L'Actu de la presse spécialisée
Pas d'actualité
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
CISA proposes new security requirements to protect govt, personal data
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American's personal data as well as government-related information. [...]
https://www.bleepingcomputer.com/news/security/cisa-proposes-new-security-requirements-to-protect-govt-personal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Samsung Zero-Day Vuln Under Active Exploit, Google Warns
If exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.
https://www.darkreading.com/endpoint-security/samsung-zero-day-vuln-under-active-exploit-google-warns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Honeywell and Google Cloud to Accelerate Auto Operations With AI Agents for the Industrial Sector
https://www.darkreading.com/ics-ot-security/honeywell-and-google-cloud-to-accelerate-auto-operations-with-ai-agents-for-the-industrial-sector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OPA for Windows Vulnerability Exposes NTLM Hashes
The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.
https://www.darkreading.com/vulnerabilities-threats/opa-windows-vulnerability-exposes-ntlm-hashes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SoftwareOne Launches Cloud Competency Centre in Malaysia
https://www.darkreading.com/cloud-security/softwareone-launches-cloud-competency-centre-in-malaysia
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Retail & Hospitality ISAC Launches Program Aimed at Securing Supply Chains
https://www.darkreading.com/cybersecurity-operations/retail-hospitality-isac-launches-program-aimed-at-securing-supply-chains
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 10 KB5045594 update fixes multi-function printer bugs
Microsoft has released the optional KB5045594 preview cumulative update for Windows 10 22H2 with fixes for problems printing to multi-function printers and other issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5045594-update-fixes-multi-function-printer-bugs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS, Azure auth keys found in Android and iOS apps used by millions
Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. [...]
https://www.bleepingcomputer.com/news/security/aws-azure-auth-keys-found-in-android-and-ios-apps-used-by-millions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Most US Political Campaigns Lack DMARC Email Protection
Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.
https://www.darkreading.com/cyber-risk/most-us-political-campaigns-lack-dmarc-email-protection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability in OpenSSL library
A security advisory was released affecting the version of OpenSSL library used in some Fortinet products:CVE-2022-0778:The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached...
https://fortiguard.fortinet.com/psirt/FG-IR-22-059
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SEC charges tech companies for downplaying SolarWinds breaches
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack. [...]
https://www.bleepingcomputer.com/news/security/sec-charges-tech-companies-for-downplaying-solarwinds-breaches/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake CAPTCHA Pages Used by Lumma Stealer to Spread Fileless Malware
Lumma Stealer malware uses fake CAPTCHA to deceive victims. This information-stealing malware targets sensitive data like passwords and…
https://hackread.com/fake-captcha-pages-lumma-stealer-fileless-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Grandoreiro, the global trojan with grandiose ambitions
In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions.
https://securelist.com/grandoreiro-banking-trojan/114257/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploit released for new Windows Server "WinReg" NTLM Relay attack
Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process. [...]
https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans
Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT.
"The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the
https://thehackernews.com/2024/10/gophish-framework-used-in-phishing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 new protections on Google Messages to help keep you safe
Posted by Jan Jedrzejowicz, Director of Product, Android and Business Communications; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Stephan Somogyi, Product Lead, User Protection; Branden Archer, Software Engineer
Every day, over a billion people use Google Messages to communicate. That's why we've made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month. With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users. And we're not stopping there. We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.
As...
http://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Swarms of Fake WordPress Plug-ins Infect Sites With Infostealers
GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.
https://www.darkreading.com/endpoint-security/swarms-fake-wordpress-plug-ins-infect-sites-infostealers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 7079-1: WebKitGTK Security Advisory Updates
Several security issues were fixed in WebKitGTK.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7079-1-webkitgtk-security-advisory-updates-bhjs6x6yddyz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Team-Based Training and the Power of Simulation
In the constantly evolving realm of cybersecurity, it is critical for incident responders to be prepared and effective. As cyber threats grow more complex, the training approaches for these defenders...
The post Team-Based Training and the Power of Simulation appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/team-based-training-and-the-power-of-simulation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dark Web Anti-Bot Services Let Phishers Bypass Google's Red Page
Anti-bot services on the dark web allow phishers to bypass Google’s Red Page warnings, evading detection and making…
https://hackread.com/dark-web-anti-bot-services-phishers-google-red-page/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tricky CAPTCHA Caught Dropping Lumma Stealer Malware
The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.
https://www.darkreading.com/cyberattacks-data-breaches/trick-captcha-lumma-stealer-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SMTP password ciphertext exposure in Log
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS / FortiProxy log events may allow a remote authenticated attacker to read certain passwords in ciphertext.
https://fortiguard.fortinet.com/psirt/FG-IR-22-455
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Samsung zero-day flaw actively exploited in the wild
Google's Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google's Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate […]
https://securityaffairs.com/170119/security/samsung-zero-day-activey-exploited.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Launches New Training Solutions to Enhance Cyber Hygiene for SMBs
Cary, NC, 22nd October 2024, CyberNewsWire
https://hackread.com/ine-security-launches-new-training-solutions-to-enhance-cyber-hygiene-for-smbs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0G Foundation Launches Node Sale for Decentralized AI Network Verification
Decentralized AI platform 0G Foundation announces node sale with 15% token rewards over 3 years. Network aims to verify AI behavior on blockchain.
https://hackernoon.com/0g-foundation-launches-node-sale-for-decentralized-ai-network-verification?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What NIST's post-quantum cryptography standards mean for data security
Data security is the cornerstone of every business operation. Today, the security of sensitive data and communication depends on traditional cryptography methods, such as the RSA algorithm. While such algorithms secure against today’s threats, organizations must continue to look forward and begin to prepare against upcoming risk factors. The National Institute of Standards and Technology […]
The post What NIST’s post-quantum cryptography standards mean for data security appeared first on Security Intelligence.
https://securityintelligence.com/posts/nist-post-quantum-cryptography-standards-data-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Startups of The Year: How To Vote
Startups of the Year is HackerNoon's Flagship community-driven event celebrating startups that survived and thrived in 2024. 150,000+ startups across 100+ industries, 4200+ cities and six continents are participating this year to be crowned the best startup. Here's how you can vote for your favorite startup.
https://hackernoon.com/startups-of-the-year-how-to-vote?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 23, 2024
October 23, 2024 Hash 18abc5e36759219b71d185846fc66c0e6 29658e7f1dd8d1cf6ae00039312af4086 3771dbdbbfc1a5a6fd637a1a62fd89845 URL 1http[:]//87[.]120[.]84[.]38/txt/ReMisjKfhCXZooYw[.]exe 2http[:]//ftp[.]libreriagandhi[.]cl/pw_1r0lbai-desktop-vcbuu6b_2024_10_22_13_49_04[.]html 3http[:]//ymdxv[.]fairyloves[.]com/?utm_source=da57dc555e50572d&s1=1018&s2=1053729&s3=816de927-f2ed-4399-8bc8-e937d25b4216&click_id=wdv9p89hniho7b2534oja85t&j1=1&j2=1wdv9p89hniho7b2534oja85t IP 1121[.]254[.]65[.]248 2115[.]211[.]165[.]222 3183[.]47[.]14[.]74 123,839 21,439 1,011 Top1 Singapore 80,529 Top1 TCP 80 79,647
게시물 October 23, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84027/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debian LTS: DLA-3932-1: python-sql Security Advisory Updates
C©dric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitising which could result in SQL injection.
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-3932-1-python-sql-security-advisory-updates-ijeh7tb4912x
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Vulnerability Patched In Jetpack WordPress Plugin
Heads up, WordPress admins! It's time to update your websites with the latest Jetpack release…
Critical Vulnerability Patched In Jetpack WordPress Plugin on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/22/critical-vulnerability-patched-in-jetpack-wordpress-plugin/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent (OPA) that, if successfully exploited, could have led to leakage of New Technology LAN Manager (NTLM) hashes.
