L'Actu de la presse spécialisée
Legitimate Chrome VPN With 100,000+ Installs Silently Captures Screenshots and Exfiltrate Sensitive Data
A Chrome VPN extension with over 100,000 installations and verified badge status has been discovered operating as sophisticated spyware, continuously capturing user screenshots and exfiltrating sensitive data without consent. The extension, known as FreeVPN.One, masqueraded as a legitimate privacy tool while secretly implementing comprehensive surveillance capabilities that directly contradict its stated privacy promises. The malicious […]
The post Legitimate Chrome VPN With 100,000+ Installs Silently Captures Screenshots and Exfiltrate Sensitive Data appeared first on Cyber Security News.
https://cybersecuritynews.com/legitimate-chrome-vpn/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7701-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
(CVE-2023-52757, CVE-2024-49950, CVE-2024-38541, CVE-2023-52975,
CVE-2024-50073, CVE-2025-38083, CVE-2025-37797)
https://ubuntu.com/security/notices/USN-7701-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7682-6: Linux kernel (IBM) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network traffic control;
(CVE-2025-38083, CVE-2025-37797)
https://ubuntu.com/security/notices/USN-7682-6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A hacker tied to Yemen Cyber Army gets 20 months in prison
UK hacker Al-Tahery Al-Mashriky, tied to Yemen Cyber Army, gets 20 months in prison for website defacements and stolen data possession. Al-Tahery Al-Mashriky (26), a man from South Yorkshire, linked to the Yemen Cyber Army, has been sentenced to 20 months in prison for hacking and defacing websites in hacktivist campaigns. The UK's National Crime […]
https://securityaffairs.com/181320/cyber-crime/a-hacker-tied-to-yemen-cyber-army-gets-20-months-in-prison.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft releases emergency updates to fix Windows recovery
Microsoft has released emergency Windows out-of-band updates to resolve a known issue breaking reset and recovery operations after installing the August 2025 Windows security updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-windows-recovery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome High-Severity Vulnerability Let Attackers Execute Arbitrary Code
Google has released an emergency security update for Chrome to address a critical vulnerability that could allow attackers to crash the browser or execute arbitrary code on affected systems. The high-severity flaw, designated as CVE-2025-9132, affects Chrome’s V8 JavaScript engine and was discovered by Google’s automated vulnerability detection system, Big Sleep, on August 4, 2025. […]
The post Chrome High-Severity Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.
https://cybersecuritynews.com/chrome-high-severity-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Salty 2FA PhaaS platform Attacking Microsoft 365 Users to Steal Login Credentials
A sophisticated new Phishing-as-a-Service (PhaaS) framework dubbed “Salty 2FA” has emerged as a significant threat to Microsoft 365 users across US and European industries. This previously undocumented platform employs advanced obfuscation techniques and multi-stage execution chains specifically designed to bypass two-factor authentication mechanisms while stealing corporate credentials. The framework targets organizations spanning finance, telecommunications, energy, […]
The post New Salty 2FA PhaaS platform Attacking Microsoft 365 Users to Steal Login Credentials appeared first on Cyber Security News.
https://cybersecuritynews.com/new-salty-2fa-phaas-platform/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New GodRAT Weaponizing Screen Saver and Program Files to Attack Organizations
A sophisticated new Remote Access Trojan named GodRAT has emerged as a significant threat to financial institutions, leveraging deceptive screen saver files and steganographic techniques to infiltrate organizational networks. First detected in September 2024, this malware campaign has demonstrated remarkable persistence, with the most recent attacks observed as recently as August 12, 2025, indicating an […]
The post New GodRAT Weaponizing Screen Saver and Program Files to Attack Organizations appeared first on Cyber Security News.
https://cybersecuritynews.com/new-godrat-weaponizing-screen-saver/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0-Day Clickjacking Vulnerabilities Found in Major Password Managers like 1Password, LastPass and Others
A cybersecurity researcher has disclosed zero-day clickjacking vulnerabilities affecting eleven major password managers, potentially exposing tens of millions of users to credential theft through a single malicious click. The research, conducted by security expert Marek Tóth, reveals that attackers can exploit these vulnerabilities to steal credit card details, personal information, login credentials, and even two-factor […]
The post 0-Day Clickjacking Vulnerabilities Found in Major Password Managers like 1Password, LastPass and Others appeared first on Cyber Security News.
https://cybersecuritynews.com/0-day-clickjacking-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks
A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot.
Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice (DoJ) said. The botnet has been used to carry out large-scale DDoS-for-hire attacks targeting
https://thehackernews.com/2025/08/doj-charges-22-year-old-for-running.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Teams “couldn't connect” Error Following Recent Sidebar Update – Fix Released
Microsoft is in the process of deploying a fix for a service degradation issue affecting Microsoft Teams users globally, which presents a “couldn’t connect to this app” error upon launching the desktop and web applications. The problem, tracked under Microsoft reference TM1131505, stems from a recent update intended to enhance the platform’s user interface. Users […]
The post Microsoft Teams “couldn’t connect” Error Following Recent Sidebar Update – Fix Released appeared first on Cyber Security News.
https://cybersecuritynews.com/microsoft-teams-couldnt-connect-error/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7705-1: Tomcat vulnerabilities
It was discovered that Tomcat did not correctly handle case sensitivity.
An attacker could possibly use this issue to bypass authentication
mechanisms. (CVE-2025-46701)
Elysee Franchuk discovered that Tomcat did not correctly limit the number
of attributes for a session. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 24.04 LTS.
(CVE-2024-54677)
It was discovered that Tomcat did not correctly sanitize certain URLs. An
attacker could possibly use this issue to bypass authentication
mechanisms. (CVE-2025-31651)
It was discovered that Tomcat did not correctly handle certain malformed
HTTP headers,
which could lead to a memory leak. An attacker could possibly use this
issue to cause a denial of service. This issue only affected
Ubuntu...
https://ubuntu.com/security/notices/USN-7705-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 22.04: Linux Kernel Important Security Flaws 2025-7704-2
Several security issues were fixed in the Linux kernel.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7704-2-linux-kernel-fips-7sgv0dcaoqoo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 22.04 LTS: USN-7704-1 Critical Linux Kernel Security Exploits
Several security issues were fixed in the Linux kernel.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7704-1-linux-kernel-jzaoxiweiahh
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploit weaponizes SAP NetWeaver bugs for full system compromise
Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. A new exploit chaining two vulnerabilities, tracked as CVE-2025-31324 and CVE-2025-42999, in SAP NetWeaver exposes organizations to the risk of system compromise and data theft. CVE-2025-31324 (CVSS score: 10.0) is a missing authorization check in NetWeaver’s Visual Composer […]
https://securityaffairs.com/181325/security/exploit-weaponizes-sap-netweaver-bugs-for-full-system-compromise.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-53141: Root-Level Escalation in Linux Netfilter
A new Linux kernel vulnerability has surfaced, and if you're managing Linux systems, this flaw necessitates your immediate attention. CVE-2024-53141 is a critical bug affecting the netfilter subsystem''specifically, its ipset bitmap functionality.
https://linuxsecurity.com/news/security-vulnerabilities/cve-2024-53141-root-level-escalation-linux-netfilter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7704-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Arm Firmware Framework for ARMv8-A(FFA);
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NVDIMM (Non-Volatile Memory Device) drivers;
- NVME drivers;
- x86 platform drivers;
- TCM subsystem;
- Virtio drivers;
- File systems infrastructure;
- SMB network file system;
- LZO compression library;
- Digital Audio (PCM) driver;
- Tracing infrastructure;
- Padata parallel execution mechanism;
- CAN network layer;
- Networking core;
- TIPC protocol;
- ALSA framework;
(CVE-2025-38079, CVE-2025-38048, CVE-2025-38075, CVE-2025-38077,
CVE-2025-38035,...
https://ubuntu.com/security/notices/USN-7704-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Asian Orgs Shift Cybersecurity Requirements to Suppliers
The uptick in breaches in Asia has prompted a Japanese chipmaker and the Singaporean government to require vendors to pass cybersecurity checks to do business.
https://www.darkreading.com/cyber-risk/breaches-rise-asian-orgs-cybersecurity-requirements-suppliers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
USN-7704-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Arm Firmware Framework for ARMv8-A(FFA);
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NVDIMM (Non-Volatile Memory Device) drivers;
- NVME drivers;
- x86 platform drivers;
- TCM subsystem;
- Virtio drivers;
- File systems infrastructure;
- SMB network file system;
- LZO compression library;
- Digital Audio (PCM) driver;
- Tracing infrastructure;
- Padata parallel execution mechanism;
- CAN network layer;
- Networking core;
- TIPC protocol;
- ALSA framework;
(CVE-2025-38052, CVE-2025-38078, CVE-2025-38079, CVE-2025-38061,
CVE-2025-38044,...
https://ubuntu.com/security/notices/USN-7704-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 24.04 LTS: USN-7703-1 Critical Linux Kernel Security Updates
Several security issues were fixed in the Linux kernel.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7703-1-linux-kernel-m8asra3pbqq0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ethereum Meme Coin Pepeto Crosses ,200,000 Million in Presale Upon Listing
Pepeto, an early-stage crypto token, has surpassed million in contributions during its presale. Priced at .000000147 per token, Pepeto has attracted attention within the cryptocurrency sector. The project differentiates itself through a zero-fee exchange and PepetoSwap technology, supported by a cross-chain bridge.
https://hackernoon.com/ethereum-meme-coin-pepeto-crosses-00000-million-in-presale-upon-listing?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"First, they ignore you, and then they mock you, then they fight you." - Says Charles Hoskinson
Charles shared his thoughts on agtech, blockchain tech in healthcare, and his plans for the future.
https://hackernoon.com/first-they-ignore-you-and-then-they-mock-you-then-they-fight-you-says-charles-hoskinson?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
R0AR Announces Node Sale: Democratizing Layer 2 Infrastructure And Rewarding Community Participation
R0AR is the leading unified DeFi super-app built on Optimism's OP Stack. Starting 2025-8-25, individuals and institutions worldwide can purchase R0AR Node licenses, earning validator rewards while contributing to the decentralization of next-generation financial infrastructure.
https://hackernoon.com/r0ar-announces-node-sale-democratizing-layer-2-infrastructure-and-rewarding-community-participation?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7703-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Block layer subsystem;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Input Device (Mouse) drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- PCI subsystem;
- S/390 drivers;
- SPI subsystem;
- Trusted Execution Environment drivers;
- UFS subsystem;
- USB Device Class drivers;
- USB core drivers;
- USB Gadget drivers;
- Framebuffer layer;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- File systems infrastructure;
- SMB network file system;
...
https://ubuntu.com/security/notices/USN-7703-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Hacktivists Take Aim at Polish Power Plant, Again
This attack was seemingly more successful than the first iteration, causing disruptions at the plant.
https://www.darkreading.com/cyberattacks-data-breaches/russian-hacktivists-polish-power-plant-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agentic AI, Apple Intelligence, EV Chargers: Everyday Cybersecurity Peril Abounds for Businesses
Cybersecurity risks can come from everywhere, as these riveting Dark Reading News Desk videos detail. Check out Part 1 of our broadcast coverage of the top research presented at Black Hat USA 2025.
https://www.darkreading.com/cybersecurity-operations/agentic-ai-apple-intelligence-ev-chargers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oregon Man Charged in ‘Rapper Bot' DDoS Service
A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot," a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online extortionists, and tried to stay off the radar of law enforcement by ensuring that their botnet was never pointed at KrebsOnSecurity.
https://krebsonsecurity.com/2025/08/oregon-man-charged-in-rapper-bot-ddos-service/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Slackware 15.0: mozilla-firefox Important Security Patch 2025-231-01
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.
https://linuxsecurity.com/advisories/slackware/slackware-2025-231-01-mozilla-firefox-buydj1h3cqr2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUSE: Linux Kernel Important Security Fix for CVE-2025-38494, 38495
* bsc#1244337 * bsc#1247350 * bsc#1247351 Cross-References:
https://linuxsecurity.com/advisories/suse/suse-2025-02922-1-important-the-linux-kernel-qanhnwjsmoq9
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: Kernel Important Security Update, CVE-2025-38494, CVE-2025-38495
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-02922-1-important-the-linux-kernel-umizbjvwrzmo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Vibe Code With Security in Mind
As more organizations integrate vibe coding and AI-assisted coding into their application development processes, it's important to remember to put security first.
https://www.darkreading.com/application-security/how-to-vibe-code-with-security-in-mind
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PyPI now blocks domain resurrection attacks used for hijacking accounts
The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. [...]
https://www.bleepingcomputer.com/news/security/pypi-now-blocks-domain-resurrection-attacks-used-for-hijacking-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'RingReaper' Sneaks Right Past Linux EDRs
The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.
https://www.darkreading.com/cyber-risk/ringreaper-sneaks-past-linux-edrs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Innovator Spotlight: Backslash Security
Securing the Future of AI Powered Coding: Where Speed Meets Risk The rise of AI powered coding tools like Cursor and Windsurf have kicked off what many are calling the “vibe...
The post Innovator Spotlight: Backslash Security appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/innovator-spotlight-backslash-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Agents Access Everything, Fall to Zero-Click Exploit
Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" —and what that means for cyber risk.
https://www.darkreading.com/application-security/ai-agents-access-everything-zero-click-exploit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Crypto To Buy Right Now Ranked: Why Pepeto Beats Cardano And Solana
Pepeto (PEPETO) is a fast-rising memecoin blending viral appeal with real blockchain infrastructure. At just .000000147, a ,000 buy secures over 68 billion tokens. With more than million raised and 242% APY staking rewards, the project is already proving its pull on serious money.
https://hackernoon.com/best-crypto-to-buy-right-now-ranked-why-pepeto-beats-cardano-and-solana?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Research Unmask DPRK IT Workers Email Address and Hiring Patterns
Recent cybersecurity intelligence has exposed a sophisticated infiltration campaign orchestrated by North Korean state-sponsored threat actors, specifically the Jasper Sleet group, who have systematically penetrated Western organizations through fraudulent employment schemes. This operation, targeting primarily Web3, blockchain, and cryptocurrency companies, represents a significant evolution in North Korean cyber warfare tactics, eliminating the need for traditional […]
The post New Research Unmask DPRK IT Workers Email Address and Hiring Patterns appeared first on Cyber Security News.
https://cybersecuritynews.com/new-research-unmask-dprk-it-workers-email-address/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Millions Allegedly Affected in Allianz Insurance Breach
Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers.
https://www.darkreading.com/cyberattacks-data-breaches/millions-allianz-insurance-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Research Uncovers Connection Between VPN Apps and Multiple Security Vulnerabilities
A comprehensive security analysis has revealed alarming vulnerabilities affecting over 700 million users across multiple VPN applications, exposing critical flaws that compromise the very privacy and security these services promise to protect. Research conducted by cybersecurity experts from Arizona State University, Citizen Lab, and Bowdoin College has uncovered three distinct families of VPN providers that […]
The post New Research Uncovers Connection Between VPN Apps and Multiple Security Vulnerabilities appeared first on Cyber Security News.
https://cybersecuritynews.com/new-research-uncovers-connection-between-vpn-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Okta open-sources catalog of Auth0 rules for threat detection
Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs. [...]
https://www.bleepingcomputer.com/news/security/okta-open-sources-catalog-of-auth0-rules-for-threat-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the AI Stack for Federal Missions
The federal government is at a pivotal moment in understanding how to effectively bring the transformative power of AI to bear on mission assurance. Modernizing the software pipelines of government agencies and the contractors serving them is necessary to create better experiences for people accessing vital services like housing assistance, student aid, or medical benefits. Just as importantly, responsible AI adoption in the service of our national defense is foundational to our ability to innovate quickly while maintaining a strong cybersecurity posture.
https://www.sonatype.com/blog/securing-the-ai-stack-for-federal-missions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Winning SOCs Always Stay Ahead of Threats
Despite the escalating danger of cybersecurity breaches, high-performing Security Operations Centers are able to maintain their resilience and prevent attacks. That's what makes them essential for sustainable growth of businesses and organizations. But what enables powerful SOC teams to stay ahead of threats? Choosing Quality Over Quantity Winning SOCs use threat intelligence for early detection […]
The post How Winning SOCs Always Stay Ahead of Threats appeared first on Cyber Security News.
https://cybersecuritynews.com/how-winning-socs-always-stay-ahead-of-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft shares workaround for Teams "couldn't connect" error
Microsoft is resolving a known issue that causes "couldn't connect" errors when launching the Microsoft Teams desktop and web applications. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-teams-couldnt-connect-error/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Noodlophile Stealer evolution
Noodlophile malware spreads via copyright phishing, targeting firms in the U.S., Europe, Baltics & APAC with tailored spear-phishing lures. The Noodlophile malware campaign is expanding globally, using spear-phishing emails disguised as copyright notices. Threat actors tailor lures with details like Facebook Page IDs and company ownership data. Active for over a year, it now targets […]
https://securityaffairs.com/181236/cyber-crime/noodlophile-stealer-evolution.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper.
