L'Actu de la presse spécialisée

Windows 11, VMware ESXi & Firefox 0-day Vulnerabilities Exploited – Pwn2Own Day 3
Security researchers successfully exploited multiple zero-day vulnerabilities in Windows 11, VMware ESXi, and Mozilla Firefox during the final day of Pwn2Own Berlin 2025, demonstrating sophisticated attack techniques that netted 3,750 in rewards.  The event concluded with a record-breaking total payout of ,078,750 for 28 unique zero-day vulnerabilities discovered across three days. Critical Windows 11 Vulnerabilities […] The post Windows 11, VMware ESXi & Firefox 0-day Vulnerabilities Exploited – Pwn2Own Day 3 appeared first on Cyber Security News.
https://cybersecuritynews.com/vulnerabilities-pwn2own-day-3/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems
A reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on May 13, 2025, to disseminate the sneaky Bumblebee loader virus, serving as a sobering reminder of the vulnerabilities present in software supply chains. This incident, detected by a security operations team through a high-confidence alert from Microsoft Defender for Endpoint, revealed […] The post Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/hackers-exploit-rvtools-to-deploy-bumblebee-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Aliyyah Koloc Is Using Blockchain to Redefine Racing, Identity, & Global Art Access
From the Taklimakan Rally to the art world, Aliyyah Koloc merges speed, heritage, and technology to show how young voices can lead the next evolution of sports
https://hackernoon.com/how-aliyyah-koloc-is-using-blockchain-to-redefine-racing-identity-and-global-art-access?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Confluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code Execution
Threat actors exploited a known vulnerability, CVE-2023-22527, a template injection flaw in Atlassian Confluence servers exposed to the internet. This exploit facilitated remote code execution (RCE), enabling attackers to gain initial access and establish a foothold within targeted networks. The breach, first detected through network traffic from IP address 45.227.254.124 running a “whoami” command, quickly […] The post Confluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/hackers-leverage-vulnerability-for-rdp-access-and-rce/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New ModiLoader Malware Campaign Targets Windows PCs, Harvesting User Credentials
AhnLab Security Intelligence Center (ASEC) has recently uncovered a malicious campaign distributing ModiLoader (also known as DBatLoader) malware through phishing emails. These emails, crafted in Turkish and impersonating a Turkish bank, urge recipients to open a malicious attachment under the guise of checking their transaction history. Inside the compressed RAR file lies a BAT script […] The post New ModiLoader Malware Campaign Targets Windows PCs, Harvesting User Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/new-modiloader-malware-campaign-targets-windows-pcs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Health Care Data Breach Costs BreachForums Admin 0,000 Fine
Conor Brian Fitzpatrick, the 22-year-old former administrator of cybercrime forum Breachforums, will forfeit approximately 0,000 to settle a civil lawsuit stemming from a healthcare data breach. The settlement marks a rare instance where a cybercriminal’s assets will directly compensate victims of a data breach. Fitzpatrick, known online as “Pompompurin,” faces resentencing next month on separate […] The post Health Care Data Breach Costs BreachForums Admin 0,000 Fine appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/health-care-data-breach-costs-breachforums/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Firefox 0-Day Flaws Allow Remote Code Execution
Mozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers to execute malicious code on user systems. The flaws, tracked as CVE-2025-4918 and CVE-2025-4919, were disclosed on May 17, 2025, and are addressed in Firefox version 138.0.4. Security experts are strongly advising all users […] The post Critical Firefox 0-Day Flaws Allow Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/critical-firefox-0-day-flaws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

,500 Bounty: SQL Injection in WordPress Plugin Leads to PII Exposure at Grab
How a Plugin Preview Feature Exposed User Data and Nearly Enabled Admin Dashboard PivotingContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/4-500-bounty-sql-injection-in-wordpress-plugin-leads-to-pii-exposure-at-grab-7c26aa7beff6?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I Broke Rate Limits and Accessed 1000+ User Records — Responsibly
👉Free Article LinkContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/i-broke-rate-limits-and-accessed-1000-user-records-responsibly-8c45f20729ba?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Write Cybersecurity Blog Titles That Get Clicks
Write Cybersecurity Blog Titles That Get ClicksCreating excellent content is half the battle, encouraging clicks is the other half. Your blog title is your initial (and sometimes sole) opportunity to leave an impression. Particularly in a space like security, where technical readers are bombarded continuously with new entries, reports, and studies, your headline must cut through the noise without resorting to clickbait.In this guide, you'll learn how to write blog titles that grab attention, earn clicks, and build trust, specifically for a cybersecurity audience.Prefer watching instead of reading? Here's a quick video guidehttps://medium.com/media/5eeb40ba468318ff115b9a7531fbc58c/hrefWhy Blog Titles Matter So MuchThink about this: when your article appears in a Google search, Twitter...
https://infosecwriteups.com/write-cybersecurity-blog-titles-that-get-clicks-e51405fc885e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Millions of Records Exposed via SQL Injection in a Tamil Nadu Government Portal
Recently, I discovered a critical SQL injection vulnerability in a Tamil Nadu government web portal. This flaw allowed unauthorized access to lakhs of sensitive records including Aadhaar numbers, user credentials, user IDs, student data, and other Personally Identifiable Information (PII). In this blog, I'll walk you through how I discovered this vulnerability, what was exposed, and why it matters.What is a Time-Based SQL Injection?A Time-Based SQL Injection is a type of blind SQL injection where you can infer whether a query is true or false based on how long the server takes to respond. If the query introduces a deliberate delay (e.g., using SLEEP(5)), and the server takes longer to respond, it confirms the injection point.For example:' OR IF(1=1, SLEEP(5), 0)--A delayed response here...
https://infosecwriteups.com/millions-of-records-exposed-via-sql-injection-in-a-tamil-nadu-government-portal-0981d3827ed2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crypto Failures | TryHackMe Medium
Questions: What is the value of the web flag? What is the encryption key? Solution: We are firstly given an IP address. I preformed a…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/crypto-failures-tryhackme-medium-d60d55b849d6?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

,000 Bounty: How a Leaked Session Cookie Led to Account Takeover on HackerOne
How one accidental copy-paste exposed sensitive data and what you can learn to find similar bugsContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/20-000-bounty-how-a-leaked-session-cookie-led-to-account-takeover-on-hackerone-4a805cb892f9?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA to Stop Publishing Cybersecurity Alerts and Advisories on Webpages
Cybersecurity and Infrastructure Security Agency (CISA) has announced significant changes to how it communicates cybersecurity updates and guidance to stakeholders. In a recent announcement, CISA revealed plans to shift away from listing advisories on its webpage to focus on more direct communication channels. However, following community feedback, the agency has temporarily paused these changes while […] The post CISA to Stop Publishing Cybersecurity Alerts and Advisories on Webpages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/cisa-to-stop-publishing-cybersecurity-alerts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strengthening Web service security with Apache2: Best practices for 2025
Keeping your Apache2 web services safe: What you need to know this yearContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/strengthening-web-service-security-with-apache2-best-practices-for-2025-32cb57eb7fd2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Firefox 0-day Vulnerabilities Let Attackers Execute Malicious Code
Mozilla has released an emergency security update to address two critical vulnerabilities in Firefox that could allow attackers to execute malicious code on users’ systems.  The vulnerabilities affect multiple versions of the popular web browser and require immediate attention from users. Security experts warn that exploitation requires little user interaction. A remote attacker can trick […] The post Firefox 0-day Vulnerabilities Let Attackers Execute Malicious Code appeared first on Cyber Security News.
https://cybersecuritynews.com/firefox-0-day-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ModiLoader Malware Attacking Windows Users to Steal Login Credentials
A sophisticated malware strain called ModiLoader (also known as DBatLoader) has emerged as a significant threat to Windows users, specifically targeting individuals through carefully crafted phishing campaigns. The malware, discovered in recent attacks, employs a multi-stage infection process that ultimately deploys SnakeKeylogger, a notorious information-stealing malware developed in .NET. Initial infection occurs when unsuspecting users […] The post ModiLoader Malware Attacking Windows Users to Steal Login Credentials appeared first on Cyber Security News.
https://cybersecuritynews.com/modiloader-malware-attacking-windows-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pwn2Own Day 3: Zero-Day Exploits Windows 11, VMware ESXi, and Firefox
The Pwn2Own Berlin 2025 last day ended with impressive technological accomplishments, bringing the total prize money over one million dollars. Security researchers demonstrated sophisticated exploitation techniques against high-profile targets including Windows 11, VMware ESXi, and Mozilla Firefox, revealing critical zero-day vulnerabilities that vendors must now address. The three-day hacking competition showcased 28 unique zero-day vulnerabilities, […] The post Pwn2Own Day 3: Zero-Day Exploits Windows 11, VMware ESXi, and Firefox appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/pwn2own-day-3-zero-day-exploits/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meet the HackerNoon Top Writers - Laszlo Fazekas and Kindness In Content Writing
Meet HackerNoon Top Writer Laszlo Fazekas and explore his writing journey through creativity, kindness, and small, meaningful stories.
https://hackernoon.com/meet-the-hackernoon-top-writers-laszlo-fazekas-and-kindness-in-content-writing?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

James Comey is under investigation by Secret Service for a seashell photo showing “8647”
James Comey is under investigation for a seashell photo showing “8647,” seen by some as a coded threat against Trump. Former FBI chief James Comey is under investigation by the Secret Service for sharing an image of seashells arranged to display the numbers ‘8647,’ which some interpret as incitement to violence against Trump. “Cool shell […]
https://securityaffairs.com/178030/laws-and-regulations/james-comey-is-under-investigation-by-secret-service-for-a-seashell-photo-showing-8647.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Comparing Chameleon with GPT-4V and Gemini
Chameleon, a new multimodal AI, was tested against GPT-4V and Gemini using real-world prompts. It consistently delivered better task fulfillment and user-preferred responses in human evaluations, particularly for image-and-text tasks.
https://hackernoon.com/comparing-chameleon-with-gpt-4v-and-gemini?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pwn2Own Berlin 2025: total prize money reached ,078,750
Pwn2Own Berlin 2025 wrapped up with 3,750 awarded on the final day, pushing the total prize money to ,078,750 over three days. On the final day of Pwn2Own Berlin 2025, participants earned 3,750 for demonstrating zero-day in VMware Workstation, ESXi, Windows, NVIDIA, and Firefox. During the competition, the participants earned a total of ,078,750, demonstrating […]
https://securityaffairs.com/178040/hacking/pwn2own-berlin-2025-total-prize-money-reached-1078750.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Can Code Your App—Just Don't Let It Architect It
AI coding agents can transform the software development process by reducing development time and allowing for quick prototyping. However, oversight and guidance from experienced developers are still needed to guarantee quality and dependable outcomes.
https://hackernoon.com/ai-can-code-your-appjust-dont-let-it-architect-it?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Complete Guide to Crafting Security Headlines That Cut Through the Noise
Learn how to write cybersecurity blog titles that grab attention, earn clicks, and build trust—without using clickbait. Includes proven templates and tips.
https://hackernoon.com/the-complete-guide-to-crafting-security-headlines-that-cut-through-the-noise?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your Next Data Breach Might Start with a Friendly Face
Insider threats can cost companies millions in data loss, downtime, and reputation. Learn how to detect, prevent, and respond to risks from within your team.
https://hackernoon.com/your-next-data-breach-might-start-with-a-friendly-face?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IPinfo's Free IP Geolocation API Is a Must-Have for Cybersecurity Teams
IPinfo's new free plan gives unlimited IP geolocation and ASN data—perfect for OSINT, threat hunting, log analysis, and real-time cybersecurity insights.
https://hackernoon.com/ipinfos-free-ip-geolocation-api-is-a-must-have-for-cybersecurity-teams?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

glibc Vulnerability Exposes Millions of Linux Systems to Code Execution Attacks
A critical vulnerability in the GNU C Library (glibc), potentially exposing millions of Linux systems to local privilege escalation attacks.  Tracked as CVE-2025-4802 and publicly disclosed on May 16, 2025, this vulnerability could allow attackers to execute arbitrary code by manipulating the LD_LIBRARY_PATH environment variable. Systems running Rocky Linux, Debian, Ubuntu, and other major Linux […] The post glibc Vulnerability Exposes Millions of Linux Systems to Code Execution Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/glibc-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MCP Servers Still Run Critical Infrastructure—Here's How to Secure Them
If you're curious about what MCP servers are and why they're important for cybersecurity, you're not alone.
https://hackernoon.com/mcp-servers-still-run-critical-infrastructureheres-how-to-secure-them?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding React Rendering Without the Buzzwords
React is often praised for being “declarative,” “efficient,” and “component-based.” But those words don't mean much when you're stuck wondering why your component re-renders every time you click a button.
https://hackernoon.com/understanding-react-rendering-without-the-buzzwords?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Card Declines are a Data Problem (But AI Could Fix That!)
In Part 1 of my series, we saw how declines grow from vague issuer responses, outdated card info, or poor transaction context. In Part 2, we explored actionable fixes like tokenization, retries, and metadata cleanup. Now, it is time that we switch gears to how Artificial Intelligence is providing an aid to payment approval and handling.
https://hackernoon.com/card-declines-are-a-data-problem-but-ai-could-fix-that?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kubernetes Liveness, Readiness, and Startup Probes – Keys to Container Health and Resilience
Learn how to configure Kubernetes liveness, readiness, and startup probes with real-world examples, YAML configurations, and best practices.
https://hackernoon.com/kubernetes-liveness-readiness-and-startup-probes-keys-to-container-health-and-resilience?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

7 Cap Table Mistakes That Kill Startups
Your cap table isn't just a spreadsheet - it's your ownership, control, and future funding compressed into numbers. Most founders mess it up. This article breaks down 7 cap table mistakes that quietly kill startups before Series A - from unmodeled SAFEs and forgotten ESOPs to silent dilution and lost board control. If you're not modeling fully diluted scenarios, you're negotiating blind.
https://hackernoon.com/7-cap-table-mistakes-that-kill-startups?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (May 12 – May 18)
A list of topics we covered in the week of May 12 to May 18 of 2025
https://www.malwarebytes.com/blog/news/2025/05/a-week-in-security-may-12-may-18
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems
Security researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially affecting millions of Linux systems worldwide. The flaw, identified as CVE-2025-4802, involves statically linked setuid binaries that incorrectly search library paths, potentially allowing attackers to execute malicious code with elevated privileges. While no exploitations have been reported in the wild, the […] The post GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/critical-glibc-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploiting dMSA for Advanced Active Directory Persistence
Security researchers have identified new methods for achieving persistence in Active Directory environments by exploiting Delegated Managed Service Accounts (dMSAs), a new security feature introduced in Windows Server 2025. Despite being designed to enhance security through automated credential management, dMSAs can be manipulated by attackers with specific permissions to establish persistent access. This discovery highlights […] The post Exploiting dMSA for Advanced Active Directory Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/exploiting-dmsa-for-advanced-ad-persistence/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing dMSA with Advanced Active Directory Persistence Techniques
Delegated Managed Service Accounts (dMSAs), introduced in Windows Server 2025, represent Microsoft’s latest innovation in secure service account management.  While designed to enhance security by preventing traditional credential theft attacks like Kerberoasting, security researchers have uncovered potential abuse vectors that could allow attackers to establish persistent access in Active Directory environments.  dMSAs were created to […] The post Abusing dMSA with Advanced Active Directory Persistence Techniques  appeared first on Cyber Security News.
https://cybersecuritynews.com/abusing-dmsa-active-directory/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution
A critical vulnerability in Microsoft’s Remote Desktop Gateway (RD Gateway) that could allow attackers to execute malicious code on affected systems remotely. The vulnerability, tracked as CVE-2025-21297, was disclosed by Microsoft in their January 2025 security updates and has since been actively exploited in the wild. The flaw, discovered and reported by VictorV (Tang Tianwen) […] The post Windows Remote Desktop Gateway UAF Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.
https://cybersecuritynews.com/windows-remote-desktop-gateway-uaf-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 41: FEDORA-2025-c40948de3a moderate: webkitgtk memory crash fixes
Enable CSS Overscroll Behavior by default. Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe. Fix rendering when device scale factor change comes before the web view geometry update.
https://linuxsecurity.com/advisories/fedora/fedora-41-webkitgtk-2025-c40948de3a-taxpwzsajfu2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la presse

'TU/e acted well in cyber attack, but there are also learning points'
Investigation: perpetrators unknown, they were likely out for ransom. Photo: Angeline Swinkels. TU/e responded to last January's cyber attack ...
https://www.tue.nl/en/news-and-events/news-overview/19-05-2025-tue-acted-well-in-cyber-attack-but-there-are-also-learning-points
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Criminal records, financial data exposed in cyber attack on Legal Aid Agency | IT Pro - ITPro
The UK's Legal Aid Agency has fallen victim to a cyber attack, with the organization confirming a “significant amount of personal data” has been ...
https://www.itpro.com/security/cyber-attacks/legal-aid-agency-cyber-attack-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber attack on Legal Aid Agency exposed 'significant' data, including criminal records
The group that carried out the cyber attack says it accessed 2.1 million pieces of data, but this figure has yet to be verified by the Ministry of ...
https://news.sky.com/story/cyber-attack-on-legal-aid-agency-exposed-significant-data-including-criminal-records-13370828
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legal Aid Agency hit by cyber attack
Hacking the Internet. Cyber attack. Cyber-attackers accessed and downloaded “a significant amount of personal data” — including criminal records, home ...
https://www.legalcheek.com/2025/05/legal-aid-agency-hit-by-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber-attack on Legal Aid Agency “much more extensive than originally understood”
The Legal Aid Agency (LAA) has admitted that a cyber-attack on its online digital services was "more extensive than originally understood" and ...
https://www.localgovernmentlawyer.co.uk/information-law/398-information-law-news/60954-cyber-attack-on-legal-aid-agency-much-more-extensive-than-originally-understood
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