"The vulnerability could have allowed an attacker to leak the NTLM credentials of the OPA server's local user account to a remote server, potentially allowing the attacker to relay the authentication or
https://thehackernews.com/2024/10/security-flaw-in-styras-opa-exposes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Generate EKS Worker Node Image - Windows 2019 Update 2004/20H2
A Windows Server 2019 Update 2004/20H2 container can be used to help the team build these applications without needing many code changes. In this guide, we will generate the image for Kubernetes v1.27. There are four options available, so we can review each to determine which is best.
https://hackernoon.com/how-to-generate-eks-worker-node-image-windows-2019-update-200420h2?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. [...]
https://www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Playful Ideas to Powerful Tools: Building with Passion for Construction
In many digital projects, rapid prototyping can lead to impressive outcomes. However, working in the construction sector means dealing with large volumes of data, making performance a key factor.
https://hackernoon.com/from-playful-ideas-to-powerful-tools-building-with-passion-for-construction?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro.
"In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host," researchers Abdelrahman Esmail and Sunil Bharti said in a technical
https://thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Today's SOC Teams Can Learn From Baseball
There are more similarities between developing a professional athlete and developing a cybersecurity pro than you might expect.
https://www.darkreading.com/cybersecurity-operations/what-soc-teams-can-learn-from-baseball
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SOC 2 Compliance Requirements and Criteria
Meeting SOC 2 standards demonstrates your commitment to security and boosts trust—especially when you have a report to prove it. The American Institute of Certified Public Accountants (AICPA) created these standards and the coordinating reports, known as SOC 1, SOC 2, and SOC 3. While they aren't legally required, they're a great way to highlight your security protocols.
https://www.legitsecurity.com/blog/soc-2-compliance-requirements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Classification of Computing in Memory Principles - Digital Computing in Memory Vs. Analog Computing
As a new type of architecture, the computing in memory is expected to break through the bottleneck of arithmetic power and power consumption.
https://hackernoon.com/classification-of-computing-in-memory-principles-digital-computing-in-memory-vs-analog-computing?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 7080-1: Unbound Security Advisory Updates
Unbound could be made to stop responding if it received specially crafted DNS traffic.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7080-1-unbound-security-advisory-updates-xfad1wzkcagz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Assessment Reports: A Complete Overview
The first step to improving your security posture is knowing where you stand. That's what a security assessment report (SAR) tells you.
https://www.legitsecurity.com/blog/what-are-security-assessment-reports
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating HR Compliance with Care: Introducing CraveHRO, Startups of the Year 2024 Nominee
CraveHRO is a forward-thinking HR consultancy dedicated to helping businesses navigate the complexities of compliance while prioritizing mental health and employee well-being. The company was recognized in HackerNoon's Startups of the Year awards for its HR solutions.
https://hackernoon.com/navigating-hr-compliance-with-care-introducing-cravehro-startups-of-the-year-2024-nominee?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Asymmetric Research Joins Stacks Ecosystem as Security Contributor to Bitcoin L2
Asymmetric Research expands Bitcoin presence, joining L2 protocol as security auditor and signer for upcoming sBTC programmable asset.
https://hackernoon.com/asymmetric-research-joins-stacks-ecosystem-as-security-contributor-to-bitcoin-l2?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Individualist's Manifesto
An individualist's manifesto written in the style of a hackers manifesto.
https://hackernoon.com/the-individualists-manifesto?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet TILDI TECH, Startups of the Year 2024 Nominee
TILDI TECH combines civil engineering and digital marketing expertise to offer innovative solutions for construction and online presence management, ensuring high-quality results for businesses across diverse industries.
https://hackernoon.com/meet-tildi-tech-startups-of-the-year-2024-nominee?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Experts warn of a new wave of Bumblebee malware attacks
Experts warn of a new wave of attacks involving the Bumblebee malware, months after Europol’s ‘Operation Endgame‘ that disrupted its operations in May. The Bumblebee malware loader has resurfaced in new attacks, four months after Europol disrupted it during “Operation Endgame” in May. Bumblebee has been active since March 2022 when it was spotted by Google's Threat Analysis Group […]
https://securityaffairs.com/170112/malware/bumblebee-malware-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7080-1: Unbound vulnerability
Toshifumi Sakaguchi discovered that Unbound incorrectly handled name
compression for large RRsets, which could lead to excessive CPU usage.
An attacker could potentially use this issue to cause a denial of service
by sending specially crafted DNS responses.
https://ubuntu.com/security/notices/USN-7080-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet COOCO, Startups of the Year 2024 Nominee
COOCO, an AI-powered platform based in Hamilton, Canada, aims to reduce food waste and enhance cooking experiences. Founded by Ryo Wu and her team, it offers features like ingredient management, personalized recipe recommendations, grocery deal optimization, and community food sharing. With a focus on sustainability and user engagement, COOCO has achieved significant milestones and aims to connect with food lovers and businesses. Support us in HackerNoon's Startups of the Year awards to help drive this innovative movement forward!
https://hackernoon.com/meet-cooco-startups-of-the-year-2024-nominee?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CNN Reports: Cybercrime To Cost The World T Annually, Per Cybersecurity Ventures
This week in cybersecurity from the editors at Cybercrime Magazine – Watch The Full CNN Report Sausalito, Calif. – Oct. 22, 2024 CNN reports in a special news video that “Fighting cybercrime is big business around the world. By the end of this year, the financial impact of
The post CNN Reports: Cybercrime To Cost The World T Annually, Per Cybersecurity Ventures appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cnn-reports-cybercrime-to-cost-the-world-10t-annually-per-cybersecurity-ventures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Our Journey to Micro-Frontends
How do successful projects usually get started? Quickly, without long discussions, in startup mode: we build features and deal with technical debt later. Under such conditions, it's hard to establish an architecture that would allow the project to continue evolving after 5–7 years. The frontend part of our project was no exception. In this article, I'll explain how we transitioned from a classic React application to a truly big project.
https://hackernoon.com/our-journey-to-micro-frontends?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Upload a video selfie to get your Facebook or Instagram account back
Meta wants to introduce the option to upload a video selfie if you need to recover a lost Facebook or Instagram account.
https://www.malwarebytes.com/blog/news/2024/10/upload-a-video-selfie-to-get-your-facebook-or-instagram-account-back
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Name That Toon: The Big Jump
Feeling creative? Submit your caption and our panel of experts will reward the winner with a Amazon gift card.
https://www.darkreading.com/remote-workforce/name-that-toon-the-big-jump
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Simplifying Fish Farming Management with AQUi9, Startups of the Year 2024 Nominee
AQUI9 provides innovative, data-driven solutions for fish farming, helping producers optimize feed management, reduce costs, and improve sustainability with precision technology.
FishFarmingInnovation
#SmartAquaculture
#SustainableFishFarming
#TechForAquaculture
#OptimizedFeedManagement
#DataDrivenAquaculture
#AgriTechSolutions
#WaterQualityMatters
#ReduceCostsBoostEfficiency
#IoTInAquaculture
https://hackernoon.com/simplifying-fish-farming-management-with-aqui9-startups-of-the-year-2024-nominee?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beware Of Callback Phishing Attacks Google Groups That Steal Login Details
Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where attackers impersonate legitimate entities and trick victims into divulging sensitive information or downloading malware. The BazarCall scheme employed a text-based phishing email to lure victims into calling a malicious phone number. […]
The post Beware Of Callback Phishing Attacks Google Groups That Steal Login Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/callback-phishing-google-login-theft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SQL Injection
How to detect and exploit SQL Injection vulnerabilities.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/sql-injection-cb7f0ec28510?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a
https://www.nist.gov/blogs/cybersecurity-insights/iot-assignment-completed-report-barriers-us-iot-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GHOSTPULSE Hides Within PNG File Pixel Structure To Evade Detections
Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script. The script downloads and executes a GHOSTPULSE payload, which is now a single executable file containing […]
The post GHOSTPULSE Hides Within PNG File Pixel Structure To Evade Detections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/ghostpulse-png-evasion/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7079-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
https://ubuntu.com/security/notices/USN-7079-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New AI Tool To Discover 0-Days At Large Scale With A Click Of A Button
Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over 10,000 stars) within hours. These vulnerabilities include Local File Inclusion (LFI), Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Remote Code Execution (RCE), Insecure Direct Object Reference (IDOR), and Arbitrary File Overwrite […]
The post New AI Tool To Discover 0-Days At Large Scale With A Click Of A Button appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/ai-0-day-discovery-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding Linux Persistence Mechanisms and Detection Tools
As Linux-based systems gain greater prevalence across various IT infrastructures, they become increasingly popular targets for attackers. One of threat actors' primary goals post-breach is persistence, techniques that allow them to access compromised systems even after reboots or updates.
