://infosecwriteups.com/writeup-path-mapping-for-web-cache-deception-portswigger-academy-184ae04ca4c7?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Story About How I Found XSS in ASUS
A few months ago, during a routine security assessment, I uncovered a significant cross-site scripting (XSS) vulnerability in the ASUS Laravel Ignition debugging tool. This vulnerability, identified as R-XSS, posed a high risk due to the potential for unauthorized script execution in users' browsers. Here's how I discovered and explored this vulnerability.The DiscoveryWhile examining the target, I noticed that the Laravel Ignition debug mode was enabled on adam.asus.com, and the endpoint was vulnerable to XSS. The vulnerability was exposed through the following URL:Vulnerable URL: http://adam.asus.com/_ignition/scripts/--%3E%3Csvg%20onload=alert('cappriciosec.com')%3EWhen accessing this URL, the embedded script was executed in the user's browser, confirming the presence of an XSS vulnerability.Understanding...
https://infosecwriteups.com/a-story-about-how-i-found-xss-in-asus-cb233ce3bb9c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is /etc/passwd group shadow file in Linux
Passwd is a file where information related to the user is stored such as name, user id, group id,gecos field, home directory, and command…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/what-is-etc-passwd-group-shadow-file-in-linux-bd7b28f353f3?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding the Dark Web: Myths vs. Reality
Understanding the Dark Web: Myths vs. RealityContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/understanding-the-dark-web-myths-vs-reality-bc5add10c4c1?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unicast, Multicast, and Broadcast: Mastering Network Communication Essentials for Optimal…
Update on meContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/unicast-multicast-and-broadcast-mastering-network-communication-essentials-for-optimal-e92b5b1c6035?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI-Driven Ghostwriter: The 2024 Ransomware That Knows You Better Than You Know Yourself
Problem:Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/ai-driven-ghostwriter-the-2024-ransomware-that-knows-you-better-than-you-know-yourself-79d8fae08c99?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Get Started in Bug Bounty Hunting: A Comprehensive Beginner's Guide
IntroductionWelcome to the thrilling world of bug bounty hunting — where finding glitches in software is not just a hobby but a gateway to potential riches and recognition! Imagine being a digital detective, solving mysteries that most folks wouldn't even notice, and getting rewarded for it. In this guide, we'll unravel the basics of bug bounty hunting, give you a step-by-step walkthrough of unearthing common vulnerabilities, and share some nifty resources to get you started. Buckle up, it's going to be a bug-tastic ride!What is Bug Bounty Hunting?Bug bounty hunting is like being a superhero in the realm of cybersecurity, but without the flashy suit. It involves sniffing out and reporting security vulnerabilities in systems, apps, or websites. Companies run bug bounty programs...
https://infosecwriteups.com/how-to-get-started-in-bug-bounty-hunting-a-comprehensive-beginners-guide-4cdaf3dcd910?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Discovery of CVE-2024–5947: Authentication Bypass in Deep Sea Electronics DSE855
Recently, during a routine security assessment, I uncovered a significant flaw in the Deep Sea Electronics DSE855 device. This vulnerability, identified as CVE-2024–5947, pertains to an authentication bypass issue that allows unauthorized access to sensitive information. Here's how I discovered and explored this vulnerability.The DiscoveryWhile examining the target, I focused on the device's web-based interface and noticed a peculiar behavior. The Deep Sea Electronics DSE855 was exposing a configuration backup file at http://xxxxxxxxxx/Backup.bin. This file was accessible without any authentication, raising red flags.Understanding the VulnerabilityBug Name: Deep Sea Electronics DSE855 — Authentication BypassBug Priority: MediumVulnerable URL: http://xxxxxxx/Backup.binCVE Description:CVE-2024–5947...
https://infosecwriteups.com/the-discovery-of-cve-2024-5947-authentication-bypass-in-deep-sea-electronics-dse855-5fa2e89cbdfb?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Certified AI/ML Pentester (C-AI/MLPen) Review
Skynet better watch out…My hard fought cert…Before this week, I didn't even know this existed. I have been casually looking around for any way to certify that I have acquired a certain set of skills in hacking generative AI and LLM apps, to no avail.Then, one day I was casually scrolling my LinkedIn feed and I came across this:Certified AI/ML Pentester (C-AI/MLPen) - ReviewLo and behold, The SecOps Group launched this certification back in July! I jumped on it immediately. That 80% discount, on a £250.00 base price (8.25USD and USD when discounted), was too good to pass up. I had to buy a voucher.It's also notable that you get one free retake and your voucher is for life with each purchase.The Preparation“But Kelvin,” you say, “What type of prep work did you do if...
https://infosecwriteups.com/certified-ai-ml-pentester-c-ai-mlpen-review-f465bcdef8ef?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malware Botnet Exploits Vulnerable AVTECH IP Cameras
Researchers discovered the active exploitation of a zero-day vulnerability in AVTECH IP cameras by the… Malware Botnet Exploits Vulnerable AVTECH IP Cameras on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/01/malware-botnet-exploits-vulnerable-avtech-ip-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Patched Copilot Vulnerabilities That Could Expose Data
A security researcher discovered numerous vulnerabilities in Microsoft Copilot that could expose users' personal information,… Microsoft Patched Copilot Vulnerabilities That Could Expose Data on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/01/microsoft-patched-copilot-vulnerabilities-that-could-expose-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Market Moveis - 28,220 breached accounts
In August 2023, the Portuguese home decor company Market Moveis suffered a data breach that impacted 28k records. The exposed records were limited to names and email addresses.
https://haveibeenpwned.com/PwnedWebsites#MarketMoveis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‘Time-Travelling' Software Could Bankrupt Hackers
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Newsweek Sausalito, Calif. – Aug. 31, 2024 Ionir, developers of a cloud-based data services platform, with offices in New York and Tel Aviv, says it has created a cutting-edge The post ‘Time-Travelling’ Software Could Bankrupt Hackers appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/time-travelling-software-could-bankrupt-hackers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Open-Source Blockchain Technologies That Linux Users Need to Know About
With hundreds of thousands of open-source projects underway, it's easy to say that open-source has become a standard in software development. And when discussing open source, the first development environment that comes to mind is Linux.
https://linuxsecurity.com/features/features/5-open-source-blockchain-technologies-that-linux-users-need-to-know-about
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Three Best Tools You Need to Scan Your Linux System for Malware
While Linux servers are already extremely secure by default, there are extra steps you can and should take if you do have a Linux server instance running. As with any system, vulnerabilities still exist and can wreak havoc if proper prevention and security best practices are not implemented.
https://linuxsecurity.com/features/features/the-three-best-tools-you-need-to-scan-your-linux-system-for-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 08/30/2024
A new PHP encoder has been released by a community contributor, jvoisin, allowing a PHP payload to be encoded as an ASCII-Hex string. Learn more!