If our destiny is cyber-attacks and empty shelves at the Co-op, here's what we should do next
Following a cyber-attack more than two weeks ago that decimated its supply systems, the supermarket has struggled to recover. We would like to ...
https://www.theguardian.com/commentisfree/2025/may/19/cyber-attacks-empty-shelves-co-op-prepping
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber attack on Legal Aid Agency exposed 'significant amount' of applicant data
The Government became aware of a cyber attack on the Legal Aid Agency's online digital services on April 23, but realised on Friday that it was more ...
https://uk.finance.yahoo.com/news/cyber-attack-legal-aid-agency-072833430.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Criminal records stolen in 'significant' cyber attack on Legal Aid agency - LBC
... 2010, including criminal records, was accessed and downloaded in a cyber attack in April this year, the Ministry of Justice (MoJ) has said.
https://www.lbc.co.uk/news/uk/significant-data-including-criminal-records-stolen-in-cyber-attack-on-legal-aid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'Significant amount' of data taken in cyber attack on Legal Aid Agency | ITV News
The Ministry of Justice said personal data including criminal records has been accessed during a cyber attack on legal aid agency in April.
https://www.itv.com/news/2025-05-19/cyber-attack-on-legal-aid-agency-exposes-significant-amount-of-applicant-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ministry of Justice hit by brazen cyber attack exposing hackers to 'significant amount' of personal data
The cyber attack targeted the data of people who have applied for legal aid since 2020. Advertisement. Sign up for The Irish Sun newsletter.
https://www.thesun.ie/news/15230490/ministry-cyber-attack-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

M&S confirms staff data stolen in cyber attack - Grocery Gazette
M&S has confirmed that personal information belonging to staff members was stolen during a cyber attack that struck the retailer last month.
https://www.grocerygazette.co.uk/2025/05/19/ms-staff-data-stolen-cyber/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

M&S staff data stolen in cyber attack - TheIndustry.beauty
Investors will be hoping that Marks & Spencer can shed light later this week on the impact of the damaging cyber attack which has halted all online ...
https://theindustry.beauty/ms-staff-data-stolen-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Soutenez No Hack Me sur Tipeee

L'Actu de la veille (Presse spécialisée)

Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine
ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail…
https://hackread.com/russia-spypress-malware-exploits-webmails-spy-ukraine/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Debian 11 DLA-4170-1 critical: intel-microcode update for vulnerabilities
Microcode updates has been released for Intel(R) processors, addressing multiple potential vulnerabilties that may allow denial of service or information disclosure.
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-4170-1-intel-microcode-security-update-aflimhmnl2re
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI Warns of AI Voice Scams Impersonating US Govt Officials
FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US…
https://hackread.com/fbi-warn-ai-voice-scams-impersonate-us-govt-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Login via NoSQL Operator Injection: A MongoDB Authentication Hack
Bypass login authentication using MongoDB NoSQL injection via logical and regex-based operator abuse to impersonate the admin user FOR EDUCATIONAL PURPOSES ONLY.Author: Aditya BhattWrite-Up Type: Bug Bounty PoCTarget: PortSwigger Web Security LabVulnerability: NoSQL Injection (Authentication Bypass via MongoDB Operators)Difficulty: 🟠 ApprenticeStatus: ✅ Lab SolvedBug Bounty with NoSQL📌 TL;DRIn this lab, I exploit a classic NoSQL injection vulnerability in a MongoDB-powered login system by injecting operators like $ne (Not Equal) and $regex. These operators allow me to bypass both the username and password fields — eventually gaining unauthorized admin access. This bug, though simple in logic, is often overlooked in production applications and can lead to full account takeover — making...
https://infosecwriteups.com/bypassing-login-via-nosql-operator-injection-a-mongodb-authentication-hack-b895211f60e0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lab: Exploiting a mass assignment vulnerability
Portswigger Lab API moduleContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/lab-exploiting-a-mass-assignment-vulnerability-c7c68b9f7f1b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Build Your Own AI SOC — Part 6 Daily AI-Powered Threat Briefings With n8n + GPT
Introduction: Information Without OverloadContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/build-your-own-ai-soc-part-6-daily-ai-powered-threat-briefings-with-n8n-gpt-17bd8d5b9b11?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

openSUSE Tumbleweed: 2025:15129-1 moderate: ruby3.4-rubygem-web-console

https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15129-1-moderate-ruby3-4-rubygem-web-console-4-2-1-1-7-mgy29tp7juga
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

openSUSE Tumbleweed: 2025:15128-1 moderate: ruby3.4-rubygem-sprockets

https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15128-1-moderate-ruby3-4-rubygem-sprockets-3-7-3-7-5-1-3-ovszmhp55njp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

openSUSE Tumbleweed: 2025:15127-1 moderate: ruby3.4-rubygem-sprockets fix

https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15127-1-moderate-ruby3-4-rubygem-sprockets-4-2-1-1-7-h0fw4fq7bxiv
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

openSUSE Tumbleweed: 2025:15130-1 moderate: ruby websocket extension fix

https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15130-1-moderate-ruby3-4-rubygem-websocket-extensions-0-1-5-1-22-jv8dvqmiat3t
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Emerging ClickFix Attacks Are Now Targeting Linux Systems
Imagine you're sitting down at your desk, coffee in hand, ready to tackle the day, and you're met with this: a new campaign, slyly dubbed ''ClickFix,'' is burrowing into Linux environments. It's not some generic, scattershot attack; this is precise, calculated work by APT36, a group making waves with its knack for cyberespionage. Their usual playbook? Exploiting weaknesses while staying out of sight, they're now focusing squarely on Linux systems. This isn't just another line in the long list of threats''it's the kind of escalation you'd rather hear about in a briefing than encounter firsthand.
https://linuxsecurity.com/features/features/clickfix-attacks-targeting-linux-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape PupkinStealer : A .NET-Based Info-Stealer  Interlock ransomware evolving under the radar  Technical Analysis of TransferLoader   Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2   Horabot Unleashed: A Stealthy Phishing Threat High Risk Warning for Windows […]
https://securityaffairs.com/178024/malware/security-affairs-malware-newsletter-round-45-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security Affairs newsletter Round 524 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials Shields up US […]
https://securityaffairs.com/178018/breaking-news/security-affairs-newsletter-round-524-by-pierluigi-paganini-international-edition.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide
Chinese “kill switches” found in Chinese-made power inverters in US solar farm equipment that could let Beijing remotely disable power grids in a conflict. Investigators found “kill switches” in Chinese-made power inverters in US solar farm equipment. These hidden cellular radios could let Beijing remotely cripple power grids during a conflict. The Times reported that […]
https://securityaffairs.com/178005/hacking/rogue-devices-in-chinese-made-power-inverters-used-worldwide.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PupkinStealer Attacks Windows System to Steal Login Credentials & Desktop Files
A new information-stealing malware dubbed “PupkinStealer” has been identified by cybersecurity researchers, targeting sensitive user data through a straightforward yet effective approach. First observed in April 2025, this .NET-based malware written in C# focuses on stealing browser credentials, messaging app sessions, and desktop files, exfiltrating the data via Telegram’s Bot API. Security experts note that […] The post PupkinStealer Attacks Windows System to Steal Login Credentials & Desktop Files appeared first on Cyber Security News.
https://cybersecuritynews.com/pupkinstealer-attacks-windows-system/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

Malware Defense 101 – Identifying and Removing Modern Threats
The cybersecurity landscape in 2025 is defined by increasingly sophisticated malware threats, with attackers leveraging artificial intelligence, evasion tactics, and polymorphic code to bypass traditional defenses. Stealers, ransomware, and remote access trojans (RATs) dominate the threat matrix, while AI-driven malware adapts in real time to exploit vulnerabilities in cloud infrastructure, IoT devices, and human behavior. […] The post Malware Defense 101 – Identifying and Removing Modern Threats appeared first on Cyber Security News.
https://cybersecuritynews.com/malware-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Security Frameworks – Ensuring Trust in Machine Learning
As artificial intelligence transforms industries and enhances human capabilities, the need for strong AI security frameworks has become paramount. Recent developments in AI security standards aim to mitigate risks associated with machine learning systems while fostering innovation and building public trust. Organizations worldwide are now navigating a complex landscape of frameworks designed to ensure AI […] The post AI Security Frameworks – Ensuring Trust in Machine Learning appeared first on Cyber Security News.
https://cybersecuritynews.com/ai-security-frameworks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Preventing Phishing Attacks on Cryptocurrency Exchanges
Cryptocurrency exchanges are intensifying security measures in 2025 to focus on preventing phishing attacks, as these scams reach alarming levels and have caused millions in losses for investors. As digital assets continue gaining mainstream adoption, cybercriminals deploy increasingly sophisticated techniques to compromise exchange accounts and steal funds. While exchanges implement advanced security features, experts emphasize […] The post Preventing Phishing Attacks on Cryptocurrency Exchanges appeared first on Cyber Security News.
https://cybersecuritynews.com/preventing-phishing-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials
FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S. officials. The FBI warns that ex-government officials are being targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials. The FBI warns of a campaign using smishing and vishing with deepfake texts and AI voice messages impersonating senior […]
https://securityaffairs.com/177987/cyber-crime/us-government-officials-targeted-texts-and-ai-generated-deepfake.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shields up US retailers. Scattered Spider threat actors can target them
Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting U.S. companies, shifting their focus across the Atlantic. The financially motivated group UNC3944 (also known as Scattered Spider, 0ktapus) is known for social engineering and extortion. The cybercrime group is suspected of hacking into hundreds of organizations over the past two years, […]
https://securityaffairs.com/177974/cyber-crime/shields-up-us-retailers-scattered-spider-threat-actors.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2
Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms and earning 5,000 in bounties. The competition, now in its second day at the OffensiveCon conference in Berlin, has awarded a cumulative total of 5,000 with participants revealing 20 unique zero-day vulnerabilities thus far. With […] The post VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/vmware-esxi-firefox-red-hat-linux-sharepoint-hacked/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational […]
https://securityaffairs.com/177962/hacking/u-s-cisa-adds-google-chromium-draytek-routers-and-sap-netweaver-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

[Virtual Event] Strategic Security for the Modern Enterprise

https://www.darkreading.com/events/-virtual-event-strategic-security-for-the-modern-enterprise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HubSpot vs Salesforce: Which CRM Fits Your Business?
You've got an important choice to make: HubSpot or Salesforce?
https://hackread.com/hubspot-vs-salesforce-which-crm-fits-your-business/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Coinbase Extorted, Offers M for Info on Its Hackers
Coinbase is going Liam Neeson on its attackers, potentially setting a new precedent for incident response in the wake of crypto- and blockchain-targeting cyberattacks.
https://www.darkreading.com/cyberattacks-data-breaches/coinbase-extorted-20m-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi
On day two of Pwn2Own Berlin 2025, participants earned 5,000 for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox. On day two of Pwn2Own Berlin 2025, bug hunters earned a total of 5,000, which brings the contest total to 5,000, after 0,000 was awarded during the first day of the competition. The participants demonstrated […]
https://securityaffairs.com/177943/hacking/pwn2own-berlin-2025-day-two-researcher-earned-150k-hacking-vmware-esxi.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Impact of AI on cyber threat from now to 2027
An NCSC assessment highlighting the impacts on cyber threat from AI developments between now and 2027.
https://www.ncsc.gov.uk/report/impact-ai-cyber-threat-now-2027
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Australian Human Rights Commission Leaks Docs in Data Breach
An internal error led to public disclosure of reams of sensitive data that could be co-opted for follow-on cyberattacks.
https://www.darkreading.com/application-security/australian-human-rights-commission-leaks-data-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dynamic DNS Emerges as Go-to Cyberattack Facilitator
Scattered Spider and other phishers and hacking groups are using rentable subdomains from dynamic DNS providers to obfuscate their activity and impersonate well-known brands.
https://www.darkreading.com/threat-intelligence/dynamic-dns-cyberattack-facilitator
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked
The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with…
https://hackread.com/pwn2own-berlin-2025-windows-11-vmware-firefox-hacked/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attacker Specialization Puts Threat Modeling on Defensive
Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.
https://www.darkreading.com/threat-intelligence/attackers-specialize-cyber-threat-models-adapt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New botnet HTTPBot targets gaming and tech industries with surgical attacks
New botnet HTTPBot is targeting China’s gaming, tech, and education sectors, cybersecurity researchers warn. NSFOCUS  cybersecurity discovered a new botnet called HTTPBot that has been used to target the gaming industry, technology firms, and educational institutions in China. HTTPBot is a Go-based botnet first detected in August 2024, however, its activity surged by April 2025. The botnet […]
https://securityaffairs.com/177930/malware/new-botnet-httpbot-targets-gaming-and-tech-industries-with-surgical-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7514-1: Linux kernel (NVIDIA) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - DMA engine subsystem; - GPU drivers; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Multiple devices driver; - Media drivers; - Microchip PCI driver; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - PCI subsystem; - Pin controllers subsystem; - x86 platform drivers; -...
https://ubuntu.com/security/notices/USN-7514-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7517-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver; - Character device driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - Network drivers; - PPS (Pulse Per Second) driver; - PTP clock framework; - RapidIO drivers; - Real Time Clock drivers; - SCSI subsystem; - SLIMbus drivers; - QCOM SoC drivers; - Trusted Execution Environment drivers; - USB DSL drivers; - USB Device Class drivers; - USB core drivers; - USB Gadget drivers; - USB Host Controller drivers; - Renesas USBHS...
https://ubuntu.com/security/notices/USN-7517-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7516-2: Linux kernel (GCP FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver; - Character device driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - Network drivers; - PPS (Pulse Per Second) driver; - PTP clock framework; - RapidIO drivers; - Real Time Clock drivers; - SCSI subsystem; - SLIMbus drivers; - QCOM SoC drivers; - Trusted Execution Environment drivers; - USB DSL drivers; - USB Device Class drivers; - USB core drivers; - USB Gadget drivers; - USB Host Controller drivers; - Renesas USBHS...
https://ubuntu.com/security/notices/USN-7516-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7516-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver; - Character device driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - Network drivers; - PPS (Pulse Per Second) driver; - PTP clock framework; - RapidIO drivers; - Real Time Clock drivers; - SCSI subsystem; - SLIMbus drivers; - QCOM SoC drivers; - Trusted Execution Environment drivers; - USB DSL drivers; - USB Device Class drivers; - USB core drivers; - USB Gadget drivers; - USB Host Controller drivers; - Renesas USBHS...
https://ubuntu.com/security/notices/USN-7516-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7515-1: Linux kernel (GKE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - DMA engine subsystem; - GPU drivers; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Multiple devices driver; - Media drivers; - Microchip PCI driver; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - PCI subsystem; - Pin controllers subsystem; - x86 platform drivers; -...
https://ubuntu.com/security/notices/USN-7515-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Wrap-Up 05/16/2025
This week's release includes 5 new modules including RCEs for Car Rental System, & three Wordpress plugins. The execute-assembly post module was also updated with 32-bit support.
https://blog.rapid7.com/2025/05/16/metasploit-wrap-up-05-16-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities
Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…
https://hackread.com/ivanti-epmm-actively-exploited-0day-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7513-2: Linux kernel (Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - DMA engine subsystem; - GPU drivers; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Multiple devices driver; - Media drivers; - Microchip PCI driver; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - PCI subsystem; - Pin controllers subsystem; - x86 platform drivers; -...
https://ubuntu.com/security/notices/USN-7513-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7513-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers; - Drivers core; - Ublk userspace block driver; - Virtio block driver; - DMA engine subsystem; - GPU drivers; - Microsoft Hyper-V drivers; - Hardware monitoring drivers; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Multiple devices driver; - Media drivers; - Microchip PCI driver; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - PCI subsystem; - Pin controllers subsystem; - x86 platform drivers; -...
https://ubuntu.com/security/notices/USN-7513-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7512-1: Linux kernel (GCP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device driver; - Bus devices; - Character device driver; - TPM device driver; - Clock framework and drivers; - GPIO subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - Media drivers; - NVIDIA Tegra memory controller driver; - Network drivers; - PCI subsystem; - PPS (Pulse Per Second) driver; - PTP clock framework; - RapidIO drivers; - Real Time Clock drivers; - SLIMbus drivers; - QCOM SoC drivers; - Trusted Execution Environment...
https://ubuntu.com/security/notices/USN-7512-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7511-2: Linux kernel (GCP FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device driver; - Bus devices; - Character device driver; - TPM device driver; - Clock framework and drivers; - GPIO subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - Media drivers; - NVIDIA Tegra memory controller driver; - Network drivers; - PCI subsystem; - PPS (Pulse Per Second) driver; - PTP clock framework; - RapidIO drivers; - Real Time Clock drivers; - SLIMbus drivers; - QCOM SoC drivers; - Trusted Execution Environment...
https://ubuntu.com/security/notices/USN-7511-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7511-1: Linux kernel (GCP) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device driver; - Bus devices; - Character device driver; - TPM device driver; - Clock framework and drivers; - GPIO subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - Media drivers; - NVIDIA Tegra memory controller driver; - Network drivers; - PCI subsystem; - PPS (Pulse Per Second) driver; - PTP clock framework; - RapidIO drivers; - Real Time Clock drivers; - SLIMbus drivers; - QCOM SoC drivers; - Trusted Execution Environment...
https://ubuntu.com/security/notices/USN-7511-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pro-Ukraine Group Targets Russian Developers with Python Backdoor
ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine…
https://hackread.com/ukraine-group-russian-developers-python-backdoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Develop and Communicate Metrics for CSIRPs
A well-documented cybersecurity incident response program (CSIRP) provides the transparency needed for informed decision-making, protecting the organization in a constantly changing threat environment.
https://www.darkreading.com/cybersecurity-operations/develop-communicate-metrics-csirps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oniux: Secure Tor Routing for Linux Applications
When privacy stakes are high, tools that strengthen security and anonymity become essential. This is precisely where Oniux '' a new command-line utility from the Tor Project '' enters the equation. Built to ensure Linux applications route their data exclusively through the Tor network, Oniux uses advanced kernel-level isolation techniques to protect against leaks and malicious attempts to bypass anonymity mechanisms.
https://linuxsecurity.com/news/privacy/oniux-secure-tor-routing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Red Hat Linux Hacked at Pwn2Own Berlin
Red Hat Enterprise Linux got hacked during the Pwn2Own Berlin 2025 competition . Let that sink in for a moment. This is one of the go-to systems for businesses that demand stability and security, yet two exploits cracked it wide open. If you've ever caught yourself thinking, ''Oh, it's Red Hat; I'm good,'' this is your reminder that no system is untouchable, no matter how respected. Vulnerabilities exist, and real-world attackers or researchers are always looking for ways to exploit them. It happened here, and if you're running Red Hat, it could happen in your environment, too.
https://linuxsecurity.com/news/organizations-events/red-hat-linux-hacked-at-pwn2own-berlin
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investing: Where To Look For The Next Cybersecurity Unicorn
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Forbes Sausalito, Calif. – May 16, 2025 Google recently invested billion in Wiz, a Cloud Security Platform. This acquisition underscores the immense value of securing the cloud layer of The post Investing: Where To Look For The Next Cybersecurity Unicorn appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/investing-where-to-look-for-the-next-cybersecurity-unicorn/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data broker protection rule quietly withdrawn by CFPB
The CFPB has decided to withdraw a 2024 rule that was aimed at limiting the sale of Americans' personal information by data brokers.
https://www.malwarebytes.com/blog/news/2025/05/data-broker-protection-rule-quietly-withdrawn-by-cfpb
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meta sent cease and desist letter over AI training
A privacy advocacy group has clapped back at Meta over its plans to start training its AI model on European users' data.
https://www.malwarebytes.com/blog/news/2025/05/meta-sent-cease-and-desist-letter-over-ai-training
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti Endpoint Manager Mobile exploit chain exploited in the wild
On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile: CVE-2025-4427 and CVE-2025-4428.
https://blog.rapid7.com/2025/05/16/etr-ivanti-epmm-exploit-chain-exploited-in-the-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Now Targeting US Retailers After UK Attacks, Google
Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity…
https://hackread.com/hackers-targeting-us-retailers-uk-attacks-google/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Salt Security Partners With Wiz, Combines Cloud and API Security
API security orgnanisation Salt Security has announced its expanded partnership and new integration with Wiz, the leader in cloud security. The integration between Salt Security and Wiz enables organisations to detect, comprehend, and respond to both API security posture gaps and critical risks directly within their cloud security infrastructure. The complexity and size of modern […] The post Salt Security Partners With Wiz, Combines Cloud and API Security appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/16/salt-security-partners-with-wiz-combines-cloud-and-api-security/?utm_source=rss&utm_medium=rss&utm_campaign=salt-security-partners-with-wiz-combines-cloud-and-api-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Group Assessment: Muddled Libra (Updated May 16, 2025)
Muddled Libra continues to evolve. From social engineering to adaptation of new technologies, significant time is spent breaking down organizational defenses. The post Threat Group Assessment: Muddled Libra (Updated May 16, 2025) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/muddled-libra/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Turkish APT Exploits Chat App Zero-Day to Spy on Iraqi Kurds
Even after their zero-day turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger.
https://www.darkreading.com/cyberattacks-data-breaches/turkish-apt-exploits-chat-app-zero-day-spy-iraqi-kurds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Big Steelmaker Halts Operations After Cyber Incident
Nucor made it clear its investigation is still in the early stages and didn't specify the nature or scope of the breach, nor who the threat actor might be.
https://www.darkreading.com/threat-intelligence/steel-manufacturer-stalls-operations-cyber-incident
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Valarian Unveils Data Management Platform Designed for Government Use
The startup, which previously launched the Acra platform, aims to address data management issues by isolating and compartmentalizing access to reduce fallout from system compromises.
https://www.darkreading.com/cyber-risk/valarian-data-management-platform-government
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breachforums Boss to Pay 0k in Healthcare Breach
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly 0,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).
https://krebsonsecurity.com/2025/05/breachforums-boss-to-pay-700k-in-healthcare-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