But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by other adversaries and evade detection, Red Canary said in
https://thehackernews.com/2025/08/apache-activemq-flaw-exploited-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain
Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.
https://www.darkreading.com/threat-intelligence/pipemagic-backdoor-resurfaces-play-ransomware-attack-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Australian ISP iiNet Reports Data Breach, Customer Accounts Stolen
Australian ISP iiNet confirms data breach as hackers stole 280,000 email accounts, phone numbers and user data using…
https://hackread.com/australia-isp-iinet-data-breach-customer-accounts-stolen/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI Launches ChatGPT Go Plan with Unlimited Access to GPT-5
OpenAI has unveiled ChatGPT Go, a budget-friendly subscription plan priced at just ₹399 per month (approximately USD, GST included). The announcement, made today, positions the service as an accessible entry point to cutting-edge AI capabilities, including unlimited access to the company’s latest GPT-5 model. Initially rolling out exclusively in India, this geo-restricted launch underscores […]
The post OpenAI Launches ChatGPT Go Plan with Unlimited Access to GPT-5 appeared first on Cyber Security News.
https://cybersecuritynews.com/openais-chatgpt-go/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Elastic rejects claims of a zero-day RCE flaw in Defend EDR
Enterprise search and security company Elastic is rejecting reports of a zero-day vulnerability impacting its Defend endpoint detection and response (EDR) product. [...]
https://www.bleepingcomputer.com/news/security/elastic-rejects-claims-of-a-zero-day-rce-flaw-in-defend-edr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI releases ChatGPT plan, but it's not available in the US for now
OpenAI has finally announced the GPT Go subscription, which costs just in the US or INR 399 in India. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/openai-releases-4-chatgpt-plan-but-its-not-available-in-the-us-for-now/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerNoon Newsletter: Can AI Save Centuries of Kurdish History? (8/19/2025)
How are you, hacker?
🪐 What's happening in tech today, August 19, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
homepage
straight to your inbox.
On this day,
Computer Pioneer Gordon Bell was born in 1934, Sputnik 5 launched by USSR in 1960, World's First Geostationary Satellite was Launched in 1964,
and we present you with these top quality stories.
From
Y Combinators Youngest Solo Founder Says Digital Identity Is The Internets Biggest Infrastructure
to
Building a Go Dependency Scanner From Scratch,
let's dive right in.
Y Combinators...
https://hackernoon.com/8-19-2025-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Federal Agency Makes Steampunk Appearance at Black Hat 2025
by Gary Miliefsky, Publisher, Cyber Defense Magazine Every year, Black Hat showcases not just the latest innovations and products from the cybersecurity industry but also the presence of major government...
The post Federal Agency Makes Steampunk Appearance at Black Hat 2025 appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/federal-agency-makes-steampunk-appearance-at-black-hat-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-powered stuffed animals: A good alternative for screen time?
Startups are ready to bring AI powered toys to the market as an alternative for screen time. But is that really progress?
https://www.malwarebytes.com/blog/news/2025/08/ai-powered-stuffed-animals-a-good-alternative-for-screen-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7702-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
https://ubuntu.com/security/notices/USN-7702-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ECUre: The AI-Powered Guardian Securing Your Car's Electronic Control Units from Malware
ECUre is an AI-driven, open-source platform that scans vehicle ECU firmware using static, dynamic, and machine learning analysis to detect malware, anomalies, and zero-day threats, providing real-time security insights for manufacturers, researchers, and fleet managers.
https://hackernoon.com/ecure-the-ai-powered-guardian-securing-your-cars-electronic-control-units-from-malware?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Importance of Customer Empathy and Direction in the Cybersecurity Industry
Customer support is crucial throughout information technology, and nowhere more so than cybersecurity. As customers defend their environments from sophisticated, well-funded adversaries and an ever-evolving threat landscape, cybersecurity vendors become...
The post The Importance of Customer Empathy and Direction in the Cybersecurity Industry appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-importance-of-customer-empathy-and-direction-in-the-cybersecurity-industry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Commits, Big Wins: How Atomic Changes Transform Developer Life
Learn how atomic Git commits transform developer productivity. Discover practical strategies for cleaner code reviews, faster debugging, and painless deployment
https://hackernoon.com/small-commits-big-wins-how-atomic-changes-transform-developer-life?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Becomes the Mediator in Family Inheritance Disputes
Inheritance disputes have been in existence as long as there have been families, and fortune. With the rise of generative AI, natural language processing, and machine-controlled legal assistants, the idea of an “AI mediator” isn't as improbable as it sounds.
https://hackernoon.com/when-ai-becomes-the-mediator-in-family-inheritance-disputes?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Citizen Lab Reports Hidden VPN Networks Sharing Ownership and Security Flaws
Citizen Lab’s new report, Hidden Links, uncovers a network of VPN providers like Turbo VPN and VPN Monster…
https://hackread.com/citizen-lab-vpn-networks-sharing-ownership-security-flaws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code
Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT.
The malicious activity involves the "distribution of malicious .SCR (screen saver) files disguised as financial documents via Skype messenger," Kaspersky researcher Saurabh Sharma said in a technical analysis published today.
The
https://thehackernews.com/2025/08/new-godrat-trojan-targets-trading-firms.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pharma firm Inotiv says ransomware attack impacted operations
American pharmaceutical company Inotiv has disclosed that some of its systems and data have been encrypted in a ransomware attack, impacting the company's business operations. [...]
https://www.bleepingcomputer.com/news/security/pharma-firm-inotiv-says-ransomware-attack-impacted-operations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Major GitHub Risk Vectors Hidden in Plain Sight
By addressing these overlooked risk vectors, organizations can continue leveraging GitHub's innovation while protecting against sophisticated supply chain attacks targeting interconnected software.
https://www.darkreading.com/cyberattacks-data-breaches/10-github-risk-vectors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: August security updates break Windows recovery, reset
Microsoft has confirmed that the August 2025 Windows security updates are breaking reset and recovery operations on systems running Windows 10 and older versions of Windows 11. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-august-security-updates-break-windows-recovery-reset/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Most Free-to-Play Games Fail to Monetize Beyond Their Top 5% of Players
Free-to-play games rely too heavily on IAPs and ads, leaving up to 95% of players unmonetized. With falling ad returns and limited in-app purchases, developers need new revenue streams. Background monetization—lightweight, privacy-compliant, and non-intrusive—offers a way to capture value from non-spending players while preserving gameplay and retention. The future of F2P lies in layering monetization strategies, not betting on just whales and ads.
https://hackernoon.com/why-most-free-to-play-games-fail-to-monetize-beyond-their-top-5percent-of-players?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing The Flow of Data In The Era Of Smart Manufacturing
Digital transformation is occurring across all industries at an unprecedented rate. IDC revealed that worldwide spending on IoT will surpass trillion in 2026 with AI spending following this trend as it is projected...
The post Securing The Flow of Data In The Era Of Smart Manufacturing appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/securing-the-flow-of-data-in-the-era-of-smart-manufacturing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution
A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft.
The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass authentication and achieve remote code execution, SAP security company Onapsis said.
CVE-2025-31324 (CVSS score: 10.0) - Missing
https://thehackernews.com/2025/08/public-exploit-for-chained-sap-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'DripDropper' Hackers Patch Their Own Exploit
An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.
https://www.darkreading.com/cyberattacks-data-breaches/dripdropper-hackers-patch-own-exploit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Online Poker Platforms Are Reinventing Cybersecurity Standards for Digital Gaming
The threat of cybercrime is continuously growing online. Developing technology can certainly be a great tool for societal improvement. However, it has its ramifications. The most obvious is that new technologies mean that bad actors have the ability to more effectively threaten those who are just looking for a good time. The concern regarding cybersecurity […]
The post How Online Poker Platforms Are Reinventing Cybersecurity Standards for Digital Gaming appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/19/how-online-poker-platforms-are-reinventing-cybersecurity-standards-for-digital-gaming/?utm_source=rss&utm_medium=rss&utm_campaign=how-online-poker-platforms-are-reinventing-cybersecurity-standards-for-digital-gaming
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Countries Can Collaborate To Combat Cybercrime
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 19, 2025 – Read the full story in The DefendOps Diaries The sentencing of Al-Tahery Al-Mashriky, a cybercriminal responsible for hacking approximately 3,000 websites, highlights the critical vulnerabilities in our digital infrastructures.
The post How Countries Can Collaborate To Combat Cybercrime appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/how-countries-can-collaborate-to-combat-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NY Business Council discloses data breach affecting 47,000 people
The Business Council of New York State (BCNYS) has revealed that attackers who breached its network in February stole the personal, financial, and health information of over 47,000 individuals. [...]
https://www.bleepingcomputer.com/news/security/business-council-of-new-york-state-discloses-data-breach-affecting-47-000-people/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
96,000 UK Police Bodycam Videos Lost After Data Transfer Mishap
The UK’s South Yorkshire Police lost 96,000 bodycam videos in a data transfer mishap, impacting 126 cases. Poor…
https://hackread.com/96000-uk-police-bodycam-videos-lost-data-transfer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback
The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data of U.S. citizens.
U.S. Director of National Intelligence (DNI) Tulsi Gabbard, in a statement posted on X, said the U.S. government had been working with its partners with the U.K. over the past few months to ensure that
https://thehackernews.com/2025/08/uk-government-drops-apple-encryption.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Your Security Culture is Critical to Mitigating Cyber Risk
After two decades of developing increasingly mature security architectures, organizations are running up against a hard truth: tools and technologies alone are not enough to mitigate cyber risk. As tech stacks have grown more sophisticated and capable, attackers have shifted their focus. They are no longer focusing on infrastructure vulnerabilities alone. Instead, they are increasingly
https://thehackernews.com/2025/08/why-your-security-culture-is-critical.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7639-2: Apache HTTP Server vulnerabilities
USN-7639-1 fixed several vulnerabilities in Apache. This update
provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and addressed a regression
fix (LP: #2119395). CVE-2025-49630 and CVE-2025-53020 only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that the Apache HTTP Server incorrectly handled
certain Content-Type response headers. A remote attacker could
possibly use this issue to perform HTTP response splitting attacks.
(CVE-2024-42516)
xiaojunjie discovered that the Apache HTTP Server mod_proxy module
incorrectly handled certain requests. A remote attacker could
possibly use this issue to send outbound proxy requests to an
arbitrary URL. (CVE-2024-43204)
John Runyon discovered that the Apache...
https://ubuntu.com/security/notices/USN-7639-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designers Need to Stop Being Product Managers and Shift Back to Design
Designers must stop acting like product managers or reciting scripts; true design comes from authentic passion, reasoning, and bold imagination.
https://hackernoon.com/designers-need-to-stop-being-product-managers-and-shift-back-to-design?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GodRAT – New RAT targeting financial institutions
Kaspersky experts analyze GodRAT, a new Gh0st RAT-based tool attacking financial firms. It is likely a successor of the AwesomePuppet RAT connected to the Winnti group.
https://securelist.com/godrat/117119/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fashionable Phishing Bait: GenAI on the Hook
GenAI-created phishing campaigns misuse tools ranging from website builders to text generators in order to create more convincing and scalable attacks.
The post Fashionable Phishing Bait: GenAI on the Hook appeared first on Unit 42.
https://unit42.paloaltonetworks.com/genai-phishing-bait/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Y Combinator's Youngest Solo Founder Says Digital Identity Is The Internet's Biggest Infrastructure
Kirill Avery, Y Combinator's youngest solo founder, warns that digital identity is the internet's biggest crisis. With cybercrime hitting .5 trillion by 2025 and bots making up half of internet traffic, traditional verification methods miss the real problem: distinguishing AI agents acting for humans versus malicious bots. His team was recently fooled by an AI-assisted job candidate who passed interviews but was fired within a week.
AI companies are repeating Big Tech's playbook of centralizing data without transparency, while government regulations like UK/EU age verification create surveillance infrastructure instead of privacy-preserving solutions. Without proper decentralized identity systems, the combination of AI integration and CBDC rollouts could enable unprecedented government...
https://hackernoon.com/y-combinators-youngest-solo-founder-says-digital-identity-is-the-internets-biggest-infrastructure?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7701-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
(CVE-2025-37797, CVE-2023-52757, CVE-2025-38083, CVE-2024-38541,
CVE-2024-49950, CVE-2024-50073, CVE-2023-52975)
https://ubuntu.com/security/notices/USN-7701-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building a Go Dependency Scanner From Scratch
Build a Go dependency scanner with the standard library: parse go.mod, query OSV for vulnerabilities, and analyze licenses.
https://hackernoon.com/building-a-go-dependency-scanner-from-scratch?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Allianz Life security breach impacted 1.1 million customers
Allianz Life breach exposed data of most of its 1.4M customers; HIBP lists 1.1M impacted, though the insurer hasn't confirmed exact figures. In July, Allianz Life disclosed a breach where hackers stole data from a cloud database, affecting most of its 1.4M customers and staff. Now, the data breach notification site Have I Been Pwned […]
https://securityaffairs.com/181294/data-breach/allianz-life-security-breach-impacted-1-1-million-customers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing evolution of the PipeMagic malware
Hackers exploited Windows flaw CVE-2025-29824 to deploy PipeMagic malware in RansomExx attacks, Kaspersky revealed. A joint report from Kaspersky and BI.ZONE analyzed the evolution of PipeMagic malware from its first detection in 2022 to new infections observed in 2025. The researchers identified key changes in its operators' tactics. BI.ZONE experts focused on a technical analysis of the CVE-2025-29824 vulnerability […]
https://securityaffairs.com/181286/breaking-news/analyzing-evolution-of-the-pipemagic-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Massive Allianz Life data breach impacts 1.1 million people
Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July. [...]
https://www.bleepingcomputer.com/news/security/massive-allianz-life-data-breach-impacts-11-million-people/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Trend Micro Apex One flaw, tracked as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) catalog. Early this month, Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and […]
https://securityaffairs.com/181283/hacking/u-s-cisa-adds-trend-micro-apex-one-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks
The maintainers of the Python Package Index (PyPI) repository have announced that the package manager now checks for expired domains to prevent supply chain attacks.