https://blog.rapid7.com/2024/08/30/metasploit-weekly-wrap-up-08-30-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne's Commitment to Learning and Development

https://www.hackerone.com/culture-and-talent/hackerones-commitment-learning-and-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign
Iranian spies posing as technical support agents contacted targeted individuals in Israel, Palestine, Iran, the UK, and the US on WhatsApp
https://www.malwarebytes.com/blog/news/2024/08/iranian-cybercriminals-are-targeting-whatsapp-users-in-spear-phishing-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital twins: secure design and development
How existing NCSC guidance can assist those looking to develop and deploy ‘digital twins'.
https://www.ncsc.gov.uk/blog-post/digital-twins-secure-design-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Complete Guide to Ransomware Recovery and Prevention
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in BackBlaze Sausalito, Calif. – Aug. 30, 2024 Cybersecurity Ventures predicts that global ransomware costs will reach 5 billion USD annually by 2031, up from billion in 2021. BackBlaze reports that The post The Complete Guide to Ransomware Recovery and Prevention appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-complete-guide-to-ransomware-recovery-and-prevention/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TLD Tracker: Exploring Newly Released Top-Level Domains
Unit 42 researchers use a novel graph-based pipeline to detect misuse of 19 new TLDs for phishing, chatbots and more in several case studies. The post TLD Tracker: Exploring Newly Released Top-Level Domains appeared first on Unit 42.
https://unit42.paloaltonetworks.com/tracking-newly-released-top-level-domains/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lookiero - 4,981,760 breached accounts
In August 2024, a data breach from the online styling service Lookiero was posted to a popular hacking forum. Dating back to March 2024, the data included 5M unique email addresses, with many of the records also including name, phone number and physical address. When contacted about the incident, Lookiero advised that they would "look into it and get back to you if necessary". The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
https://haveibeenpwned.com/PwnedWebsites#Lookiero
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting for iOS Mobile Applications
Learn the different methodologies and best practices for pentesting for iOS applications.
https://www.hackerone.com/penetration-testing/ios-mobile-applications
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake Canva home page leads to browser lock
A Google search ad for Canva is highly misleading and walks users into a trap.
https://www.malwarebytes.com/blog/scams/2024/08/fake-canva-home-page-leads-to-browser-lock
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to embrace Secure by Design principles while adopting AI
The rapid rise of generative artificial intelligence (gen AI) technologies has ushered in a transformative era for industries worldwide. Over the past 18 months, enterprises have increasingly integrated gen AI into their operations, leveraging its potential to innovate and streamline processes. From automating customer service to enhancing product development, the applications of gen AI are […] The post How to embrace Secure by Design principles while adopting AI appeared first on Security Intelligence.
https://securityintelligence.com/posts/how-to-embrace-secure-by-design-while-adopting-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Almanac 2-Minute Video Trending On YouTube
This week in cybersecurity from the editors at Cybercrime Magazine – Watch the 2-Minute Cybercrime Magazine Video Sausalito, Calif. – Aug. 29, 2024 The 2024/2025 Cybersecurity Almanac was published by Cybersecurity Ventures in partnership with Evolution Equity earlier this summer. The annual periodical features 100 facts, figures, The post Cybersecurity Almanac 2-Minute Video Trending On YouTube appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-almanac-2-minute-video-trending-on-youtube/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Telegram CEO Pavel Durov charged with allowing criminal activity
Telegram CEO Pavel Durov has been arrested in France which raises a lot of questions about the reasons behind the arrest.
https://www.malwarebytes.com/blog/news/2024/08/telegram-ceo-pavel-durov-charged-with-allowing-criminal-activity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

May 2024 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for May 2024 where I collected and analyzed 242 events...
https://www.hackmageddon.com/2024/08/29/may-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Emerging Dynamics of Deepfake Scam Campaigns on the Web
A technical analysis of deepfake technology uncovers how cybercriminals utilize AI-generated videos of public figures to execute sophisticated scams. The post The Emerging Dynamics of Deepfake Scam Campaigns on the Web appeared first on Unit 42.
https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Get-Out-The-Vote Efforts Look Like Phishing
Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign.
https://krebsonsecurity.com/2024/08/when-get-out-the-vote-efforts-look-like-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mechanistic Interpretability 101
Written by Ken Huang, CEO of DistributedApps.ai and VP of Research at CSA GCR.Why are neural networks so notoriously difficult to interpret, and how have researchers attempted to crack this black box in the past? This blog post is an initial attempt to discuss this and introduce Mechanistic Interpretability (MI), a potential approach that may improve our understanding of AI. What makes MI different from traditional methods, and could it really outperform them? We'll explore the limitations of...
https://cloudsecurityalliance.org/articles/mechanistic-interpretability-101
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building Secure and Compliant SaaS Apps – Identity Security Best Practices
Originally published by CyberArk.Written by Sam Flaster. Do you need to secure high-risk access to the back end of your customer-facing apps? Yes, you do – assuming you care about cybersecurity risk, uptime or compliance with SOC II and NIST and AWS, Azure and GCP architecture frameworks. To meet compliance requirements and grow your business, you must properly secure access to the cloud services and workloads powering your SaaS app. No matter the size and scale of your cloud-hosted app, ad...
https://cloudsecurityalliance.org/articles/building-secure-and-compliant-saas-apps-identity-security-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Why and the How of Managed CNAPP
Originally published by Tamnoon.Written by Ran Nahmias, CBO, Tamnoon.CNAPP is a fundamental piece of the cloud security puzzle – but poor implementations, lack of in-house expertise, and insufficient prioritization can lead to disappointing outcomes. At a time when security teams are stretched to their absolute limit, managed CNAPP is a more productive way forward for organizations looking to see quick results from their CNAPP investments.In this article:Importance of CNAPP in 2024The compell...
https://cloudsecurityalliance.org/articles/the-why-and-the-how-of-managed-cnapp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Top Ten IT Outages in History
Editorial Note: The lessons learned and changes that may result from the CrowdStrike incident may take quite some time to fully understand. CSA is providing a platform for member experts to weigh in on this issue. The opinions of this article represent those of the member, not those of CSA.Written by Javier Perez, Sr. Director of Product Marketing for Security at Veeam Software.Originally published on LinkedIn.The recent major outage from popular cybersecurity software CrowdStrike, caused by ...
https://cloudsecurityalliance.org/articles/the-top-ten-it-outages-in-history
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Can You Have Bulletproof Security Without Network Lag? Unveiling the Secret
Written by Vaibhav Dutta, Associate Vice President and Global Head - Cybersecurity Products & Services, Tata Communications. Originally published by CRN.Securing a modern enterprise network can feel like a high-wire act. Complex security measures, can slow down critical applications, hindering operational efficiency and productivity. Conversely prioritising ease of application access and performance over security can leave the business vulnerable to data breaches. NASSCOM has reported, th...
https://cloudsecurityalliance.org/articles/can-you-have-bulletproof-security-without-network-lag-unveiling-the-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The State of Cyber Resiliency in Financial Services
Written by Troy Leach, Chief Strategy Officer and John Yeoh, Global VP of Research, CSA. Global disruptions, changing regulatory oversight, and emerging AI threats are just some of the issues that cybersecurity professionals must prepare for today. In the upcoming report “Cloud Resiliency in Financial Services,” CSA analyzed industry-wide survey data to identify the key cyber resiliency areas that matter most to the financial industry. The report includes the perspectives of more than 860 sec...