International Crime Rings Defraud US Gov't Out of Billions
Fraudsters worldwide apply for money from the US government using stolen and forged identities, making off with hundreds of billions of dollars annually.
https://www.darkreading.com/threat-intelligence/international-crime-rings-defraud-us-govt-billions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attackers Target Samsung MagicINFO Server Bug, Patch Now
CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.
https://www.darkreading.com/endpoint-security/attackers-target-samsung-magicinfo-server-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Coinbase Customer Info Stolen by Bribed Overseas Agents
Coinbase insider breach: Bribed overseas agents stole user data; company rejects ransom, offers M reward, boosts security, and…
https://hackread.com/coinbase-customer-info-stolen-bribed-overseas-agents/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks
As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.
https://www.darkreading.com/vulnerabilities-threats/critical-sap-netweaver-vuln-cyberattacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Algorithm Slashes Reddit Traffic: What It Means for UGC Platforms
Reddit Struggles After Google's New Focus on Expertise
https://hackread.com/google-algorithm-slashes-reddit-traffic-ugc-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​How the Microsoft Secure Future Initiative brings Zero Trust to life
Read how you can improve your security posture by applying Zero Trust framework and principles based on learnings from the April 2025 Secure Future Initiative progress report. The post ​​How the Microsoft Secure Future Initiative brings Zero Trust to life appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/05/15/how-the-microsoft-secure-future-initiative-brings-zero-trust-to-life/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts
A new wave of attacks uses PowerShell and LNK files to secretly install Remcos RAT, enabling full remote…
https://hackread.com/fileless-remcos-rat-attack-antivirus-powershell-scripts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DBatLoader (ModiLoader) Being Distributed to Turkish Users
Recently, AhnLab SEcurity intelligence Center (ASEC) has identified cases of the ModiLoader (DBatLoader) malware being distributed via email. ModiLoader ultimately executes SnakeKeylogger. SnakeKeylogger is an Infostealer-type malware developed in .NET. It is known for its data exfiltration methods using emails, FTP, SMTP, or Telegram. Figure 1 shows the email being distributed. The email is written […]
https://asec.ahnlab.com/en/88025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

April 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution of Infostealer malware, including the distribution volume, methods, and disguises, based on the data collected and analyzed in April 2025. The following is a summary of the report.   1) Data Source and Collection Method   The AhnLab SEcurity intelligence Center (ASEC) operates various […]
https://asec.ahnlab.com/en/88062/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

April 2025 APT Group Trends
  Trends of major APT groups by country   1) North Korea   Since November 2024, the North Korean APT group has been exploiting the vulnerability of South Korean Internet financial security software. Similar attacks have been carried out in the past, and the threat actors have been launching attacks based on their understanding of […]
https://asec.ahnlab.com/en/88063/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mobile Security & Malware Issue 3st Week of May, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of May, 2025” 
https://asec.ahnlab.com/en/87995/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity: Back To Basics For Every Employee
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full Forbes story Sausalito, Calif. – May 15, 2025 More CISOs than ever—80 percent—see human risk, in particular negligent employees, as the most serious vulnerability. Cybercrime is big business. Cybersecurity Ventures suggests it could The post Cybersecurity: Back To Basics For Every Employee appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-back-to-basics-for-every-employee/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sednit abuses XSS flaws to hit gov't entities, defense companies
Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU
https://www.welivesecurity.com/en/videos/sednit-xss-govt-entities-defense-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat landscape for industrial automation systems in Q1 2025
Kaspersky ICS CERT shares trends and statistics on industrial threats in Q1 2025.
https://securelist.com/industrial-threat-report-q1-2025/116505/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data breaches: guidance for individuals and families
How to protect yourself from the impact of data breaches
https://www.ncsc.gov.uk/guidance/data-breaches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Operation RoundPress
ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities
https://www.welivesecurity.com/en/eset-research/operation-roundpress/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Signs Definitive Agreement to Acquire Hornetsecurity

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-signs-definitive-agreement-acquire-hornetsecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google to pay .38 billion over privacy violations
The state of Texas reached a mammoth financial agreement with Google last week, securing .375 billion in payments to settle two lawsuits concerning the use of consumers' data.
https://www.malwarebytes.com/blog/news/2025/05/google-to-pay-1-38-billion-over-privacy-violations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android users bombarded with unskippable ads
The Kaleidoscope ad fraud network uses a combination of legitimate and malicious apps, according to researchers.
https://www.malwarebytes.com/blog/news/2025/05/android-users-bombarded-with-unskippable-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 3, May 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, May 2025                 Pro-Russian hacktivist group Killnet announces resumption of activities. Ransomware group HellCat shuts down operations. Hacktivist group Team 1722 claims responsibility for website hacks and data leaks targeting several South Korean companies.        
https://asec.ahnlab.com/en/87955/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2025-32756 Exploited in the Wild, Affecting Multiple Fortinet Products
On May 13, 2025, Fortinet disclosed CVE-2025-32756, an unauthenticated stack-based buffer overflow affecting multiple FortiNet products; including FortiVoice, FortiRecorder, FortiNDR, FortiMail, and FortiCamera.
https://blog.rapid7.com/2025/05/14/etr-multiple-fortinet-products-cve-2025-32756-exploited-in-the-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The OWASP LLM Top 10 and Sonatype: Supply chain security
The rise of AI has unlocked unprecedented opportunities across industries, from automating tedious tasks to accelerating software development and transforming how applications are built and maintained. However, AI has also exposed critical vulnerabilities, ethical concerns, data privacy risks, and the potential for misuse or bias in decision-making processes.
https://www.sonatype.com/blog/the-owasp-llm-top-10-and-sonatype-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Software QA Teams Prevent Cyber Disasters By Finding Vulnerabilities Before Hackers Do
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in International Business Times Sausalito, Calif. – May 14, 2025 Software failures and security breaches aren’t just technical glitches anymore — they come with a massive price tag. IBM’s Cost of The post Software QA Teams Prevent Cyber Disasters By Finding Vulnerabilities Before Hackers Do appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/software-qa-teams-prevent-cyber-disasters-by-finding-vulnerabilities-before-hackers-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday, May 2025 Edition
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month's patch batch from Redmond are fixes for two other weaknesses that now have public proof-of-concept exploits available.
https://krebsonsecurity.com/2025/05/patch-tuesday-may-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience
The European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), a strategic move designed to enhance digital security across the bloc and reduce reliance on U.S.-centric cybersecurity infrastructure. The EUVD, now live for consultation, aggregates vulnerability data from a wide range of sources, including national Computer Security Incident Response Teams (CSIRTs), […] The post ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/14/enisa-launches-european-vulnerability-database-to-bolster-eu-cyber-resilience/?utm_source=rss&utm_medium=rss&utm_campaign=enisa-launches-european-vulnerability-database-to-bolster-eu-cyber-resilience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
A new DarkCloud Stealer campaign is using AutoIt obfuscation for malware delivery. The attack chain involves phishing emails, RAR files and multistage payloads. The post DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt appeared first on Unit 42.
https://unit42.paloaltonetworks.com/darkcloud-stealer-and-obfuscated-autoit-scripting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense
Cary, North Carolina, 14th May 2025, CyberNewsWire INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/14/ine-security-alert-continuous-cve-practice-closes-critical-gap-between-vulnerability-alerts-and-effective-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementing CCM: Human Resources Controls
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls. Both cloud service customers (CSCs) and cloud service providers (CSPs) use CCM in many ways. CSCs use CCM t...
https://cloudsecurityalliance.org/articles/implementing-ccm-human-resources-controls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

8 Questions to Ask Your Security Vendors About AI
Originally published by Abnormal AI. Written by Emily Burns.   The rapid integration of artificial intelligence (AI) into cybersecurity solutions has created both opportunities and challenges. AI-driven systems promise advanced threat detection, automation, and adaptability, but as a buyer, how can you make sure you're choosing the right AI-powered tools? Here are a few key questions to ask your security vendors to evaluate their AI capabilities effectively.   1. Is th...
https://cloudsecurityalliance.org/articles/8-questions-to-ask-your-security-vendors-about-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shields Up: What IT Professionals Wish They Knew About Preventing Data Breaches
Originally published by Axway. Written by Chris Payne, Principal Product & Solutions Marketing Manager for Axway MFT.   There's an old IT saying that nobody notices MFT until something goes wrong. MFT hums along in the background at many enterprises, running on autopilot, out of sight and out of mind. No need to modernize, update or fix what isn't broken. Or so goes conventional wisdom at companies resistant to change. But the cybercriminals know better. From the p...
https://cloudsecurityalliance.org/articles/shields-up-what-it-professionals-wish-they-knew-about-preventing-data-breaches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday - May 2025
Seven zero-days: Window Scripting Engine, 2x CLFS, DWM, Visual Studio, AFD for Winsock, Defender for Identity.
https://blog.rapid7.com/2025/05/13/patch-tuesday-may-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Applying NIST CSF 2.0 to Hypervisor Security: A Framework for Resilience in Virtualized Environments
Originally published by Vali Cyber. Written by Chris Goodman.   Executive Summary The NIST Cybersecurity Framework (CSF) 2.0 offers organizations a structured path to building cyber resilience in the modern cyber-scape. Its five core functions—Identify, Protect, Detect, Respond, and Recover—form the backbone of modern security programs. Hypervisors, as the control layer of virtualized environments, are a growing target for attackers. Securing them isn't just a best ...
https://cloudsecurityalliance.org/articles/applying-nist-csf-2-0-to-hypervisor-security-a-framework-for-resilience-in-virtualized-environments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Integrity: An Overlooked Foundation of Zero Trust
Written by Scott Fuhriman, CISM, CISSP, Invary.   Executive Summary Zero Trust security models are designed to eliminate implicit trust and enforce strict, continuous verification across users, devices, networks, applications, and data. However, one foundational element remains largely unaddressed: the Runtime Integrity of the system kernel. This is a critical oversight. The kernel acts as the root authority of every operating system. If the kernel is compromised via rootkits,...
https://cloudsecurityalliance.org/articles/integrity-an-overlooked-foundation-of-zero-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's New in Android Security and Privacy in 2025
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Android's intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.Android is always developing new protections to keep you, your device, and your data safe. Today, we're announcing new features and enhancements that build on our industry-leading protections to help keep you safe from scams, fraud, and theft on Android. Smarter protections against phone call scams Our research shows that phone scammers often try to trick people into performing specific actions to initiate a scam, like changing...
http://security.googleblog.com/2025/05/whats-new-in-android-security-privacy-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advanced Protection: Google's Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google's strongest protections against targeted attacks.To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users. Whether you're an at-risk individual – such as a journalist, elected official, or public figure – or you just prioritize security, Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're protected against the most sophisticated threats. Simple to activate, powerful in protectionAdvanced...
http://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fast Flux Technique for Concealing Command and Control (C&C) and Evading Detection
Overview In April 2025, the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) jointly released a cybersecurity advisory (Fast Flux: A National Security Threat), in which the Fast-Flux Network was again designated as a key threat. Since the technique was first detected in the Storm botnet […]
https://asec.ahnlab.com/en/88008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Etherhide Technique Using Blockchain as C&C Infrastructure
OverviewThreat actors have been utilizing various techniques and channels to evade tracking and blocking of their Command and Control (C&C) infrastructures. For example, they use Fast-Flux to rapidly change IP addresses and maintain domains, Bulletproof Hosting to use infrastructures located in countries where legal measures are difficult, and public platforms such as Telegram, Pastebin, and […]
https://asec.ahnlab.com/en/88009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

April 2025 Deep Web and Dark Web Trends Report
Disclaimer   This trend report on the deep web and dark web of March 2025 is sectioned into Ransomware, Data Breach, DarkWeb, CyberAttack, and Threat Actor. Please note that there are some parts of the content that cannot be verified for ac     Key Issues      1)     Ransomware       1. Overview  […]
https://asec.ahnlab.com/en/87974/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

April 2025 Security Issues in Korean and Global Financial Industries
This report comprehensively covers actual cyber threats and security issues that have occurred in financial institutions in Korea and abroad. This includes an analysis of malware and phishing cases distributed to the financial sector, the top 10 malware strains targeting the financial sector, and industry statistics of leaked Korean accounts on Telegram. A case of […]
https://asec.ahnlab.com/en/87975/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vendor-Agnostic Security: The Key To Smarter Risk Management
In this post, we'll explore how a vendor-agnostic approach, powered by exposure assessment platforms (EAPs), helps you manage risk smarter – by unifying your attack surface and helping your team focus on what matters most.
https://blog.rapid7.com/2025/05/13/vendor-agnostic-security-the-key-to-smarter-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enhancing software supply chain security in financial services with Sonatype and AWS
Financial services organizations prioritize software security as part of their risk management strategy. Open source components accelerate software development, and organizations benefit from implementing appropriate security controls to manage potential associated risks.
https://www.sonatype.com/blog/enhancing-software-supply-chain-security-in-financial-services-with-sonatype-and-aws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Agents: Transformative or Turbulent?
Described as revolutionary and disruptive, AI agents are the new cornerstone of innovation in 2025. But as with any technology standing on the cutting edge, this evolution isn't without its trade-offs. Will this new blend of intelligence and autonomy really introduce a new era of efficiency? Or does the ability for AI Agents to act […] The post AI Agents: Transformative or Turbulent? appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/13/ai-agents-transformative-or-turbulent/?utm_source=rss&utm_medium=rss&utm_campaign=ai-agents-transformative-or-turbulent
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NinjaOne Reimagining What Is Possible In Automated Endpoint Management
This week in cybersecurity from the editors at Cybercrime Magazine –Watch the YouTube video Sausalito, Calif. – May 13, 2025 Fortune reports Sal Sferlazza and Christopher Matarese co-founders of Austin, Texas-based NinjaOne, recently announced 0 million in Series C extensions at a billion valuation. “NinjaOne has the The post NinjaOne Reimagining What Is Possible In Automated Endpoint Management appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ninjaone-reimagining-what-is-possible-in-automated-endpoint-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Timelines for migration to post-quantum cryptography
Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.
https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