"These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts," Mike Fiedler, PyPI safety and security engineer at the Python
https://thehackernews.com/2025/08/pypi-blocks-1800-expired-domain-emails.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Iranian hacker group reportedly behind Albania cyber attack - MSN
Iranian hacker group reportedly behind Albania cyber attack. Story by IntelliNews. • 1mo. By bne IntelliNews.
https://www.msn.com/en-us/news/world/iranian-hacker-group-reportedly-behind-albania-cyber-attack/ar-AA1Hjuy4%3Focid%3DBingNewsVerp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyberattack shuts down computers at Middletown City Hall, impacts departments - WLWT
WELL, CHRIS, THE RESULT OF THIS CYBER ATTACK IS AFFECTING A LOT OF CITY OFFICES. SOME THINGS JUST AREN'T AVAILABLE RIGHT NOW, AND THE RIPPLE ...
https://www.wlwt.com/article/cyberattack-middletown-city-police-departments-services/65823046
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SBS Gujarati Australian update: 19 August 2025
... cyber attack, TPG says. Source: AAP / Lukas Coch. SBS Gujarati · View Podcast Series. Follow and Subscribe. Apple Podcasts · YouTube · Spotify.
https://www.sbs.com.au/language/gujarati/en/podcast-episode/sbs-gujarati-australian-update-19-august-2025/3w5cg2l8b
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bragg Hacked But Claims No Personal Information Affected - Vegas Slots Online
Bragg Gaming Group is the latest gambling-related firm to suffer a cyber attack. It joins the likes of Caesars Entertainment, ...
https://www.vegasslotsonline.com/news/2025/08/19/bragg-hacked-but-claims-no-personal-information-affected/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Workday Hit by Social Engineering Attack, Third-Party Data Exposed - TechRepublic
Abstract red background with binary code and cyber attack concept. Image: WhataWin/Adobe Stock. Workday, a leading provider of HR and financial ...
https://www.techrepublic.com/article/news-workday-data-breach-august/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Allianz Life Data Breach Exposes Personal Data of 1.1 Million - Infosecurity Magazine
A cyber-attack on Allianz Life, linked to the ShinyHunters group, has exposed the personal information of 1.1 million customers.
https://www.infosecurity-magazine.com/news/allianz-life-breach-exposes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Speed cameras knocked out after cyber attack - Bitdefender
Speed cameras knocked out after cyber attack ... Protect all your devices, without slowing them down. ... A hack of the Netherlands' Public Prosecution ...
https://www.bitdefender.com/en-us/blog/hotforsecurity/speed-cameras-knocked-out-after-cyber-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Australia's TPG Telecom flags cyber incident in its iiNet system - MSN
... Cyber Attack" in this illustration taken, February 19, 2024. REUTERS/Dado Ruvic/Illustration/File Photo © Thomson Reuters. (Reuters) -Australia's ...
https://www.msn.com/en-us/money/companies/australias-tpg-telecom-flags-cyber-incident-in-its-iinet-system/ar-AA1KL3om
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DBG Health hack: Cyber criminals target pharma empire and steal ex-employees' payroll information
Microsoft hit with cyber attack, thousands impacted globally · Business · 0. 2 Min Read. 21 Jul 2025. “The volume of extracted data, ready for sale or ...
https://thenightly.com.au/australia/dbg-health-hack-cyber-criminals-target-pharma-empire-and-steal-ex-employees-payroll-information-c-19717618
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Crime - Clinical Diagnostics Pays Ransom After Hackers Steal 300GB of Data - teiss
In a data security incident notice published on its website, Clinical Diagnostics said that it recently was a victim of a cyber attack. The ...
https://www.teiss.co.uk/cyber-crime/clinical-diagnostics-pays-ransom-after-hackers-steal-300gb-of-data-16256
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Preventing Cyber From Becoming the Next Uninsurable Risk - - Insurance Edge
Consequently, pricing and underwriting these risks have become more complex. Lloyds of London recently warned that a major cyber-attack on a global ...
https://insurance-edge.net/2025/08/19/preventing-cyber-from-becoming-the-next-uninsurable-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google issues red alert as new cyber attack targets Gmail users using AI with 'indirect ...
Google issues red alert as new cyber attack targets Gmail users using AI with 'indirect prompt injections' · Google warns its 1.8 billion Gmail users ...
https://www.hindustantimes.com/trending/google-issues-red-alert-as-new-cyber-attack-targets-gmail-users-using-ai-with-indirect-prompt-injections-101755600288240.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
How to spot the latest fake Gmail security alerts
Fake Gmail security alerts are tricking users into inadvertently handing over control of their accounts to scammers. Here's what to look for.
https://www.malwarebytes.com/blog/news/2025/08/how-to-spot-the-latest-fake-gmail-security-alerts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure AI Use Without the Blind Spots
Why every company needs a clear, enforceable AI policy — now.
https://www.darkreading.com/cyber-risk/secure-ai-use-without-blind-spots
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7699-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- x86 architecture;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- GPU drivers;
- HID subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- Input Device core drivers;
- Network drivers;
- Mellanox network drivers;
- PHY drivers;
- Voltage and Current Regulator drivers;
- VideoCore services drivers;
- USB Type-C Connector System Software Interface driver;
- Xen hypervisor drivers;
- EROFS file system;
- Network file system (NFS) client;
- File systems infrastructure;
- SMB network file...
https://ubuntu.com/security/notices/USN-7699-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Noodlophile Stealer Hides Behind Bogus Copyright Complaints
Noodlophile is targeting enterprises in spear-phishing attacks using copyright claims as phishing lures.
https://www.darkreading.com/threat-intelligence/noodlophile-stealer-bogus-copyright-complaints
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Allianz Life - 1,115,061 breached accounts
In July 2025, Allianz Life was the victim of a cyber attack which resulted in millions of records later being leaked online. Allianz attributed the attack to "a social engineering technique" which targeted data on Salesforce and resulted in the exposure of 1.1M unique email addresses, names, genders, dates of birth, phone numbers and physical addresses.
https://haveibeenpwned.com/Breach/AllianzLife
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XenoRAT malware campaign hits multiple embassies in South Korea
A state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. [...]
https://www.bleepingcomputer.com/news/security/xenorat-malware-campaign-hits-multiple-embassies-in-south-korea/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region.
"The Noodlophile campaign, active for over a year, now leverages advanced spear-phishing emails posing as copyright infringement
https://thehackernews.com/2025/08/noodlophile-malware-campaign-expands.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nebraska man gets 1 year in prison for .5M cryptojacking scheme
A Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over .5 million to mine cryptocurrency worth nearly million. [...]
https://www.bleepingcomputer.com/news/security/nebraska-man-gets-1-year-in-prison-for-35m-cryptojacking-scheme/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake ChatGPT Desktop App Delivering PipeMagic Backdoor, Microsoft
Microsoft warns that a fake ChatGPT desktop app was used to deliver PipeMagic malware, linked to ransomware attacks…
https://hackread.com/fake-chatgpt-desktop-app-pipemagic-backdoor-microsoft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI for Cybersecurity: Building Trust in Your Workflows
In cybersecurity, speed matters, but trust is crucial. AI must ensure both rapid response and reliable decisions to avoid errors and disruption. In cybersecurity, speed matters. But speed without trust can be just as dangerous – if not more so – as no action at all. A hasty, inaccurate decision can disrupt critical systems, cause […]
https://securityaffairs.com/181278/security/ai-for-cybersecurity-building-trust-in-your-workflows.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q&A Spotlight: Tannu Jiwnani – Navigating Leadership, Challenges, and Empowering Diversity in Cybersecurity
The Gurus sat down with esteemed cyber professional Tannu Jiwnani to discuss navigating leadership, challenges, and empowering diversity in cybersecurity. Q: Can you share how you got to where you are today in your career? A: My journey into cybersecurity leadership wasn't a direct path, but each role I took along the way helped shape […]
The post Q&A Spotlight: Tannu Jiwnani – Navigating Leadership, Challenges, and Empowering Diversity in Cybersecurity appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/18/qa-spotlight-tannu-jiwnani-navigating-leadership-challenges-and-empowering-diversity-in-cybersecurity/?utm_source=rss&utm_medium=rss&utm_campaign=qa-spotlight-tannu-jiwnani-navigating-leadership-challenges-and-empowering-diversity-in-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploring DDoS Booters 2025: Architecture and Attack Strategies
Distributed Denial of Service, or DDoS, booters''or IP stressers, as they're also called''represent one of those shadowy operations that nearly seem like they belong to a hacker movie.
https://linuxsecurity.com/news/network-security/ddos-booter-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Copyright Notices Drop New Noodlophile Stealer Variant
Morphisec warns of a new Noodlophile Stealer variant spread via fake copyright phishing emails, using Dropbox links and…
https://hackread.com/phishing-scam-fake-copyright-notice-noodlophile-stealer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New EMA Research Highlights Keeper's Strength in Modern PAM
Keeper Security has announced the release of a new global survey report from Enterprise Management Associates (EMA), Beyond the Vault: Elevating Privileged Access Management in the Modern Enterprise. The independent survey and report evaluates eight major PAM platforms and identifies Keeper as a leader in deployment ease, security architecture and customer satisfaction. With 69% of organisations […]
The post New EMA Research Highlights Keeper's Strength in Modern PAM appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/18/new-ema-research-highlights-keepers-strength-in-modern-pam/?utm_source=rss&utm_medium=rss&utm_campaign=new-ema-research-highlights-keepers-strength-in-modern-pam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware
Cybersecurity researchers have lifted the lid on the threat actors' exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks.
The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vulnerability impacting the Windows Common Log File System (CLFS) that was addressed by Microsoft in April 2025,
https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Instagram Map: What is it and how do I control it?
Meta has introduced Instagram Map. How can you control what others can see about your location? An explainer.
https://www.malwarebytes.com/blog/news/2025/08/instagram-map-what-is-it-and-how-do-i-control-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"If you have knowledge, let others light their candles in it."
Why sharing lessons learned from cyber security incidents and ‘near misses' will help everyone to improve
https://www.ncsc.gov.uk/blog-post/let-others-light-candles
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Manpower Data Breach Hits 144K, Workday Confirms 3rd-Party CRM Hack
A cyberattack on Manpower’s Michigan office compromised data for 144,000 people. Meanwhile, Workday reveals a data breach in…
https://hackread.com/manpower-data-breach-workday-3rd-party-crm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Digital Advertising: Cyber Threats In 2025
In 2025, a simple online search can lead to more than just information—it could expose you to the latest trend in cybercrime: malvertising. This evolved form of online deception has...
The post The Dark Side of Digital Advertising: Cyber Threats In 2025 appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-dark-side-of-digital-advertising-cyber-threats-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7 Considerations for Disaster Recovery Plans for Remote Workforces
A disaster recovery plan is essential for businesses operating remote or hybrid workforces. The need for these plans has increased as more companies shift to decentralized teams. Remote employees are...
The post 7 Considerations for Disaster Recovery Plans for Remote Workforces appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/7-considerations-for-disaster-recovery-plans-for-remote-workforces/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More
Power doesn't just disappear in one big breach. It slips away in the small stuff—a patch that's missed, a setting that's wrong, a system no one is watching. Security usually doesn't fail all at once; it breaks slowly, then suddenly. Staying safe isn't about knowing everything—it's about acting fast and clear before problems pile up. Clarity keeps control. Hesitation creates risk.
Here are this
https://thehackernews.com/2025/08/weekly-recap-nfc-fraud-curly-comrades-n.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The .5 Trillion Shadow Economy and the Cybersecurity Gold Rush
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 18, 2025 – Read the full story in AInvest According to Cybersecurity Ventures, by 2025, global cybercrime damages are projected to hit .5 trillion annually—a figure that eclipses the combined profits of
The post The .5 Trillion Shadow Economy and the Cybersecurity Gold Rush appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-10-5-trillion-shadow-economy-and-the-cybersecurity-gold-rush/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is A Virtual Private Network (VPN)?
If you're managing a Linux environment, on-prem or in the cloud, chances are you've already tangled with questions of network security: firewalls, SSH hardening , package integrity checks '' all the usual suspects. But Virtual Private Networks (VPNs)?
https://linuxsecurity.com/features/features/what-is-a-vpn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WarLock Ransomware group Claims Breach at Colt Telecom and Hitachi
WarLock ransomware claims breach at Colt and Hitachi, with Colt investigating and working to restore systems while experts…
https://hackread.com/warlock-ransomware-group-breach-colt-telecom-hitachi/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution.
The package, named termncolor, realizes its nefarious functionality through a dependency package called colorinal by means of a multi-stage malware operation, Zscaler
https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lack of Developer Training Fuels Cyber Breaches Across UK Organisations
A new survey from SecureFlag has revealed serious shortcomings in how UK businesses protect themselves from software-related threats. In a poll of 100 C-suite and technology leaders, 67% admitted their organisation had suffered at least one cybersecurity breach or major incident in the past 12 months due to insecure coding practices, with nearly half experiencing […]
The post Lack of Developer Training Fuels Cyber Breaches Across UK Organisations appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/18/lack-of-developer-training-fuels-cyber-breaches-across-uk-organisations/?utm_source=rss&utm_medium=rss&utm_campaign=lack-of-developer-training-fuels-cyber-breaches-across-uk-organisations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wazuh for Regulatory Compliance
Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government contracting, or education. Some of these standards and frameworks include, but are not limited to:
https://thehackernews.com/2025/08/wazuh-for-regulatory-compliance.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824
We examine the evolution of the PipeMagic backdoor and the TTPs of its operators – from the RansomExx incident in 2022 to attacks in Brazil and the Middle East, and the exploitation of CVE-2025-29824 in 2025.
https://securelist.com/pipemagic/117270/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investors beware: AI-powered financial scams swamp social media
Can you tell the difference between legitimate marketing and deepfake scam ads? It's not always as easy as you may think.
https://www.welivesecurity.com/en/scams/investors-beware-ai-powered-financial-scams-swamp-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Human resources firm Workday disclosed a data breach
Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering. Workday is a cloud-based software company that specializes in enterprise applications for human capital management (HCM), financial management, and planning. The company provides services to over 11,000 organizations, including over 60% of Fortune 500 firms. The HR […]
https://securityaffairs.com/181271/data-breach/human-resources-firm-workday-disclosed-a-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DoJ seizes .8M linked to Zeppelin Ransomware
DoJ seized .8M in crypto from Ianis Antropenko, indicted in Texas and tied to the defunct Zeppelin ransomware. The U.S. Department of Justice (DoJ) seized more than .8 million in cryptocurrency from Ianis Aleksandrovich Antropenko. Antropenko was allegedly involved in now defunct Zeppelin ransomware operation (2019 – 2022), he also laundered proceeds via ChipMixer and structured […]
https://securityaffairs.com/181237/cyber-crime/doj-seizes-2-8m-linked-to-zeppelin-ransomware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Xerox fixed path traversal and XXE bugs in FreeFlow Core
Xerox patched two serious flaws in FreeFlow Core, path traversal and XXE injection, that allowed unauthenticated remote code execution. Xerox addressed two serious flaws, respectively tracked as CVE-2025-8355 and CVE-2025-8356, in FreeFlow Core. The vulnerabilities are a path traversal (CVE-2025-8355) and XXE injection (CVE-2025-8356), which allowed an unauthenticated attacker to achieve remote code execution. FreeFlow […]
https://securityaffairs.com/181243/security/xerox-fixed-path-traversal-and-xxe-bugs-in-freeflow-core.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (August 11 – August 17)
A list of topics we covered in the week of August 11 to August 17 of 2025
https://www.malwarebytes.com/blog/news/2025/08/a-week-in-security-august-11-august-17
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials
A seller named Chucky_BF is offering 15.8M PayPal logins with emails, passwords, and URLs. The data may come…
https://hackread.com/threat-actor-selling-plain-text-paypal-credentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shaping A Future-Proof Cybersecurity Strategy in The Era of Normalized Ransomware
As ransomware attacks increase in frequency and sophistication, businesses of all sizes will grapple with a critical decision: to pay or not to pay. What was once considered an extraordinary...
The post Shaping A Future-Proof Cybersecurity Strategy in The Era of Normalized Ransomware appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/shaping-a-future-proof-cybersecurity-strategy-in-the-era-of-normalized-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust: A Strong Strategy for Secure Enterprise
Zero trust frameworks challenge traditional perimeter-based security models by adopting a “never trust, always verify” approach. Unlike legacy security systems, zero trust requires continuous identity verification, strict least-privilege access controls,...
The post Zero Trust: A Strong Strategy for Secure Enterprise appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/zero-trust-a-strong-strategy-for-secure-enterprise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top Israeli Cybersecurity Official Arrested in US Child Exploitation Sting
The Las Vegas Metropolitan Police Department announced the arrest of eight individuals, including a top Israeli official, in…
https://hackread.com/israeli-cybersecurity-director-arrest-us-child-exploit-sting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Winning the Breach Intelligence Race: How CISOs Can Stay Ahead of Threats Using Public Data
Introduction In today's fast-evolving threat landscape, traditional breach detection systems often fall short in providing early warnings. CISOs are under pressure to not only respond to alerts faster but also...
The post Winning the Breach Intelligence Race: How CISOs Can Stay Ahead of Threats Using Public Data appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/winning-the-breach-intelligence-race-how-cisos-can-stay-ahead-of-threats-using-public-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Serial Hacker” Sentenced to 20 Months in UK Prison
Rotherham hacker Al-Tahery Al-Mashriky jailed for 20 months after global cyberattacks, stealing millions of logins and targeting government…
https://hackread.com/serial-hacker-sentenced-to-20-months-in-uk-prison/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Certification is Critical for Securing the Future of eSIM and IoT Connectivity
The Internet of Things (IoT) has evolved from a visionary concept into a global reality. With over 38 billion connected devices projected by 20301, the IoT ecosystem has expanded into...