https://cloudsecurityalliance.org/articles/the-state-of-cyber-resiliency-in-financial-services
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hai Facilitates Clear and Effective Communication
Learn how HackerOne's AI co-pilot, Hai, bridges communication gaps and streamlines collaboration.
https://www.hackerone.com/ai/hai-facilitates-effective-communication
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Addressing Account Takeovers: Security Leaders Share Their Concerns
Originally published by Abnormal Security.Written by Ryan Schwartz.For many security stakeholders, the phrase “account takeover” brings to mind email account compromise. But today's cloud application ecosystems are increasingly broad, interdependent, and complex. As these apps proliferate—and become ever more integral to key operational processes—additional points of entry into enterprise environments emerge.At the same time, it's progressively more difficult to maintain centralized visibilit...
https://cloudsecurityalliance.org/articles/addressing-account-takeovers-security-leaders-share-their-concerns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The art and science behind Microsoft threat hunting: Part 3
In this blog post, read how Microsoft Incident Response leverages three types of threat intelligence to enhance incident response scenarios. The post The art and science behind Microsoft threat hunting: Part 3 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/08/28/the-art-and-science-behind-microsoft-threat-hunting-part-3/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CODAC Behavioral Healthcare, US Marshalls are latest ransomware targets
Ransomware gangs love sensitive data from healthcare and support organizations to increase their leverage on the victims
https://www.malwarebytes.com/blog/news/2024/08/codac-behavioral-healthcare-us-marshalls-are-latest-ransomware-targets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Between April and July 2024, Microsoft observed Iranian state-sponsored threat actor Peach Sandstorm deploying a new custom multi-stage backdoor, which we named Tickler. Tickler has been used in attacks against targets in the satellite, communications equipment, oil and gas, as well as federal and state government sectors in the United States and the United Arab […] The post Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/08/28/peach-sandstorm-deploys-new-custom-tickler-malware-in-long-running-intelligence-gathering-operations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stealing cash using NFC relay – Week in Security with Tony Anscombe
The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become
https://www.welivesecurity.com/en/videos/stealing-cash-using-nfc-relay-week-in-security-with-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RaaS Attacks: Economics and Mitigation Strategies
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Keepit Story Sausalito, Calif. – Aug. 28, 2024 Data security company Keepit explains that Ransomware-as-a-Service (RaaS), as the name suggests, is a model where cybercriminals develop and offer ransomware kits and services The post RaaS Attacks: Economics and Mitigation Strategies appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/raas-attacks-economics-and-mitigation-strategies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Command with Confidence: Insights from Andrew Bustamante
At the recent Take Command Summit, former CIA intelligence officer and US Air Force combat veteran Andrew Bustamante shared valuable tools, tactics, and techniques from elite intelligence agencies with Rapid7's Americas Field CTO Jeffrey Gardner in an informal chat.
https://blog.rapid7.com/2024/08/28/command-with-confidence-insights-from-andrew-bustamante/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Optimizing SBOM sharing for compliance and transparency
As software development continues to evolve, the critical need for transparent and secure practices in software supply chains remains constant.
https://www.sonatype.com/blog/optimizing-sbom-sharing-for-compliance-and-transparency
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exclusive: Inside Iran's hacking operation that has US officials on edge ahead of 2024 election

https://www.proofpoint.com/us/newsroom/news/exclusive-inside-irans-hacking-operation-has-us-officials-edge-ahead-2024-election
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Risks Lurking in Publicly Exposed GenAI Development Services
Get our research team's analysis of the security of GenAI development services.
https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
Demystifying CVE-2024-7262 and CVE-2024-7263
https://www.welivesecurity.com/en/eset-research/analysis-of-two-arbitrary-code-execution-vulnerabilities-affecting-wps-office/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sport 2000 - 3,189,643 breached accounts
In April 2024, the French sporting equipment manufacturer Sport 2000 announced it had suffered a data breach. The data was subsequently put up for sale on a popular hacking forum and included 4.4M rows with 3.2M unique email addresses alongside names, physical addresses, phone numbers, dates of birth and purchases made by store name. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
https://haveibeenpwned.com/PwnedWebsites#Sport2000
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)
What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting them system administrator access. This flaw effects the “Change Favicon” (Favorite Icon) option that can be misused to upload a malicious file ending with .png extension to masquerade as an image file. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-39717 to its “Known Exploited Vulnerabilities” list.What is the recommended Mitigation?Versa Networks has released a patch to address this vulnerability and has mentioned in their advisory that the vulnerability has already been exploited by an Advanced Persistent Threat actor.What FortiGuard Coverage is available?FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5511
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New 0-Day Attacks Linked to China's ‘Volt Typhoon'
Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.
https://krebsonsecurity.com/2024/08/new-0-day-attacks-linked-to-chinas-volt-typhoon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SMS scammers use toll fees as a lure
Scammers are increasingly using toll fees as a lure in smishing attacks with the aim of grabbing victims' personal details and credit card information.
https://www.malwarebytes.com/blog/news/2024/08/sms-scammers-use-toll-fees-as-a-lure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Assessing Container Images Across Private Registries with InsightCloudSec
As the adoption of container technology has grown, so too has the importance of securing these environments.
https://blog.rapid7.com/2024/08/27/assessing-container-images-across-private-registries-with-insightcloudsec/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cost of data breaches: The business case for security AI and automation
As Yogi Berra said, “It’s déjà vu all over again.” If the idea of the global average costs of data breaches rising year over year feels like more of the same, that’s because it is. Data protection solutions get better, but so do threat actors. The other broken record is the underuse or misuse of […] The post Cost of data breaches: The business case for security AI and automation appeared first on Security Intelligence.
https://securityintelligence.com/articles/cost-of-data-breaches-business-case-for-security-ai-automation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Infosec industry calls for more public sector collaboration

https://www.proofpoint.com/us/newsroom/news/infosec-industry-calls-more-public-sector-collaboration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HZ Rat backdoor for macOS attacks users of China's DingTalk and WeChat
Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers.
https://securelist.com/hz-rat-attacks-wechat-and-dingtalk/113513/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 May 2024 Cyber Attacks Timeline
In the second timeline of May 2024 I collected 136 events (8.5 events/day) with a threat landscape dominated by...
https://www.hackmageddon.com/2024/08/27/16-31-may-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Old devices, new dangers: The risks of unsupported IoT tech
In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors
https://www.welivesecurity.com/en/internet-of-things/old-devices-new-dangers-the-risks-of-unsupported-iot-tech/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Microsoft Entra ID supports US government agencies in meeting identity security requirements
United States Government agencies are adopting Microsoft Entra ID to consolidate siloed identity solutions, reduce operational complexity, and improve control and visibility across all users. The post How Microsoft Entra ID supports US government agencies in meeting identity security requirements appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/08/26/how-microsoft-entra-id-supports-us-government-agencies-in-meeting-identity-security-requirements/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep. 5)
The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure
https://www.welivesecurity.com/en/videos/exploring-android-threats-and-ways-to-mitigate-them-unlocked-403-cybersecurity-podcast-ep5/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Traderie - 364,898 breached accounts
In September 2022, the in-game trading marketplace Traderie suffered a data breach that exposed almost 400k records (this preceded a subsequent breach the following year). The incident exposed email and IP addresses, usernames and links to social media profiles. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
https://haveibeenpwned.com/PwnedWebsites#Traderie
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MSSQL for Pentester: NetExec
NetExec (nxc) is a powerful network exploitation tool developed as a modern successor to CrackMapExec (CME), which was widely used by penetration testers and red The post MSSQL for Pentester: NetExec appeared first on Hacking Articles.