INE Security Alert: Top 5 Takeaways from RSAC 2025
Cary, North Carolina, 13th May 2025, CyberNewsWire INE Security Alert: Top 5 Takeaways from RSAC 2025 on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/13/ine-security-alert-top-5-takeaways-from-rsac-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploring CNAPP Options for Cloud Security in 2025
Cloud adoption continues to rise, and with it comes increased complexity. Organizations use multiple cloud platforms, creating challenges that traditional security tools struggle to handle. Cloud-Native Application Protection Platforms (CNAPPs) have emerged as vital solutions. CNAPPs offer integrated security across cloud-native environments, from applications and workloads to data and infrastructure. As organizations look to optimize […] The post Exploring CNAPP Options for Cloud Security in 2025 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/13/exploring-cnapp-options-for-cloud-security-in-2025/?utm_source=rss&utm_medium=rss&utm_campaign=exploring-cnapp-options-for-cloud-security-in-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using a Mythic agent to optimize penetration testing
Kaspersky experts discuss optimizing penetration testing with an agent for the Mythic framework and object files for Cobalt Strike.
https://securelist.com/agent-for-mythic-c2-with-beacon-object-files/115259/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Compliance Training Software Protects Your Business from Risk
The modern business environment exposes organizations to a range of challenges that affect business operations, hence the need for robust regulations. Ignoring standards and guidelines can lead to costly fines, operational disruptions, and reputational damage. Last year, a US court asked a bank to pay USD billion in fines—the biggest in history—for having weak monitoring […] The post How Compliance Training Software Protects Your Business from Risk appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/13/how-compliance-training-software-protects-your-business-from-risk/?utm_source=rss&utm_medium=rss&utm_campaign=how-compliance-training-software-protects-your-business-from-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing BitLocker Encryption: Bitpixie PoC and WinPE Edition
Depending on the customer’s preference, possible initial access vectors in our red teaming exercises typically include deployment of dropboxes, (device code) phishing or a stolen portable device. The latter is usually a Windows laptop protected by BitLocker for full disk encryption without pre-boot authentication i.e. without a configured PIN or an additional key file. While […]
https://blog.compass-security.com/2025/05/bypassing-bitlocker-encryption-bitpixie-poc-and-winpe-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Buffer over-read in FGFM
A buffer over-read vulnerability [CWE-126] in FortiOS may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control. Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-381
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Code Execution due to Node.JS Environment Variable
An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClient MacOS and FortiVoiceUC desktop application may allow an authenticated attacker to inject code via Electron environment variables. Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Denial of Service in Security Fabric Root
An integer overflow or wraparound vulnerability [CWE-190] in FortiOS Security Fabric may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request. Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-388
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Index of FCT installation directory publicly accessible
An Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability [CWE-497] in FortiClientWindows may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-548
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Insertion of sensitive information into system log
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiPortal may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log. Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-380
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Local privilege escalation in XPC services
An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac may allow a local attacker to escalate privileges via crafted XPC messages. Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-016
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Path traversal in upload message
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-552
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Trust Trends Shaping Security Strategies in 2025
Originally published by Vanta.  Written by Jess Munday.   Trust is critical to the success of every business. And in 2024, we saw that building, scaling, and demonstrating trust is getting more difficult for organizations. Vanta's second annual State of Trust Report uncovered key trends across security, compliance, and the future of trust. Based on a survey of 2,500 IT and business leaders in the U.S., UK, and Australia, our research found that more than half (55%)...
https://cloudsecurityalliance.org/articles/5-trust-trends-shaping-security-strategies-in-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud and SaaS Security in Critical Infrastructure: Lessons from Recent Attacks
Originally published by CheckRed. Written by Amardip Deshpande, Senior Security Researcher at CheckRed.   Cyberattacks on critical infrastructure have become a growing concern, with sectors like water supply, energy, and other essential utilities increasingly in the crosshairs of cybercriminals and nation-state actors. The recent cyberattack on American Water proves that these vital services are not immune to digital threats. As critical services increasingly adopt clou...
https://cloudsecurityalliance.org/articles/cloud-and-saas-security-in-critical-infrastructure-lessons-from-recent-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Backdoored Magento Extensions Impact Multiple Online Stores
Magento stores have fallen prey to a new wave of malware attack via backdoored extensions.… Backdoored Magento Extensions Impact Multiple Online Stores on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/12/backdoored-magento-extensions-impact-multiple-online-stores/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software. These exploits have resulted in collection of related user data from targets in Iraq. Microsoft […] The post Marbled Dust leverages zero-day in Output Messenger for regional espionage appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

April 2025 Threat Trend Report on APT Attacks (South Korea)
Overview   AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and functions of APT attacks detected in South Korea over the course of one month in April 2025.   Figure 1. Statistics of APT attacks in South Korea in April 2025   […]
https://asec.ahnlab.com/en/87945/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

April 2025 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples collected, the number of affected systems, and affected companies in April 2025, as well as key ransomware issues in and out of Korea. Below is a summary of the report.   Disclaimer: The number of ransomware samples and damaged systems is based on the […]
https://asec.ahnlab.com/en/87946/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recognizing Excellence: Rapid7's Kelly Hiscoe and Heather DeMartini Honored as CRN's 2025 Women of the Channel
We are thrilled to announce that two outstanding Rapid7 team members, Kelly Hiscoe and Heather DeMartini, have been recognized as CRN's 2025 Women of the Channel.
https://blog.rapid7.com/2025/05/12/recognizing-excellence-rapid7s-kelly-hiscoe-and-heather-demartini-honored-as-crns-2025-women-of-the-channel/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Husband Hacks Scammers Who Targeted His Wife, Gave USPS Investigators Info
This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the podcast Sausalito, Calif. – May 12, 2025 Cybersecurity expert Grant Smith wasn't about to let it slide when scammers tried bilking his wife through a phony U.S. Postal Service text. “I took it personally,” The post Husband Hacks Scammers Who Targeted His Wife, Gave USPS Investigators Info appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/husband-hacks-scammers-who-targeted-his-wife-gave-usps-investigators-info/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (May 4 – May 10)
A list of topics we covered in the week of May 4 to May 10 of 2025
https://www.malwarebytes.com/blog/news/2025/05/a-week-in-security-may-4-may-10
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)
Ever wondered why a lie can spread faster than the truth? Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.
https://www.welivesecurity.com/en/videos/online-disinformation-unlocked-403-cybersecurity-podcast-s2e2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Launches Next-Gen Digital Communications Governance Offering with Enhanced Capture, Archiving and Supervision Innovations

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-launches-next-gen-digital-communications-governance-offering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
This GitHub repository provides a range of search queries, known as "dorks," for Shodan, a powerful tool used to search for Internet-connected devices. The dorks are designed to help security researchers discover potential vulnerabilities and configuration issues in various types of devices such as webcams, routers, and servers. This resource is helpful for those interested in exploring network security and conducting vulnerability scanning, including both beginners and experienced information security professionals. By leveraging this repository, users can improve the security of their own networks and protect against potential attacks. Shodan Dorks: aa3939fc357723135870d5036b12a67097b03309app="HIKVISION-综合安防管理平台""AppleHttpServer""AutobahnPython"basic realm="Kettle"BullwarkcassandraChromecast"ClickShareSession""/config/log_off_page.htm"'"connection:...
http://www.kitploit.com/2025/05/shodan-dorks-dorks-for-shodan-powerful.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
/\ _ / | / \ | \ | |\| | | | | / | /| |/ |/ |/ ,/; ; ; ,'/|; ,/,/, ,'/ |;/,/,/,/| ,/; |;|/,/,/,/,/| ,/'; |;|,/,/,/,/,/| ,/'; |;|/,/,/,/,/,/|, / ; |;|,/,/,/,/,/,/| / ,'; |;|/,/,/,/,/,/,/| /,/'; |;|,/,/,/,/,/,/,/|...
http://www.kitploit.com/2025/05/pegasus-pentest-arsenal-comprehensive.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SAP Netweaver Zero-Day Attack
What is the Attack?A zero-day SAP vulnerability, CVE-2025-31324, with CVSS score of 10.0 is being actively exploited in the wild. This vulnerability affects SAP Visual Composer, allowing unauthenticated threat actors to upload arbitrary files, resulting in full compromise of the targeted system that could significantly affect the confidentiality, integrity, and availability of the targeted system.The vulnerability stems from the SAP NetWeaver Visual Composer Metadata Uploader lacking proper authorization protection, which allows unauthenticated agents to upload potentially malicious executable binaries.CISA has added the CVE to their Known Exploited Vulnerabilities Catalog on April 29, 2025.What is the recommended Mitigation?The vulnerability exists in the SAP Visual Composer component for...
https://fortiguard.fortinet.com/threat-signal-report/6089
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Brief: CVE-2025-31324
CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. The post Threat Brief: CVE-2025-31324 appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-brief-sap-netweaver-cve-2025-31324/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 2025 State of Application Risk Report: Understanding AI Risk in Software Development
Get details on the AI risks Legit unearthed in enterprises' software factories.
https://www.legitsecurity.com/blog/understanding-ai-risk-in-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Chrome will use AI to block tech support scam websites
Google announced it will equip Chrome with an AI driven method to detect and block Tech Support Scam websites
https://www.malwarebytes.com/blog/news/2025/05/google-chrome-will-use-ai-to-block-tech-support-scam-websites
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes. In this blog post, I’ll explore using Mach IPC messages as an attack vector to find and exploit sandbox escapes. I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. Along the way, I’ll discuss some of the difficulties and tradeoffs I encountered. Transparently, this was my first venture into the world of MacOS security research and building...
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Wrap-Up 05/09/2025
This release features a new OPNSense login scanner, a module targeting the Sante PACS path traversal vulnerability. Learn more!
https://blog.rapid7.com/2025/05/09/metasploit-wrap-up-05-09-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Software Security Code of Practice - Assurance Principles and Claims (APCs)
Helps vendors measure how well they meet the Software Security Code of Practice, and suggests remedial actions should they fall short.
https://www.ncsc.gov.uk/guidance/software-security-code-of-practice-assurance-principles-claims
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WatchGuard transitions new CEO
WatchGuard® Technologies, a provider of unified cybersecurity for managed service providers (MSPs), today announced a planned leadership transition. After a decade of impactful leadership, Chief Executive Officer (CEO) Prakash Panjwani will transition out of his operational role, continuing to serve on the Board of Directors and as a strategic advisor to the company. Vats Srivatsan, […] The post WatchGuard transitions new CEO appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/09/watchguard-transitions-new-ceo/?utm_source=rss&utm_medium=rss&utm_campaign=watchguard-transitions-new-ceo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Biggest Cyber Threat Is Attacking The AI Stack
This week in cybersecurity from the editors at Cybercrime Magazine –Watch the YouTube video Sausalito, Calif. – May 9, 2025 Cybercrime Magazine caught up with Dr. Taher Elgamal, Partner at Evolution Equity Partners, at the recent RSA Conference 2025 in San Francisco. The tech industry luminary was the recipient The post The Biggest Cyber Threat Is Attacking The AI Stack appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-biggest-cyber-threat-is-attacking-the-ai-stack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
Implement and monitor Appsec control at scale. Requirements NodeJS 20.13 Tested on Mac Ubuntu How to install $ git clone git@github.com:mf-labs/witcher.git$ cd witcher$ npm i Build a Docker image $ git clone git@github.com:mf-labs/witcher.git$ cd witcher$ docker build -t witcher .# Running docker image$ docker run -e GITHUB_TOKEN=$GITHUB_TOKEN -e ORG=$ORG witcher -a status -m ghas -r offsec-sast-testing witcher's features ➜ witcher git:(master) node witcher.js -husage: witcher.js [-h] -m MODULE -a ACTION [--daily-summary] [--mass-action] [--slack] [--siem] [--jira] [--jira-ticket JIRATICKET] [--org ORG] [-r REPO] [-b BRANCH] [--workflow-file WORKFLOW] [--repo-file REPOFILE]witcher ....... you can't escapeoptional arguments: -h, --help show...
http://www.kitploit.com/2025/05/witcher-managing-github-advanced.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Should You Consider When Choosing an AI Penetration Testing Company?
AI is truly making its way into every aspect of business operations, and rightly so. When we proactively test systems and applications to uncover weaknesses before attackers do, we're carrying out penetration testing, often called “ethical hacking.” By staging these controlled attacks that mimic real-world threats, we expose gaps in processes and controls. AI penetration […] The post What Should You Consider When Choosing an AI Penetration Testing Company? appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/09/what-should-you-consider-when-choosing-an-ai-penetration-testing-company/?utm_source=rss&utm_medium=rss&utm_campaign=what-should-you-consider-when-choosing-an-ai-penetration-testing-company
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources
Unit 42 details a new malware obfuscation technique where threat actors hide malware in bitmap resources within .NET applications. These deliver payloads like Agent Tesla or XLoader. The post Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malicious-payloads-as-bitmap-resources-hide-net-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Catching a phish with many faces
Here's a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly
https://www.welivesecurity.com/en/scams/spotting-phish-many-faces/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Erlang/OTP RCE
What is the Vulnerability?A critical SSH vulnerability has recently been identified in the Erlang/Open Telecom Platform (OTP). The vulnerability, tracked as CVE-2025-32433, has been assigned a CVSS score of 10.0. It is unauthenticated, remotely exploitable, and requires low complexity to execute.Erlang/OTP is commonly found in IoT devices and telecommunications platforms, and is prominently used by companies such as Ericsson, WhatsApp, and Cisco, among others.What is the recommended Mitigation?A security patch for OTP has been made available via GitHub. FortiGuard Labs strongly recommends that organizations prioritize applying the latest security updates.This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.What FortiGuard Coverage is available?FortiGuard Labs has...
https://fortiguard.fortinet.com/threat-signal-report/6077
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds
As per a recent FBI warning, criminals are phishing users of payroll, and similar platforms to not only steal their credentials but also their funds.
https://www.malwarebytes.com/blog/cybercrime/2025/05/cyber-criminals-impersonate-payroll-hr-and-benefits-platforms-to-steal-information-and-funds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sonatype at RSAC 2025
The RSA Conference (RSAC) is always a major event for the cybersecurity community, and this year was no exception.
https://www.sonatype.com/blog/sonatype-at-rsac-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Using AI to stop tech support scams in Chrome
Posted by Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. In a tech support scam, the goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infection, and then convince you to pay for unnecessary services, software, or grant them remote access to your device. Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts. We've also observed them to use full-screen takeovers and disable keyboard and mouse input to create a sense of crisis. Chrome has always worked with Google Safe Browsing to help...
http://security.googleblog.com/2025/05/using-ai-to-stop-tech-support-scams-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tired of Google sponsored ads? So are we! That's why we're introducing the option to block them on iOS
We're rolling out a brand new feature in Malwarebytes for iOS: the ability to block Google sponsored ads directly on Safari.
https://www.malwarebytes.com/blog/product/2025/05/tired-of-google-sponsored-ads-so-are-we-thats-why-were-introducing-the-option-to-block-them-on-ios
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mobile Security & Malware Issue 2st Week of May, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of May, 2025”
https://asec.ahnlab.com/en/87882/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Best Cyberinsurance Companies in the U.K.
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Insurance Business Magazine Sausalito, Calif. – May 8, 2025 Cybercrime is rising globally, with 2025 costs estimated to dwarf amounts recorded in previous years. Highlighting the scale of the problem is Steve The post The Best Cyberinsurance Companies in the U.K. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-best-cyberinsurance-companies-in-the-u-k/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Passwords in the age of AI: We need to find alternatives
The age of AI guessing our passwords is upon us, and we need to change the ways we authenticate and use passwords where we have no alternatives.
https://www.malwarebytes.com/blog/news/2025/05/passwords-in-the-age-of-ai-we-need-to-find-alternatives
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers. This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ByeDPIAndroid - App To Bypass Censorship On Android
Android application that runs a local VPN service to bypass DPI (Deep Packet Inspection) and censorship. This application runs a SOCKS5 proxy ByeDPI and redirects all traffic through it. Installation Or use Obtainium Install Obtainium Add the app by URL: https://github.com/dovecoteescapee/ByeDPIAndroid Settings To bypass some blocks, you may need to change the settings. More about the various settings can be found in the ByeDPI documentation. FAQ I can't configure it. What to do? You can ask for help in discussion. Does the application require root access? No. All application features work without root. Is this a VPN? No. The application uses the VPN mode on Android to redirect traffic, but does not send anything to a remote server. It does not encrypt traffic and does not hide your IP...
http://www.kitploit.com/2025/05/byedpiandroid-app-to-bypass-censorship.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware: 'WannaCry' guidance for home users and small businesses
Guidance for home users or small businesses who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).
https://www.ncsc.gov.uk/guidance/wannacry-guidance-for-home-users-and-small-businesses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware: 'WannaCry' guidance for enterprise administrators
Guidance for enterprise administrators who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).
https://www.ncsc.gov.uk/guidance/ransomware-wannacry-guidance-enterprise-administrators-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introduction to logging for security purposes
Laying the groundwork for incident readiness.
https://www.ncsc.gov.uk/guidance/introduction-logging-security-purposes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber security for major events
Assessing the cyber security needs of major events.
https://www.ncsc.gov.uk/guidance/cyber-security-for-major-events
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WhatsApp hack: Meta wins payout over NSO Group spyware
Meta has won almost 0m in damages from Israel-based NSO Group, maker of the Pegasus spyware.
https://www.malwarebytes.com/blog/news/2025/05/whatsapp-hack-meta-wins-payout-over-nso-group-spyware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Secure Digital Wallets from Phishing Attacks
Digital wallets have become increasingly popular, offering users an easy way to make payments, store cryptocurrencies, and manage their money. But as more people use digital wallets, the risk of cyber threats, especially phishing attacks, has also grown. Phishing is a trick used by hackers to steal sensitive information like passwords and financial details. This […] The post How To Secure Digital Wallets from Phishing Attacks appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/08/how-to-secure-digital-wallets-from-phishing-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-secure-digital-wallets-from-phishing-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OnRPG - 1,047,640 breached accounts
In July 2016, the now defunct free online games list website OnRPG suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed just over 1M email and IP addresses alongside usernames and passwords stored as salted MD5 hashes.
https://haveibeenpwned.com/PwnedWebsites#OnRPG
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti Connect Buffer Overflow Vulnerability
What is the Vulnerability?CVE-2025-22457 is identified as a buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure and ZTA Gateways. If successfully exploited, can result in remote code execution. This exploitation poses significant risks, potentially allowing unauthorized remote access to systems.The Google Threat Intelligence Group (GTIG) has linked the exploitation of CVE-2025-22457 and the subsequent malware deployment to the suspected espionage group known as UNC5221, which is believed to have connections to China.What is the recommended Mitigation?Ivanti customers are strongly encouraged to implement the recommended actions outlined in the Security Advisory to ensure their systems are secured promptly. Ivanti AdvisoryA patch addressing CVE-2025-22457 was made available...
https://fortiguard.fortinet.com/threat-signal-report/6086
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Commvault Command Center Path Traversal Vulnerability
What is the Vulnerability?A critical path traversal vulnerability has been identified in Commvault's Command Center Innovation Release. The vulnerability, tracked as CVE-2025-34028, has been assigned a CVSS score of 10.0. This flaw allows unauthenticated remote attackers to upload specially crafted ZIP files. When these files are expanded by the server, they can lead to arbitrary code execution, potentially resulting in a complete system compromise.Commvault serves a diverse range of industries, including Healthcare, Financial Services, Manufacturing, and more. for securing data management and compliance, protecting financial data and efficiently backing up data.What is the recommended Mitigation?Commvault has addressed this vulnerability in the following patched versions:​ 11.38 and 11.38.25....
https://fortiguard.fortinet.com/threat-signal-report/6081
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pakistani Firm Shipped Fentanyl Analogs, Scams to US
A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.
https://krebsonsecurity.com/2025/05/pakistani-firm-shipped-fentanyl-analogs-scams-to-us/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
Rapid7 is disclosing three new vulnerabilities in SonicWall SMA 100 series appliances (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821). An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities for root-level code execution.
https://blog.rapid7.com/2025/05/07/multiple-vulnerabilities-in-sonicwall-sma-100-series-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Agentic AI: Understanding Its Evolution, Risks, and Security Challenges
Originally published by TrojAI. Written by Phil Munz.   The evolution of agentic AI systems Agentic systems - software systems composed of multiple interacting agents - have been used to solve complex problems for many years. The field of AI safety has grown around agentic systems to study the risks inherent in these systems.  With the advancements in Large Language Models (LLMs), the evolution of these agentic systems, commonly referred to as agentic AI, is gaining much mo...
https://cloudsecurityalliance.org/articles/agentic-ai-understanding-its-evolution-risks-and-security-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity for SMBs: Statistics and Threats You Can't Afford to Ignore
Originally published by VikingCloud.   Small and medium-sized businesses (SMBs) play a crucial role in the U.S. economy, making up 99.9% of all businesses and contributing to half of the nation's GDP. However, these vital economic growth drivers face an escalating threat —cyberattacks that could put them out of business. Nearly 1 in 5 SMBs would be forced to close their doors following a successful cyberattack. Even more concerning, 55% of SMBs report that a financial loss fro...
https://cloudsecurityalliance.org/articles/cybersecurity-for-smbs-statistics-and-threats-you-can-t-afford-to-ignore
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Samsung MagicINFO Server Flaw Now Actively Exploited – Huntress Uncovers Real-World Attacks
Cybersecurity researchers at Huntress have issued a warning after confirming active exploitation of a critical remote code execution (RCE) vulnerability in Samsung's MagicINFO 9 digital signage software. The flaw, tracked as CVE-2024-34515, allows unauthenticated attackers to execute arbitrary code on vulnerable servers by sending a malicious HTTP request. Tens of thousands of MagicINFO instances, many […] The post Samsung MagicINFO Server Flaw Now Actively Exploited – Huntress Uncovers Real-World Attacks appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/07/samsung-magicinfo-server-flaw-now-actively-exploited-huntress-uncovers-real-world-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=samsung-magicinfo-server-flaw-now-actively-exploited-huntress-uncovers-real-world-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meet the Deputy CISOs who help shape Microsoft's approach to cybersecurity: Part 2
Meet the minds behind how Microsoft prioritizes cybersecurity across every team and employee. Three deputy chief information security officers share their experiences in cybersecurity and how they are redefining protection. The post Meet the Deputy CISOs who help shape Microsoft's approach to cybersecurity: Part 2 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/05/07/meet-the-deputy-cisos-who-help-shape-microsofts-approach-to-cybersecurity-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI issues warning as scammers target victims of crime
The FBI has warned scammers are impersonating the IC3, tricking victims by claiming to be able to recover funds.
https://www.malwarebytes.com/blog/news/2025/05/fbi-issues-warning-as-scammers-target-victims-of-crime
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploring an Untethered, Unified Approach to CTEM
Unlike traditional standalone VM, CASM, EASM, SIEM, or EDR tools that rely on proprietary agents, Exposure Command from Rapid7 brings it all together into one platform.
https://blog.rapid7.com/2025/05/07/exploring-an-untethered-unified-approach-to-ctem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sonatype welcomes Antoine Harden as Regional Vice President of Federal
Sonatype is thrilled to announce the addition of Antoine Harden as our Regional Vice President of Federal. With a proven track record of leadership and innovation, Antoine will spearhead sales efforts across the Department of Defense, the intelligence community, and civilian agencies.
https://www.sonatype.com/blog/sonatype-welcomes-antoine-harden-as-regional-vice-president-of-federal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Hidden Risks of Russian-Linked Open-Source Tool easyjson
Open-source tools are the backbone of countless systems, from cloud-native infrastructure to enterprise-level applications. But what happens when a widely used open-source library carries hidden risks?
https://linuxsecurity.com/features/features/open-source-tool-easyjson-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercrime Magazine YouTube Channel Receives Gold Creator Award
This week in cybersecurity from the editors at Cybercrime Magazine –Watch the YouTube channel Sausalito, Calif. – May 7, 2025 We just opened a package containing our YouTube Gold Play Button Plaque and this letter: Cybercrime Magazine, You did it. One million YouTube subscribers. Congratulations! The post Cybercrime Magazine YouTube Channel Receives Gold Creator Award appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-magazine-youtube-channel-receives-gold-creator-award/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
APIs For OSINT  This is a Collection of APIs that will be useful for automating various tasks in OSINT. Thank you for following me! https://cybdetective.com IOT/IP Search engines Name Link Description Price Shodan https://developer.shodan.io Search engine for Internet connected host and devices from /month Netlas.io https://netlas-api.readthedocs.io/en/latest/ Search engine for Internet connected host and devices. Read more at Netlas CookBook Partly FREE Fofa.so https://fofa.so/static_pages/api_help Search engine for Internet connected host and devices ??? Censys.io https://censys.io/api Search engine for Internet connected host and devices Partly FREE Hunter.how https://hunter.how/search-api Search engine for Internet connected host and devices Partly FREE Fullhunt.io...
http://www.kitploit.com/2025/05/api-s-for-osint-list-of-apis-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation
A suspected Iranian espionage campaign impersonated a model agency site for data collection, including fictitious models as possible social engineering lures. The post Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation appeared first on Unit 42.
https://unit42.paloaltonetworks.com/iranian-attackers-impersonate-model-agency/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