The post Why Certification is Critical for Securing the Future of eSIM and IoT Connectivity appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/why-certification-is-critical-for-securing-the-future-of-esim-and-iot-connectivity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PXA Python Malware Targets Thousands Of Victims Globally
A new malware campaign has affected users globally, stealing sensitive data. Identified as PXA stealer,…
PXA Python Malware Targets Thousands Of Victims Globally on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/16/pxa-python-malware-targets-thousands-of-victims-globally/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Project Ire – Microsoft Launches AI Agent For Automated Malware Classification
Microsoft recently announced the launch of Project Ire – a dedicated AI agent for malware…
Project Ire – Microsoft Launches AI Agent For Automated Malware Classification on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/16/project-ire-microsoft-launches-ai-agent-for-automated-malware-classification/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump' Cashout Scheme
Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks.
https://krebsonsecurity.com/2025/08/mobile-phishers-target-brokerage-accounts-in-ramp-and-dump-cashout-scheme/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Italian hotels breached for tens of thousands of scanned IDs
A cybercriminal was found selling scanned IDs that were stolen from guests at Italian hotels on underground forums, warned CERT-AGID.
https://www.malwarebytes.com/blog/news/2025/08/italian-hotels-breached-for-tens-of-thousands-of-scanned-ids
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
National Public Data returns after massive Social Security Number leak
National Public Data has changed ownership. Does this mean your personal information has changed hands too?
https://www.malwarebytes.com/blog/news/2025/08/national-public-data-returns-after-massive-social-security-number-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentests Reveal Top 5 Most Impacted Industries In 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 15, 2025 – Download the full report from BreachLock BreachLock’s 2025 Penetration Testing Intelligence Report, released this week, analyzes over 4,200 pentests conducted over the past 12 months, uncovering the most
The post Pentests Reveal Top 5 Most Impacted Industries In 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/pentests-reveal-top-5-most-impacted-industries-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smishing in the Amazon
In this week’s KnowBe4 scam alert, you receive an unexpected text message that looks like it's from Amazon. The message claims that an item you bought failed a “routine quality inspection” or has been recalled. The text offers you a full refund, and you don't even need to return the item. You only have to […]
The post Smishing in the Amazon appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/15/smishing-in-the-amazon/?utm_source=rss&utm_medium=rss&utm_campaign=smishing-in-the-amazon
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking AI is TOO EASY (This Should Be Illegal)
How I Broke Into Fortune 500 Companies Using ChatGPT, and Why AI Security is a Ticking Time BombContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/hacking-ai-is-too-easy-this-should-be-illegal-90dd2b7b05bd?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CSRF Testing Methodology: From Detection to Exploitation
By Shah kaif | “CSRF isn't about what you can see — it's about what the app blindly trusts.” | LinkedIn1. Identify State-Changing ActionsStart by mapping the application's functionality. You're looking for features where a user's data or account state is changed.Examples:Change email/passwordAdd/delete address or payment methodTransfer fundsEnable/disable 2FAAdmin-level actionsIgnore GET requests unless you spot state-changing actions using GET (which is a misconfiguration on its own).2. Intercept & Analyze the RequestUse a proxy like Burp Suite to capture the HTTP request.Look at:Request Method (POST, PUT, DELETE, etc.)Endpoint URLForm fields and body parametersAuthentication mechanism (cookies, tokens, headers)Presence of CSRF protection tokens3. Check for...
https://infosecwriteups.com/csrf-testing-methodology-from-detection-to-exploitation-4235423af02e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JWT Pentesting: A Journey from Token to Takeover
By Shah kaif | “JWTs are like passports — useful when secure, dangerous when forged.” | LinkedInIntroductionJWTs (JSON Web Tokens) are everywhere. They're the backbone of modern authentication systems — lightweight, stateless, and compact. But with simplicity comes responsibility. A misconfigured JWT can lead to privilege escalation, unauthorized access, and even full account takeovers.This post walks you through the pentesting lifecycle of a JWT, from recon to exploitation, in a hands-on, beginner-to-advanced format.What Is a JWT?A JWT consists of three parts, separated by dots:<base64url-encoded header>.<base64url-encoded payload>.<signature>Example:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4ifQ.abc1234signaturehereHeader:...
https://infosecwriteups.com/jwt-pentesting-a-journey-from-token-to-takeover-1b2a7af08933?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Abusing GraphQL Introspection: A Gateway for Recon and Exploitation
By Shah kaif | “Security in GraphQL doesn't start at the mutation — it starts by shutting off introspection.” | LinkedInGraphQL has gained popularity for its flexibility and efficiency in querying APIs. But with this flexibility comes a potential vector for attackers — introspection.In this write-up, we'll explore how attackers, from beginners to advanced, exploit GraphQL introspection vulnerabilities, what kind of information can be extracted, and how this opens the door for more advanced attacks like object enumeration, privilege escalation, or unauthorized data access.What is GraphQL Introspection?GraphQL includes a feature called introspection, which allows clients to ask the GraphQL server for information about the schema. This is incredibly useful for tooling and...
https://infosecwriteups.com/abusing-graphql-introspection-a-gateway-for-recon-and-exploitation-ab5440ee6ade?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How We Discovered a Stored HTML Injection in a Chatbot System ️
By Shah kaif | “Bugs don't hide from the persistent, they wait to be understood.” | LinkedInThis write-up has been prepared under the guidance of Amish Patel, Lay Patel at Hacker4Help as part of our learning initiative on cybersecurity awareness.IntroductionAs budding cybersecurity enthusiasts, we're always on the lookout for vulnerable systems that can help us learn and sharpen our skills. One casual evening of testing led us — Het Patel and Shah kaif — to discover a Stored HTML Injection vulnerability in the chatbot feature of redacted.co.in, an AI-driven platform that connects users with verified professional experts across various categories.So Let's get started 😎What is Stored HTML Injection? 💥Before we dive into the juicy details, let's break down what...
https://infosecwriteups.com/how-we-discovered-a-stored-html-injection-in-a-chatbot-system-%EF%B8%8F-131da1a86c47?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive into SSTI: Finding and Exploiting Server-Side Template Injection Like a Pro
By Shah kaif | “Security doesn't fail in code. It fails in trust.” | LinkedInWhat is Server-Side Template Injection (SSTI)?Server-Side Template Injection (SSTI) occurs when user-supplied input is unsafely embedded into templates processed on the server-side. These templates (like Jinja2 in Python, Twig in PHP, or Velocity in Java) are often used for rendering dynamic web pages.If the developer blindly injects user input into the rendering context, it can allow arbitrary code execution — sometimes leading to full Remote Code Execution (RCE) depending on the engine and server configuration.Detecting SSTI: Initial Recon & FuzzingTypical Injection Points:Username, profile name, search inputsContact forms or support messagesURL parameters or route variablesError messages reflecting...
https://infosecwriteups.com/deep-dive-into-ssti-finding-and-exploiting-server-side-template-injection-like-a-pro-bd018ee7ab69?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced HTTP Request Smuggling (HRS) Exploitation Guide
By Shah kaif | “Two headers. One request. Your rules.” | LinkedInWhat is HTTP Request Smuggling?HTTP Request Smuggling occurs when front-end (proxy/load balancer) and back-end (origin server) interpret request boundaries differently due to ambiguity in HTTP parsing — CL.TE / TE.CL / TE.TE confusion. This leads to request desynchronization, enabling:Web cache poisoningCredential hijackingCross-user attacksInternal port scanningWAF bypassingWhere it WorksWhere It Shouldn't WorkTesting Methodology (Pro-Grade)1. Identify Candidate TargetsEndpoints behind reverse proxies/load balancersWeb apps with inconsistencies in error handlingAPIs served via proxy/CDNUse curl -I or Burp to analyze headers — look for:Via, X-Cache, X-Forwarded-For, Server, Age, Transfer-Encoding, etc.2....
https://infosecwriteups.com/advanced-http-request-smuggling-hrs-exploitation-guide-53ceadd5ac19?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote File Inclusion (RFI) — Full Breakdown for Beginners
Remote File Inclusion (RFI) — Full Breakdown for BeginnersBy Shah kaif | “Every dynamic parameter is a potential access point.” | LinkedInWhat is RFI?Remote File Inclusion (RFI) is a vulnerability found in web applications that dynamically include scripts or files based on user input. It allows an attacker to include a remotely hosted file — often containing malicious code — into the execution context of the application.It usually occurs in PHP environments where user-supplied input is passed into file-handling functions like:include($_GET['page']);require($_GET['file']);How RFI WorksIf the application fails to validate or sanitize input passed to an include() function, an attacker can trick it into loading a malicious file from a remote server.Vulnerable PHP Code:<?php...
https://infosecwriteups.com/remote-file-inclusion-rfi-full-breakdown-for-beginners-7f89c55e3b2a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Unfiltered Talk” — How Target Chatbot Let Me Redecorate Their Website
🤖 “Unfiltered Talk” — How Target Chatbot Let Me Redecorate Their WebsiteBy Shah kaif | “Never underestimate a bored hacker and a textbox with no input validation.” | LinkedInSetup: Me vs. Target.com ChatbotSo I was poking around target.com — like any bored tech nerd does — when I noticed something interesting.Their chatbot was just chilling on the homepage, But I had a better idea:What if the chatbot was… too trusting?Spoiler: it was.The Test: Code in the ChatI typed this in the chatbot (yes, seriously):<h1>Hello from the Dark Side 😈</h1>And guess what?Instead of ignoring it, filtering it, or freaking out — it just went: “Yes, sir. Rendering your hacker vibes now.”Suddenly, the chatbot window — and even parts of the page — started...
https://infosecwriteups.com/unfiltered-talk-how-target-chatbot-let-me-redecorate-their-website-693150c9a9e5?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Kernel Speaks C, but the World Dreams in C++
How two sibling languages came to shape — and divide — the foundations of computingContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/the-kernel-speaks-c-but-the-world-dreams-in-c-a6672ec7fb3b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple ZTNA Products Authentication Bypass
What is the Vulnerability?A series of critical vulnerabilities affecting leading zero trust platforms - Zscaler, Netskope, and Check Point (Perimeter 81) - have been disclosed following a seven-month research campaign by security researchers David Cash and Richard Warren. These flaws include authentication bypasses, privilege escalation, and hardcoded credentials, significantly weakening the core security assumptions of zero-trust environments.Zscaler (CVE-2025-54982): The most severe flaw is CVE-2025-54982, which affects Zscaler's SAML authentication mechanism. The vulnerability arises from the improper verification of cryptographic signatures in Zscaler's SAML authentication mechanism, allowing attackers to craft forged SAML assertions and bypass authentication, thereby posing a significant...
https://fortiguard.fortinet.com/threat-signal-report/6184
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-9039 - Issue with Amazon ECS agent introspection server
Bulletin ID: AWS-2025-018 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/08/14 09:15 PM PDT
Description:
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an introspection API that provides information about the overall state of the Amazon ECS agent and the container instances.
We identified CVE-2025-9039, an issue in the Amazon ECS agent. Under certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow inbound connections to the introspection server port. This issue...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Romance scammers in Ghana charged with more than 0 million in theft
Four men from Ghana were extradited for their alleged role in stealing more than 0 million through romance scams and BEC.
https://www.malwarebytes.com/blog/news/2025/08/romance-scammers-in-ghana-arrested-charged-with-more-than-100-million-in-theft
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
62% of People Believe AI Agents Are Easier To Deceive Than Humans
A new report by Salt Security (Securing the Future of Agentic AI: Building Consumer Trust through Robust API Security) highlights a critical warning: without proper Application Programming Interface (API) discovery, governance and security, the very technology meant to drive smarter customer engagement could open the door to cyber attacks or data leakage. The research also […]
The post 62% of People Believe AI Agents Are Easier To Deceive Than Humans appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/14/62-of-people-believe-ai-agents-are-easier-to-deceive-than-humans/?utm_source=rss&utm_medium=rss&utm_campaign=62-of-people-believe-ai-agents-are-easier-to-deceive-than-humans
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Laws of Software Haven't Changed. We're Just Choosing to Forget Them
We're in the middle of something that feels like a renaissance — a golden age of software creation that's less about syntax and more about prompting. At Black Hat 2025 last week, every conversation revolved around AI. As GPT-5 rolls out, the AI arms race intensifies between the U.S. and China, and regulators struggle to write legislation fast enough, AI is now helping people ship applications before they've even had their coffee. Code is being written, tested, and deployed by machines. Agents are stringing together APIs like Lego bricks.
https://www.sonatype.com/blog/the-laws-of-software-havent-changed.-were-just-choosing-to-forget-them
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Netflix scammers target jobseekers to trick them into handing over their Facebook logins
Scammers are sending out fake Netflix job offers to get control of Facebook accounts.
https://www.malwarebytes.com/blog/news/2025/08/netflix-scammers-target-jobseekers-to-trick-them-into-handing-over-their-facebook-logins
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Use-After-Free (UAF) Vulnerability?
Ever wonder how a seemingly minor bug in memory management can crack open a door for attackers to slip through? Meet the use-after-free (UAF) vulnerability''an elusive and dangerous class of memory corruption flaw that has plagued Linux systems (and others) for years.
https://linuxsecurity.com/features/features/what-is-a-use-after-free-uaf-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fortune 500 CISO on Ransomware Incident Response Planning and Cyberinsurance
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 14, 2025 – Listen to the Podcast In 2025 alone, global ransomware damage costs are predicted by Cybersecurity Ventures to cost billion, and that will rise to more than 5 billion annually by
The post Fortune 500 CISO on Ransomware Incident Response Planning and Cyberinsurance appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/fortune-500-ciso-on-ransomware-incident-response-planning-and-cyberinsurance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode
A beginner-friendly tutorial on analyzing .NET malware teaches you how to use common tools, recognize techniques and understand infection chains.
The post A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode appeared first on Unit 42.
https://unit42.paloaltonetworks.com/donut-malware-analysis-tutorial/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russians hacked US courts, say investigators
The US court filing system, which houses court records and sealed filings, was reportedly hacked by Russians seeking sensitive documents.
https://www.malwarebytes.com/blog/news/2025/08/russians-hacked-us-courts-say-investigators
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Troll Stealer Logs - 109,532,219 breached accounts
In June 2025, headlines erupted over a "16 billion password" breach. In reality, the dataset was a compilation of publicly accessible stealer logs, mostly repurposed from older leaks, with only a small portion of genuinely new material. HIBP received 2.7B rows containing 109M unique email addresses, which was subsequently added to the service under the name "Data Troll". The websites the stealer logs were captured against are searchable via the HIBP dashboard.
https://haveibeenpwned.com/Breach/DataTrollStealerLogs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-8904 - Issue with Amazon EMR Secret Agent component
Bulletin ID: AWS-2025-017 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/08/13 10:00 PM PDT
Description:
Amazon EMR is a managed cluster platform that simplifies running big data frameworks on AWS to process and analyze vast amounts of data.