https://www.hackingarticles.in/mssql-for-pentester-netexec/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 08/23/2024
This weeks Metasploit Weekly Wrap-Up update included 3 new module content and 1 new bug fix. Learn more about the details and documentations!
https://blog.rapid7.com/2024/08/23/metasploit-weekly-wrap-up-08-23-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Local Networks Go Global When Domain Names Collide
The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn't exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here's a look at one security researcher's efforts to map and shrink the size of this insidious problem.
https://krebsonsecurity.com/2024/08/local-networks-go-global-when-domain-names-collide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Key Takeaways From The Take Command Summit: Navigating New SEC Cybersecurity Disclosure Rules
Understanding and complying with the new SEC Cybersecurity Disclosure Rules is a daunting task for many organizations. The Rapid7 Take Command Summit provided an in-depth look at these regulations, offering valuable guidance for cybersecurity professionals.
https://blog.rapid7.com/2024/08/23/key-takeaways-from-the-take-command-summit-navigating-new-sec-cybersecurity-disclosure-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Paris Olympic authorities battled cyberattacks, and won gold
The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions. In preparation for expected attacks, authorities took several proactive measures to ensure the security […] The post How Paris Olympic authorities battled cyberattacks, and won gold appeared first on Security Intelligence.
https://securityintelligence.com/articles/paris-olympic-authorities-battled-cyberattacks-won-gold/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Iranians who hacked Trump's campaign have deep expertise

https://www.proofpoint.com/us/newsroom/news/iranians-who-hacked-trumps-campaign-have-deep-expertise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bling Libra's Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware
We analyze a recent incident by Bling Libra, the group behind ShinyHunters ransomware as they shift from data theft to extortion, exploiting AWS credentials. The post Bling Libra's Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PWA phishing on Android and iOS – Week in security with Tony Anscombe
Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security
https://www.welivesecurity.com/en/videos/pwa-phishing-on-android-and-ios-week-in-security-with-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The countdown to NIS2 is on: Understand its scope and requirements
The Network and Information Systems Directive 2 (NIS2) regulation goes into effect in October 2024, leaving European Union (EU) member states just a few fleeting months to adopt and publish its compliance recommendations.
https://www.sonatype.com/blog/the-countdown-to-nis2-is-on-understanding-its-scope-and-requirements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Preparing for Unknown Risks: How to Better Prepare for Risks You Can't See Yet
On one hand, we're combating threat actors attempting to steal information, money or simply trying to cause havoc. On the other, we're trying to better understand employee behaviour amidst the myriad of applications they use on a daily basis; always vigilant for any suspicious activity.
https://blog.rapid7.com/2024/08/22/preparing-for-unknown-risks-how-to-better-prepare-for-risks-you-cant-see-yet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'Netfetcher' package drops illicit 'node' binary on Windows
Recently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of these executables are called "node.exe" and even bear the NodeJS icon and metadata, making them evasive and easily mistaken for legitimate libraries.
https://www.sonatype.com/blog/pyfetcher-netfetch-drop-netflix-checker-on-windows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy
The Microsoft AI Tour is coming to a city near you. Join a free, one-day tour event to learn how we are making AI deployment more secure. The post Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/08/22/microsoft-ai-tour-hear-the-latest-product-innovations-to-elevate-your-security-strategy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Memory corruption vulnerabilities in Suricata and FreeRDP
While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer.
https://securelist.com/suricata-freerdp-memory-corruption/113489/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scanning for CVE-2017-9841 Drops Precipitously
Last issue, we observed huge amounts of scanning for the rather old CVE-2017-9841, an RCE in PHPUnit. This time it’s fallen off nearly as sharply. We look into why!
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-july-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NGate Android malware relays NFC traffic to steal cash
Android malware discovered by ESET Research relays NFC data from victims' payment cards, via victims' mobile phones, to the device of a perpetrator waiting at an ATM
https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Prioritizing and automating for optimal developer velocity and business outcomes
The ability to prioritize and automate effectively within software development and software supply chains can drastically alter the speed and quality of business outcomes.
https://www.sonatype.com/blog/prioritizing-and-automating-for-optimal-developer-velocity-and-business-outcomes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft again ranked number one in modern endpoint security market share
IDC Worldwide Corporate Endpoint Security Market Shares report for 2023 ranks Microsoft number one in market share with a 40.7% increase in share over last year. The post Microsoft again ranked number one in modern endpoint security market share appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/08/21/microsoft-again-ranked-number-one-in-modern-endpoint-security-market-share/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 May 2024 Cyber Attacks Timeline
In the first timeline of May 2024, I collected 105 events (7 events/day) with a threat landscape still dominated by malware.
https://www.hackmageddon.com/2024/08/21/1-15-may-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploits and vulnerabilities in Q2 2024
The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024.
https://securelist.com/vulnerability-exploit-report-q2-2024/113455/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic
Unit 42 researchers use deep learning to detect cyber threats by analyzing DNS traffic, employing autoencoders and machine learning algorithms. The post Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic appeared first on Unit 42.
https://unit42.paloaltonetworks.com/profiling-detecting-malicious-dns-traffic/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How regulatory standards and cyber insurance inform each other
Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with
https://www.welivesecurity.com/en/business-security/how-regulatory-standards-and-cyber-insurance-inform-each-other/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

100 Hacking Tools and Resources
Whether you've just started hacking or are a real pro, we've created the ultimate list of 100 hacking tools for your toolkit!
https://www.hackerone.com/ethical-hacker/100-hacking-tools-and-resources
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Retail Under Attack: 6 Learnings from a Retail Customer
Swiss sportswear brand On provides insights into the threats to the retail industry and how human-powered security addresses them.
https://www.hackerone.com/customer-stories/retail-under-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Iranian hackers targeted Jewish figure with malware attached to podcast invite, researchers say

https://www.proofpoint.com/us/newsroom/news/iranian-hackers-targeted-jewish-figure-malware-attached-podcast-invite-researchers-say
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Selling Ransomware Breaches: 4 Trends Spotted on the RAMP Forum
The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks.
https://blog.rapid7.com/2024/08/20/selling-ransomware-breaches-4-trends-spotted-on-the-ramp-forum/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cost of a data breach: The industrial sector
Industrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement. According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial sector was .56 million. This reflects an 18% increase for the […] The post Cost of a data breach: The industrial sector appeared first on Security Intelligence.