State of ransomware in 2025
Kaspersky researchers review ransomware trends for 2024, analyze the most active groups and forecast how this threat will evolve in 2025.
https://securelist.com/state-of-ransomware-in-2025/116475/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beware of phone scams demanding money for ‘missed jury duty'
When we get the call, it's our legal responsibility to attend jury service. But sometimes that call won't come from the courts – it will be a scammer.
https://www.welivesecurity.com/en/scams/phone-scams-demanding-money-missed-jury-duty/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Software Code of Practice: building a secure digital future
New voluntary code of practice for technology providers defines a market baseline for cyber security.
https://www.ncsc.gov.uk/blog-post/software-code-of-practice-building-a-secure-digital-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MIWIC25: Kiranjit Kaur Shergill, Developer at Barclays
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […] The post MIWIC25: Kiranjit Kaur Shergill, Developer at Barclays appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/05/07/miwic25-kiranjit-kaur-shergill-developer-at-barclays/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-kiranjit-kaur-shergill-developer-at-barclays
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unpacking the 2024 Snowflake Data Breach
CSA's Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world cybersecurity breaches. The report presents each incident as both a detailed narrative and as a threat model with the relevant cloud security risks and mitigations. Today we're taking a closer look at the first incident covered in the Deep Dive: Snowflake 2024. This incident features an Advanced Persistent Threat and insufficient Identity and Access Management. The takeaways from this case study ca...
https://cloudsecurityalliance.org/articles/unpacking-the-2024-snowflake-data-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Langflow Missing Authentication Vulnerability
What is the Vulnerability?A critical missing authentication vulnerability, identified as CVE-2025-3248, has been discovered in Langflow, a web application designed for creating AI-driven agents. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code on the vulnerable instance by sending a specially crafted HTTP request with a malicious payload to the endpoint.The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that this vulnerability is currently being exploited by attackers in the wild. As a result, it has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, highlighting the urgency for organizations using Langflow to address this security issue promptly.What is the recommended Mitigation?Organizations using Langflow in their...
https://fortiguard.fortinet.com/threat-signal-report/6085
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ISO 42001: Lessons Learned from Auditing and Implementing the Framework
Originally published by Schellman. Written by Joe Sigman.   As the adoption of artificial intelligence (AI) continues to grow and evolve across industries, so do concerns about security, trust, and responsible use and management. In response, as a joint effort between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the ISO/IEC 42001:2023 framework was officially published in December 2023. In this article, w...
https://cloudsecurityalliance.org/articles/iso-42001-lessons-learned-from-auditing-and-implementing-the-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Taming the Beast: The 5 Essential Pillars of SaaS Security
Originally published by Valence. Written by John Filitz.   Generative AI represents just one element of the broader SaaS revolution transforming enterprise IT. Most organizations are becoming SaaS-first enterprises, permanently displacing centralized IT architectures. This decentralized environment creates significant challenges for security teams striving to maintain cyber resilience. Manual security audits cannot keep pace with daily configuration changes, rend...
https://cloudsecurityalliance.org/articles/taming-the-beast-the-5-essential-pillars-of-saas-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Key Takeaways from the Take Command Summit 2025: From Zero to Hero: Building the Perfect Defense
Discover key lessons from Take Command 2025 on building proactive, resilient cybersecurity defenses. Watch Ted Harrington's full session on demand.
https://blog.rapid7.com/2025/05/06/key-takeaways-from-the-take-command-summit-2025-from-zero-to-hero-building-the-perfect-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking the Glass Ceiling: Virginia Women Narrow The Cybersecurity Gender Gap
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story from Virginia Economic Development Partnership Sausalito, Calif. – May 6, 2025 In an increasingly digital world where data breaches, ransomware attacks, and other cybercrimes are pervasive, a skilled cybersecurity workforce is The post Hacking the Glass Ceiling: Virginia Women Narrow The Cybersecurity Gender Gap appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/hacking-the-glass-ceiling-virginia-women-narrow-the-cybersecurity-gender-gap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
A Model Context Protocol (MCP) server implementation that integrates with Firecrawl for web scraping capabilities. Big thanks to @vrknetha, @cawstudios for the initial implementation! You can also play around with our MCP Server on MCP.so's playground. Thanks to MCP.so for hosting and @gstarwd for integrating our server.  Features Scrape, crawl, search, extract, deep research and batch scrape support Web scraping with JS rendering URL discovery and crawling Web search with content extraction Automatic retries with exponential backoff Efficient batch processing with built-in rate limiting Credit usage monitoring for cloud API Comprehensive logging system Support for cloud and self-hosted Firecrawl instances Mobile/Desktop viewport support Smart content filtering with tag inclusion/exclusion...
http://www.kitploit.com/2025/05/firecrawl-mcp-server-official-firecrawl.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lampion Is Back With ClickFix Lures
Lampion malware distributors are now using the social engineering method ClickFix. Read our analysis of a recent campaign. The post Lampion Is Back With ClickFix Lures appeared first on Unit 42.
https://unit42.paloaltonetworks.com/lampion-malware-clickfix-lures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Toll road scams are in overdrive: Here's how to protect yourself
Have you received a text message about an unpaid road toll? Make sure you're not the next victim of a smishing scam.
https://www.welivesecurity.com/en/scams/put-brakes-toll-road-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kubernetes Ingress-nginx Controller RCE
What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as "IngressNightmare,” affecting Ingress-nginx, one of the popular ingress controllers available for Kubernetes. Using Ingress-NGINX is one of the most common methods for exposing Kubernetes applications externally.CVE-2025-1974 is considered the most serious of the five and has been assigned a CVSS score of 9.8 (critical). When chained with one of the lower severity vulnerabilities, it allows for unauthenticated remote code execution. This exploitation could result in the exposure of sensitive information that the controller can access. Consequently, unauthenticated attackers have the potential to compromise the system by executing unauthorized code.What is the recommended Mitigation?Kubernetes...
https://fortiguard.fortinet.com/threat-signal-report/6061
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CrushFTP Authentication Bypass
What is the Vulnerability?FortiGuard Labs has observed in-the-wild attack attempts targeting CVE-2025-31161, an authentication bypass vulnerability in CrushFTP managed file transfer (MFT) software. Successful exploitation may grant attackers administrative access to the application, posing a serious threat to enterprise environments.The vulnerability is remotely exploitable, and a proof-of-concept (PoC) exploit is now publicly available. This increases the risk of rapid adoption by threat actors, including ransomware groups who have historically targeted MFT platforms like MOVEit Transfer and Cleo MFT.According to the Shadowserver Foundation, approximately 1,800 unpatched, internet-exposed CrushFTP instances remain vulnerable globally, heightening the urgency for immediate mitigation.What...
https://fortiguard.fortinet.com/threat-signal-report/6072
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2025-4318 - Input validation issue in AWS Amplify Studio UI component properties
Publication Date: 2025/05/05 11:00 AM PDT Description The AWS Amplify Studio amplify-codegen-ui is an AWS package that generates front-end code from UI Builder entities (components, forms, views, and themes), primarily used in Amplify Studio for component previews and in AWS Command Line Interface (AWS CLI) for generating component files in customers' local applications We identified CVE-2025-4318, an input validation issue in Amplify Studio UI component properties. When importing a component schema using the create-component command, Amplify Studio will import and generate the component on the users' behalf. The expression-binding function does not validate the component schema properties before converting them to expressions. As a result, an authenticated user who can create or...
https://aws.amazon.com/security/security-bulletins/AWS-2025-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge
This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more. The post Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge appeared first on The GitHub Blog.
https://github.blog/open-source/maintainers/welcome-to-maintainer-month-events-exclusive-discounts-and-a-new-security-challenge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strengthening Software Security Under the EU Cyber Resilience Act: A High-Level Guide for Security Leaders and CISOs
Get guidance on key tenets of the EU CRA and how Legit can help address them.
https://www.legitsecurity.com/blog/strengthening-software-security-under-eu-cra
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft partners with Global Anti-Scam Alliance to fight cybercrime
In 2024 alone, scammers drained the global economy of more than .03 trillion. Together, Microsoft and the other members of GASA hope to stem these losses going forward. The post Microsoft partners with Global Anti-Scam Alliance to fight cybercrime appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/05/05/microsoft-partners-with-global-anti-scam-alliance-to-fight-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious package detection: Sonatype secures software supply chains
Malicious packages present a growing danger to software supply chains. From typosquatting attacks to sophisticated malware hidden within open source components, detecting and preventing malicious packages has become essential for ensuring the integrity and security of software.
https://www.sonatype.com/blog/malicious-package-detection-sonatype-protects-software-supply-chains
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Incidents impacting retailers – recommendations from the NCSC
A joint blog post by the NCSC's National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.
https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top 10 API Security Risks and the Importance of Penetration Testing
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story from Astra Sausalito, Calif. – May 5, 2025 The industry treats API security like a checklist—patch a few issues, enforce some rules, and move on. But these risks aren't isolated flaws; The post Top 10 API Security Risks and the Importance of Penetration Testing appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/top-10-api-security-risks-and-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
Real-time face swap and video deepfake with a single click and only a single image. Disclaimer This deepfake software is designed to be a productive tool for the AI-generated media industry. It can assist artists in animating custom characters, creating engaging content, and even using models for clothing design. We are aware of the potential for unethical applications and are committed to preventative measures. A built-in check prevents the program from processing inappropriate media (nudity, graphic content, sensitive material like war footage, etc.). We will continue to develop this project responsibly, adhering to the law and ethics. We may shut down the project or add watermarks if legally required. Ethical Use: Users are expected to use this software responsibly and legally. If using...
http://www.kitploit.com/2025/05/deep-live-cam-real-time-face-swap-and.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/articles/threat-intelligence/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
🐫 CAMEL is an open-source community dedicated to finding the scaling laws of agents. We believe that studying these agents on a large scale offers valuable insights into their behaviors, capabilities, and potential risks. To facilitate research in this field, we implement and support various types of agents, tasks, prompts, models, and simulated environments. CAMEL Framework Design Principles 🧬 Evolvability The framework enables multi-agent systems to continuously evolve by generating data and interacting with environments. This evolution can be driven by reinforcement learning with verifiable rewards or supervised learning. 📈 Scalability The framework is designed to support systems with millions of agents, ensuring efficient coordination, communication, and resource...
http://www.kitploit.com/2025/05/camel-first-and-best-multi-agent.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
  Automatically generates beautiful and easy-to-read ER diagrams from your database. Website • Documentation • Roadmap What's Liam ERD? Liam ERD generates beautiful, interactive ER diagrams from your database. Whether you're working on public or private repositories, Liam ERD helps you visualize complex schemas with ease. Beautiful UI & Interactive: A clean design and intuitive features (like panning, zooming, and filtering) make it easy to understand even the most complex databases. Simple Reverse Engineering: Seamlessly turn your existing database schemas into clear, readable diagrams. Effortless Setup: Get started with zero configuration—just provide your schema, and you're good to go. High Performance: Optimized for both small and large projects, easily handling...
http://www.kitploit.com/2025/05/liam-automatically-generates-beautiful.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Wrap-Up 05/02/2025
This week, Metasploit released a fix for a vulnerability that was privately disclosed to us by long-time community member bcoles. Learn more!
https://blog.rapid7.com/2025/05/02/metasploit-wrap-up-114/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RSAC 2025 wrap-up – Week in security with Tony Anscombe
From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussions
https://www.welivesecurity.com/en/videos/rsac-2025-wrap-up-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SubGPT - Find Subdomains With GPT, For Free
SubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to find more. Best part? It's free! The following subdomains were found by this tool with these 30 subdomains as input. call-prompts-staging.example.comdclb02-dca1.prod.example.comactivedirectory-sjc1.example.comiadm-staging.example.comelevatenetwork-c.example.com If you like my work, you can support me with as little as , here :) Install & Configuration Installation with pip (recommended): pip install subgpt from github: git clone https://github.com/s0md3v/SubGPT && cd SubGPT && python setup.py install Getting Bing Cookie Install the cookie editor extension (Chrome, Firefox) Visit bing.com, make sure you are logged in. Open the extension and copy your cookie using...
http://www.kitploit.com/2025/05/subgpt-find-subdomains-with-gpt-for-free.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