https://linuxsecurity.com/features/features/linux-persistence-mechanisms-detection-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IcePeony Hackers Exploiting Public Web Servers To Inject Webshells
IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally exposed a server containing sensitive data, including a zsh_history file that revealed their detailed attack timeline and techniques. […]
The post IcePeony Hackers Exploiting Public Web Servers To Inject Webshells appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/icepeony-hackers-webshells/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Chrome Vulnerabilities Let Malicious Apps Run Shell Command on Your PC
Researchers discovered vulnerabilities in the Chromium web browser that allowed malicious extensions to escape the sandbox and execute arbitrary code on the user’s system. These vulnerabilities exploited the privileged nature of WebUI pages, which provide the user interface for Chromium’s features and have access to private APIs that can bypass the sandbox. It has been […]
The post Critical Chrome Vulnerabilities Let Malicious Apps Run Shell Command on Your PC appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/chrome-vulnerabilities-shell-execution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Comprehensive Guide to Finding Service Accounts in Active Directory
Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges. This guide will walk you through how to locate and secure these accounts within Active Directory (AD), and explore how Silverfort's solutions can help enhance your
https://thehackernews.com/2024/10/a-comprehensive-guide-to-finding.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russia-Linked Hackers Attacking Governmental And Political Organizations
Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations on October 14, 2024. The campaign targeted logistics, manufacturing, government, and political entities. An attack leveraged various non-spoofed direct-path DDoS attack vectors, including well-known nuisance networks, cloud providers, and VPN networks, where the campaign using the DDoSia botnet is ongoing and […]
The post Russia-Linked Hackers Attacking Governmental And Political Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/russia-hackers-ddos-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigate Web Attacks Challenge (Let's Defend)
In this post, I'll walk you through solving the “Investigate Web Attacks Challenge” from Let's Defend. The challenge uses logs sourced from the bWAPP web application, an intentionally vulnerable web app designed to help security professionals practice identifying and analyzing real-world attack patterns. In this guide, I'll show you how I analyzed the logs to answer each question.Web Attack Investigated — Earned Badge1. Which automated scan tool did the attacker use for web reconnaissance?During the first phase of the attack, I needed to identify which scanning tool the attacker used. To do this, I reviewed the web server logs, paying attention to unusual User-Agent strings, which often provide clues about automated tools used.I scrolled through the logs searching for odd...
https://infosecwriteups.com/investigate-web-attacks-challenge-lets-defend-24ea96524290?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LLM Penetration Testing Checklist
Test cases for penetration testing involve simulating real-world attack scenarios to identify vulnerabilities in systems. Below are some…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/llm-penetration-testing-checklist-87eda0ce2991?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies
Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns.
Bumblebee and Latrodectus, which are both malware loaders, are designed to steal personal data, along with downloading and executing additional payloads onto compromised hosts.
Tracked under the names BlackWidow, IceNova, Lotus,
https://thehackernews.com/2024/10/bumblebee-and-latrodectus-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor
Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol.
The packages attempt to "gain SSH access to the victim's machine by writing the attacker's SSH public key in the root user's authorized_keys file," software supply
https://thehackernews.com/2024/10/malicious-npm-packages-target.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Astaroth Banking Malware Runs Actively Targets Users In Brazil
The notorious banking trojan, known as the Astaroth malware, has resurfaced in recent campaigns, particularly…
Astaroth Banking Malware Runs Actively Targets Users In Brazil on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/22/astaroth-banking-malware-runs-actively-targets-users-in-brazil/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using Application Functionality to Exploit Insecure Deserialization
Welcome back to another Lab Walkthrough at the Cybersec Cafe, where I detail my mindset as I approach a Web Application.ObjectiveEdit the serialized object in the session cookie to delete the /home/carlos/morale.txt file.If you want to be the first to see these articles, consider subscribing to the Cybersec Cafe on Substack for free. I post content there first, and here second.My goal is to deliver you value in various cybersecurity topics and to become your ultimate destination for expanding your cybersecurity expertise as a cybersecurity professional.What is Insecure Deserialization?Insecure deserialization is a vulnerability that occurs when an application deserializes converts data from a serialized format (JSON, XML, etc.) back to it's original form without proper validation or integrity...
https://infosecwriteups.com/using-application-functionality-to-exploit-insecure-deserialization-b4e7c6abdae1?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog. ScienceLogic SL1 contains a vulnerability related to a third-party component. It has been fixed in […]
https://securityaffairs.com/170104/security/u-s-cisa-adds-sciencelogic-sl1-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best practices on securing your AI deployment
As organizations embrace generative AI, there are a host of benefits that they are expecting from these projects—from efficiency and productivity gains to improved speed of business to more innovation in products and services. However, one factor that forms a critical part of this AI innovation is trust. Trustworthy AI relies on understanding how the […]
The post Best practices on securing your AI deployment appeared first on Security Intelligence.
https://securityintelligence.com/posts/best-practices-securing-ai-deployment/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debian LTS: DLA-3931-1: ghostscript Security Advisory Updates
A heap-based pointer disclosure problem was found in Ghostscript, an interpreter for the PostScript language and for PDF. This could lead to information disclosure.
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-3931-1-ghostscript-security-advisory-updates-tn57pa81zz3e
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI & CISA Warns of Tactics Used by Hackers Targeting 2024 U.S. General Election
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint public service announcement (PSA) warning of sophisticated tactics foreign actors are employing to spread disinformation ahead of the 2024 U.S. general election. The announcement, titled “Just So You Know: Foreign Threat Actors Likely to Use a Variety […]
The post FBI & CISA Warns of Tactics Used by Hackers Targeting 2024 U.S. General Election appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/fbi-cisa-warns-of-tactics-used-by-hackers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812
VMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. VMware failed to fully address a remote code execution flaw, tracked as CVE-2024-38812 (CVSS score: 9.8), in its vCenter Server platform. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. vCenter Server is a […]
https://securityaffairs.com/170096/security/vmware-failed-to-fix-rce-vcenter-server-cve-2024-38812.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Go — ing Rogue: The Malware Development Odyssey (Part I)
Go — ing Rogue: The Malware Development Odyssey (Part I)Into the Abyss : Crafting the Foundation & Connecting a TCP Server to a Client and Sending the First Message .This marks the start of our journey into malware development. If you're new to Go and good to Go😅 or curious about building a TCP server and client, this guide will take you through the process step by step. We'll build a simple TCP server using Go, a crucial skill for understanding networking in modern applications .Now, let's break down each section to understand exactly what's going on .Step 1: Setting Up Package and Importspackage mainimport ( "log" "net")Go programs start with the package declaration. Since this is an executable program, we use package main. Next, we import two...
https://infosecwriteups.com/go-ing-rogue-the-malware-development-odyssey-part-i-e89e3be6bcfb?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution.
The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC protocol.
"A malicious actor with network access to vCenter Server may trigger this vulnerability by
https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 7078-1: Firefox Security Advisory Updates
Firefox could be made to crash or run programs as your login
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7078-1-firefox-security-advisory-updates-wxvnvbacpw0v
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Winnebago Public Schools Suffers Cyber Attack, Services Shut Down
Winnebago Public Schools (WPS) in Nebraska was the victim of a cyberattack on October 21, 2024, which caused significant disruptions to its operations. The school district has been scrambling to restore its systems and maintain essential services. Superintendent Kamau Turner announced the cyber breach through the school’s live feed, informing the community of the ongoing […]
The post Winnebago Public Schools Suffers Cyber Attack, Services Shut Down appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/winnebago-public-schools-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debian LTS: DLA-3930-1: libsepol Security Advisory Updates
Multiple vulnerabilities were discovered in libsepol, a set of userspace utilities and libraries for manipulating SELinux policies. CVE-2021-36084, CVE-2021-36085, CVE-2021-36086
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-3930-1-libsepol-security-advisory-updates-lazaemx8lko6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day.