https://securityintelligence.com/articles/cost-of-a-data-breach-industrial-sector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementation Challenges in Privacy-Preserving Federated Learning
In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon ( United Kingdom (UK) Office of National Statistics (ONS)), and Dr. Michael Fenton (Trūata) who were winners in the UK-US Privacy-Enhancing Technologies ( PETs) Prize Challenges. We discuss implementation challenges of privacy-preserving federated learning (PPFL) - specifically, the areas of threat modeling and real world deployments. Threat Modeling In research on privacy-preserving federated learning (PPFL), the protections of a PPFL system are usually encoded in a threat model that defines
https://www.nist.gov/blogs/cybersecurity-insights/implementation-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Configuring Office 365's 'Report Phishing' add-in for Outlook to use SERS
How to report emails to the NCSC's Suspicious Email Reporting Service (SERS) using Office 365's 'Report Phishing' add-in for Outlook.
https://www.ncsc.gov.uk/guidance/configuring-o365-outlook-report-phishing-for-sers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Patchdiffing Journey – TP-Link Omada
Last year we participated in the Pwn2Own 2023 Toronto competition and successfully exploited the Synology BC500 camera. The DEVCORE Internship Program team managed to exploit a bug in the TP-Link Omada Gigabit VPN Router. So I was naturally curious and wanted to figure out how difficult it would be to recreate that exploit having access only to a high-level bug description and the firmware.
https://blog.compass-security.com/2024/08/a-patchdiffing-journey-tp-link-omada/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crypto enthusiasts flood npm with more than 281,000 bogus packages overnight
Crypto enthusiasts have lately been flooding software registries like npm and PyPI with thousands of bogus packages that add no functional value and instead put a strain on the entire open source ecosystem. A single instance, recorded by Sonatype in July 2024, saw 281,512 distinct packages appearing on the npmjs.com registry overnight — each package named a gibberish Latin phrase akin to Lorem Ipsum. 
https://www.sonatype.com/blog/crypto-enthusiasts-flood-npm-with-281000-bogus-packages-overnight
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

National Public Data Published Its Own Passwords
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans' Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available for download from its homepage until today.
https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Key Insights from the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)
The 2024 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP) provides invaluable insights into the latest trends and technologies that are reshaping how companies protect their digital assets.
https://blog.rapid7.com/2024/08/19/5-key-insights-from-the-gartner-r-market-guide-for-cloud-native-application-protection-platforms-cnapp/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tracki - 372,557 breached accounts
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the GPS tracking service Tracki. Multiple vulnerabilities exposed the personal records of 372k users of the service including names and email addresses.
https://haveibeenpwned.com/PwnedWebsites#Tracki
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Explore Talent (August 2024) - 8,929,384 breached accounts
In August 2024, a slew of security vulnerabilities were identified with a conglomerate of online services which included the talent network Explore Talent. A vulnerable API exposed the personal records of 11.4M users of the service of which 8.9M unique email addresses were provided to HIBP. This incident is separate to the Explore Talent breach which occurred in 2022 and was loaded into HIBP in July 2024.
https://haveibeenpwned.com/PwnedWebsites#ExploreTalentAug2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 08/16/2024
This weeks Metasploit Weekly Wrap-Up included 3 new module contents. Learn more about the modules and update to the latest Metasploit Framework.
https://blog.rapid7.com/2024/08/16/metasploit-weekly-wrap-up-08-16-2014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack My Career: Meet Bertijn Eldering

https://www.hackerone.com/culture-and-talent/hack-my-career-meet-bertijn-eldering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Key Takeaways From The Take Command Summit: Enhancing Cybersecurity Culture
Building a resilient cybersecurity culture is crucial in today's digital landscape. The recent Rapid7 Take Command Summit session titled "Commander in Chief: Enhancing Cybersecurity Culture" offered valuable insights into fostering a strong security mindset within organizations.
https://blog.rapid7.com/2024/08/16/key-takeaways-from-the-take-command-summit-enhancing-cybersecurity-culture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shopping and paying safely online
Tips to help you purchase items safely and avoid fraudulent websites.
https://www.ncsc.gov.uk/guidance/shopping-online-securely
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How a BEC scam cost a company million – Week in security with Tony Anscombe
Business email compromise (BEC) has once again proven to be a costly issue, with a company losing million in a wire transfer fraud scheme
https://www.welivesecurity.com/en/videos/how-a-bec-scam-cost-a-company-60-million-week-in-security-with-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESG Survey Report Finds AI, Secrets, and Misconfigurations Plague AppSec Teams
Find out how your peers are managing application security challenges. 
https://www.legitsecurity.com/blog/esg-survey-report-finds-ai-secrets-and-misconfigurations-plague-appsec-teams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NationalPublicData.com Hack Exposes a Nation's Data
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We'll also take a closer look at the data broker that got hacked -- a background check company founded by an actor and retired sheriff's deputy from Florida.
https://krebsonsecurity.com/2024/08/nationalpublicdata-com-hack-exposes-a-nations-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Takeaways from the Dismissal of the Government's Case Against the SolarWinds CISO
The government's case against the SolarWinds CISO has been dismissed. What does this development mean?
https://www.hackerone.com/public-policy/solarwinds-case-dismissal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISOs list human error as their top cybersecurity risk
With cybersecurity, the focus often is on technology — specifically, how cyber criminals use it to conduct attacks and the tools that organizations can use to keep their systems and data safe. However, this overlooks the most important element in cybersecurity risk: human error. Human risk in cybersecurity Proofpoint’s 2024 Voice of the CISO report […] The post CISOs list human error as their top cybersecurity risk appeared first on Security Intelligence.
https://securityintelligence.com/articles/cisos-list-human-error-top-cybersecurity-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leaked Environment Variables Allow Large-Scale Extortion Operation in Cloud Environments
We recount an extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments. The post Leaked Environment Variables Allow Large-Scale Extortion Operation in Cloud Environments appeared first on Unit 42.
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Multiple Actively Exploited Vulnerabilities
What are the Vulnerabilities?Threat actors are exploiting multiple zero-day vulnerabilities that were recently disclosed on the Microsoft Security Updates- August 2024. The six actively exploited zero-day vulnerabilities were also added to CISA's Known Exploited Vulnerabilities catalog (KEV) after the disclosure. [August 2024 Security Updates- Release Notes- Microsoft]• CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability• CVE-2024-38178: Microsoft Windows Scripting Engine Memory Corruption Vulnerability• CVE-2024-38213: Microsoft Windows SmartScreen Security Feature Bypass Vulnerability• CVE-2024-38193: Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability• CVE-2024-38106: Microsoft Windows Kernel Privilege Escalation Vulnerability•...
https://fortiguard.fortinet.com/threat-signal-report/5507
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Resilience Audit scheme open to applications
A new NCSC scheme assuring providers of CAF-based audits is now open for potential members.
https://www.ncsc.gov.uk/blog-post/cyber-resilience-audit-scheme-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to audit SBOMs for enhanced software security
Software bill of materials (SBOMs) are essential elements for managing software security and compliance, especially in light of increasing open source risks.