xAI Dev Leaks API Key for Private SpaceX, Tesla LLMs
A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.
https://krebsonsecurity.com/2025/05/xai-dev-leaks-api-key-for-private-spacex-tesla-llms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Uro - Declutters Url Lists For Crawling/Pentesting
Using a URL list for security testing can be painful as there are a lot of URLs that have uninteresting/duplicate content; uro aims to solve that. It doesn't make any http requests to the URLs and removes: - incremental urls e.g. /page/1/ and /page/2/ - blog posts and similar human written content e.g. /posts/a-brief-history-of-time - urls with same path but parameter value difference e.g. /page.php?id=1 and /page.php?id=2 - images, js, css and other "useless" files Installation The recommended way to install uro is as follows: pipx install uro Note: If you are using an older version of python, use pip instead of pipx Basic Usage The quickest way to include uro in your workflow is to feed it data through stdin and print it to your terminal. cat urls.txt | uro Advanced usage...
http://www.kitploit.com/2025/05/uro-declutters-url-lists-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Agents Are Here. So Are the Threats.
Programs leveraging AI agents are increasingly popular. Nine attack scenarios using open-source agent frameworks show how bad actors target these applications. The post AI Agents Are Here. So Are the Threats. appeared first on Unit 42.
https://unit42.paloaltonetworks.com/agentic-ai-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macOS users to apply security updates as soon as possible. The post Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/05/01/analyzing-cve-2025-31191-a-macos-security-scoped-bookmarks-based-sandbox-escape/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pushing passkeys forward: Microsoft's latest updates for simpler, safer sign-ins
Celebrate World Passkey Day with Microsoft! Join us in embracing passkeys for secure, passwordless sign-ins. Learn more about our commitment to a safer digital future. The post Pushing passkeys forward: Microsoft's latest updates for simpler, safer sign-ins appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why is Ransomware Still a Thing in 2025?
Ransomware remains a crisis because we are still giving attackers the upper hand. To regain control, we need to understand how we've made it so easy for them, and what we can do to change that.
https://blog.rapid7.com/2025/05/01/why-is-ransomware-still-a-thing-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TehetségKapu - 54,357 breached accounts
In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.
https://haveibeenpwned.com/PwnedWebsites#TehetsegKapu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alleged ‘Scattered Spider' Member Extradited to U.S.
A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than million stolen from victims.
https://krebsonsecurity.com/2025/04/alleged-scattered-spider-member-extradited-to-u-s/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

14 secure coding tips: Learn from the experts at Microsoft Build
At Microsoft Build 2025, we're bringing together security engineers, researchers, and developers to share practical tips and modern best practices to help you ship secure code faster. The post 14 secure coding tips: Learn from the experts at Microsoft Build appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/14-secure-coding-tips-learn-from-the-experts-at-build/4407147
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Revived CryptoJS library is a crypto stealer in disguise
An illicit npm package called 'crypto-encrypt-ts' may appear to revive the unmaintained but vastly popular CryptoJS library, but what it actually does is peek into your crypto wallet and exfiltrate your secrets to threat actors.
https://www.sonatype.com/blog/revived-cryptojs-library-is-a-crypto-stealer-in-disguise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites. What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.   Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Wshlient - A Simple Tool To Interact With Web Shells And Command Injection Vulnerabilities
Web Shell Client Description & Demo Wshlient is a web shell client designed to be pretty simple yet versatile. One just need to create a text file containing an HTTP request and inform where Wshlient inject the commands, then you can enjoy a shell. In the case the above video does not works for you: Installation Out of python's included batteries Wshclient only uses requests. Just install it directly or using requirements.txt: $ git clone https://github.com/gildasio/wshlient$ cd wshlient$ pip install -r requirements.txt$ ./wshlient.py -h Alternatively you can also create a symbolic link in your $PATH to use it directly anywhere in the system: $ ln -s $PWD/wshlient.py /usr/local/bin/wshlient Usage $ ./wshlient.py -husage: wshlient.py [-h] [-d] [-i] [-ne] [-it INJECTION_TOKEN]...
http://www.kitploit.com/2025/04/wshlient-simple-tool-to-interact-with.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks
https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

4chan Is Back Online After Cyberattack, But With Issues
The imageboard 4chan is back online after a weeks-long outage following a cyberattack. While the… 4chan Is Back Online After Cyberattack, But With Issues on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/30/4chan-is-back-online-after-cyberattack-but-with-issues/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cutting through the noise: How to prioritize Dependabot alerts
Learn how to effectively prioritize alerts using severity (CVSS), exploitation likelihood (EPSS), and repository properties, so you can focus on the most critical vulnerabilities first. The post Cutting through the noise: How to prioritize Dependabot alerts appeared first on The GitHub Blog.
https://github.blog/security/application-security/cutting-through-the-noise-how-to-prioritize-dependabot-alerts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft announces the 2025 Security Excellence Awards winners
Congratulations to the winners of the Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond. The post Microsoft announces the 2025 Security Excellence Awards winners appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/29/microsoft-announces-the-2025-security-excellence-awards-winners/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This month in security with Tony Anscombe – April 2025 edition
From the near-demise of MITRE's CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-april-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Outlaw cybergang attacking targets worldwide
The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet's SSH-based infection chain.
https://securelist.com/outlaw-botnet/116444/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gremlin Stealer: New Stealer on Sale in Underground Forum
Advertised on Telegram, Gremlin Stealer is new malware active since March 2025 written in C#. Data stolen is uploaded to a server for publication. The post Gremlin Stealer: New Stealer on Sale in Underground Forum appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-malware-gremlin-stealer-for-sale-on-telegram/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments
TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations. https://github.com/CompassSecurity/EntraFalcon Entra ID environments can contain thousands of objects – users, groups, service principals, and more – each with unique properties and complex relationships. While manual reviews through the Entra portal might be feasible in smaller environments, they […]
https://blog.compass-security.com/2025/04/introducing-entrafalcon-a-tool-to-enumerate-entra-id-objects-and-assignments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing New Legit ASPM AI Capabilities
Get details on Legit's new AI capabilities.
https://www.legitsecurity.com/blog/announcing-new-legit-aspm-ai-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SuperCard X Malware Attacks Android With NFC Relay Attacks
Android users need to stay wary of a new threat, particularly when dealing with payment… SuperCard X Malware Attacks Android With NFC Relay Attacks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/28/supercard-x-malware-attacks-android-with-nfc-relay-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cookie-Bite Attack Demoes Extension Exploit To Steal Browser Cookies
Researchers have devised a new attack strategy “Cookie-Bite” demonstrating cookie theft via malicious browser extensions.… Cookie-Bite Attack Demoes Extension Exploit To Steal Browser Cookies on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/28/cookie-bite-attack-demoes-extension-exploit-to-steal-browser-cookies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Faster, more personalized service begins at the frontline with Microsoft Intune
Secure, cloud-based endpoint management helps healthcare providers empower frontline staff and improve patient care. The post Faster, more personalized service begins at the frontline with Microsoft Intune appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/28/faster-more-personalized-service-begins-at-the-frontline-with-microsoft-intune/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How safe and secure is your iPhone really?
Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.
https://www.welivesecurity.com/en/mobile-security/how-safe-secure-iphone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ASUS Fixed Critical Auth Bypass Vulnerability In AiCloud Routers
ASUS recently patched a vulnerability in routers enabled with AiCloud that could allow executing unauthorized… ASUS Fixed Critical Auth Bypass Vulnerability In AiCloud Routers on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/28/asus-fixed-critical-auth-bypass-vulnerability-in-aicloud-routers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphone.net/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How SBOMs power secure software acquisition | Sonatype Blog
CISA's Supply Chain Integrity Month reminds us of an undeniable truth about modern software development: transparency in software supply chains is no longer optional. The theme of week 4 is "Transparency: Securing Hardware and Software Across the Supply Chain." With more than 90% of modern software applications relying on open source, this message couldn't be more timely. Transparency is at the heart of the current trend in legislative action, which puts a spotlight on the way agencies evaluate, purchase, and monitor software.
https://www.sonatype.com/blog/how-sboms-power-secure-software-acquisition
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​Explore practical best practices to secure your data with Microsoft Purview​​
Microsoft presents best practices for securing data and optimizing Microsoft Purview implementation, emphasizing the integration of people, processes, and technology. The post ​​Explore practical best practices to secure your data with Microsoft Purview​​ appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/04/25/explore-practical-best-practices-to-secure-your-data-with-microsoft-purview/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advanced Cryptography: new approaches to data privacy
A new NCSC paper discusses the suitability of emerging Advanced Cryptography techniques.
https://www.ncsc.gov.uk/blog-post/advanced-cryptography-new-approaches-to-data-privacy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Build smarter with AI and your software supply chain
AI adoption is reshaping how software gets built. From coding assistants to full-fledged agentic AI applications, developers now routinely rely on artificial intelligence in their workflows. But a subtler shift is also underway: the rise of open source AI/ML models as foundational components in modern software development.
https://www.sonatype.com/blog/build-smarter-with-ai-and-your-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Triada strikes back
Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps.
https://securelist.com/triada-trojan-modules-analysis/116380/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deepfake 'doctors' take to TikTok to peddle bogus cures
Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements
https://www.welivesecurity.com/en/social-media/deepfake-doctors-tiktok-bogus-cures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RSAC 2025 Preview: What's The Buzz To Know Before the Show?

https://www.proofpoint.com/us/newsroom/news/rsac-2025-preview-whats-buzz-know-show
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Appoints Mark Templeton to its Board of Directors

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-appoints-mark-templeton-board-of-directors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Operation SyncHole: Lazarus APT goes back to the well
Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.
https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DOGE Worker's Code Supports NLRB Whistleblower
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25-year-old DOGE employee who has worked at a number of Musk's companies.
https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint unveils unified platforms to combat data & cyber risks

https://www.proofpoint.com/us/newsroom/news/proofpoint-unveils-unified-platforms-combat-data-cyber-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Extortion and Ransomware Trends January-March 2025
Ransomware leak site data and Unit 42 case studies reveal new trends from Q1 2025, including the most active groups, targeted industries and novel extortion tactics. The post Extortion and Ransomware Trends January-March 2025 appeared first on Unit 42.
https://unit42.paloaltonetworks.com/2025-ransomware-extortion-trends/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How fraudsters abuse Google Forms to spread scams
The form and quiz-building tool is a popular vector for social engineering and malware. Here's how to stay safe.
https://www.welivesecurity.com/en/scams/how-fraudsters-abuse-google-forms-spread-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​Elevate your organization's success: Submissions now open for the 2025 Sonatype Elevate Awards
We are thrilled to announce that the 2025 Sonatype Elevate Awards are officially open for submissions.
https://www.sonatype.com/blog/elevate-your-organizations-success-submissions-now-open-for-the-2025-sonatype-elevate-awards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Unveils Industry's First and Only Unified Solution to Reduce Costs and Cyber Risk Across the Expanding Workspace

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-unveils-industrys-first-and-only-unified-solution-reduce-costs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Debuts Unified Data Security Protection Across Data Exfiltration, Exposure and Insider Threats

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-debuts-unified-data-security-protection-across-data-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian organizations targeted by backdoor masquerading as secure networking software updates
While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates.
https://securelist.com/new-backdoor-mimics-security-software-update/116246/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Role of SSL Certificates in Website Security and Performance
Secure Sockets Layer (SSL) certificates are important for website security. Almost every list of website… The Role of SSL Certificates in Website Security and Performance on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/22/the-role-of-ssl-certificates-in-website-security-and-performance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.
https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2025-3857 - Infinite loop condition in Amazon.IonDotnet
Publication Date: 2025/04/21 08:00 AM PDT Description Amazon.IonDotnet (ion-dotnet) is a .NET library with an implementation of the Ion data serialization format. We identified CVE-2025-3857, an infinite loop condition in Amazon.IonDotnet. When reading binary Ion data through this library using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service. We released a fix in version 1.3.1 and recommend users upgrade to address this issue. Additionally, ensure any forked or derivative code is patched to incorporate the new fixes. Affected version: ...
https://aws.amazon.com/security/security-bulletins/AWS-2025-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shadow downloads – How developers have become the new perimeter
With great power comes great responsibility.
https://www.sonatype.com/blog/shadow-downloads-how-developers-have-become-the-new-perimeter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://www.safetydetectives.com/blog/lesley-carhart-dragos/
https://tisiphone.net/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lumma Stealer – Tracking distribution channels
During incident response activities, our GERT team discovered Lumma Stealer in a customer's infrastructure. Our experts conducted an investigation and analyzed its distribution scheme in detail.
https://securelist.com/lumma-fake-captcha-attacks-analysis/116274/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

False Face: Unit 42 Demonstrates the Alarming Ease of Synthetic Identity Creation
North Korean IT workers are reportedly using real-time deepfakes to secure remote work, raising serious security concerns. We explore the implications. The post False Face: Unit 42 Demonstrates the Alarming Ease of Synthetic Identity Creation appeared first on Unit 42.
https://unit42.paloaltonetworks.com/north-korean-synthetic-identity-creation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Phishing attacks leveraging HTML code inside SVG files
Attackers are increasingly sending phishing emails with SVG attachments that contain embedded HTML pages or JavaScript code.
https://securelist.com/svg-phishing/116256/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