The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component that could
https://thehackernews.com/2024/10/cisa-adds-sciencelogic-sl1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7078-1: Firefox vulnerability
Atte Kettunen discovered that Firefox did not properly validate before
inserting ranges into the selection node cache. An attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.
https://ubuntu.com/security/notices/USN-7078-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metabase Information Disclosure Vulnerability (CVE-2021-41277)
What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful exploitation could lead to information disclosure including expose server files and environment variables to unauthorized users. The vulnerability occurs due to the use of user-supplied input without proper validation.Metabase is an open-source data analytics platform. According to their website it is used by over 60,000 companies including, Capital One, OpenAI, and more. FortiGuard Recon Threat Intelligence team tracked this vulnerability being targeted by a hacktivist group called GhostSec back in May 2024.What is the recommended Mitigation?This issue is fixed in a new maintenance release (0.40.5 and 1.40.5),...
https://fortiguard.fortinet.com/threat-signal-report/5563
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This Visuals Use-After-Free Vulnerability tagged as CVE-2024-4671 can cause a browser to crash, execute code, and leak data. According to Google, the vulnerability is being actively exploited and CISA has already added this vulnerability to its known exploited catalog. What is the vendor mitigation?Google released security updates on May 9, 2024 for Windows, MacOS, and Linux affecting the Google Chrome browser. The vendor advises users to ensure that they are running the latest version of their browsers. Also, users of Chromium-based browsers such as Microsoft Edge and Opera are also advised to apply the fixes...
https://fortiguard.fortinet.com/threat-signal-report/5437
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware ESXi Ransomware Attack (CVE-2024-37085)
What is the Attack?Threat actors are exploiting an authentication bypass vulnerability in ESXi hypervisors, known as CVE-2024-37085, to gain full administrative permissions on domain-joined ESXi hypervisors. This flaw allows threat actors to encrypt critical ESXi servers in ransomware attacks. On Monday, July 29, Microsoft published a threat intelligence blog on observed exploitation of CVE-2024-37085. According to the blog, Akira and Black Basta ransomware deployments were found on the impacted servers. The vulnerability has also been added to CISA's Known Exploited Catalog (KEV) list on July 31, 2024.What is the recommended Mitigation?Please go through the vendor provided update to address the security vulnerability. Support Content Notification - Support Portal - Broadcom support portalWhat...
https://fortiguard.fortinet.com/threat-signal-report/5498
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679). Mirth Connect is an open-source data integration platform widely used by healthcare companies. It enables the management of information using bi-directional sending of many types of messages. Attackers could exploit this vulnerability for initial access or to compromise sensitive healthcare data. CISA has recently added CVE-2023-43208 to its Known Exploited Vulnerabilities (KEV) catalog on May 20th, 2024. What is the recommended Mitigation?Users are advised to update to the latest version of NextGen Healthcare Mirth Connect as per the vendor's instructions. What FortiGuard Coverage...
https://fortiguard.fortinet.com/threat-signal-report/5460
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle WebLogic Server Vulnerabilities (CVE-2023-21839, CVE-2017-3506)
What is the attack?A threat actor known as Water Sigbin (aka the 8220 Gang) is seen exploiting two vulnerabilities in the Oracle WebLogic server: CVE-2017-3506, which allows remote OS command execution, and CVE-2023-21839 is an insecure deserialization vulnerability. CISA recently added the Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog on 3 June 2023.What is the recommended Mitigation?Apply the most recent patch released by Oracle. In the advisory, Oracle mentioned that they continue to receive reports of exploitation attempts.What FortiGuard Coverage is available?FortiGuard customers remain protected by the IPS signatures available for both vulnerabilities. FortiGuard Outbreak Alert is available to review the full coverage. FortiGuard Incident...
https://fortiguard.fortinet.com/threat-signal-report/5466
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Releases Second Paper Delineating Organizational Responsibilities for Successfully and Ethically Implementing Artificial Intelligence
Paper provides comprehensive, industry-neutral guidelines and best practices for various stakeholders, from CISOs and AI developers to business leaders and policymakersSEATTLE – Oct. 22, 2024 – Driven by the need to address the evolving landscape of Artificial Intelligence (AI) and its associated risks and ethical considerations, the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-releases-paper-delineating-organizational-responsibilities-for-implementing-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russia-Linked Hackers Attack Japan's Govt, Ports
Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget.
https://www.darkreading.com/cyberattacks-data-breaches/russia-linked-hackers-attack-japan-govt-ports
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Columbus still grappling with ransomware aftermath, 74% of city computers restored
This vital information, Yagemann says, must provide a path that will prevent another cyber attack on city resources. "Unfortunately we are going ...
https://cwcolumbus.com/news/local/columbus-still-grappling-with-ransomware-aftermath-74-of-city-computers-restored
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CoinSwitch CEO Accuses WazirX of Transferring .6M After Cyber Attack - The Shib Daily
CoinSwitch CEO accuses WazirX of transferring .6 million in user crypto to Bybit & KuCoin after a 4 million cyber attack, ...
https://news.shib.io/2024/10/22/coinswitch-ceo-accuses-wazirx-of-transferring-73-6m-after-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Winnebago school cancels classes after being hit by a cyberattack - KTIV
Winnebago Public ...
https://www.ktiv.com/2024/10/22/winnebago-school-cancels-classes-after-being-hit-by-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beazley Security expands incident response with restoration services - Coverager
... cyber-attack. Further, Beazley Security has relationships with crisis management, credit monitoring, identity protection, specialty PR, and ...
https://coverager.com/beazley-security-expands-incident-response-with-restoration-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
97 CS Cybersecurity Awareness Month: Secure Our World - Altus Air Force Base
... cyber attack. Why it's important and how to prevent attacks. “Users need to be aware of the threats out there,” said Ulrich. “With evolving ...
https://www.altus.af.mil/News/Article-Display/Article/3942525/97-cs-cybersecurity-awareness-month-secure-our-world/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gambling sector subjected to APT41 intrusions - SC Media
Related. System hacked warning alert on laptop computer. Cyber attack on computer network, virus, · Malware · Bumblebee malware loader reemerges in ...
https://www.scworld.com/brief/gambling-sector-subjected-to-apt41-intrusions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Winnebago Public Schools canceling classes due to cyber attack - SiouxlandProud
Winnebago Public Schools will be canceling classes due to a recent cyber attack incident.
https://www.siouxlandproud.com/news/local-news/winnebago-public-schools-canceling-classes-due-to-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mozambique election results being doctored, says EU - BBC
... cyber-attack. The website remains inactive. Reuters Two masked Mozambican police officers try to disperse people gathering to take part a march ...
https://www.bbc.com/news/articles/c39l931zyg8o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'It is horrendous': Inmates say system issues have them stuck at Wayne County Jail - ClickOnDetroit
But a cyber attack at the jail in early October has brought justice to a halt for many people who've been charged with crimes. We've heard from ...
https://www.clickondetroit.com/news/local/2024/10/22/it-is-horrendous-inmates-say-system-issues-have-them-stuck-at-wayne-county-jail/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kylian Mbappé Speechless: The Real Madrid Star that Juventus does Want by January
This cyber attack exposed confidential information about the club and caused turmoil among fans. A young man with short hair and a serious expression, ...
https://madrid-barcelona.com/en/real-madrid/kylian-mbappe-speechless-the-real-madrid-star-that-juventus-does-want-by-january
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses and AI: Accelerating Innovation and Inclusion
Sixty-one percent of small businesses were victims of a cyber attack in 2023, and AI is driving an increase in the volume and power of these attacks.
https://hbr.org/sponsored/2024/10/small-businesses-and-ai-accelerating-innovation-and-inclusion
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber attack prompts early dismissal at Nebraska school
Winnebago Public Schools announced in a social media post that there was a recent cyber attack on the school's system.
https://nebraskapublicmedia.org/en/news/news-articles/cyber-attack-prompts-early-dismissal-at-nebraska-school/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
CVE-2024-8901 - missing JWT issuer and signer validation in aws-alb-route-directive-adapter-for-istio
Publication Date: 2024/10/21 4:00 PM PDT
The AWS ALB Route Directive Adapter For Istio repo provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In uncommon deployments of ALB, wherein endpoints are exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication.
Affected versions: v1.0, v1.1
Resolution
The repository/package has been deprecated, is End of Life, and is no longer actively supported.