https://www.sonatype.com/blog/how-to-audit-sboms-for-enhanced-software-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unit 42 Attack Surface Threat Research: Over 23% of Internet-Connected Exposures Involve Critical IT and Security Infrastructure
Find out which industries have the most rapidly expanding attack surfaces from a survey of 260+ orgs in Unit 42's 2024 Attack Surface Threat Report. The post Unit 42 Attack Surface Threat Research: Over 23% of Internet-Connected Exposures Involve Critical IT and Security Infrastructure appeared first on Unit 42.
https://unit42.paloaltonetworks.com/2024-unit-42-attack-surface-threat-research-internet-connected-exposures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM
In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, “CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors.” While […] The post CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM appeared first on Security Intelligence.
https://securityintelligence.com/articles/circia-feedback-update-critical-infrastructure-providers-weigh-in-nprm/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chris Leong - 27,096 breached accounts
In August 2024, the website of Master Chris Leong "a leading Tit Tar practitioner in Malaysia" suffered a data breach. The incident exposed 27k unique email addresses along with names, physical addresses, dates of birth, genders, nationalities and in many cases, links to Facebook profiles. The company did not respond when contacted about the breach.
https://haveibeenpwned.com/PwnedWebsites#ChrisLeong
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Six 0-Days Lead Microsoft's August 2024 Patch Push
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.
https://krebsonsecurity.com/2024/08/six-0-days-lead-microsofts-august-2024-patch-push/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LDLC - 1,266,026 breached accounts
In March 2024, French retailer LDLC disclosed a data breach that impacted customers of their physical stores. The data was previously listed for sale on a popular hacking forum and contained 1.26M unique email addresses along with names, phone numbers and physical addresses. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
https://haveibeenpwned.com/PwnedWebsites#LDLC
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Questions to Assess Your Organization's Bug Bounty Readiness
Is your organization ready for a bug bounty program? These 5 questions will help assess your security program's bug bounty readiness.
https://www.hackerone.com/vulnerability-management/bug-bounty-readiness-questions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack My Career: Meet Alek Relyea

https://www.hackerone.com/culture-and-talent/hack-my-career-meet-alek-relyea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

National Public Data (unverified) - 133,957,569 breached accounts
In April 2024, a large trove of data made headlines as having exposed "3 billion people" due to a breach of the National Public Data background check service. The initial corpus of data released in the breach contained billions of rows of personal information, including US social security numbers. Further partial data sets were later released including extensive personal information and 134M unique email addresses, although the origin and accuracy of the data remains in question. This breach has been flagged as "unverified" and a full description of the incident is in the link above.
https://haveibeenpwned.com/PwnedWebsites#NationalPublicData
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Private AI For All: Our End-To-End Approach to AI Privacy on Android
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy, and Giles Hogben, Senior Director, Privacy Engineering, Android Your smartphone holds a lot of your personal information to help you get things done every day. On Android, we are seamlessly integrating the latest artificial intelligence (AI) capabilities, like Gemini as a trusted assistant – capable of handling life's essential tasks. As such, ensuring your privacy and security on Android is paramount. As a pioneer in responsible AI and cutting-edge privacy technologies like Private Compute Core and federated learning, we made sure our approach to the assistant experience with Gemini on Android is aligned with our existing Secure AI framework, AI Principles and Privacy Principles. We've always safeguarded...
http://security.googleblog.com/2024/08/android-private-ai-approach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Post-quantum cryptography: what comes next?
Jeremy B explains how the NCSC will help organisations plan their migration to PQC.
https://www.ncsc.gov.uk/blog-post/post-quantum-cryptography-what-comes-next
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating the different cyber services from the NCSC
If you don't have the inhouse expertise to keep your organisation cyber secure, the NCSC offers services and tools to help organisations guard against commodity threats.
https://www.ncsc.gov.uk/blog-post/navigating-ncsc-cyber-service
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars. The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cost of a data breach 2024: Financial industry
According to the IBM Cost of a Data Breach 2024 report, the average global breach cost has reached .88 million — a significant increase over last year’s .45 million and the biggest jump since the pandemic. For financial industry enterprises, costs are even higher. Companies now spend .08 million dealing with data breaches, which is […] The post Cost of a data breach 2024: Financial industry appeared first on Security Intelligence.
https://securityintelligence.com/articles/cost-of-a-data-breach-2024-financial-industry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
New research uncovers a potential attack vector on GitHub repositories, with leaked tokens leading to potential compromise of services. The post ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts appeared first on Unit 42.
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Active Cyber Defence 2.0
ACD 2.0 aims to build the next generation of services in partnership with industry and academia.
https://www.ncsc.gov.uk/blog-post/introducing-active-cyber-defence-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GUI Console WebSockets do not terminate on logout
An insufficient session expiration vulnerability [CWE-613] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.
https://fortiguard.fortinet.com/psirt/FG-IR-22-445
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OS command injections in execute CLI commands
An improper neutralization of special elements [CWE-89] used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiDDoS & FortiDDoS-F may allow an authenticated attacker to execute shell code as root via execute CLI commands.
https://fortiguard.fortinet.com/psirt/FG-IR-22-047
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Priviledged admin able to modify super-admins password
An unverified password change vulnerability [CWE-620] in FortiManager or FortiAnalyzer may allow a read-write user to modify admin passwords via the device configuration backup.
https://fortiguard.fortinet.com/psirt/FG-IR-23-467
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RADIUS Protocol CVE-2024-3596
A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server.
https://fortiguard.fortinet.com/psirt/FG-IR-24-255
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Real-time file system integrity checking write protection bypass
An improper access control vulnerability [CWE-284] in FortiOS may allow an attacker who has already successfully obtained write access to the underlying system (via another hypothetical exploit) to bypass the file integrity checking system.
https://fortiguard.fortinet.com/psirt/FG-IR-24-012
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XSS vulnerability in communications triggered in playbooks
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via the Communications module.
https://fortiguard.fortinet.com/psirt/FG-IR-23-088
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Post-Quantum Cryptography: Standards and Progress
Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, Google, and Phil Venables, VP, TI Security & CISO, Google Cloud The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures. In progress since 2016, this achievement represents a major milestone towards standards development that will keep information on the Internet secure and confidential for many years to come. Here's a brief overview of what PQC is, how Google is using PQC, and how other organizations can adopt these new standards. You can also read more about PQC and Google's role in the standardization process in this 2022 post from Cloud CISO Phil Venables. What is PQC? Encryption...
http://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Harnessing LLMs for Automating BOLA Detection
Learn about BOLABuster, an LLM-driven tool automating BOLA vulnerability detection in web applications. Issues have already been identified in multiple projects. The post Harnessing LLMs for Automating BOLA Detection appeared first on Unit 42.
https://unit42.paloaltonetworks.com/automated-bola-detection-and-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The great location leak: Privacy risks in dating apps
What if your favorite dating, social media or gaming app revealed your exact coordinates to someone you'd rather keep at a distance?
https://www.welivesecurity.com/en/privacy/great-location-leak-privacy-risks-dating-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building a nation-scale evidence base for cyber deception
The NCSC is inviting UK organisations to contribute evidence of cyber deception use cases and efficacy to support our long-term research goals.