State-sponsored hackers embrace ClickFix social engineering tactic

https://www.proofpoint.com/us/newsroom/news/state-sponsored-hackers-embrace-clickfix-social-engineering-tactic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 December 2024 Cyber Attacks Timeline
In the second timeline of December 2024, I collected 94 events with a threat landscape dominated by malware with...
https://www.hackmageddon.com/2025/04/18/16-31-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Legit Is Using Classic Economic Tools to Prevent Application Vulnerabilities
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/how-legit-is-using-classic-economic-models-to-prevent-application-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What to Look for in Application Security Posture Management (ASPM)
Get details on the key capabilities for an ASPM platform. 
https://www.legitsecurity.com/blog/what-to-look-for-in-application-security-posture-management-aspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Fixed An Old Chrome Flaw That Exposed Browsing History
Google Chrome receives a significant security update as the tech giant addresses a major security… Google Fixed An Old Chrome Flaw That Exposed Browsing History on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/17/google-fixed-an-old-chrome-flaw-that-exposed-browsing-history/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Defender For Endpoint Now Isolates Undiscovered Endpoints
With recent updates, Microsoft took another step towards thwarting network threats with Defender. As announced,… Microsoft Defender For Endpoint Now Isolates Undiscovered Endpoints on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/17/microsoft-defender-for-endpoint-now-isolates-undiscovered-endpoints/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
MysterySnail RAT attributed to IronHusky APT group hasn't been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.
https://securelist.com/mysterysnail-new-version/116226/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis
Agent Tesla, Remcos RAT and XLoader delivered via a complex phishing campaign. Learn how attackers are using multi-stage delivery to hinder analysis. The post Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis appeared first on Unit 42.
https://unit42.paloaltonetworks.com/phishing-campaign-with-complex-attack-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program -- which is traditionally funded each year by the Department of Homeland Security -- expires on April 16.
https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Measuring success in dataops, data governance, and data security

https://www.proofpoint.com/us/newsroom/news/measuring-success-dataops-data-governance-and-data-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building Web Check using PaaS
How Platform as a Service (PaaS) can make good security easier to achieve.
https://www.ncsc.gov.uk/blog-post/building-web-check-using-paas
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)
As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you were given a customer laptop and the aim was to “find something interesting”, perhaps a misconfiguration on the customer side. The problem was that the laptop […]
https://blog.compass-security.com/2025/04/3-milliseconds-to-admin-mastering-dll-hijacking-and-hooking-to-win-the-race-cve-2025-24076-and-cve-2025-24994/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trump Revenge Tour Targets Cyber Leaders, Elections
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs's employer SentinelOne, comes as CISA is facing huge funding and staffing cuts.
https://krebsonsecurity.com/2025/04/trump-revenge-tour-targets-cyber-leaders-elections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges. The post Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Samsung Germany Customer Tickets - 216,333 breached accounts
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
https://haveibeenpwned.com/PwnedWebsites#SamsungGermany
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows CLFS Driver Elevation of Privilege
What is the Vulnerability?A zero-day vulnerability has recently been identified in the Common Log File System (CLFS) kernel driver. CLFS is a general-purpose logging subsystem within the Windows operating system that provides a high-performance way to store log data for various applications. If successfully exploited, an attacker operating under a standard user account can elevate their privileges.Furthermore, Microsoft has observed that the exploit has been utilized by PipeMagic malware and has attributed this exploitation activity to Storm-2460, which has also leveraged PipeMagic to distribute ransomware. Microsoft has published a blog that provides an in-depth analysis of Microsoft's findings regarding the CLFS exploit and the associated activities. Exploitation of CLFS zero-day leads to...
https://fortiguard.fortinet.com/threat-signal-report/6073
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How we're making security easier for the average developer
Security should be native to your workflow, not a painful separate process. The post How we're making security easier for the average developer appeared first on The GitHub Blog.
https://github.blog/security/application-security/how-were-making-security-easier-for-the-average-developer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China-based SMS Phishing Triad Pivots to Banks
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.
https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to request a change to a CVE record
Learn how to identify which CVE Numbering Authority is responsible for the record, how to contact them, and what to include with your suggestion. The post How to request a change to a CVE record appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-request-a-change-to-a-cve-record/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit Scans for Secrets in SharePoint
Get details on Legit's new ability to scan for secrets in SharePoint.
https://www.legitsecurity.com/blog/legit-scans-for-secrets-in-sharepoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Qraved - 984,519 breached accounts
In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.
https://haveibeenpwned.com/PwnedWebsites#Qraved
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Boulanger - 2,077,078 breached accounts
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
https://haveibeenpwned.com/PwnedWebsites#Boulanger
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Found means fixed: Reduce security debt at scale with GitHub security campaigns
Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams. The post Found means fixed: Reduce security debt at scale with GitHub security campaigns appeared first on The GitHub Blog.
https://github.blog/security/application-security/found-means-fixed-reduce-security-debt-at-scale-with-github-security-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Campaign Targets Amazon EC2 Instance Metadata via SSRF
Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS.
https://www.f5.com/labs/articles/threat-intelligence/campaign-targets-amazon-ec2-instance-metadata-via-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Simplifies Security Solutions Sales For Partners Through Ingram Micro Xvantage Platform

https://www.proofpoint.com/us/newsroom/news/proofpoint-simplifies-security-solutions-sales-partners-through-ingram-micro-xvantage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit and Traceable: Better Together
Get details on Legit's new partnership with Traceable.
https://www.legitsecurity.com/blog/legit-and-traceable-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google announces Sec-Gemini v1, a new experimental cybersecurity model
Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini teamToday, we're announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before. Effectively powering SecOps workflows requires state-of-the-art reasoning capabilities and extensive current cybersecurity knowledge. Sec-Gemini v1 achieves...
http://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Taming the Wild West of ML: Practical Model Signing with Sigstore
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers. In this blog post we will illustrate why this release is important from Google's point of view.With the advent of LLMs, the ML field has entered an era of rapid evolution. We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical...
http://security.googleblog.com/2025/04/taming-wild-west-of-ml-practical-model.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Power of Identifying Continuously Vulnerable Repositories (CVRs)
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/identifying-continuously-vulnerable-repositories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 December 2024 Cyber Attacks Timeline
In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated...
https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Localhost dangers: CORS and DNS rebinding
What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we'll describe some common CORS issues as well as how you can find and fix them. The post Localhost dangers: CORS and DNS rebinding appeared first on The GitHub Blog.
https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitHub found 39M secret leaks in 2024. Here's what we're doing to help
Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today's launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes. The post GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help appeared first on The GitHub Blog.
https://github.blog/security/application-security/next-evolution-github-advanced-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I wannabe Red Team Operator
Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often. “Hey there, how can I become a Red Team Operator? Yours sincerely, a recent graduate.” To us, this is like asking how to become a regular starter on a Premier League football team. There's nothing wrong with […]
https://blog.compass-security.com/2025/04/i-wannabe-red-team-operator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's My Daily Life Like (in OT DFIR)?
One of the most common questions I get asked by aspiring (and current) cybersecurity professionals is what my odd niche of the universe in critical infrastructure incident response is really like, day to day. So let me give a brief overview of what my work life is like. The first thing one needs to understand […]
https://tisiphone.net/2025/03/31/whats-my-daily-life-like-in-ot-dfir/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without explicit registry access could deploy new revisions of Cloud Run services that pulled private container images stored in the same GCP project. This was possible because Cloud Run uses a service agent with the necessary registry read permissions to retrieve these images, regardless of the caller's access level. By updating a service revision and injecting malicious commands into the container's arguments (e.g., using Netcat for reverse shell access), attackers could extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's trust model, which did not enforce a separate registry permission check on the deploying identity. Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities?Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a local authenticated attacker to escalate their privileges.According to a blog released by Mandiant, it has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. Ivanti Connect...
https://fortiguard.fortinet.com/threat-signal-report/5612
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
http://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)
Publication Date: 2025/03/31 08:10 AM PDT Description The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. We have identified the following issues within the AWS SAM CLI. A fix has been released and we recommend users upgrade to the latest version to address these issues. Additionally, users should ensure any forked or derivative code is patched to incorporate the new fixes. CVE-2025-3047: When running the AWS SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to...
https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

German Doner Kebab - 162,373 breached accounts
In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals.
https://haveibeenpwned.com/PwnedWebsites#GermanDonerKebab
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apache Tomcat RCE
What is the Vulnerability?On March 10, 2025, Apache issued a security advisory regarding a critical vulnerability (CVE-2025-24813) affecting the Apache Tomcat web server. This flaw could allow attackers to view or inject arbitrary content into security-sensitive files and potentially achieve remote code execution.Exploit code for this vulnerability is publicly available, and no authentication is required to launch an attack, making prompt mitigation essential. According to Apache, successful exploitation requires specific conditions, which may allow attackers to manipulate and view sensitive files or execute remote code.What is the recommended Mitigation?Impacted users should implement the recommended mitigations provided by Apache and follow the instructions outlined in the vendor's advisory:https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq-...
https://fortiguard.fortinet.com/threat-signal-report/6053
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive
How much do scraper bots affect your industry?
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bot-report-scraper-bots-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Prevent Web Scraping by Applying the Pyramid of Pain
The Bots Pyramid of Pain: a framework for effective bot defense.
https://www.f5.com/labs/articles/threat-intelligence/prevent-web-scraping-by-applying-the-pyramid-of-pain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with tough, versions prior to 0.20.0 (Multiple CVEs)
Publication Date: 2025/03/27 02:30PM PDT Description The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software. tough is a Rust client library for TUF repositories. AWS is aware of the following issues within tough, versions prior to 0.20.0. On March 27, 2025, we released a fix in tough 0.20.0 and recommend customers upgrade to address these issues and ensure any forked or derivative code is patched to incorporate the new fixes. CVE-2025-2885 relates to an issue with missing validation of the root metadata version number which could allow an actor to supply an unexpected version number to the client instead of the intended version in the root metadata file, altering the version fetched by...
https://aws.amazon.com/security/security-bulletins/AWS-2025-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New security requirements adopted by HTTPS certificate industry
Posted by Chrome Root Program, Chrome Security Team The Chrome Root Program launched in 2022 as part of Google's ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying security assurances provided by Transport Layer Security (TLS). Many of these initiatives are described on our forward looking, public roadmap named “Moving Forward, Together.” At a high-level, “Moving Forward, Together” is our vision of the future. It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy. It's focused on themes that we feel are essential...
http://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
http://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit Announces New Vulnerability Prevention Capabilities
Get details on Legit's new capabilities that allow AppSec teams to prevent introducing vulnerabilities.
https://www.legitsecurity.com/blog/legit-announces-new-vulnerability-prevention-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued an out-of-band security update for iOS: Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild": "[The target was] an individual employed by a Washington DC-based civil society organization with international offices... The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim. The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim." The day before,...
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Titan Security Keys now available in more countries
Posted by Christiaan Brand, Group Product ManagerWe're excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.What is a Titan Security Key?A Titan Security Key is a small, physical device that you can use to verify your identity when you sign in to your Google Account. It's like a second password that's much harder for cybercriminals to steal.Titan Security Keys allow you to store your passkeys on a strong, purpose-built...
http://security.googleblog.com/2025/03/titan-security-keys-now-available-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CodeQLEAKED - CodeQL Supply Chain Attack via Exposed Secret
A publicly exposed GitHub token in CodeQL workflow artifacts could allow attackers to execute malicious code in repositories using CodeQL, potentially leading to source code exfiltration, secrets compromise, and supply chain attacks. The vulnerability stemmed from a debug artifact containing environment variables, which could be downloaded and exploited within a 1-2 second window.
https://www.cloudvulndb.org/codeql-supply-chain-attack-exposed-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BlueSky InfoSec News List
Hello all, happy Tuesday. I’ve migrated my cybersecurity news feed list to BlueSky and it can now be found here: https://web-cdn.bsky.app/profile/hacks4pancakes.com/lists/3ll6ownhbuz2o I hope you find this useful. If you’re using Mastodon, the import process is a bit more manual: @Updated InfoSec Mastodon Lists!
https://tisiphone.net/2025/03/25/bluesky-infosec-news-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Troy Hunt's Mailchimp List - 16,627 breached accounts
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
https://haveibeenpwned.com/PwnedWebsites#TroyHuntMailchimpList
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issues with Kubernetes ingress-nginx controller (Multiple CVEs)
Publication Date: 2025/03/24 09:00AM PDT Description Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function. AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller. Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version. We have proactively notified customers who were identified as having this controller installed. References: CVE-2025-1098 - GitHub Issue CVE-2025-1974 - GitHub Issue CVE-2025-1097 - GitHub Issue CVE-2025-24514 - GitHub Issue...
https://aws.amazon.com/security/security-bulletins/AWS-2025-006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Next.js Vulnerability: What You Need to Know
Get details on this recent vulnerability, how to respond, and how Legit can help. 
https://www.legitsecurity.com/blog/next-js-vulnerability-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A maintainer's guide to vulnerability disclosure: GitHub tools to make it simple
A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start. The post A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/a-maintainers-guide-to-vulnerability-disclosure-github-tools-to-make-it-simple/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with the AWS CDK CLI and custom credential plugins (CVE-2025-2598)
Publication Date: 2025/03/21 07:00 AM PDT Description AWS identified CVE-2025-2598, an issue in the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI), versions 2.172.0 through 2.178.1. The AWS CDK CLI is a command line tool that deploys AWS CDK applications onto AWS accounts. When customers run AWS CDK CLI commands with credential plugins and configure those plugins to return temporary credentials by including an expiration property, this issue can potentially result in the AWS credentials retrieved by the plugin to be printed to the console output. Any user with access to where the CDK CLI was ran would have access to this output. We have released a fix for this issue and recommend customers upgrade to version 2.178.2 or later to address this issue....
https://aws.amazon.com/security/security-bulletins/AWS-2025-005/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/articles/threat-intelligence/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses
In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve learned, these techniques can be detected by proxies employing TLS inspection, by checking whether the hostname in the SNI matches the one in the HTTP Host header. If they […]
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Yes, That's Me on Your Radio!
I had the honor of another short segment on NPR’s Marketplace this morning. I spoke about the state of cyber crime, and the impact of US government changes on cyber defense.
https://tisiphone.net/2025/03/19/yes-thats-me-on-your-radio/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SpyX - 1,977,011 breached accounts
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
https://haveibeenpwned.com/PwnedWebsites#SpyX
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff.
https://tisiphone.net/2025/03/18/updated-infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lexipol - 672,546 breached accounts
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
https://haveibeenpwned.com/PwnedWebsites#Lexipol
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks. The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 3: Domain Fronting
The last two blog posts in this series were about SNI spoofing and Host header spoofing. We also learned that the latter is addressed by some vendors with a technique called "Domain Fronting Detection". But what exactly is domain fronting? This will be explained in this blog post.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing OSV-Scanner V2: Vulnerability scanner and remediation tool for open source
Posted by Rex Pan and Xueqin Cui, Google Open Source Security TeamIn December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities. Our goal is to simplify and streamline vulnerability management for developers and security teams alike.Today, we're thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with...
http://security.googleblog.com/2025/03/announcing-osv-scanner-v2-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/threat-intelligence/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 2: Host Header Spoofing
In the last post about bypassing web filters, I discussed how SNI spoofing works and how this can also be prevented by web filters. This post is about another bypass technique called Host Header spoofing.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we'll shed light on how these vulnerabilities that rely on a parser differential were uncovered. The post Sign in as anyone: Bypassing SAML SSO authentication with parser differentials appeared first on The GitHub Blog.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 1: SNI Spoofing
This is the first part of a series of blog posts about techniques to bypass web filters, looking at increasingly advanced techniques with each part. The first part is about how SNI spoofing can be used to bypass web filters.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple format string vulnerabilities
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb may allow a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands. Revised on 2025-05-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-325
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pre-authentication Denial of Service attack in OpenSSH - CVE-2025-26466
CVE-2025-26466A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-122
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders. The post Full exposure: A practical approach to handling sensitive data leaks appeared first on The GitHub Blog.
https://github.blog/security/full-exposure-a-practical-approach-to-handling-sensitive-data-leaks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Reward Program: 2024 in Review
Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who's reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who've recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and related initiatives:The Google VRP revamped its reward structure, bumping rewards up to a maximum...
http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enterprises Should Consider Replacing Employees' Home TP-Link Routers
An examination of CVE trends from February 2025 scanning data.
https://www.f5.com/labs/articles/threat-intelligence/enterprises-should-consider-replacing-employees-home-tp-link-routers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