Workarounds
As a security best practice, ensure that your ELB targets (e.g. EC2 Instances, Fargate Tasks etc.) do not have public IP...
https://aws.amazon.com/security/security-bulletins/AWS-2024-011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-10125 - missing JWT issuer and signer validation in aws-alb-identity-aspnetcore
Publication Date: 2024/10/21 4:00 PM PDT
Description:
The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET Core deployment scenario, including AWS Fargate, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Compute Cloud (Amazon EC2), and AWS Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity...
https://aws.amazon.com/security/security-bulletins/AWS-2024-012/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Intense Scanning From One IP in Lithuania
Plus a few interesting changes in the CVEs we track, and some notes on just what kinds of malware stagers we see.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-september-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Current Landscape of Global AI Regulations
Originally published by Truyo.As artificial intelligence (AI) continues to permeate various aspects of our lives, understanding the regulatory frameworks governing its development and application is becoming increasingly important. From the United States to China, different countries are adopting diverse approaches to regulate AI, each with its own set of considerations and implications. In this comprehensive overview, we'll delve into the AI regulations of several key countries, examining th...
https://cloudsecurityalliance.org/articles/the-current-landscape-of-global-ai-regulations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers exploit Roundcube webmail flaw to steal email, credentials
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-roundcube-webmail-flaw-to-steal-email-credentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmanaged Cloud Credentials Pose Risk to Half of Orgs
These types of "long-lived" credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.
https://www.darkreading.com/cloud-security/unmanaged-cloud-credentials-risk-half-orgs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Types of Security Audits: Overview and Best Practices
Cybersecurity audits are key to maintaining compliance with regulations and upholding a strong security posture. They evaluate your organization's systems, identify vulnerabilities, and offer the insights you need to optimize security. But there are many different kinds to choose from, depending on your needs.
https://www.legitsecurity.com/blog/types-of-security-audits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FedRAMP Certification and Compliance: What It Is and Why It Matters
Cloud technologies increase access to information, streamline communication between government agencies and citizens, and accelerate information sharing. And that's why the U.S. government has become a champion of cloud computing.
But each perk comes with a risk, and in response, the Office of Management and Budget (OMB) created the Federal Risk and Authorization Management Program (FedRAMP). If you're a cloud service provider (CSP), software-as-a-service (SaaS) company, or other vendor interested in working with federal government agencies, FedRAMP certification proves that your organization meets the security standards required to successfully safeguard information.
Here's how to get FedRAMP certification.
What Is FedRAMP?
FedRAMP is a set of standards and certification...
https://www.legitsecurity.com/blog/fedramp-authorization-process
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Internet Archive (Archive.org) Hacked for Second Time in a Month
The Internet Archive (Archive.org) suffered a second security breach in October 2024, exposing support tickets through unrotated Zendesk…
https://hackread.com/internet-archive-archive-org-hacked-for-second-time/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linus Torvalds' Recent Frustrations: A Deep Dive into Hardware Bugs and CPU Attack Mitigations
Linus Torvalds, the creator of Linux, recently expressed his frustration about using barrier_nospec() within the copy_from_user() functionality. His main concern is the slowness of the copy_from_user() function and the overkill these barriers are perceived as being. His remarks also highlight an increasing impatience towards buggy hardware and theoretical CPU attacks, which impact the security and efficiency of the Linux operating system.
https://linuxsecurity.com/news/security-trends/linus-torvalds-recent-frustrations-hardware-bugs-cpu-attack-mitigations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment
Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment. IntelBroker claimed to have gained access to Github projects, Gitlab Projects, SonarQube projects, Source code, […]
https://securityaffairs.com/170075/cyber-crime/cisco-confirms-a-security-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Over 6,000 WordPress hacked to install plugins pushing infostealers
WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. [...]
https://www.bleepingcomputer.com/news/security/over-6-000-wordpress-hacked-to-install-plugins-pushing-infostealers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7072-2: Linux kernel (GKE) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Watchdog drivers;
- Netfilter;
- Network traffic control;
(CVE-2024-38630, CVE-2024-27397, CVE-2024-45016)
https://ubuntu.com/security/notices/USN-7072-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft blocks Windows 11 24H2 on two ASUS models due to crashes
Microsoft is warning of Windows crashing with the blue screen of death on some ASUS laptop models when trying to upgrade to the latest version of the operating system, Windows 11 version 24H2. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-blocks-windows-11-24h2-on-two-asus-models-due-to-crashes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Innovator Spotlight: Interpres Security
In the current cybersecurity landscape, the focus has shifted from merely managing vulnerabilities to strategically orchestrating defenses against targeted threats. Organizations are increasingly struggling to optimize their security posture amidst...
The post Innovator Spotlight: Interpres Security appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/innovator-spotlight-interpres-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the open source supply chain: The essential role of CVEs
Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have helped supply chain security keep pace.
The post Securing the open source supply chain: The essential role of CVEs appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/securing-the-open-source-supply-chain-the-essential-role-of-cves/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Innovator Spotlight: Keepnet Labs
Keepnet specializes in addressing human factors of security through innovative security awareness training and phishing simulation tools. This article highlights the significant findings of their 2024 Vishing (Voice Phishing) Response...
The post Innovator Spotlight: Keepnet Labs appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/innovator-spotlight-keepnet-labs-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bumblebee malware returns after recent law enforcement disruption
The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May. [...]
https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-after-recent-law-enforcement-disruption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker Advertises “Top Secret US Space Force (USSF) Military Technology Archive”
A hacker known as “TAINTU” is advertising a “Top Secret U.S. Space Force Military Technology Archive” for sale,…
https://hackread.com/hacker-advertise-secret-us-space-force-military-tech-archive/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Innovator Spotlight: Concentric
Data security is more critical than ever as organizations manage vast amounts of sensitive information across cloud and on-premises environments. According to a 2023 report by Varonis, over 53% of...
The post Innovator Spotlight: Concentric appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/innovator-spotlight-concentric/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 22, 2024
October 22, 2024 Hash 1cfbb41a264d14fcb39cf02702490016b 2a0d4e08b262989a0079bcd35efcfef08 3375f1024c7b1d57a549ae13ee43f0251 URL 1https[:]//47[.]123[.]5[.]132[:]9999/02[.]08[.]2022[.]exe 2https[:]//118[.]25[.]26[.]93[:]801/02[.]08[.]2022[.]exe 3https[:]//118[.]178[.]134[.]226[:]6789/02[.]08[.]2022[.]exe IP 1117[.]216[.]181[.]69 2137[.]220[.]234[.]66 3117[.]215[.]242[.]78 199,840 18,478 996 Top1 United States of America 38,406 Top1 TCP 80 87,449
게시물 October 22, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83994/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SolarWinds Product Security Update Advisory (CVE-2024-45711)
Overview SolarWinds Products has released a security update that fixes vulnerabilities in products supplied by SolarWinds Products. Users of affected products are advised to update to the latest version. Affected Products CVE-2024-45711 SolarWinds Serv-U versions: ~ 15.4.2 (inclusive) Resolved Vulnerabilities Directory traversal vulnerability in SolarWinds Serv-U that could allow […]
게시물 SolarWinds Product Security Update Advisory (CVE-2024-45711)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Solr Security Update Advisory
Overview An update has been released to address vulnerabilities in Apache Solr. Users of the affected versions are advised to update to the latest version. Affected Products CVE-2024-45216 Apache Solr versions: 5.3.0 (inclusive) ~ 8.11.4 (excluded) Apache Solr versions: 9.0.0 (inclusive) ~ 9.7.0 (excluded) CVE-2024-45217 Apache Solr versions: 6.6.0 (inclusive) ~ […]
게시물 Apache Solr Security Update Advisory이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Roundcube Webmail Security Update Advisory (CVE-2024-37383)
Overview An update has been released to address vulnerabilities in Roundcube Webmail. Users of the affected versions are advised to update to the latest version. Affected Products CVE-2024-37383 RoundCube Webmail versions: ~ 1.5.7 (excluded) RoundCube Webmail versions: 1.6.x (inclusive) ~ 1.6.7 (excluded) Resolved Vulnerabilities XSS vulnerability via SVG animate […]
게시물 Roundcube Webmail Security Update Advisory (CVE-2024-37383)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ScienceLogic Security Update Advisory (CVE-2024-9537)
Overview An update has been released to address vulnerabilities in ScienceLogic. Users of the affected versions are advised to update to the latest version. Affected Products CVE-2024-9537 SL1 versions: ~ 12.1.3 (excluded) SL1 versions: ~ 12.2.3 (excluded) SL1 versions: ~ 12.3 (excluded) Resolved Vulnerabilities Vulnerability related to certain third-party […]
게시물 ScienceLogic Security Update Advisory (CVE-2024-9537)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This industry profits from knowing you have cancer, explains Cody Venzke (Lock and Code S05E22)
This week on the Lock and Code podcast, we speak with Cody Venzke about why data brokers are allowed to collect everything about us.