We identified CVE-2025-8904, an issue in the Amazon EMR Secret Agent component. The Secret Agent component securely stores secrets and distributes secrets to other Amazon EMR components and applications. When using Amazon EMR clusters with one or more Lake Formation, Apache Ranger, runtime role, or Identity Center feature that uses this component, Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-017/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft patches some very important vulnerabilities in August’s patch Tuesday
In the August 2025 patch Tuesday round Microsoft fixed a total of 111 Microsoft vulnerabilities, some of which are very important.
https://www.malwarebytes.com/blog/news/2025/08/microsoft-patches-some-very-important-vulnerabilities-in-augusts-patch-tuesday
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, August 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, August 2025 Ransomware Group ‘World Leaks’ Claims Attack on U.S. Defense Contractors Ongoing Identity Data Leaks Target Hotels in Montecatini, Rimini, Milan, and Bardonecchia, Italy New Cyber Threat Group Emerges: Scattered Lapsus$ Hunters
https://asec.ahnlab.com/en/89585/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 2st Week of August, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of August, 2025”
https://asec.ahnlab.com/en/89589/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
July 2025 APT Attack Trends Report (South Korea)
Overview Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks that were identified during the month of July 2025. Figure 1. Statistics of APT attacks in South Korea in July 2025 The majority of APT attacks […]
https://asec.ahnlab.com/en/89639/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
July 2025 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples and affected systems, and affected companies that were collected over the course of July 2025, as well as major ransomware issues in and out of Korea. Below is a summary of the information. Disclaimer: The number of ransomware samples and damaged systems is […]
https://asec.ahnlab.com/en/89646/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SBOM Best Practices: What Global Leaders Are Asking and Doing
The software bill of materials (SBOM) drives the shift from compliance checkbox to cornerstone of modern software security, equipping organizations to navigate supply chain threats, evolving regulations, and the complexity of AI-generated code.
https://www.sonatype.com/blog/sbom-best-practices-what-global-leaders-are-asking-and-doing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New downgrade attack can bypass FIDO auth in Microsoft Entra ID
https://www.proofpoint.com/us/newsroom/news/new-downgrade-attack-can-bypass-fido-auth-microsoft-entra-id
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UK Online Safety Act impacts Gamers On Microsoft Xbox, Sony Playstation and Nintendo Switch
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 13, 2025 – Listen to the Podcast Microsoft recently shared details about how the UK Online Safety Act (OSA) will impact Xbox’s social features, which will now require age verification. Xbox’s VP of gaming trust
The post UK Online Safety Act impacts Gamers On Microsoft Xbox, Sony Playstation and Nintendo Switch appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/uk-online-safety-act-impacts-gamers-on-microsoft-xbox-sony-playstation-and-nintendo-switch/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WinRAR Fixed A Zero-Day Flaw Exploited By RomCom
The popular file archiving tool WinRAR had a serious zero-day vulnerability threatening systems with code…
WinRAR Fixed A Zero-Day Flaw Exploited By RomCom on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/13/winrar-fixed-a-zero-day-flaw-exploited-by-romcom/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why more transparency around cyber attacks is a good thing for everyone
Eleanor Fairford, Deputy Director of Incident Management at the NCSC, and Mihaela Jembei, Director of Regulatory Cyber at the Information Commissioner's Office (ICO), reflect on why it's so concerning when cyber attacks go unreported – and look at some of the misconceptions about how organisations respond to them.
https://www.ncsc.gov.uk/blog-post/why-more-transparency-around-cyber-attacks-is-a-good-thing-for-everyone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware: 'WannaCry' guidance for enterprise administrators
Guidance for enterprise administrators who want to reduce the likelihood of being held to ransom by WannaCry (or other types of ransomware).
https://www.ncsc.gov.uk/guidance/ransomware-wannacry-guidance-enterprise-administrators-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating malware and ransomware attacks
How to defend organisations against malware or ransomware attacks.
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare Blames Perplexity Of Stealth Data Scraping – Perplexity Refutes
Recently, Cloudflare and Perplexity came at odds recently as the former alleged Perplexity of stealth…
Cloudflare Blames Perplexity Of Stealth Data Scraping – Perplexity Refutes on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/13/cloudflare-blames-perplexity-of-stealth-data-scraping-perplexity-refutes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Newly Discovered Plague Linux Backdoor Malware Remained Undetected For A Year
A new Linux malware has recently caught the attention of security researchers. Identified as “Plague,”…
Newly Discovered Plague Linux Backdoor Malware Remained Undetected For A Year on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/13/newly-discovered-plague-linux-backdoor-malware-remained-undetected-for-a-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New trends in phishing and scams: how AI and social media are changing the game
Common tactics in phishing and scams in 2025: learn about the use of AI and deepfakes, phishing via Telegram, Google Translate and Blob URLs, biometric data theft, and more.
https://securelist.com/new-phishing-and-scam-trends-in-2025/117217/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, August 2025 Edition
Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft's most-dire "critical" rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users.
https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Muddled Libra's Strike Teams: Amalgamated Evil
A look at the variance within Muddled Libra (aka Scattered Spider, Octo Tempest). Its lack of structure creates multiple teams with distinct skill sets.
The post Muddled Libra's Strike Teams: Amalgamated Evil appeared first on Unit 42.
https://unit42.paloaltonetworks.com/muddled-libras-strike-teams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Redirected] Memory Dump Issue in AWS CodeBuild
Bulletin ID: AWS-2025-016 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/25 6:00 PM PDT
Description:
AWS CodeBuild is a fully managed on-demand continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Security researchers reported a CodeBuild issue that could be leveraged for unapproved code modification absent sufficient repository controls and credential scoping. The researchers demonstrated how a threat actor could submit a Pull Request (PR) that, if executed through an automated CodeBuild build process, could extract the source code repository (e.g. GitHub, BitBucket, or GitLab) access token through a memory dump within the CodeBuild build environment. If the access token has...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-016/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WinRAR vulnerability exploited by two different groups
Two different groups were found to have abused a now patched vulneraability in popular archive software WinRAR. Who's next?
https://www.malwarebytes.com/blog/news/2025/08/winrar-vulnerability-exploited-by-two-different-groups
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android's pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy
Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics. Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification. This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. Supporting Next-Gen Android Features
The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device...
http://security.googleblog.com/2025/08/Android-pKVM-Certified-SESIP-Level-5.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scam hunter scammed by tax office impersonators
Scam hunter Julie-Anne Kearns, who helps scam victims online, opened up about a tax scam she fell for herself.
https://www.malwarebytes.com/blog/news/2025/08/scam-hunter-scammed-by-tax-office-impersonators
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supply-chain dependencies: Check your resilience blind spot
Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?
https://www.welivesecurity.com/en/business-security/supply-chain-dependencies-resilience-blind-spot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KnowBe4 refreshes brand after 15 years
KnowBe4, the cybersecurity platform that comprehensively addresses human risk management (HRM), today unveiled a bold new brand with what it claims to be “an innovative new vision for the future of the company.” The refreshed identity reflects KnowBe4's leadership in human risk management, with a reputation for excellence in cybersecurity and ground-breaking AI advancements. […]
The post KnowBe4 refreshes brand after 15 years appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/12/knowbe4-refreshes-brand-after-15-years/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-refreshes-brand-after-15-years
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anubis Ransomware-as-a-Service Operation Encrypts and Wipes Files
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 12, 2025 – Listen to the Podcast An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described
The post Anubis Ransomware-as-a-Service Operation Encrypts and Wipes Files appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/anubis-ransomware-as-a-service-operation-encrypts-and-wipes-files/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How the always-on generation can level up its cybersecurity game
Digital natives are comfortable with technology, but may be more exposed to online scams and other threats than they think
https://www.welivesecurity.com/en/kids-online/young-people-level-up-cybersecurity-game/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary file overwrite in FGFMd
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiManager & FortiManager Cloud may allow an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests. Revised on 2025-08-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-473
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path traversal vulnerability in CLI
Multiple relative path traversal vulnerabilities [CWE-23] in FortiMail, FortiVoice, FortiRecorder, FortiCamera & FortiNDR may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. Revised on 2025-08-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-309
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authentication bypass via invalid parameter
An improper handling of parameters [CWE-233] vulnerability in FortiWeb may allow an unauthenticated remote attacker in possession of non-public information (pertaining to both the device and to the targeted user) to log in as any existing user on the device via a specially crafted request. Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-448
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Command injection in CLI
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-150
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Command injection in CLI command
A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in FortiWeb CLI may allow a privileged attacker to execute arbitrary code or command via crafted CLI commands. Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-253
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Double free in automation-stitch
A double free vulnerability [CWE-415] in FortiOS, FortiProxy & FortiPAM administrative interfaces may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-209
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Incorrect Privilege Assignment in Security Fabric
An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager. Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-173
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Integer Overflow on SSL-VPN bookmarks
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS, FortiPAM and FortiProxy SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests. Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-364
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OS command injections via GET request parameter
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC may allow a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters. Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-501
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path traversal in Solution Pack upload
A relative path traversal vulnerability [CWE-23] in FortiSOAR may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack. Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-421
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote unauthenticated command injection
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.Practical exploit code for this vulnerability was found in the wild. Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-152
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stack buffer overflow in CLI command
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb CLI may allow a privileged attacker to execute arbitrary code or commands via crafted CLI commands Revised on 2025-08-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-383
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber security for high profile conferences
Managing the cyber security of high profile events in the real and virtual worlds.
https://www.ncsc.gov.uk/guidance/cyber-security-for-high-profile-conferences
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WinRAR zero-day exploited in espionage attacks against high-value targets
The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds
https://www.welivesecurity.com/en/videos/winrar-zero-day-exploited-espionage-attacks-high-value-targets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SOCRadar Launches Agentic Threat Intelligence Platform
At Black Hat USA, which took place last week, SOCRadar launched SOCRadar Agentic Threat Intelligence. The new platform automates threat intelligence through the deployment of autonomous AI agents that proactively detect, analyse, and respond to external threats with minimal human intervention and unmatched speed and accuracy. SOCRadar Agentic Threat Intelligence is a proactive approach to […]
The post SOCRadar Launches Agentic Threat Intelligence Platform appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/11/socradar-launches-agentic-threat-intelligence-platform/?utm_source=rss&utm_medium=rss&utm_campaign=socradar-launches-agentic-threat-intelligence-platform
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 6:00 PM PDT Updated Date: 2025/07/25 6:00 PM PDT
Description:
Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that integrates Amazon Q's AI-powered coding assistance directly into the VS Code integrated development environment (IDE).
AWS is aware of and has addressed an issue in the Amazon Q Developer for VS Code Extension, which is assigned to CVE-2025-8217.
AWS Security has inspected the code and determined the malicious code was distributed with the extension but was unsuccessful in executing due to a syntax error. This prevented the malicious code from making changes to any services or customer environments.
We will update this bulletin if we have additional...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-015/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
July 2025 Trends Report on Phishing Emails
This report provides the distribution quantity, statistics, trends, and case information on phishing emails and email threats collected and analyzed for one month in July 2025. The following are some statistics and cases included in the original report. 1) Statistics of Phishing Email Threats In July 2025, the most common type of threat among phishing […]
https://asec.ahnlab.com/en/89615/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Teenage Hacker Stole 3M In Bitcoin. How It Happened.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 11, 2025 – Listen to the Podcast Last summer, about 4,100 Bitcoin worth 3 million vanished overnight from a single victim's account. Three gamers, turned self-taught hackers, siphoned off the cryptocurrency after
The post Teenage Hacker Stole 3M In Bitcoin. How It Happened. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/teenage-hacker-stole-243m-in-bitcoin-how-it-happened/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild
CVE-2025-32433 allows for remote code execution in sshd for certain versions of Erlang programming language's OTP. We reproduced this CVE and share our findings.
The post Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild appeared first on Unit 42.
https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability
ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets
https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Named to Training Industry's 2025 Top 20 Online Learning Library List
Cary, United States, 11th August 2025, CyberNewsWire
INE Named to Training Industry’s 2025 Top 20 Online Learning Library List on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/11/ine-named-to-training-industrys-2025-top-20-online-learning-library-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting Malware Exploiting Linux PAM through AhnLab EDR
Pluggable Authentication Modules (PAM) is a modular framework that allows applications such as su, sudo, and sshd to perform security policy logic such as authentication without implementing it directly. Applications delegate authentication to the libpam library, which then loads and executes PAM modules according to the configuration information before aggregating the results. For example, when […]
https://asec.ahnlab.com/en/89557/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KrebsOnSecurity in New ‘Most Wanted' HBO Max Series
A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients.
https://krebsonsecurity.com/2025/08/krebsonsecurity-in-new-most-wanted-hbo-max-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Future-Proofing Your Software Supply Chain with SCA Best Practices
Open source software (OSS) is the backbone of modern software development, empowering industries from finance and healthcare to government and technology to innovate faster and reduce costs. However, this widespread adoption brings a growing and complex web of security challenges.
https://www.sonatype.com/blog/future-proofing-your-software-supply-chain-with-sca-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer's?
A sky-high premium may not always reflect your company's security posture
https://www.welivesecurity.com/en/business-security/black-hat-usa-2025-cyber-insurance-premium/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Future-Proofing SMBs With Managed Security Services
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 8, 2025 – Read the full story in TMCNet A report by Cybersecurity Ventures predicts global damages from cybercrime could reach .5 trillion annually by the end of this year. Small and mid-sized
The post Future-Proofing SMBs With Managed Security Services appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/future-proofing-smbs-with-managed-security-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chrome renderer code exec to kernel with MSG_OOB
Posted by Jann Horn, Google Project ZeroIntroduction
In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of MSG_OOB, and discovered a security bug (CVE-2025-38236) affecting Linux >=6.9. I reported the bug to Linux, and it got fixed. Interestingly, while the MSG_OOB feature is not used by Chrome, it was exposed in the Chrome renderer sandbox. (Since then, sending MSG_OOB messages has been blocked in Chrome renderers in response to this issue.)
The bug is pretty easy to trigger; the following sequence results in UAF:
char dummy;
int socks[2];
socketpair(AF_UNIX, SOCK_STREAM, 0, socks);
send(socks[1], "A", 1, MSG_OOB);
...
https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scammers mass-mailing the Efimer Trojan to steal crypto
The Efimer Trojan spreads through email and hacked WordPress websites, steals cryptocurrency, and substitutes wallets in the clipboard.
https://securelist.com/efimer-trojan/117148/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android adware: What is it, and how do I get it off my device?
Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here's what to do.
https://www.welivesecurity.com/en/mobile-security/android-adware-what-is-it-how-get-it-off-my-device/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unigame - 843,696 breached accounts
In December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 844k email addresses and salted MD5 password hashes.
https://haveibeenpwned.com/Breach/Unigame
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agentic AI and Zero Trust
Agentic AI is a different kind of AI. It's not like the generative AI everyone's talking about—the one that stitches together an answer based on what it knows or guesses when it doesn't. That's great for content creation, for generating reports, for summarizing data, or for writing code. But that's not what Agentic AI is here to do. Agentic AI isn't about crafting answers. It's about taking action. It's about getting things done. Think of it as execution-first AI. It doesn't just sit b...
https://cloudsecurityalliance.org/articles/agentic-ai-and-zero-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat USA 2025: Policy compliance and the myth of the silver bullet
Who's to blame when the AI tool managing a company's compliance status gets it wrong?
https://www.welivesecurity.com/en/cybersecurity/black-hat-usa-2025-policy-compliance-cybersecurity-silver-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 1st Week of August, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of August, 2025”
https://asec.ahnlab.com/en/89492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project
AhnLab SEcurity intelligence Center (ASEC) has recently discovered the massive distribution of SmartLoader malware through GitHub repositories. These repositories are carefully crafted to appear as legitimate projects and are attracting user interest by focusing on topics such as game cheats, software cracks, and automation tools. Each repository contains a README file and a compressed file, […]
https://asec.ahnlab.com/en/89551/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Assessment Framework v4.0 released in response to growing threat
Updates to the CAF helps providers of essential services to better manage their cyber risks.
https://www.ncsc.gov.uk/blog-post/caf-v4-0-released-in-response-to-growing-threat
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.
https://www.hackmageddon.com/2025/08/07/february-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?
Success in cybersecurity is when nothing happens, plus other standout themes from two of the event's keynotes
https://www.welivesecurity.com/en/cybersecurity/black-hat-usa-2025-successful-cybersecurity-cyber-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Shadow Economy Fueling Ransomware Is Bigger Than You Think
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 7, 2025 – Read the full story in Gadget Review Behind every ransomware attack lurking in your news feed lies an uncomfortable truth: the victims are bankrolling their own tormentors, writes
The post The Shadow Economy Fueling Ransomware Is Bigger Than You Think appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-shadow-economy-fueling-ransomware-is-bigger-than-you-think/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Places to Save Money on Secure Cloud Storage with iDrive Coupons
Cloud storage is essential for anyone handling digital data – whether you're a freelancer, student,…
5 Places to Save Money on Secure Cloud Storage with iDrive Coupons on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/07/5-places-to-save-money-on-secure-cloud-storage-with-idrive-coupons/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhatsApp Rolls Out Safety Overview As An Anti-Scam Feature
As scams continue to target users via messaging apps, Meta decided to jazz up the…
WhatsApp Rolls Out Safety Overview As An Anti-Scam Feature on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/07/whatsapp-rolls-out-safety-overview-as-an-anti-scam-feature/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Scam Involving Fake Online Gaming Sites Flood Discord, Social Media
A new online scam is around luring users towards fake online gaming sites via social…
New Scam Involving Fake Online Gaming Sites Flood Discord, Social Media on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/07/new-scam-involving-fake-online-gaming-sites-flood-discord-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer
DarkCloud Stealer's delivery has shifted. We explore three different attack chains that use ConfuserEx obfuscation and a final payload in Visual Basic 6.