November 2024 Cyber Attacks Statistics
In November 2024, Cyber Crime continued to lead the Motivations chart with 72%, up from 68% of October. Operations driven...
https://www.hackmageddon.com/2025/03/05/november-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with Temporary elevated access management (TEAM) - CVE-2025-1969
Publication Date: 2025/03/04 10:30 AM PST Description Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. We recommend customers upgrade TEAM to the latest release, version 1.2.2. Affected versions: <1.2.2 Resolution A fix has been released in version 1.2.2. Please refer to the "Update TEAM solution" documentation for instructions on upgrading. References GHSA-x9xv-r58p-qh86 CVE-2025-1969 Acknowledgement We would like to thank Redshift Cyber Security for collaborating on this issue through the coordinated vulnerability disclosure process. Please email aws-security@amazon.com with any security questions or concerns....
https://aws.amazon.com/security/security-bulletins/AWS-2025-004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New AI-Powered Scam Detection Features to Help Protect You on Android
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse Google has been at the forefront of protecting users from the ever-growing threat of scams and fraud with cutting-edge technologies and security expertise for years. In 2024, scammers used increasingly sophisticated tactics and generative AI-powered tools to steal more than trillion from mobile consumers globally, according to the Global Anti-Scam Alliance. And with the majority of scams now delivered through phone calls and text messages, we've been focused on making Android's safeguards even more intelligent with powerful Google AI to help keep your financial information and data safe. Today, we're launching two new industry-leading...
http://security.googleblog.com/2025/03/new-ai-powered-scam-detection-features.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Color Dating - 220,503 breached accounts
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
https://haveibeenpwned.com/PwnedWebsites#ColorDating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Flat Earth Sun, Moon and Zodiac App - 33,294 breached accounts
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.
https://haveibeenpwned.com/PwnedWebsites#FlatEarthDave
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spyzie - 518,643 breached accounts
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#Spyzie
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-30 November 2024 Cyber Attacks Timeline
In the second timeline of November 2024 I collected 117 events (7.8 events/day) with a threat landscape dominated by malware
https://www.hackmageddon.com/2025/02/27/16-30-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why AI Can't Replace Cybersecurity Analysts
As we face an extreme downturn in cybersecurity hiring which entry level candidates bear the brunt of, I want to address an elephant in the room: AI. I spend a lot of my time providing career clinics and mentorship, and I truly understand this is one of the worst cybersecurity job markets for young people […]
https://tisiphone.net/2025/02/26/why-ai-cant-replace-cybersecurity-analysts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Phillip Wylie Show!
I made an appearance on the wonderful Phillip Wylie show! It was incredibly kind of him to have me on. We talked about a kind of niche area of ICS – how to do digital forensics in that space – especially weird and legacy stuff – and what that actually means during incident response. Check […]
https://tisiphone.net/2025/02/26/the-phillip-wylie-show/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silent Reaper (Azure LogicApp Secrets Control Plane Exfiltration)
Azure iPaaS services, such as Logic Apps, separate the Control Plane (management) from the Data Plane (execution), but a flaw in this model enabled undetectable data harvesting. An attacker with Azure Reader access to workflow run history can silently extract sensitive data from executions, including secrets and API responses. This is possible because execution details are exposed via the Control Plane, bypassing Data Plane access controls. The root cause of this issue is the unintended exposure of runtime data through metadata endpoints, which could allow an attacker to passively collect information without triggering alerts or requiring direct execution privileges.
https://www.cloudvulndb.org/azure-logic-apps-secrets-control-plane-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vault Recon (Azure KeyVault Secrets Metadata Control Plane Exfiltration)
Azure Key Vault enforces a separation between the Control Plane (management) and Data Plane (secrets access). However, a flaw in this isolation allows unauthorized users to enumerate secrets and keys within a vault. By having Reader access or lesser privileges on a Key Vault, an attacker could leverage Azure Resource Explorer to access metadata about stored secrets. This is due to unintended exposure through the Control Plane, which should not provide insight into Data Plane resources. The root cause of this issue is insufficient isolation between the two planes, where metadata retrieval is permitted even when direct access to secrets is restricted. This allows attackers to gain information about sensitive assets without full permissions.
https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing tomorrow's software: the need for memory safety standards
Posted by Alex Rebert, Security Foundations, Ben Laurie, Research, Murali Vijayaraghavan, Research and Alex Richardson, SiliconFor decades, memory safety vulnerabilities have been at the center of various security incidents across the industry, eroding trust in technology and costing billions. Traditional approaches, like code auditing, fuzzing, and exploit mitigations – while helpful – haven't been enough to stem the tide, while incurring an increasingly high cost.In this blog post, we are calling for a fundamental shift: a collective commitment to finally eliminate this class of vulnerabilities, anchored on secure-by-design practices – not just for ourselves but for the generations that follow.The shift we are calling for is reinforced by a recent ACM article calling to standardize...
http://security.googleblog.com/2025/02/securing-tomorrows-software-need-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Passkeys
Don't we all know the hassle of managing loads of passwords, trying to come up with secure and unique ones only to try afterwards to remember them? Or always staying on high alert whether the URL is definitely the valid one for the website we are trying to visit? What if all this could be over soon? Welcome to Passkeys!
https://blog.compass-security.com/2025/02/passkeys/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 Vulnerability Scanning Surges 91%
Scans intensify, looking for a critical vulnerability in TBK DVR devices.
https://www.f5.com/labs/articles/threat-intelligence/2024-vulnerability-scanning-surges-91
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Out with the Old, In with the Bold: Gen Threat Labs
For years, Avast Decoded has been your go-to for the latest in cybersecurity insights and research. But as cybercriminals evolve, so do we. Starting now, our groundbreaking research, expert analysis and the stories that keep the digital world safe are moving to one place: the Gen Insights Blog. By uniting our expertise under the Gen […] The post Out with the Old, In with the Bold: Gen Threat Labs appeared first on Avast Threat Labs.
https://decoded.avast.io/salat/out-with-the-old-in-with-the-bold-gen-threat-labs/?utm_source=rss&utm_medium=rss&utm_campaign=out-with-the-old-in-with-the-bold-gen-threat-labs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stealthy AD CS Reconnaissance
Introducing a certipy parse command to perform stealthy offline AD CS enumeration based on local registry data.
https://blog.compass-security.com/2025/02/stealthy-ad-cs-reconnaissance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 November 2024 Cyber Attacks Timeline
In the first timeline of November 2024 I collected 128 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/02/06/1-15-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers. LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail. However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article. Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not just those implemented in the service, but any other object compatible with being remoted. For example, if you wanted to expose an XML document across the client-server boundary, you could use a pre-existing COM or .NET library and return that object back to the client. By default when the object is returned it's marshaled by reference, which results in the object staying in the out-of-process server. This flexibility has a number of downsides, one of which is the topic of this...
https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel. The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn't going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities...
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Path traversal issue in Deep Java Library - (CVE-2025-0851)
Publication Date: 2025/01/29 1:30 PM PST AWS identified CVE-2025-0851, a path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms that allows a bad actor to write files to arbitrary locations. If leveraged, an actor could gain SSH access by injecting an SSH key into the authorized_keys file, or upload HTML files to leverage cross-site scripting issues. We can confirm that this issue has not been leveraged. A fix for this issue has been released and we recommend the users of DJL upgrade to version 0.31.1 or later. Affected versions: 0.1.0 - 0.31.0 Resolution The patches are included in DJL 0.31.1. Reference CVE-2025-0851 GHSA-6h2x-4gjf-jc5w Please email aws-security@amazon.com with any security questions or concerns.
https://aws.amazon.com/security/security-bulletins/AWS-2025-003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How we kept the Google Play & Android app ecosystems safe in 2024
Posted by Bethel Otuteye and Khawaja Shams (Android Security and Privacy Team), and Ron Aquino (Play Trust and Safety) Android and Google Play comprise a vibrant ecosystem with billions of users around the globe and millions of helpful apps. Keeping this ecosystem safe for users and developers remains our top priority. However, like any flourishing ecosystem, it also attracts its share of bad actors. That's why every year, we continue to invest in more ways to protect our community and fight bad actors, so users can trust the apps they download from Google Play and developers can build thriving businesses. Last year, those investments included AI-powered threat detection, stronger privacy policies, supercharged developer tools, new industry-wide alliances, and more. As a result, we...
http://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2 ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in: 1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue. 1.0.8 ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
http://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

October 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for October 2024 where I collected and analyzed 240 events...
https://www.hackmageddon.com/2025/01/21/october-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3. As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 October 2024 Cyber Attacks Timeline
In the second timeline of October 2024 I collected 120 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/01/16/16-31-october-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe? Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email. Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors. This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years. Screenshot of claims on the BIScience website Contents Who is BIScience? BIScience collects data from millions of users BIScience buys data from partner third-party extensions BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Dangers of DNS Hijacking
How expired domains and improper DNS management can lead to severe security risks like MitM attacks, fraudulent TLS/SSL certifications, and more.
https://www.f5.com/labs/articles/threat-intelligence/the-dangers-of-dns-hijacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
http://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list: I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon: Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then? Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as...
https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Cybersecurity Predictions
&ldquo;I never think of the future. It comes soon enough.&rdquo;
https://www.f5.com/labs/articles/cisotociso/2025-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Posted by Seth Jenkins, Google Project ZeroThis blog post provides a technical analysis of exploit artifacts provided to us by Google's Threat Analysis Group (TAG) from Amnesty International. Amnesty’s report on these exploits is available here. Thanks to both Amnesty International and Google's Threat Analysis Group for providing the artifacts and collaborating on the subsequent technical analysis!IntroductionEarlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered,...
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dirty DAG - Azure Apache Airflow Integration Vulnerabilities
Unit 42 researchers identified vulnerabilities in the Azure Data Factory's integration with Apache Airflow. These vulnerabilities include misconfigured Kubernetes Role-Based Access Control (RBAC), improper secret handling in Azure's internal Geneva service, and weak authentication mechanisms. Exploiting these flaws, attackers could gain shadow admin control over Azure infrastructure by crafting malicious DAG files or compromising service principals, leading to unauthorized access, data exfiltration, malware deployment, and persistent control of the cluster. Once attackers gain access, they can escalate privileges within the Azure Kubernetes Service (AKS) cluster, compromise containerized environments, and exploit Azure's Geneva service to manipulate logs and metrics. The research highlighted...
https://www.cloudvulndb.org/azure-airflow-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the... The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Tooling Updates: OleView.NET
Posted by James Forshaw, Google Project ZeroThis is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such as privilege escalation and remote code execution. The updates were recently presented at the Microsoft Bluehat conference in Redmond under the name "DCOM Research for Everyone!". This blog expands on the topics discussed to give a bit more background and detail that couldn't be fit within the 45-minute timeslot. This post assumes a knowledge of COM as I'm only going to describe a limited number of terms.Using the OleView.NET Tooling Before we start the discussion it's important...
https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with DynamoDB local - CVE-2022-1471
Publication Date: 2024/12/11 2:00PM PST AWS is aware of CVE-2022-1471 in SnakeYaml software, included in DynamoDB local jar and Docker distributions from version 1.21 and version 2.0. If leveraged, this issue could allow an actor to perform remote code execution using the SnakeYaml's Constructor(), as the software does not restrict the types that can be instantiated during deserialization. AWS has found no evidence that this issue has been leveraged, however, customers should still take action. On November 6, 2024, we released a fix for this issue. Customers should upgrade DynamoDB local to the latest version: v1.25.1 and above, or 2.5.3 and above. Please email aws-security@amazon.com with any security questions or concerns.
https://aws.amazon.com/security/security-bulletins/AWS-2024-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Predictions 2025: The Future of Cybersecurity Unveiled
The digital world is evolving at breakneck speed. In 2025, we're set to witness transformative changes in cybersecurity that will redefine trust, security, and how we navigate our digital lives. Here's what we see coming: Read the full blog to explore the trends in depth. The future of cybersecurity will demand both solutions and vigilance. […] The post Predictions 2025: The Future of Cybersecurity Unveiled appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/predictions-2025-the-future-of-cybersecurity-unveiled/?utm_source=rss&utm_medium=rss&utm_campaign=predictions-2025-the-future-of-cybersecurity-unveiled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and... The post Zero Trust Architecture  appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before... The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to... The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),... The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go... The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Posted by Ivan Fratric, Google Project Zero Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware. However, despite this, during decoding, a large part of the AV1 format parsing happens in software, inside the kernel, more specifically inside the AppleAVD kernel extension (or at least, that used to be the case in macOS 14/ iOS 17). As fuzzing is one of the techniques we employ regularly, the question of how to effectively fuzz this code inevitably came up. It should be noted that I wasn’t the first person to look into the problem of Apple kernel extension fuzzing, so before going...
https://googleprojectzero.blogspot.com/2024/11/simple-macos-kernel-extension-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gen Q3/2024 Threat Report
The third quarter threat report is here—and it's packed with answers. Our Threat Labs team had uncovered some heavy stories behind the stats, exposing the relentless tactics shaping today's threat landscape. Here's what you need to know: This is just the surface. Read the full report and see how our Threat Labs team is relentlessly […] The post Gen Q3/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/gen-q3-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=gen-q3-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates. One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking Cybersecurity Talent: The Power of Apprenticeships
Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there's no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let's commit to supporting this important talent development approach
https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver's license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver's license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ModeLeak: LLM Model Exfiltration Vulnerability in Vertex AI
A vulnerability in GCP's Vertex AI service allows privilege escalation and unauthorized access to sensitive LLM models. Attackers can exfiltrate these models by exploiting misconfigurations in access controls and service bindings. By exploiting custom job permissions, researchers were able to escalate their privileges and gain unauthorized access to all data services in the project. In addition, deploying a poisoned model in Vertex AI led to the exfiltration of all other fine-tuned models, posing a proprietary and sensitive data exfiltration attack risk.
https://www.cloudvulndb.org/gcp-vertexai-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind. Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered the vulnerability and reported it to the developers in early October, who fixed it on the same day. Fortunately, we found...
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Repo swatting attack deletes/blocks GitHub and GitLab accounts
A technique called "repo swatting" allows attackers to delete GitHub and block GitLab accounts by exploiting file upload features and abuse reporting mechanisms. Attackers upload malicious files to a target's repository, then report the account for hosting malicious content, potentially resulting in account deletion. The vulnerability was partially mitigated by October 2024 via changes in upload URL paths and requirement for each uploader to be authenticated (in GitHub).
https://www.cloudvulndb.org/repo-swatting-attack-deletes-github-gitlab-accounts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet. While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse. While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? The theme 'Secure our World' resonates deeply with me, as it emphasizes our collective
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –... The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity... The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system. But as one tries to dig deeper and understand how the registry really works internally, things may get confusing really fast. What are hives? How do they map or relate to the top-level keys? Why are some HKEY root keys pointing inside of other root keys (e.g. HKCU being located under HKU)? These are all valid questions, but they are difficult to answer without fully understanding the interactions between the user-mode Registry API and the kernel-mode registry...
https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an... The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS CDK Bucket Squatting Risk
The AWS Cloud Development Kit (CDK) is a way of deploying infrastructure-as-code. The vulnerability involves AWS CDK's use of a predictable S3 bucket name format (cdk-{Qualifier}-assets-{Account-ID}-{Region}), where the default “random” qualifier (hnb659fds) is common and easily guessed. If an AWS customer deletes this bucket and reuses CDK, an attacker who claims the bucket can inject malicious CloudFormation templates, potentially gaining admin access. Attackers supposedly only need the AWS account ID to prepare the bucket in various regions, exploiting the default naming convention. However, it is important to note that the additional conditions greatly lower the likelihood of exploitation. The victim must use the CDK, having deleted the bucket, and then subsequently attempt to...
https://www.cloudvulndb.org/aws-cdk-squatting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a
https://www.nist.gov/blogs/cybersecurity-insights/iot-assignment-completed-report-barriers-us-iot-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Missing JWT issuer and signer validation in ALB middleware

https://www.cloudvulndb.org/missing-jwt-issuer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data exfil via VPC endpoint denials in CloudTrail
CloudTrail delivered events to the resource owner and API caller even when the API action was denied by the VPC endpoint policy. This could have enabled a stealthy data exfiltration method in cases where an attacker had previously compromised a VPC, by smuggling data through the user agent field in denied requests.
https://www.cloudvulndb.org/vpc-endpoint-log-data-exfil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to... The post Protecting Your Website From DDoS Attack appeared first on Hacker Combat.
https://www.hackercombat.com/ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Subdomain Takeover Vulnerability in GitLab Pages
A vulnerability in GitLab Pages allowed attackers to take over dangling custom domains pointing to 'instanceX.gitlab.io'. The issue occured when adding an unverified custom domain to GitLab Pages, which serves content for 7 days before disabling. This could lead to cookie stealing, phishing campaigns, and bypassing of Content-Security Policies and CORS.
https://www.cloudvulndb.org/subdomain-takeover-vulnerability-gitlab-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. After the disclosure, I received some questions about how this issue was discovered, since dav1d is already being fuzzed by at least oss-fuzz. This blog post explains what happened. It’s a useful case study in how to construct fuzzers to exercise as much code as possible. But first, some background...BackgroundDav1d Dav1d is a highly-optimized AV1 decoder. AV1 is a royalty-free video coding format developed by the Alliance...
https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133)
Publication Date: 2024/10/01 6:35 PM PDT AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin. Amazon Elastic Container Service (Amazon ECS) Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with the patched NVIDIA container toolkit v1.16.2. We recommend that ECS customers update to these AMIs (or the latest available). Additional information on the ECS-optimized AMI is available at in our "Amazon ECS-optimized Linux AMIs" developer guide. Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images...
https://aws.amazon.com/security/security-bulletins/AWS-2024-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment. Colibri Hero (also known as allcolibri) is a company with a noble mission: We want to create a world where organizations can make a positive impact on people and communities. One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website: Plantation financed by our partners So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CloudImposer
Google Cloud Composer is a managed service for Apache Airflow. Tenable discovered that the Cloud Composer package was vulnerable to dependency confusion, which could have allowed attackers to inject malicious code when the package was compiled from source. This could have led to remote code execution on machines running Cloud Composer, which include various other GCP services as well as internal servers at Google. The dependency confusion stemmed from Google's risky recommendation in their documentation to use the --extra-index-url argument when installing private Python packages. Following disclosure, Google fixed the dependency confusion vulnerability and also updated their documentation.
https://www.cloudvulndb.org/cloudimposer-gcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars. The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 0.103 LTS End of Life Announcement
The ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security vulnerability fix support from our team. This end of life date will be Sept. 14, 2024. ClamAV 0.103 users will be able to update signatures from the official database mirror for an additional one year after the EOL date. After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature updates. We recommend that users update to the newest LTS release, ClamAV 1.0.6. For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1. The most recent version of ClamAV can be found here: https://www.clamav.net/downloads The following is a list of major changes available to users in the newest versions of ClamAV. Since ClamAV 0.103, ClamAV 1.0 LTS adds: ·                     A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean. Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary. But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers. Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OpenSSH regreSSHion Attack (CVE-2024-6387)
CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This could lead to remote code execution with root privileges. Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-258
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The  cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […] The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild.  Diamorphine is a well-known […] The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same  threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests. As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs. We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors. In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package.  But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […] The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system. We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators. Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing. I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack). It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro. The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OpenSSH Terrapin attack (CVE-2023-48795)
CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. Revised on...
https://fortiguard.fortinet.com/psirt/FG-IR-23-490
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first. As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon. Update (2025-01-12): Added Lemmy endpoint which has been fixed by now. Also mentioned...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OS command injection
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command Revised on 2025-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-167
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)

https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...] The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...] The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...] The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...] The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […] The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […] The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […] The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […] The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […] The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […] The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […] The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […] The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […] The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […] The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...] The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...] The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...] The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...] The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...] The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...] The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)