https://www.malwarebytes.com/blog/podcast/2024/10/this-industry-profits-from-knowing-you-have-cancer-explains-cody-venzke-lock-and-code-s05e22
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Internet Archive attackers email support users: “Your data is now in the hands of some random guy”
Those who hacked the Internet Archive haven’t gone away. Users of the Internet Archive who have submitted helpdesk tickets are reporting...
https://www.malwarebytes.com/blog/news/2024/10/internet-archive-attackers-email-support-users-your-data-is-now-in-the-hands-of-some-random-guy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Internet Archive was breached twice in a month
The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts. BleepingComputer first reported the news of the incident, after it received several messages from […]
https://securityaffairs.com/170068/data-breach/internet-archive-second-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime In South Africa 2024: Deepfakes On The Rise
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full Investec Article Sausalito, Calif. – Oct. 21, 2024 South Africa-based Investec, a private bank with more than 7,400 staff in 40 cities on four continents, recaps some of the latest trends and
The post Cybercrime In South Africa 2024: Deepfakes On The Rise appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-in-south-africa-2024-deepfakes-on-the-rise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain
The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry.
"Over a period of at least six months, the attackers stealthily gathered valuable information from the targeted company including, but not limited to, network configurations, user passwords,
https://thehackernews.com/2024/10/chinese-nation-state-hackers-apt41-hit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ugly Truth about Your Software Vendor which CISOs Won't Want (But Do Need) to Hear
We've got a hard truth to share with you, and you might not like it: You are not your software vendor's top priority. Your vendor is focused on their own...
The post The Ugly Truth about Your Software Vendor which CISOs Won't Want (But Do Need) to Hear appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-ugly-truth-about-your-software-vendor-which-cisos-wont-want-but-do-need-to-hear/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7062-2: libgsf vulnerabilities
USN-7062-1 fixed vulnerabilities in libgsf. This update provides the
corresponding updates for Ubuntu 24.10.
Original advisory details:
It was discovered that libgsf incorrectly handled certain Compound
Document Binary files. If a user or automated system were tricked into
opening a specially crafted file, a remote attacker could possibly use
this issue to execute arbitrary code.
https://ubuntu.com/security/notices/USN-7062-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7042-3: cups-browsed vulnerability
USN-7042-2 released an improved fix for cups-browsed. This update provides
the corresponding update for Ubuntu 24.10.
Original advisory details:
Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables
support for the legacy CUPS printer discovery protocol.
https://ubuntu.com/security/notices/USN-7042-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Boost Your Linux Server Security with SSH Mastery
Secure remote connections are essential when managing a Linux server, and one of the most widely used and trusted methods for remote server administration is Secure Shell (SSH) . SSH creates a protected channel over an insecure network by encrypting all information shared between the server and client, safeguarding data exchanged between them from potential attackers, eavesdroppers, hijackers, or manipulators of communication streams.
https://linuxsecurity.com/features/features/ssh-mastery-linux-server-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Guide: The Ultimate Pentest Checklist for Full-Stack Security
Pentest Checklists Are More Important Than Ever
Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization's attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically
https://thehackernews.com/2024/10/guide-ultimate-pentest-checklist-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)
Hi there! Here's your quick update on the latest in cybersecurity.
Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe.
Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.
https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats_21.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Unveils OpenHCL: Advancing Confidential VM Support with Open Source
Microsoft recently unveiled OpenHCL , an open-source paravisor that augments virtualization stacks to facilitate confidential computing VMs on Intel TDX and AMD SEV-SNP platforms. Written in Rust , well-known for its strong memory safety guarantees, OpenCL represents a milestone achievement for the open-source security community.
https://linuxsecurity.com/news/vendors-products/microsoft-unveils-openhcl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI Arrested Hacker Behind the Takeover of the U.S. SEC X account
The Federal Bureau of Investigation (FBI) has apprehended Eric Council Jr., a 25-year-old resident of Athens, Alabama, for his alleged involvement in the unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024. The incident caused a brief but substantial fluctuation in Bitcoin’s value, highlighting the potential impact of social […]
The post FBI Arrested Hacker Behind the Takeover of the U.S. SEC X account appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/fbi-arrested-hacker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stealer here, stealer there, stealers everywhere!
Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer.
https://securelist.com/kral-amos-vidar-acr-stealers/114237/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Voice scams: What are they and how do I avoid them?
Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers
https://www.welivesecurity.com/en/scams/google-voice-scams-what-how-avoid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dell Product Security Update Advisory (CVE-2024-45766)
Overview An update has been released to address vulnerabilities in Dell Products. Users of the affected versions are advised to update to the latest version. Affected Products CVE-2024-45766 Dell OpenManage Enterprise versions: ~ 4.2.0 (excluded) Resolved Vulnerabilities Code injection vulnerability that could allow an attacker with remote access to […]
게시물 Dell Product Security Update Advisory (CVE-2024-45766)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83995/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (October 14 – October 20)
A list of topics we covered in the week of October 14 to October 20 of 2024
https://www.malwarebytes.com/blog/apple/2024/10/a-week-in-security-october-14-october-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data.
"The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext," ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong
https://thehackernews.com/2024/10/researchers-discover-severe-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign
Hackers exploited a now-patched Roundcube flaw in a phishing attack to steal user credentials from the open-source webmail software. Researchers from Positive Technologies warn that unknown threat actors have attempted to exploit a now-patched vulnerability, tracked as CVE-2024-37383 (CVSS score: 6.1), in the open-source Roundcube webmail software. The attackers have exploited the flaw as part of […]
https://securityaffairs.com/170055/hacking/roundcube-flaw-exploited-in-phishing-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fair Vote Canada - 134,336 breached accounts
In March 2024, the Canadian national citizens' campaign for proportional representation Fair Vote Canada suffered a data breach. The incident was attributed to "a well-meaning volunteer" who inadvertently exposed data from 2020 which included 134k unique email addresses, names, physical addresses, phone numbers and, for some individuals, date and amount of a donation.
https://haveibeenpwned.com/PwnedWebsites#FairVoteCanada
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7077-1: AMD Microcode vulnerability
Enrique Nissim and Krzysztof Okupski discovered that some AMD processors
did not properly restrict access to the System Management Mode (SMM)
configuration when the SMM Lock was enabled. A privileged local attacker
could possibly use this issue to further escalate their privileges and
execute arbitrary code within the processor's firmware layer.
https://ubuntu.com/security/notices/USN-7077-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
“HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!
Researchers at Microsoft discovered a new macOS vulnerability, “HM Surf” (CVE-2024-44133), which bypasses TCC protections, allowing unauthorized access…
https://hackread.com/hm-surf-macos-flaw-attackers-access-camera-mic/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Severe flaws in E2EE cloud storage platforms used by millions
Several end-to-end encrypted (E2EE) cloud storage platforms are vulnerable to a set of security issues that could expose user data to malicious actors. [...]
https://www.bleepingcomputer.com/news/security/severe-flaws-in-e2ee-cloud-storage-platforms-used-by-millions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mirai-Inspired Gorilla Botnet Hits 0.3 Million Targets Across 100 Countries
A new Gorilla Botnet has launched massive DDoS attacks, targeting over 100 countries, according to cybersecurity firm NSFOCUS.…
https://hackread.com/mira-gorilla-botnet-ddos-attacks-hit-100-countries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 21, 2024
October 21, 2024 Hash 1c47389ef7d11876db29b21cdee4d9ec7 260b4d0065e84420c8f9fd46beec02790 3f663bb35ec9a8b6580fc6535f872293d URL 1http[:]//188[.]151[.]37[.]124[:]33044/i 2https[:]//maticdigital402[.]weebly[.]com/ 3http[:]//rejetto[.]webfactional[.]com/hfs/ip[.]php IP 1185[.]107[.]57[.]66 2194[.]26[.]192[.]77 345[.]9[.]148[.]113 208,616 18,966 766 Top1 Viet Nam 55,902 Top1 TCP 80 92,510
게시물 October 21, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83989/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Grafana Security Update Advisory (CVE-2024-9264)
Overview Grafana Labs(https://grafana.com/) has released a security update that addresses a vulnerability in their products. Users of affected products are advised to update to the latest version. Affected Products CVE-2024-9264 Grafana version: 11.X Resolved Vulnerabilities Command injection and local file inclusion vulnerability (CVE-2024-9264) in the SQL Expressions experimental feature […]
게시물 Grafana Security Update Advisory (CVE-2024-9264)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83991/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. [...]
https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero-Trust Endpoint Security
Zero-Trust Endpoint Security: How a Preventive Approach Can Limit Your Endpoint Attack Surface Endpoint security has become more critical than ever in today’s rapidly evolving threat landscape. As enterprises become...