The post New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-darkcloud-stealer-infection-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Actions to take when the cyber threat is heightened
When organisations might face a greater threat, and the steps to take to improve security.
https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Muddled Libra: Why Are We So Obsessed With You?
Muddled Libra gets media attention due to its consistent playbook and unique use of vishing. The group's English fluency is another major factor.
The post Muddled Libra: Why Are We So Obsessed With You? appeared first on Unit 42.
https://unit42.paloaltonetworks.com/why-the-focus-on-muddled-libra/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, August 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, August 2025 Emergence of New Ransomware Groups: BQTLock, Pear, and Black Nevas Increase in Cyberattacks Targeting South Korea [1], [2], [3] Ongoing Identity Information Leaks Targeting Hotels in Europe [1], [2], [3], [4]
https://asec.ahnlab.com/en/89452/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Parental Control Apps
Background With the prevalence of smartphones and the Internet, security concerns regarding online activities are increasing. There are apps being developed and serviced that allow users to monitor and control smartphones remotely, for protecting family members and acquaintances who are not familiar with using smartphones, such as children and senior family members. In particular, during […]
https://asec.ahnlab.com/en/89544/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
July 2025 Security Issues in Korean & Global Financial Sector
This report comprehensively covers actual cyber threats and security issues that have taken place targeting financial companies in Korea and abroad. This report includes an analysis of malware and phishing cases distributed to the financial industry, the top 10 malware strains targeting the financial sector, and statistics on the industries of the leaked Korean accounts. […]
https://asec.ahnlab.com/en/89575/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building Resilience and DORA Compliance: Lessons, Gaps, What's Next
Operational resilience is more than a nice-to-have. It's a business imperative. For financial institutions, this principle has been codified by the European Union's Digital Operational Resilience Act (DORA), which aims to ensure that the financial sector can withstand and recover from ICT-related disruptions.
https://www.sonatype.com/blog/building-resilience-and-dora-compliance-lessons-gaps-whats-next
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Duck Announces Enhancements to AI Powered Application Security Assistant
Black Duck has unveiled Black Duck Assist, which enables developers to find and fix security and compliance issues in human and AI-generated code in real time. Black Duck Assist is now woven into the company's Code Sight™ IDE plugin. These updates introduce automated scanning of AI-generated code and AI-powered remediation guidance, bringing continuous code protection […]
The post Black Duck Announces Enhancements to AI Powered Application Security Assistant appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/06/black-duck-announces-enhancements-to-ai-powered-application-security-assistant/?utm_source=rss&utm_medium=rss&utm_campaign=black-duck-announces-enhancements-to-ai-powered-application-security-assistant
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint to Invest More to Boost Partners' Profits
https://www.proofpoint.com/us/newsroom/news/proofpoint-invest-more-boost-partners-profits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Growing Impact Of AI And Quantum On Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Aug. 6, 2025 – Read the full story in Forbes The amalgamation of artificial intelligence (AI) with quantum computing will transform existing computational paradigms, heralding a promising future, but with risks, writes
The post The Growing Impact Of AI And Quantum On Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-growing-impact-of-ai-and-quantum-on-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Got Arrested in the Raid on the XSS Crime Forum?
On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing frenzy of speculation and panic among XSS denizens about the identity of the unnamed suspect, but the consensus is that he is a pivotal figure in the crime forum scene who goes by the hacker handle "Toha." Here's a deep dive on what's knowable about Toha, and a short stab at who got nabbed.
https://krebsonsecurity.com/2025/08/who-got-arrested-in-the-raid-on-the-xss-crime-forum/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyCloud Enhances Investigations Solution with AI-Powered Insights – Revolutionizing Insider Threat and Cybercrime Analysis
Austin, TX, USA, 6th August 2025, CyberNewsWire
SpyCloud Enhances Investigations Solution with AI-Powered Insights – Revolutionizing Insider Threat and Cybercrime Analysis on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/08/06/spycloud-enhances-investigations-solution-with-ai-powered-insights-revolutionizing-insider-threat-and-cybercrime-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jen Easterly Joins Huntress Strategic Advisory Board
Jen Easterly, the former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), has taken up a seat on the Strategic Advisory Board of Huntress. In this new role, she will help drive the company's innovation efforts, foster key partnerships, and support its mission to safeguard businesses of all sizes against the ever-evolving landscape […]
The post Jen Easterly Joins Huntress Strategic Advisory Board appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/08/06/jen-easterly-joins-huntress-strategic-advisory-board/?utm_source=rss&utm_medium=rss&utm_campaign=jen-easterly-joins-huntress-strategic-advisory-board
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory
BadSuccessor is an attack vector in Windows Server 2025. Under certain conditions it allows privilege elevation via dMSAs. We analyze its mechanics.
The post When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory appeared first on Unit 42.
https://unit42.paloaltonetworks.com/badsuccessor-attack-vector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Driver of destruction: How a legitimate driver is being used to take down AV processes
In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. Kaspersky solutions successfully counter and detect this threat.
https://securelist.com/av-killer-exploiting-throttlestop-sys/117026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wing FTP Remote Code Execution Vulnerability
What is the Vulnerability?CVE-2025-47812 is a recently disclosed Remote Code Execution (RCE) vulnerability impacting Wing FTP Server, a cross-platform file transfer solution. This critical flaw affects versions prior to 7.4.4, and, if successfully exploited, may allow remote attackers to execute arbitrary code within the context of the vulnerable application. The vulnerability stems from null byte handling issues and a Lua injection flaw, which can lead to root or SYSTEM-level code execution.CISA has added CVE-2025-47812 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation on July 14, 2025.What is the recommended Mitigation?The vendor has released a patch addressing the issue. There are already reports of the vulnerability being actively exploited...
https://fortiguard.fortinet.com/threat-signal-report/6154
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks
Project AK47, a toolset including ransomware, was used to leverage SharePoint exploit chain ToolShell. This activity overlaps with Storm-2603.
The post Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ak47-activity-linked-to-sharepoint-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
The post Snowflake Data Breach: What Happened and How to Prevent It appeared first on Hacker Combat.
https://www.hackercombat.com/snowflake-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2025 Cyber Attacks Timeline
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.
https://www.hackmageddon.com/2025/08/05/16-28-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/articles/threat-intelligence/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is an antivirus product? Do I need one?
Detect and prevent malicious software and viruses on your computer or laptop.
https://www.ncsc.gov.uk/guidance/what-is-an-antivirus-product
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch
Threat actors are embracing ClickFix, ransomware gangs are turning on each other – toppling even the leaders – and law enforcement is disrupting one infostealer after another
https://www.welivesecurity.com/en/podcasts/eset-threat-report-h1-2025-clickfix-infostealer-disruptions-ransomware-deathmatch/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Definitive Catch-Up Guide to Agentic AI Authentication
Over the last six months, the world has gone from zero to 60 mph on agentic AI.
I've been a fairly avid LLM user (for software development, polishing text, and other needs). However, I've barely touched on agentic AI, model context protocol (MCP), and other modern approaches that have popped up recently.
For those of you like me who aren't yet deep into this topic: agentic AI is about giving AI the ability to take action, not just respond to prompts like traditional chatbots. It can ...
https://cloudsecurityalliance.org/articles/the-definitive-catch-up-guide-to-agentic-ai-authentication
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proactive Defense Starts with the Platform: Why Security Can't Just Be a Checklist
Cybersecurity teams are stuck in a paradox: the faster organizations innovate, the more vulnerabilities they create. Yet the traditional "scan-and-block" playbook—layering on tools after code is written or infrastructure deployed—isn't just inefficient; it's obsolete. We've all seen the fallout: breaches caused by misconfigured cloud buckets, ransomware exploiting unpatched dependencies, or insider threats slipping through fragmented access controls. The problem isn't a lack of tools. It...
https://cloudsecurityalliance.org/articles/proactive-defense-starts-with-the-platform-why-security-can-t-just-be-a-checklist
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Looking Back on a Successful Social Engineering Attack: Retool 2023
CSA's Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we're reflecting on the sixth incident covered in the Deep Dive: Retool 2023.
An unidentified threat actor launched a sophisticated social engineering campaign involving smishing, credential harvesting, and vishing tactics. They took advantage of Retool's ...
https://cloudsecurityalliance.org/articles/looking-back-on-a-successful-social-engineering-attack-retool-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Assets Under Attack: Email Threats Targeting Financial Services Jump 25%
Money talks—and cybercriminals are listening. The financial services (FinServ) industry is becoming an increasingly popular target for advanced email attacks, as a single successful breach can unlock millions in assets and compromise the financial security of countless individuals.
As artificial intelligence democratizes sophisticated attack techniques and automation scales criminal operations, the stakes have never been higher.
From credential phishing that opens the door to account t...
https://cloudsecurityalliance.org/articles/assets-under-attack-email-threats-targeting-financial-services-jump-25
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why You Should Say Goodbye to Manual Identity Processes
As revealed in Cerby's 2025 Identity Automation Gap Report, 46% of security and IT leaders say their organization has already experienced a security, compliance, or operational issue directly caused by manual identity workflow execution.
Why do manual identity workflows continue to exist, when the consequences of getting them wrong are so serious and when automation tooling is increasingly common?
Looking a bit deeper, how do manual identity workflows create or contribute to securit...
https://cloudsecurityalliance.org/articles/why-you-should-say-goodbye-to-manual-identity-processes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Secure and Manage Virtualized IT Environments the Right Way
Originally published by Reemo.
Virtualization brings undeniable flexibility and scalability to IT infrastructures. However, these advantages come with significant risks if security and management practices are not modernized accordingly.
Virtualized Environments: Specific Risks to Address
While traditional security principles remain relevant, virtual environments introduce unique challenges. A compromised hypervisor can endanger all hosted resources. Weak network segm...
https://cloudsecurityalliance.org/articles/how-to-secure-and-manage-virtualized-it-environments-the-right-way
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sunsetting Circle: Where CSA Communities Are Headed and How to Join
The Cloud Security Alliance (CSA) is evolving in how we connect, collaborate, and engage with our community. Over the past few years, our Circle community has served as a central hub for working groups, chapters, and training communities. While it's been a valuable platform, we're moving toward a more streamlined experience across our main website and Slack channels.This transition will create clearer pathways to join working groups, connect with local chapters, and engage with train...
https://cloudsecurityalliance.org/articles/sunsetting-circle-where-csa-communities-are-headed-and-how-to-join
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint and Optiv Surpass Billion in Historical Sales
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-and-optiv-surpass-1-billion-historical-sales
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DoD-Ready Software: Embracing the SWFT Initiative with Confidence
The Department of Defense's (DoD) new Software Fast Track (SWFT) Initiative is more than a policy shift — it's a transformation in how software is evaluated, acquired, and deployed across defense agencies.
https://www.sonatype.com/blog/dod-ready-software-embracing-the-swft-initiative-with-confidence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Makop Ransomware Identified in Attacks in South Korea
AhnLab SEcurity intelligence Center (ASEC) recently identified cases of Makop ransomware attacks targeting South Korean users. The Makop ransomware has been distributed to South Korean users by disguising as resumes or emails related to copyrights for several years. Recently, it has been reported that the ransomware is exploiting RDP for attacks. 1. Installing Malware […]
https://asec.ahnlab.com/en/89397/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Cyber Defence (ACD) - the fourth year
The year four report covers 2020 and aims to highlight the achievements and efforts made by the Active Cyber Defence programme.
https://www.ncsc.gov.uk/report/acd-report-year-four
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Cyber Defence (ACD) - The Third Year
The year three report covers 2019 and aims to highlight the achievements and efforts made by the Active Cyber Defence programe.
https://www.ncsc.gov.uk/report/acd-report-year-three
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Work from home, malware included
https://www.proofpoint.com/us/newsroom/news/work-home-malware-included
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
https://www.proofpoint.com/us/newsroom/news/attackers-use-fake-oauth-apps-tycoon-kit-breach-microsoft-365-accounts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrooks faked Microsoft OAuth apps for MFA phishing
https://www.proofpoint.com/us/newsroom/news/cybercrooks-faked-microsoft-oauth-apps-mfa-phishing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actor Groups Tracked by Palo Alto Networks Unit 42 (Updated Aug. 1, 2025)
A comprehensive list of threat actor groups tracked by Unit 42, along with information such as summaries and industries typically impacted.
The post Threat Actor Groups Tracked by Palo Alto Networks Unit 42 (Updated Aug. 1, 2025) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-actor-groups-tracked-by-palo-alto-networks-unit-42/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)
Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too much
https://www.welivesecurity.com/en/videos/is-your-phone-spying-on-you-unlocked-403-cybersecurity-podcast-s2e5/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Join our Revision 4 Public Webinar! August 20, 2025 | 12:00 PM – 1:30 PM EDT This informative webinar featuring NIST's identity team will cover the content changes recently made to the entire suit of Digital Identity Guidelines documents and will explore topics such as technical requirements for meeting digital identity assurance levels, requirements for security and privacy, and considerations for an improved customer experience relative to digital identity solutions and technology. Register Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why the tech industry needs to stand firm on preserving end-to-end encryption
Restricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activity
https://www.welivesecurity.com/en/privacy/tech-industry-end-to-end-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pi-hole - 29,926 breached accounts
In July 2025, a vulnerability in the GiveWP WordPress plugin exposed the names and email addresses of approximately 30k donors to the Pi-hole network-wide ad blocking project. Pi-hole subsequently self-submitted the list of impacted donors to HIBP.
https://haveibeenpwned.com/Breach/ThePi-Hole
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated August 12)
Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here's how you can protect your organization.
The post Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated August 12) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Unit 42's Attribution Framework
Peel back the layers on Unit 42's Attribution Framework. We offer a rare inside view into the system used to ultimately assign attribution to threat groups.
The post Introducing Unit 42's Attribution Framework appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unit-42-attribution-framework/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SAP Netweaver Zero-Day Attack
What is the Attack?A zero-day SAP vulnerability, CVE-2025-31324, with CVSS score of 10.0 is being actively exploited in the wild. This vulnerability affects SAP Visual Composer, allowing unauthenticated threat actors to upload arbitrary files, resulting in full compromise of the targeted system that could significantly affect the confidentiality, integrity, and availability of the targeted system.The vulnerability stems from the SAP NetWeaver Visual Composer Metadata Uploader lacking proper authorization protection, which allows unauthenticated agents to upload potentially malicious executable binaries.CISA has added the CVE to their Known Exploited Vulnerabilities Catalog on April 29, 2025.What is the recommended Mitigation?The vulnerability exists in the SAP Visual Composer component for...
https://fortiguard.fortinet.com/threat-signal-report/6089
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Names Google Cloud as First Company to be Valid-AI-ted, Setting New Benchmark for Data-driven Cloud Assurance
Milestone recognizes Google Cloud's leadership in transparent and trusted cloud computing services
SEATTLE – August 4, 2025 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, proudly announced today that Google Cloud has become the first organization to earn CSA's Valid-AI-ted designation, based on CSA's new AI-powered validation tool for evaluatin...
https://cloudsecurityalliance.org/articles/csa-names-google-cloud-as-first-company-to-be-valid-ai-ted
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Visibility ≠ Security: The SaaS Illusion That's Putting Enterprises at Risk
The SaaS security reality check: What 800+ security leaders revealed about the true state of SaaS risks.
At first glance, the SaaS story looks great: Dashboards are green, audits are clean, and executives feel safe. But dig a little deeper, and a different picture emerges. AppOmni's 2025 State of SaaS Security Report surveyed 803 security leaders worldwide and surfaced a widening chasm between confidence and control. A sharp increase in SaaS security incidents, a rising complexity in ...
https://cloudsecurityalliance.org/articles/visibility-security-the-saas-illusion-that-s-putting-enterprises-at-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Missing Piece in GRC
In our last post, we explored how the governance, risk, and compliance (GRC) landscape is evolving and how AI is reshaping its future. This next phase is what we call GRC 4.0. While Generative AI (GenAI) has been around for years, its widespread accessibility has only taken off recently, especially following advancements in large language models (LLMs) made available to the public.
The result? An explosion of AI-powered tools designed to automate repetitive work and support cross-fun...
https://cloudsecurityalliance.org/articles/the-missing-piece-in-grc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strategic Implementation of the CSA AI Controls Matrix: A CISO's Guide to Trustworthy AI Governance
The rapid proliferation of generative artificial intelligence (GenAI) across enterprise environments has created an unprecedented governance challenge for Chief Information Security Officers (CISOs) and GRC professionals. Traditional cybersecurity frameworks, while foundational, are insufficient to address the unique risks introduced by AI systems, including model manipulation, data poisoning, algorithmic bias, and AI supply chain vulnerabilities.