https://www.ncsc.gov.uk/blog-post/building-a-nation-scale-evidence-base-for-cyber-deception
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shadow - 543,295 breached accounts
In September 2023, the cloud gaming provider Shadow suffered a data breach that exposed over half a million customer records. The data included email and physical addresses, names and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
https://haveibeenpwned.com/PwnedWebsites#Shadow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sonatype's summer webinar series: Future cybersecurity requirements
Sonatype kicked off its Summer of Software Regulations & Compliance webinar series this week with a broad look at some of the key regulations on improving cybersecurity. Jen Ellis, one of the hosts of the Distilling Cyber Policy podcast, moderated a discussion with Alex Botting, her co-host and EU Engagement Officer at the Center for Cybersecurity Policy, and Sonatype's Ilkka Turunen.
https://www.sonatype.com/blog/webinar-series-future-of-cybersecurity-requirements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Preview of State of GitHub Actions Security Report: Security of GH Workflows Building Blocks
Understand the security status of GitHub Actions workflows and how to mitigate the risk.
https://www.legitsecurity.com/blog/security-of-the-building-blocks-of-github-actions-workflows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to spot scammers claiming to be from the NCSC
Check that you're talking to a genuine NCSC employee, and not a criminal.
https://www.ncsc.gov.uk/guidance/how-to-spot-scammers-claiming-to-be-from-the-ncsc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Review: First Half of 2024
Discover the 2024 ransomware landscape: a 4.3% increase in leak site posts compared to the first half of 2023, top targeted sectors and impacted countries. The post Ransomware Review: First Half of 2024 appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Not SOCRadar - 282,478,425 breached accounts
In August 2024, over 332M rows of email addresses were posted to a popular hacking forum. The post alleged the addresses were scraped from cybersecurity firm SOCRadar, however an investigation on their behalf concluded that "the actor merely utilised functionalities inherent in the platform's standard offerings, designed to gather information from publicly available sources". There is no suggestion the incident compromised SOCRadar's security or posed any risk to their customers. In total, the data set contained 282M unique addresses of valid email address format.
https://haveibeenpwned.com/PwnedWebsites#NotSOCRadar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hai's Report Summarization Turns Complex Data Into Actionable Insights
Learn how Hai, HackerOne's AI Co-pilot, summarizes reports, provides remediation advice, and creates content.
https://www.hackerone.com/ai/hai-report-summarization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information. The post Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/08/08/chained-for-attack-openvpn-vulnerabilities-discovered-leading-to-rce-and-lpe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SnakeKeylogger Attack
What is the Attack?Threat actors are continuously preying on end users to unknowingly install a trojan stealer known as SnakeKeylogger or KrakenKeylogger. This trojan was developed using .NET and targets Windows users. Its arsenal includes keystroke logging, harvesting credentials, and capturing screenshots. Based on the FortiGuard telemetry, there were hundreds of 0-day detection hits. Moreover, the sites that the trojan connects to were queried several times which suggests infection.What is the recommended Mitigation?FortiGuard Labs recommends a multi-layered approach to security. Here are some reminders:Keep your security services up to date with latest databases and engines.Enable Antivirus and Sandbox on security profiles in network policies.Use EDR for protecting end users from any pre...
https://fortiguard.fortinet.com/threat-signal-report/5499
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercrime Rapper Sues Bank over Fraud Investigation
In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle. That story showed how Punchmade's social media profiles promoted Punchmade-themed online stores selling bank account and payment card data. Now the Kentucky native is suing his financial institution after it blocked a ,000 wire transfer and froze his account, citing an active law enforcement investigation.
https://krebsonsecurity.com/2024/08/cybercrime-rapper-sues-bank-over-fraud-investigation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 0.103 LTS End of Life Announcement
The ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security vulnerability fix support from our team. This end of life date will be Sept. 14, 2024. ClamAV 0.103 users will be able to update signatures from the official database mirror for an additional one year after the EOL date. After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature updates. We recommend that users update to the newest LTS release, ClamAV 1.0.6. For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1. The most recent version of ClamAV can be found here: https://www.clamav.net/downloads The following is a list of major changes available to users in the newest versions of ClamAV. Since ClamAV 0.103, ClamAV 1.0 LTS adds: ·                     A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean. Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Looking back at the ballot – securing the general election
NCSC CEO Felicity Oswald shares reflections on keeping the 2024 General Election safe.
https://www.ncsc.gov.uk/blog-post/looking-back-at-the-ballot-securing-the-general-election
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Legit Security Immediately Joined the New Coalition for Secure Artificial Intelligence (CoSAI)
 
https://www.legitsecurity.com/blog/why-legit-joined-coalition-for-secure-ai-cosai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Microsoft and NIST are collaborating to advance the Zero Trust Implementation
Both Microsoft and the National Institute of Standards and Technology (NIST) National Cyber security Center of Excellence (NCCoE) have translated the Zero Trust Architecture (ZTA) and Security Model into practical and actionable deployment. In this blog post, we explore details of their collaboration on a Zero Trust (ZT) implementation and what this learning pathway means for your organization.​​ The post How Microsoft and NIST are collaborating to advance the Zero Trust Implementation appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/08/06/how-microsoft-and-nist-are-collaborating-to-advance-the-zero-trust-implementation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Penetration Testing on MYSQL (Port 3306)
MySQL is an open-source Relational Database Management System (RDBMS). It is widely used for managing and organizing data in a structured format, using tables to The post Penetration Testing on MYSQL (Port 3306) appeared first on Hacking Articles.
https://www.hackingarticles.in/penetration-testing-on-mysql-port-3306/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ServiceNow Improper Input Validation Vulnerability (CVE-2024-4879)
What is the vulnerability?A critical input validation vulnerability (CVE-2024–4879) is identified in ServiceNow's Now platform hosted in Vancouver and Washington DC, exploiting this vulnerability could lead to potential data breaches and unauthorized system access. Threat actors may weaponize proof-of-concept (PoC) exploits which are publicly available. CISA added CVE-2024–4879 to its Known Exploited Vulnerabilities (KEV) Catalog on July 29, 2024.What is the recommended Mitigation?ServiceNow has released updates for the affected instances. CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow UI Macros - SecurityWhat FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor immediately to secure their systems.FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5497
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Low-Drama ‘Dark Angels' Reap Record Ransoms
A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesn't get much press because they work alone and maintain a low profile, picking one target at a time and favoring mass data theft over disrupting the victim's operations.
https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fighting Ursa Luring Targets With Car for Sale
Russian APT Fighting Ursa (APT28) used compelling luxury car ads as a phishing lure, distributing HeadLace backdoor malware to diplomatic targets. The post Fighting Ursa Luring Targets With Car for Sale appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fighting-ursa-car-for-sale-phishing-lure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Are Scrapers and Why Should You Care?