The post Zero-Trust Endpoint Security appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/zero-trust-endpoint-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates FASTCash for […]
https://securityaffairs.com/170047/malware/security-affairs-malware-newsletter-round-16.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE […]
https://securityaffairs.com/170041/breaking-news/security-affairs-newsletter-round-494-by-pierluigi-paganini-international-edition.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP
Technology firm F5 patches a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities in BIG-IP and BIG-IQ enterprise products, respectively tracked as CVE-2024-45844 and CVE-2024-47139. An authenticated attacker, with Manager role privileges or higher, could exploit the vulnerability CVE-2024-45844 to elevate privileges and compromise the BIG-IP […]
https://securityaffairs.com/170022/security/f5-patches-big-ip-elevation-of-privilege-bug.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday
Microsoft addressed crossed the century of vulnerability fixes, making it one of the huge update…
Microsoft Fixed 100+ Vulnerabilities With October Patch Tuesday on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/20/microsoft-fixed-100-vulnerabilities-with-october-patch-tuesday/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Use Fake ESET Emails to Target Israeli Firms with Wiper Malware
Hackers impersonate ESET in phishing attacks targeting Israeli organizations. Malicious emails, claiming to be from ESET, deliver wiper…
https://hackread.com/hackers-fake-eset-emails-israeli-wiper-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 20, 2024
October 20, 2024 Hash 15616c2f98d1fe1c4d2a39afeb86ad3b3 27fb71f26737307805a6175ed7561c065 3e2b1e7ae9ee105835159896580218074 URL 1http[:]//web[.]johnmccrea[.]com/css/f2e7fcb20146[.]exe 2https[:]//osecweb[.]ir/js/config_20[.]ps1 3http[:]//timecode[.]com[.]ar/Webmail/58/Webmail/webmail[.]php IP 1122[.]115[.]225[.]109 2134[.]209[.]222[.]136 38[.]222[.]182[.]84 213,519 16,970 882 Top1 Viet Nam 42,786 Top1 TCP 80 82,953
게시물 October 20, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83987/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Unsolvable Problem: XZ and Modern Infrastructure
The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software developer or security analyst up at night. The recent XZ backdoor attack is finally...
The post The Unsolvable Problem: XZ and Modern Infrastructure appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-unsolvable-problem-xz-and-modern-infrastructure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Publishers Spotlight: Proofpoint
I was thrilled to catch up with Proofpoint top executives, recently, to discuss Proofpoint's AI-powered solution and critical issues including data leakage and insider risks. In an era where digital...
The post Publishers Spotlight: Proofpoint appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/publishers-spotlight-proofpoint/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Weekly Wrap-Up 10/18/2024
ESC15: EKUwu
AD CS continues to be a popular target for penetration testers and security practitioners. The latest escalation technique (hence the the ESC in ESC15) was discovered by Justin Bollinger with details being released just last week. This latest configuration flaw has common issuance requirements to other ESC flaws
https://blog.rapid7.com/2024/10/18/metasploit-weekly-wrap-up-10-18-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unauthorized data access vulnerability in macOS is detailed by Microsoft
Microsoft disclosed details about the HM Surf vulnerability that could allow an attacker to gain access to the user's data in Safari
https://www.malwarebytes.com/blog/news/2024/10/microsoft-reveals-details-about-hm-surf-vulnerability-in-macos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iranian Hackers Target Microsoft 365, Citrix Systems with MFA Push Bombing
Iranian hackers are targeting critical infrastructure organizations with brute force tactics. This article explores their techniques, including MFA…
https://hackread.com/iranian-hackers-target-microsoft-365-mfa-push-bombing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 19, 2024
October 19, 2024 Hash 17d8ef5fb65d9b13f5b8c257ecf676ed0 2fcd92e343051e305c135b05fe4e4c8db 30073372d8136a492e3b327ba60def2de URL 1http[:]//ftp[.]libreriagandhi[.]cl/pw_75r2odh8gc-desktop-rzinkb6_2024_10_18_14_06_10[.]html 2http[:]//vnwxkk[.]spectacuiardate[.]com/?utm_source=da57dc555e50572d&s1=195490&s2=1920381&j1=1&j3=1&s3=mega20&click_id=68-1381-20241010123540bc6cb8b8 3http[:]//bestpleasuredates[.]one/?u=496k80z&o=8p7puzd&t=daiting__edtrinity[.]online&cid=1mkvtsdklcrve IP 187[.]120[.]115[.]119 2221[.]15[.]22[.]155 3118[.]122[.]147[.]49 252,619 19,721 1,259 Top1 United States of America 38,881 Top1 TCP 80 91,499
게시물 October 19, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83985/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The transformation of open source: Lessons from the past decade
Over the past decade, the world of open source software has undergone a seismic transformation, both in terms of its scale and challenges.
https://www.sonatype.com/blog/the-transformation-of-open-source-lessons-from-the-past-decade
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-Powered Fraud Detection Systems for Enhanced Cybersecurity
Artificial intelligence (AI) has many applications in cybersecurity. Automated fraud detection is one of the most impactful of these use cases. Fraud can be difficult for humans to spot, but...
The post AI-Powered Fraud Detection Systems for Enhanced Cybersecurity appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/ai-powered-fraud-detection-systems-for-enhanced-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7 Rapid Questions on our Belfast Placement Programme: Orla Magee and Paddy McDermott
Software Engineers Orla Magee and Paddy McDermott share what the interview process looked like for them, along with impactful projects and advice for others exploring Rapid7's Placement Programme.
https://blog.rapid7.com/2024/10/18/7-rapid-questions-on-our-belfast-placement-programme-orla-magee-and-paddy-mcdermott/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's behind the 51% drop in ransomware attacks?
In a world where cyber threats feel omnipresent, a recent report has revealed some unexpected good news: ransomware attacks on state and local governments have dropped by 51% in 2024. Still, this decline does not signal the end of the ransomware threat, nor should it lead to complacency. As the nature of ransomware evolves, so […]
The post What’s behind the 51% drop in ransomware attacks? appeared first on Security Intelligence.
https://securityintelligence.com/articles/whats-behind-51-drop-in-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brazil Arrests ‘USDoD,' Hacker in FBI Infragard Breach
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.
https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity 101: Common cyber threats and online safety concepts explained
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full Digit.in Article Sausalito, Calif. – Oct. 18, 2024 Cybersecurity Ventures predicts that cybercrime damage costs will reach .5 trillion annually by 2025, signaling an urgent need for individuals to take their digital safety
The post Cybersecurity 101: Common cyber threats and online safety concepts explained appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-101-common-cyber-threats-and-online-safety-concepts-explained/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe
The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year
https://www.welivesecurity.com/en/videos/threat-actors-exploiting-zero-days-faster-ever-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc.
https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Voice Cloning with Deep Learning Models
Given the explosion of development and interest in deep learning models in the past year, we decided to research on the topic to increase our know-how and find applications where these technologies can be leveraged in offensive security engagements.