The Cloud Security Alliance's AI Cont...
https://cloudsecurityalliance.org/articles/strategic-implementation-of-the-csa-ai-controls-matrix-a-ciso-s-guide-to-trustworthy-ai-governance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scammers Unleash Flood of Slick Online Gaming Sites
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.
https://krebsonsecurity.com/2025/07/scammers-unleash-flood-of-slick-online-gaming-sites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Unit 42 Global Incident Response Report: Social Engineering Edition
Social engineering thrives on trust and is now boosted by AI. Unit 42 incident response data explains why it's surging. We detail eight critical countermeasures.
The post 2025 Unit 42 Global Incident Response Report: Social Engineering Edition appeared first on Unit 42.
https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Uncovers Global Espionage Campaign in Open Source Ecosystems
Sonatype's automated malware detection systems uncovered a massive and ongoing infiltration of open source ecosystems by the North Korea-backed Lazarus Group, exposing a chilling truth: open source software is now a central battleground in geopolitical cyber conflict.
https://www.sonatype.com/blog/sonatype-uncovers-global-espionage-campaign-in-open-source-ecosystems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cobalt Strike Beacon delivered via GitHub and social media
A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon.
https://securelist.com/cobalt-strike-attacks-using-quora-github-social-media/117085/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Incidents impacting retailers – recommendations from the NCSC
A joint blog post by the NCSC's National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.
https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero
In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals were to drive faster yet thorough patch development, and improve patch adoption. While we’ve seen progress, a significant challenge remains: the time it takes for a fix to actually reach an end-user's device.This delay, often called the "patch gap," is a complex problem. Many consider the patch gap to be the time between a fix being released for a security vulnerability and the user installing the relevant update. However, our work has highlighted a critical, earlier delay: the "upstream patch gap". This is the period where an upstream vendor has a fix available, but downstream dependents, who are ultimately responsible...
https://googleprojectzero.blogspot.com/2025/07/reporting-transparency.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Governing Open Source and AI in Mitigating Modern Risks in Software Development
The explosion in generative AI has dominated conversations from the server room to the boardroom. As organizations race to build the next wave of intelligent applications, technology leaders are increasingly turning to AI models to gain an edge.
https://www.sonatype.com/blog/governing-open-source-and-ai-in-mitigating-modern-risks-in-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Demonstrates Long-term Commitment to India with Local Data Centre and Strategic Regional Investments
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-demonstrates-long-term-commitment-india-local-data-centre
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free Isn't Free: The Hidden Costs of Tooling Decisions in Open Source Infrastructure
When I first wrote about the tragedy of the commons and Maven Central, I called attention to a startling reality: a small percentage of users — mostly large enterprises — were unknowingly flooding a public resource.
https://www.sonatype.com/blog/free-isnt-free-the-hidden-costs-of-tooling-decisions-in-open-source-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected.
https://securelist.com/toolshell-explained/117045/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows CLFS Driver Elevation of Privilege
What is the Vulnerability?A zero-day vulnerability has recently been identified in the Common Log File System (CLFS) kernel driver. CLFS is a general-purpose logging subsystem within the Windows operating system that provides a high-performance way to store log data for various applications. If successfully exploited, an attacker operating under a standard user account can elevate their privileges.Furthermore, Microsoft has observed that the exploit has been utilized by PipeMagic malware and has attributed this exploitation activity to Storm-2460, which has also leveraged PipeMagic to distribute ransomware. Microsoft has published a blog that provides an in-depth analysis of Microsoft's findings regarding the CLFS exploit and the associated activities. Exploitation of CLFS zero-day leads to...
https://fortiguard.fortinet.com/threat-signal-report/6073
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proof-of-Concept Code Now Available for an Exploited Windows Local Privilege Escalation Vulnerability
FortiGuard Labs is aware that a Proof-of-Concept (POC) code for a newly patched Windows vulnerability (CVE-2022-21882) that is reported to have been exploited in the wild was released to a publicly available online repository. CVE-2022-21882 is a local privilege (LPE) escalation vulnerability which allows a local, authenticated attacker to gain elevated local system or administrator privileges through a vulnerability in the Win32k.sys driver. The vulnerability is rated as Important by Microsoft and has CVSS score of 7.0.Why is this Significant?This is significant because now that the POC for CVE-2022-21882 has become available to the public attacks leveraging the vulnerability will likely increase. Because CVE-2022-21882 is a local privilege escalation the vulnerability will be used by an...
https://fortiguard.fortinet.com/threat-signal-report/4390
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Joint CyberSecurity Advisory Alert on PrintNightmare Vulnerability and Default MFA Protocols Exploited by Russian State-Sponsored Cyber Actors (AA22-074A)
FortiGuard Labs is aware of a recent report issued by the U.S. Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) that Russian state-sponsored cyber actors have gained network access to a non-governmental organization (NGO) through exploitation of default Multi-Factor Authentication (MFA) protocols and the "PrintNightmare" vulnerability (CVE-2021-34527). The attack resulted in data exfiltration from cloud and email accounts of the target organization.Why is this Significant?This is significant because the advisory describes how a target organization was compromised by Russian state-sponsored cyber actors. The advisory also provides mitigations.How did the Attack Occur?The advisory provides the following attack sequence:"Russian state-sponsored...
https://fortiguard.fortinet.com/threat-signal-report/4453
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishers Target Aviation Execs to Scam Customers
KrebsOnSecurity recently heard from a reader whose boss's email account got phished and was used to trick one of the company's customers into sending a large payment to scammers. An investigation into the attacker's infrastructure points to a long-running Nigerian cybercrime group that is actively targeting established companies in the transportation and aviation industries.
https://krebsonsecurity.com/2025/07/phishers-target-aviation-execs-to-scam-customers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding SWFT, the Latest Effort to Modernize DoD Software Procurement
Software bill of materials (SBOMs) have become essential tools in securing today's software supply chains. Their ability to provide a unified, shareable, and machine-readable record of an application's components is extremely valuable. This is particularly true in the context of cybersecurity, where documenting known vulnerabilities enables organizations to assess and mitigate risks much more quickly than they could without an SBOM.
https://www.sonatype.com/blog/understanding-swft-the-latest-effort-to-modernize-dod-software-procurement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache TomCat AJP File Inclusion Vulnerability
FortiGuard Labs is aware of a new attack on Apache Tomcat Servers dubbed "GhostCat." Discovered by Chaitin Tech, a vulnerability in Apache Tomcat exists where an attacker has the ability to read and write in the webapp directory of Apache Tomcat. It addition to this, an attacker has the ability to upload files to the host to ultimately perform remote code execution. Assigned CVE-2020-1938, this vulnerability affects every version of Tomcat released over the past 13 years.What are the specifics of the vulnerability?Due to a flaw in the Apache Tomcat JServ Protocol, or AJP, a file inclusion vulnerability exists where an attacker has the ability to read and write privileges in the webapp directory of Apache Tomcat. Also, if a web application has file upload function capability; an attacker may...
https://fortiguard.fortinet.com/threat-signal-report/3404
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attacks Observed in the Wild Exploiting CVE-2020-0688 (Microsoft Exchange Validation Key Remote Code Execution Vulnerability)
FortiGuard Labs is aware of reports of active exploitation of CVE-2020-0688 - Microsoft Exchange Validation Key Remote Code Execution Vulnerability. Active in the wild attacks were first observed by Twitter user Troy Mursch (@bad_packets). The vulnerability was disclosed by an anonymous researcher to the Zero Day Initiative. According to the original February Microsoft Security Advisory for CVE-2020-0688, a remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.Essentially, the proof of concept highlights that an attacker who has obtained the...
https://fortiguard.fortinet.com/threat-signal-report/3403
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability in Zyxel Network Attached Storage (NAS) Devices
FortiGuard Labs is aware of a newly disclosed vulnerability in Zyxel network attached storage (NAS) devices in an advisory published today by CERT/CC. Multiple Zyxel devices contain a pre authentication command injection vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on the device. The vulnerability was reported by security journalist Brian Krebs (Krebs on Security) who learned about the flaw from a researcher who had obtained the exploit code from a reseller on the underground forums. This vulnerability has been assigned CVE-2020-9054.What are the details of this vulnerability exactly?The vulnerability is in (weblogin.cgi), which is a cgi script used by Zyxel NAS devices to perform authentication. The script fails to properly sanitize the username...
https://fortiguard.fortinet.com/threat-signal-report/3398
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Exploitation Against Adobe Commerce and Magento Through CVE-2022-24086/CVE-2022-24087
UPDATE February 17: Added reference to CVE-2022-24087, which Adobe disclosed and issues an out-of-band patch for on February 17th, 2022.FortiGuard Labs is aware of reports that Magento Open Source and Adobe Commerce are actively being targeted and exploited through CVE-2022-24086. This vulnerability can lead to remote code execution (RCE) on an exploited server which means an attacker will be able to execute arbitrary commands remotely. The vulnerability is rated as Critical by Adobe and has CVSS score of 9.8 out of 10.On February 17th, Adobe released an out-of-band security fix for CVE-2022-24087. This vulnerability can also lead to remote code execution (RCE) on an exploited server which means an attacker will be able to execute arbitrary commands remotely. The vulnerability is rated as...
https://fortiguard.fortinet.com/threat-signal-report/4419
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-8069 - AWS Client VPN Windows Client Local Privilege Escalation
Scope: Amazon/AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 8:30 AM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We identified CVE-2025-###, an issue in AWS Client VPN. During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2025 Cyber Attacks Timeline
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.
https://www.hackmageddon.com/2025/07/23/1-15-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Creams Cafe - 159,652 breached accounts
In May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK's favourite dessert parlour". The data included email and physical addresses, names and phone numbers. Creams Cafe did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP subscribers confirmed the legitimacy and accuracy of the data.
https://haveibeenpwned.com/Breach/CreamsCafe
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST)Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers.The project comprises:Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages.SLSA Provenance for thousands of packages across our supported ecosystems, meeting SLSA Build Level 3 requirements with no publisher intervention.Build observability and verification tools that security teams can integrate into their existing vulnerability management...
http://security.googleblog.com/2025/07/introducing-oss-rebuild-open-source.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Fix Targets Attacks on SharePoint Zero-Day
On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U.S. federal and state agencies, universities, and energy companies.
https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The SOC files: Rumble in the jungle or APT41's new target in Africa
Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa.
https://securelist.com/apt41-in-africa/116986/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4 Chinese APTs Attack Taiwan's Semiconductor Industry
https://www.proofpoint.com/us/newsroom/news/4-chinese-apts-attack-taiwans-semiconductor-industry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story.
https://krebsonsecurity.com/2025/07/poor-passwords-tattle-on-ai-hiring-bot-maker-paradox-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam
Scope: Amazon Content Type: Informational Publication Date: 2025/06/12 10:30 AM PDT
Description
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
Affected version: All
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Backed Hackers Intensify Attacks on Taiwan Chipmakers
https://www.proofpoint.com/us/newsroom/news/china-backed-hackers-intensify-attacks-taiwan-chipmakers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors
https://www.proofpoint.com/us/newsroom/news/chinese-hackers-target-taiwans-semiconductor-sector-cobalt-strike-custom-backdoors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
In an incident response case in Asia, Kaspersky researchers discovered a new backdoor for Microsoft Exchange servers, based on open-source tools and dubbed "GhostContainer".
https://securelist.com/ghostcontainer/116953/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to catch GitHub Actions workflow injections before attackers do
Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.
The post How to catch GitHub Actions workflow injections before attackers do appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-catch-github-actions-workflow-injections-before-attackers-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NoBooze1 Malware Targets TP-Link Routers via CVE-2019-9082
Sensor Intel Series: July 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/nobooze1-malware-targets-tp-link-routers-via-cve-2019-9082
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'NCSC Cyber Series' podcast now available
Listen to all five episodes now, covering a wide range of cyber security topics.
https://www.ncsc.gov.uk/blog-post/cyber-series-podcast
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MaReads - 74,453 breached accounts
In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.
https://haveibeenpwned.com/Breach/MaReads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DOGE Denizen Marko Elez Leaked API Key for xAI
Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.
https://krebsonsecurity.com/2025/07/doge-denizen-marko-elez-leaked-api-key-for-xai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Forensic journey: Breaking down the UserAssist artifact structure
A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool.
https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Omnicuris - 215,298 breached accounts
In June 2025, the Indian CME platform Omnicuris suffered a data breach that exposed approximately 200k records of healthcare professionals. The data included names, email addresses, phone numbers, geographic locations and other data attributes relating to professional expertise and training progress. Omnicuris is aware of the incident.
https://haveibeenpwned.com/Breach/Omnicuris
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modeling CORS frameworks with CodeQL to find security vulnerabilities
Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.
The post Modeling CORS frameworks with CodeQL to find security vulnerabilities appeared first on The GitHub Blog.
https://github.blog/security/application-security/modeling-cors-frameworks-with-codeql-to-find-security-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Upwind and Legit Security Partner to Deliver True Code-to-Cloud Application Security
Get details on the benefits of the Legit + Upwind combination.
https://www.legitsecurity.com/blog/upwind-and-legit-partner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team
Android recently announced Advanced Protection, which extends Google's Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're better protected against the most sophisticated threats.
Advanced Protection acts as a single control point for at-risk users on Android that enables important security settings across applications, including many of your favorite Google apps, including Chrome. In this post, we'd like to do a deep dive into the Chrome...
http://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]
https://blog.compass-security.com/2025/07/xvulnhuntr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Catwatchful - 61,641 breached accounts
In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.
https://haveibeenpwned.com/Breach/Catwatchful
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.
The post CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understand your software's supply chain with GitHub's dependency graph
The GitHub dependency graph maps every direct and transitive dependency in your project, so you can identify risks, prioritize fixes, and keep your code secure.
The post Understand your software's supply chain with GitHub's dependency graph appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/understand-your-softwares-supply-chain-with-githubs-dependency-graph/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Quantum Computing?
Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.
https://www.f5.com/labs/learning-center/what-is-quantum-computing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet Legit MCP: AI-Powered Security That Works Where Your Team Works
Get details on the newly released Legit MCP Server.
https://www.legitsecurity.com/blog/meet-legit-mcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them
Use these insights to automate software security (where possible) to keep your projects safe.