Data miners and scraper bots are everywhere, feeding AI LLMs and more, and many of them are NOT harmless.
https://www.f5.com/labs/articles/threat-intelligence/what-are-scrapers-and-why-should-you-care
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Keeping your Android device safe from text message fraud
Posted by Nataliya Stanetsky and Roger Piqueras Jover, Android Security & Privacy Team Cell-site simulators, also known as False Base Stations (FBS) or Stingrays, are radio devices that mimic real cell sites in order to lure mobile devices to connect to them. These devices are commonly used for security and privacy attacks, such as surveillance and interception of communications. In recent years, carriers have started reporting new types of abuse perpetrated with FBSs for the purposes of financial fraud. In particular, there is increasingly more evidence of the exploitation of weaknesses in cellular communication standards leveraging cell-site simulators to inject SMS phishing messages directly into smartphones. This method to inject messages entirely bypasses the carrier network, thus...
http://security.googleblog.com/2024/08/keeping-your-android-device-safe-from.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

April 2024 Cyber Attacks Statistics
During April 2024 Cyber Crime continued to lead the Motivations with a value (73%) practically equal to March when it was 72.9%. Operations driven by Cyber Espionage ranked at number two with...
https://www.hackmageddon.com/2024/08/01/april-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VMware ESXi Ransomware Attack (CVE-2024-37085)
What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According to the blog, Akira and Black Basta ransomware deployments were found on the impacted servers. The vulnerability has also been added to CISA's Known Exploited Catalog (KEV) list on July 31, 2024.What is the recommended Mitigation?Please go through the vendor provided update to address the security vulnerability. Support Content Notification - Support Portal - Broadcom support portalWhat...
https://fortiguard.fortinet.com/threat-signal-report/5498
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Improving the security of Chrome cookies on Windows
Posted by Will Harris, Chrome Security Team Cybercriminals using cookie theft infostealer malware continue to pose a risk to the safety and security of our users. We already have a number of initiatives in this area including Chrome's download protection using Safe Browsing, Device Bound Session Credentials, and Google's account-based threat detection to flag the use of stolen cookies. Today, we're announcing another layer of protection to make Windows users safer from this type of malware. Like other software that needs to store secrets, Chrome currently secures sensitive data like cookies and passwords using the strongest techniques the OS makes available to us - on macOS this is the Keychain services, and on Linux we use a system provided wallet such as kwallet or gnome-libsecret....
http://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Microsoft whitepaper shares how to prepare your data for secure AI adoption
In our newly released whitepaper, we share strategies to prepare for the top data challenges and new data security needs in the age of AI. The post New Microsoft whitepaper shares how to prepare your data for secure AI adoption appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/30/new-microsoft-whitepaper-shares-how-to-prepare-your-data-for-secure-ai-adoption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-30 April 2024 Cyber Attacks Timeline
In the second timeline of April 2024 I collected 107 events (7.13 events/day). And despite malware continued to dominate the threat landscape...
https://www.hackmageddon.com/2024/07/30/16-30-april-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group called “ESX Admins” in Active Directory and adding an attacker-controlled user account to this group. This manipulation of the Active Directory group takes advantage of a privilege escalation vulnerability (CVE-2024-37085) in ESXi hypervisors that grants the added user full administrative access to the ESXi hypervisor. The vulnerability was fixed by VMware in their June release and ESXi administrators should install this security update. The post Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption appeared...
https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Security best practices for integrating and managing security tools
We examine the recent CrowdStrike outage and provide a technical overview of the root cause. The post Windows Security best practices for integrating and managing security tools appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Huge Increase in Scanning for CVE-2017-9841 With Large Variability in Scanning Infrastructure
The rather old CVE-2017-9841, an RCE in PHPUnit, suddenly jumps to the top of our list, with an increase of nearly 400% since last month. We dig into the scanning infrastructure.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-june-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Actors leveraging the recent CrowdStrike update outage
What is the Threat?FortiGuard Labs is aware of the campaigns used by threat actors to spread malware, using phishing and scams to take advantage of the recent widespread global IT outage affecting Microsoft Windows hosts. This outage is due to an issue with a recent CrowdStrike update that can cause a bug check or Blue Screen of Death (BSOD) on the affected Windows machines which may get stuck in a restarting state.Why is it significant?The outage has caused many businesses' operations to a halt worldwide across a variety of industries, including hospitals, banks, stock exchanges, and other institutions, as some Microsoft-based computers ceased to work. The threat actors have taken advantage of such events to spread malware, use phishing, and attempt other scams.What is the recommended mitigation?FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5496
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building security into the redesigned Chrome downloads experience
Posted by Jasika Bawa, Lily Chen, and Daniel Rubery, Chrome Security Last year, we introduced a redesign of the Chrome downloads experience on desktop to make it easier for users to interact with recent downloads. At the time, we mentioned that the additional space and more flexible UI of the new Chrome downloads experience would give us new opportunities to make sure users stay safe when downloading files. Adding context and consistency to download warnings The redesigned Chrome downloads experience gives us the opportunity to provide even more context when Chrome protects a user from a potentially malicious file. Taking advantage of the additional space available in the new downloads UI, we have replaced our previous warning messages with more detailed ones that convey more nuance...
http://security.googleblog.com/2024/07/building-security-into-redesigned.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 April 2024 Cyber Attacks Timeline
In the first timeline of April 2024 I collected 107 events (7.13 events/day), as always characterized by a majority of malware attacks.
https://www.hackmageddon.com/2024/07/23/1-15-april-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with AWS Client VPN - CVE-2024-30164, CVE-2024-30165
Publication Date: 2024/07/16 3:30 PM PDT AWS is aware of CVE-2024-30164 and CVE-2024-30165 in AWS Client VPN. These issues could potentially allow an actor with access to an end user's device to escalate to root privilege and execute arbitrary commands on that device. We addressed these issues on all platforms. Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux. For additional information on configuring AWS Client VPN to meet your security and compliance requirements, please refer to our "Security in AWS Client VPN" user guide. We would like to thank Robinhood for collaborating on this issue through the coordinated vulnerability disclosure process. Security-related questions...
https://aws.amazon.com/security/security-bulletins/AWS-2024-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with PyTorch TorchServe - CVE-2024-35198, CVE-2024-35199
Publication Date: 2024/07/18 2:50 PM PDT AWS is aware of the issues described in CVE-2024-35198 and CVE-2024-35199 in PyTorch TorchServe versions 0.3.0 to 0.10.0. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker are not affected. CVE-2024-35198 does not prevent a model from being downloaded into the model store if the URL contains characters such as ".." when TorchServe model registration API is called. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and Amazon Elastic Kubernetes Service (Amazon EKS) are not affected by this issue. CVE-2024-35199 does not bind two gRPC ports 7070 and 7071 to localhost by default. These two interfaces are bound to all interfaces when TorchServe is natively launched...
https://aws.amazon.com/security/security-bulletins/AWS-2024-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

File Transfer Cheatsheet: Windows and Linux
File transfer is a crucial step in the post-exploitation scenario while performing penetration testing or red teaming. There are various ways to do the file The post File Transfer Cheatsheet: Windows and Linux appeared first on Hacking Articles.
https://www.hackingarticles.in/file-transfer-cheatsheet-windows-and-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security of Custom GitHub Actions
Get details on Legit's research on the security of custom GitHub Actions.
https://www.legitsecurity.com/blog/security-of-custom-github-actions
Partager : LinkedIn / Twitter /