The post GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them appeared first on The GitHub Blog.
https://github.blog/security/github-advisory-database-by-the-numbers-known-security-vulnerabilities-and-what-you-can-do-about-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]
https://blog.compass-security.com/2025/06/pwn2own-ireland-2024-ubiquiti-ai-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Robinsons Malls - 195,597 breached accounts
In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.
https://haveibeenpwned.com/Breach/RobinsonsMalls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The State of Post-Quantum Cryptography (PQC) on the Web
We analyze the world’s most popular websites and most widely used web browsers to determine the current state of PQC adoption on the web.
https://www.f5.com/labs/articles/threat-intelligence/the-state-of-pqc-on-the-web
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Have Fun Teaching - 27,126 breached accounts
In August 2021, the teaching resources website Have Fun Teaching suffered a data breach that leaked 80k WooCommerce transactions which were later posted to a popular hacking forum. The data contained 27k unique email addresses along with physical and IP addresses, names, payment methods and the item purchased. Have Fun Teaching is aware of the incident.
https://haveibeenpwned.com/Breach/HaveFunTeaching
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Azure Identity & Access Management – 5 IAM & Entra ID Security Risks You Can't Ignore
Microsoft Azure is probably the most widely used cloud platform in Switzerland, powering businesses of all sizes, from startups to multinational companies. According the the official Microsoft page over 95% of Fortune 500 companies rely on Microsoft Azure in one form or another. With this industry-wide adoption, it has become a critical component of modern-day […]
https://blog.compass-security.com/2025/06/the-dark-side-of-azure-identity-access-management-5-iam-entra-id-security-risks-you-cant-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating prompt injection attacks with a layered defense strategy
Posted by Google GenAI Security TeamWith the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security...
http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://www.hackmageddon.com/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ualabee - 472,296 breached accounts
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
https://haveibeenpwned.com/Breach/Ualabee
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
Sensor Intel Series: June 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - June 2025
WebDAV & SMB client zero-days. KDC Proxy Service & Office critical RCEs.
https://blog.rapid7.com/2025/06/10/patch-tuesday-june-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta's Internal Conflict
Despite a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024, Rapid7 has observed sustained social engineering attacks. Evidence suggests that BlackSuit affiliates have either adopted Black Basta's strategy or absorbed its members.
https://blog.rapid7.com/2025/06/10/blacksuit-continues-social-engineering-attacks-in-wake-of-black-bastas-internal-conflict/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR
Explore key takeaways from Take Command 2025 on modern cloud detection and response. Learn how SOCs are adapting. Watch the full session on demand.
https://blog.rapid7.com/2025/06/10/key-takeaways-from-the-take-command-summit-2025-demystifying-cloud-detection-response-the-future-of-soc-and-mdr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WiredBucks - 918,529 breached accounts
In May 2022, the now defunct social media influencer platform WiredBucks suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed over 900k email and IP addresses alongside names, usernames, earnings via the platform, physical addresses and passwords stored as plain text.
https://haveibeenpwned.com/Breach/WiredBucks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LinkedIn for OSINT: tips and tricks
When it comes to open source intelligence (OSINT), LinkedIn is a treasure trove of information. With millions of professionals voluntarily sharing details about their careers, connections, personal achievements, or keeping up to date with what is happening in their professional sphere, the famous networking platform is not to be underestimated when it comes to OSINT. […]
https://blog.compass-security.com/2025/06/linkedin-for-osint-tips-and-tricks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Things Security Leaders Need to Know About Agentic AI
Generative AI has already transformed the way businesses work. But we're now entering a new phase where AI doesn't just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI', and it's moving fast.
https://blog.rapid7.com/2025/06/09/5-things-security-leaders-need-to-know-about-agentic-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating AWS Migration: Achieving Clarity and Confidence
Migrating workloads to Amazon Web Services (AWS) represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy introduce unforeseen risks, operational delays, and more.
https://blog.rapid7.com/2025/06/09/navigating-aws-migration-achieving-clarity-and-confidence-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-up 06/06/25
This release adds new modules targeting ThinManager vulnerabilities (CVE-2023-27855, CVE-2023-2917, CVE-2023-27856), a udev persistence module for Linux, an Ivanti EPMM authentication bypass and remote code execution module (CVE-2025-4427, CVE-2025-4428), PHP payload adapters, and more
https://blog.rapid7.com/2025/06/06/metasploit-wrapup-76/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cultivating Growth and Development at Rapid7
At Rapid7, we're pushing the boundaries on what a cybersecurity company can be. With more than a dozen offices around the world, Rapid7's culture provides a foundation where people can grow their skills and progress in their careers, while driving meaningful impact to the business.
https://blog.rapid7.com/2025/06/06/cultivating-growth-and-development-at-rapid7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
India's Cyber Leaders Prepare for AI-Driven Threats
As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders to address the most pressing cyber threats facing organizations in 2025.
https://blog.rapid7.com/2025/06/06/indias-cyber-leaders-prepare-for-ai-driven-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://www.hackmageddon.com/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Q1 2025 Incident Response Findings
Rapid7's 2025Q1 incident response data highlights several key IAV trends, shares salient examples of incidents investigated by the Rapid7 IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware.
https://blog.rapid7.com/2025/06/04/rapid7-q1-2025-incident-response-findings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
The lines between ideologically-driven hacktivism and financially motivated cybercriminals are blurring. Some hacktivist groups are evolving into ransomware operations – even becoming ransomware affiliates – merging the disruptive zeal of hacktivism with the ruthless efficiency of cybercrime.
https://blog.rapid7.com/2025/06/03/from-ideology-to-financial-gain-exploring-the-convergence-from-hacktivism-to-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack the model: Build AI security skills with the GitHub Secure Code Game
Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills.
The post Hack the model: Build AI security skills with the GitHub Secure Code Game appeared first on The GitHub Blog.
https://github.blog/security/hack-the-model-build-ai-security-skills-with-the-github-secure-code-game/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DNS rebinding attacks explained: The lookup is coming from inside the house!
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.
The post DNS rebinding attacks explained: The lookup is coming from inside the house! appeared first on The GitHub Blog.
https://github.blog/security/application-security/dns-rebinding-attacks-explained-the-lookup-is-coming-from-inside-the-house/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing AI Attack Coverage in Exposure Command: Secure what traditional AppSec Tools miss
Introducing AI Attack Coverage in Exposure Command and InsightAppSec, bringing purpose built protection for AI driven applications into your existing AppSec workflows. Uncover vulnerabilities that legacy tools miss – and stop AI specific threats before they become business problems.
https://blog.rapid7.com/2025/06/03/introducing-ai-attack-coverage-in-exposure-command-secure-what-traditional-appsec-tools-miss/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management
Learn how security teams are evolving risk strategies with exposure management. Hear insights from Rapid7 and ESG. Watch the full session on demand.
https://blog.rapid7.com/2025/06/02/key-takeaways-from-the-take-command-summit-2025-risk-revolution-proactive-strategies-for-exposure-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team
Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025.
The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don't go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.
Chrome's confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners included in the Chrome Root Store has diminished due to patterns...
http://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside GitHub: How we hardened our SAML implementation
Maintaining and developing complex and risky code is never easy. See how we addressed the challenges of securing our SAML implementation with this behind-the-scenes look at building trust in our systems.
The post Inside GitHub: How we hardened our SAML implementation appeared first on The GitHub Blog.
https://github.blog/security/web-application-security/inside-github-how-we-hardened-our-saml-implementation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Renovate – Keeping Your Updates Secure?
Renovate is an OSS CLI/bot that updates your software dependencies automatically. It is usually integrated into the CI/CD process and runs on a schedule. It will create a Pull Request / Merge Request (PR/MR) to your repository with dependency updates. It can optionally auto-merge them. If you host it for several repositories or an organization, it […]
https://blog.compass-security.com/2025/05/renovate-keeping-your-updates-secure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking the Cost of Quantum Factoring
Posted by Craig Gidney, Quantum Research Scientist, and Sophie Schmieg, Senior Staff Cryptography Engineer Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems. For decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able to break many of today's secure public key cryptography algorithms, such as Rivest–Shamir–Adleman (RSA). Google has long worked with the U.S. National Institute of Standards and Technology (NIST) and others in government, industry, and academia to develop and transition to post-quantum cryptography (PQC), which is expected to be resistant to quantum computing attacks. As quantum computing technology continues to advance, ongoing...
http://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing MTE with CVE-2025-0072
In this post, I'll look at CVE-2025-0072, a vulnerability in the Arm Mali GPU, and show how it can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
The post Bypassing MTE with CVE-2025-0072 appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #7: Attack surface analysis
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
Get details on the vulnerabilities the Legit research team unearthed in GitLab Duo.
https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Android Security and Privacy in 2025
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Android's intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.Android is always developing new protections to keep you, your device, and your data safe. Today, we're announcing new features and enhancements that build on our industry-leading protections to help keep you safe from scams, fraud, and theft on Android.
Smarter protections against phone call scams
Our research shows that phone scammers often try to trick people into performing specific actions to initiate a scam, like changing...
http://security.googleblog.com/2025/05/whats-new-in-android-security-privacy-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Protection: Google's Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security
Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google's strongest protections against targeted attacks.To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users. Whether you're an at-risk individual – such as a journalist, elected official, or public figure – or you just prioritize security, Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're protected against the most sophisticated threats.
Simple to activate, powerful in protectionAdvanced...
http://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing BitLocker Encryption: Bitpixie PoC and WinPE Edition
Depending on the customer’s preference, possible initial access vectors in our red teaming exercises typically include deployment of dropboxes, (device code) phishing or a stolen portable device. The latter is usually a Windows laptop protected by BitLocker for full disk encryption without pre-boot authentication i.e. without a configured PIN or an additional key file. While […]
https://blog.compass-security.com/2025/05/bypassing-bitlocker-encryption-bitpixie-poc-and-winpe-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 2025 State of Application Risk Report: Understanding AI Risk in Software Development
Get details on the AI risks Legit unearthed in enterprises' software factories.
https://www.legitsecurity.com/blog/understanding-ai-risk-in-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero
Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes.
In this blog post, I’ll explore using Mach IPC messages as an attack vector to find and exploit sandbox escapes. I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. Along the way, I’ll discuss some of the difficulties and tradeoffs I encountered.
Transparently, this was my first venture into the world of MacOS security research and building...
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using AI to stop tech support scams in Chrome
Posted by Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security
Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. In a tech support scam, the goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infection, and then convince you to pay for unnecessary services, software, or grant them remote access to your device. Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts. We've also observed them to use full-screen takeovers and disable keyboard and mouse input to create a sense of crisis.
Chrome has always worked with Google Safe Browsing to help...
http://security.googleblog.com/2025/05/using-ai-to-stop-tech-support-scams-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge
This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more.
The post Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge appeared first on The GitHub Blog.
https://github.blog/open-source/maintainers/welcome-to-maintainer-month-events-exclusive-discounts-and-a-new-security-challenge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening Software Security Under the EU Cyber Resilience Act: A High-Level Guide for Security Leaders and CISOs
Get guidance on key tenets of the EU CRA and how Legit can help address them.
https://www.legitsecurity.com/blog/strengthening-software-security-under-eu-cra
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/articles/threat-intelligence/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments
TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations. https://github.com/CompassSecurity/EntraFalcon Entra ID environments can contain thousands of objects – users, groups, service principals, and more – each with unique properties and complex relationships. While manual reviews through the Entra portal might be feasible in smaller environments, they […]
https://blog.compass-security.com/2025/04/introducing-entrafalcon-a-tool-to-enumerate-entra-id-objects-and-assignments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing New Legit ASPM AI Capabilities
Get details on Legit's new AI capabilities.
https://www.legitsecurity.com/blog/announcing-new-legit-aspm-ai-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphone.net/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://www.safetydetectives.com/blog/lesley-carhart-dragos/
https://tisiphone.net/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 December 2024 Cyber Attacks Timeline
In the second timeline of December 2024, I collected 94 events with a threat landscape dominated by malware with...
https://www.hackmageddon.com/2025/04/18/16-31-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Legit Is Using Classic Economic Tools to Prevent Application Vulnerabilities
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/how-legit-is-using-classic-economic-models-to-prevent-application-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to Look for in Application Security Posture Management (ASPM)
Get details on the key capabilities for an ASPM platform.
https://www.legitsecurity.com/blog/what-to-look-for-in-application-security-posture-management-aspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)
As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you were given a customer laptop and the aim was to “find something interesting”, perhaps a misconfiguration on the customer side. The problem was that the laptop […]
https://blog.compass-security.com/2025/04/3-milliseconds-to-admin-mastering-dll-hijacking-and-hooking-to-win-the-race-cve-2025-24076-and-cve-2025-24994/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Scans for Secrets in SharePoint
Get details on Legit's new ability to scan for secrets in SharePoint.
https://www.legitsecurity.com/blog/legit-scans-for-secrets-in-sharepoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Campaign Targets Amazon EC2 Instance Metadata via SSRF
Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS.
https://www.f5.com/labs/articles/threat-intelligence/campaign-targets-amazon-ec2-instance-metadata-via-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit and Traceable: Better Together
Get details on Legit's new partnership with Traceable.
https://www.legitsecurity.com/blog/legit-and-traceable-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google announces Sec-Gemini v1, a new experimental cybersecurity model
Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini teamToday, we're announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before. Effectively powering SecOps workflows requires state-of-the-art reasoning capabilities and extensive current cybersecurity knowledge. Sec-Gemini v1 achieves...
http://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming the Wild West of ML: Practical Model Signing with Sigstore
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers. In this blog post we will illustrate why this release is important from Google's point of view.With the advent of LLMs, the ML field has entered an era of rapid evolution. We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical...
http://security.googleblog.com/2025/04/taming-wild-west-of-ml-practical-model.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 December 2024 Cyber Attacks Timeline
In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated...
https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I wannabe Red Team Operator
Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often. “Hey there, how can I become a Red Team Operator? Yours sincerely, a recent graduate.” To us, this is like asking how to become a regular starter on a Premier League football team. There's nothing wrong with […]
https://blog.compass-security.com/2025/04/i-wannabe-red-team-operator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's My Daily Life Like (in OT DFIR)?
One of the most common questions I get asked by aspiring (and current) cybersecurity professionals is what my odd niche of the universe in critical infrastructure incident response is really like, day to day. So let me give a brief overview of what my work life is like. The first thing one needs to understand […]
https://tisiphone.net/2025/03/31/whats-my-daily-life-like-in-ot-dfir/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive
How much do scraper bots affect your industry?
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bot-report-scraper-bots-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prevent Web Scraping by Applying the Pyramid of Pain
The Bots Pyramid of Pain: a framework for effective bot defense.
https://www.f5.com/labs/articles/threat-intelligence/prevent-web-scraping-by-applying-the-pyramid-of-pain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New security requirements adopted by HTTPS certificate industry
Posted by Chrome Root Program, Chrome Security Team
The Chrome Root Program launched in 2022 as part of Google's ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying security assurances provided by Transport Layer Security (TLS). Many of these initiatives are described on our forward looking, public roadmap named “Moving Forward, Together.”
At a high-level, “Moving Forward, Together” is our vision of the future. It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy. It's focused on themes that we feel are essential...
http://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit
Posted by Ian Beer, Google Project Zero
On September 7, 2023 Apple issued an out-of-band security update for iOS:
Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild":
"[The target was] an individual employed by a Washington DC-based civil society organization with international offices...
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
The day before,...
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQLEAKED - CodeQL Supply Chain Attack via Exposed Secret
A publicly exposed GitHub token in CodeQL workflow artifacts could allow attackers to execute malicious code
in repositories using CodeQL, potentially leading to source code exfiltration, secrets compromise, and supply
chain attacks. The vulnerability stemmed from a debug artifact containing environment variables, which could be
downloaded and exploited within a 1-2 second window.
https://www.cloudvulndb.org/codeql-supply-chain-attack-exposed-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlueSky InfoSec News List
Hello all, happy Tuesday. I’ve migrated my cybersecurity news feed list to BlueSky and it can now be found here: https://web-cdn.bsky.app/profile/hacks4pancakes.com/lists/3ll6ownhbuz2o I hope you find this useful. If you’re using Mastodon, the import process is a bit more manual: @Updated InfoSec Mastodon Lists!
https://tisiphone.net/2025/03/25/bluesky-infosec-news-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID Bug Creates Immutable Users
A bug in Entra ID restricted management administrative units allowed creating immutable users that couldn't be modified or disabled, even by Global Administrators. This could enable an attacker to protect a compromised account from containment. The issue was caused by a timing vulnerability when removing users from restricted AUs and required specific steps to remediate affected accounts.
https://www.cloudvulndb.org/entra-id-immutable-users-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/articles/threat-intelligence/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS CDK CLI Issue with Custom Credential Plugins
AWS identified a security issue in the AWS CDK CLI versions 2.172.0-2.178.1 where temporary credentials from custom credential plugins could be printed to console output. This potentially exposes sensitive information to users with access to the console. The issue affects plugins that include an expiration property when returning temporary credentials.
https://www.cloudvulndb.org/aws-cdk-cli-credential-plugin-issue
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses
In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve learned, these techniques can be detected by proxies employing TLS inspection, by checking whether the hostname in the SNI matches the one in the HTTP Host header. If they […]
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Yes, That's Me on Your Radio!
I had the honor of another short segment on NPR’s Marketplace this morning. I spoke about the state of cyber crime, and the impact of US government changes on cyber defense.
https://tisiphone.net/2025/03/19/yes-thats-me-on-your-radio/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff.
https://tisiphone.net/2025/03/18/updated-infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not just those implemented in the service, but any other object compatible with being remoted. For example, if you wanted to expose an XML document across the client-server boundary, you could use a pre-existing COM or .NET library and return that object back to the client. By default when the object is returned it's marshaled by reference, which results in the object staying in the out-of-process server.
This flexibility has a number of downsides, one of which is the topic of this...
https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel.
The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn't going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities...
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero
As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as...
https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
https://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors.
In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
https://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
https://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
https://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first.
As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon.
Update (2025-01-12): Added Lemmy endpoint which has been fixed by now. Also mentioned...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)