This posts explores the use of machine learning for voice cloning and how it can be used for social engineering.
https://blog.compass-security.com/2024/10/voice-cloning-with-deep-learning-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Siemens Product Security Update Advisory
Overview An update has been released to address vulnerabilities in Siemens Products. Users of the affected versions are advised to update to the latest version. Affected Products CVE-2024-47194, CVE-2024-47195, CVE-2024-47196 ModelSim versions: ~ 2024.3 (excluded) Questa versions: ~ 2024.3 (excluded) Resolved Vulnerabilities Vulnerability that allows local attackers to load […]
게시물 Siemens Product Security Update Advisory이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/83969/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TunnelVision - CVE-2024-3661
Fortinet is aware of the recent publication of the TunnelVision vulnerability (CVE-2024-3661).The research [1] identified a technique to bypass the use of protected VPN tunnels when clients connect via untrusted network, such as rogue Wi-Fi network.This attack may allow an attacker controlled DHCP server on the same network as the targeted user to reroute VPN traffic by setting more specific routes than VPN's on target's routing table.Note that this technique does not allow decrypting HTTPS traffic but rather allows to redirect the traffic through attacker controlled channels before the traffic is encrypted by the VPN.
https://fortiguard.fortinet.com/psirt/FG-IR-24-170
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Veeam Backup and Replication Deserialization Vulnerability (CVE-2024-40711)
What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code on a vulnerable system without authentication, which poses a significant risk to organizations using Veeam for backup and data protection. The vulnerability has been added to Known Exploited Vulnerabilities Catalog (KEV) on October 17, 2024, and is known to be used in Ransomware Campaigns.What is the recommended Mitigation?Veeam has released security patches addressing CVE-2024-40711, along with 5 other lower severity vulnerabilities in Veeam Backup & Replication. https://www.veeam.com/kb4649What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch provided by the vendor...
https://fortiguard.fortinet.com/threat-signal-report/5559
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Progress Telerik Report Server Authentication Bypass Vulnerability
What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator users. The flaw, tracked as CVE-2024-4358, has been added to CISA's known exploited vulnerabilities catalog (KEV) in mid-June and FortiGuard Labs continues to see attack attempts targeting this particular vulnerability.What is the recommended Mitigation?Apply mitigations as outlined in the vendor advisory: https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature "Progress.Telerik.Report.Server.Register.Authentication.Bypass" which was released in mid-June to detect...
https://fortiguard.fortinet.com/threat-signal-report/5480
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications across networks is affected by an authentication bypass vulnerability. This flaw (CVE-2024-7593) arises from an incorrect implementation of an authentication algorithm, which can be exploited by a remote unauthenticated attacker to bypass authentication in the admin panel, allowing them to create a new admin user. This potentially grants unauthorized access and control over the affected system.A public Proof of Concept (PoC) is available for this exploit and CISA has added this vulnerability to Known Exploited Vulnerabilities (KEV) Catalog on September 24, 2024.What is the recommended Mitigation?Ivanti released updates for Ivanti Virtual Traffic Manager...
https://fortiguard.fortinet.com/threat-signal-report/5551
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Versa Director Dangerous File Type Upload Vulnerability (CVE-2024-39717)
What is the Vulnerability?The Versa Director GUI contains a zero-day dangerous file type upload vulnerability (CVE-2024-39717) that allows attackers to upload potentially malicious files, granting them system administrator access. This flaw effects the Change Favicon (Favorite Icon) option that can be misused to upload a malicious file ending with .png extension to masquerade as an image file. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-39717 to its Known Exploited Vulnerabilities list.What is the recommended Mitigation?Versa Networks has released a patch to address this vulnerability and has mentioned in their advisory that the vulnerability has already been exploited by an Advanced Persistent Threat actor.What FortiGuard Coverage is available?FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5511
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn How to Conduct a Cybersecurity Audit for the Cloud with These CSA Training Options
As cloud adoption continues to reshape the IT landscape, ensuring cloud environments are secure and compliant is critical. However, a cybersecurity audit specific to cloud computing introduces unique challenges, given the complexities of shared security responsibilities between cloud providers and customers. Fortunately, CSA offers training and certificate programs designed to enhance auditors' abilities to assess the security of cloud environments.In this blog post, we'll walk you through th...
https://cloudsecurityalliance.org/articles/learn-how-to-conduct-a-cybersecurity-audit-for-the-cloud-with-these-csa-training-options
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake North Korean IT Workers Infiltrate Western Firms, Demand Ransom
North Korean hackers are infiltrating Western companies using fraudulent IT workers to steal sensitive data and extort ransom.…
https://hackread.com/fake-north-korean-it-workers-west-firms-demand-ransom/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Abusing AD-DACL : Generic ALL Permissions
In this post, we explore the exploitation of Discretionary Access Control Lists (DACL) using the Generic ALL permission in Active Directory environments. This permission provides
The post Abusing AD-DACL : Generic ALL Permissions appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-generic-all-permissions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7069-2: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- Cryptographic API;
- CPU frequency scaling framework;
- HW tracing;
- ISDN/mISDN subsystem;
- Media drivers;
- Network drivers;
- NVME drivers;
- S/390 drivers;
- SCSI drivers;
- USB subsystem;
- VFIO drivers;
- Watchdog drivers;
- JFS file system;
- IRQ subsystem;
- Core kernel;
- Memory management;
- Amateur Radio drivers;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- Network traffic control;
- TIPC protocol;
- XFRM subsystem;
- Integrity Measurement Architecture(IMA) framework;
- SoC Audio for Freescale CPUs drivers;
- USB sound...
https://ubuntu.com/security/notices/USN-7069-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7028-2: Linux kernel (Azure) vulnerabilities
It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash).
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Greybus drivers;
- Modular ISDN driver;
- Multiple devices driver;
- Network drivers;
- SCSI drivers;
- VFIO drivers;
- F2FS file system;
- GFS2 file system;
- JFS file system;
- NILFS2 file system;
- Kernel debugger infrastructure;
- Bluetooth subsystem;
- IPv4 networking;
- L2TP protocol;
- Netfilter;
- RxRPC session sockets;
(CVE-2024-42154, CVE-2023-52527,...
https://ubuntu.com/security/notices/USN-7028-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7076-1: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Microsoft Azure Network Adapter (MANA) driver;
- Watchdog drivers;
- Netfilter;
- Network traffic control;
(CVE-2024-27397, CVE-2024-45016, CVE-2024-45001, CVE-2024-38630)
https://ubuntu.com/security/notices/USN-7076-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The cybersecurity skills gap contributed to a .76 million increase in average breach costs
Understaffing in cybersecurity — the “skills gap” — is driving up the cost of data breaches in recent years, according to a decade of reports by IBM. The 2024 IBM Data Breach Report found that more than half of breached organizations experienced severe security staffing shortages, a 26.2% increase from the previous year. They found […]
The post The cybersecurity skills gap contributed to a .76 million increase in average breach costs appeared first on Security Intelligence.
https://securityintelligence.com/articles/cybersecurity-skills-gap-contributed-increase-average-breach-costs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Whitelisting Is Like Having A Bouncer At Your Door
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full Forbes Article Sausalito, Calif. – Oct. 17, 2024 “Guilty until proven innocent,” writes Maxwell Alles in a Forbes article this week. That's the way he likes to think of one of the most
The post Whitelisting Is Like Having A Bouncer At Your Door appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/whitelisting-is-like-having-a-bouncer-at-your-door/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Format String Bug in fgfmd
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.A third-party report is indicating this may be exploited in the wild.
https://fortiguard.fortinet.com/psirt/FG-IR-24-029
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sudanese Brothers Arrested in ‘AnonSudan' Takedown
The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the brothers is facing life in prison for allegedly seeking to kill people with his attacks.
https://krebsonsecurity.com/2024/10/sudanese-brothers-arrested-in-anonsudan-takedown/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strategies for Building an Effective, Resilient Security Operations Center
The modern Security Operations Center (SOC) has morphed and matured since its infancy in the early 1990s. The primary responsibility of monitoring for any indication of intrusion or compromise has...
The post Strategies for Building an Effective, Resilient Security Operations Center appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/strategies-for-building-an-effective-resilient-security-operations-center/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding your Attack Surface: Different Approaches to Asset Discovery
In this post, we'll delve intoprocess of discovering assets. We cannot secure what we cannot see so getting this piece right is foundational to the success of your ASM program. This blog will explore four different methods of asset discovery starting with the most basic, deployed software agents.
https://blog.rapid7.com/2024/10/17/understanding-your-attack-surface-different-approaches-to-asset-discovery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? For me, this year's theme is a reminder of the global nature of NIST's cybersecurity and privacy
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
23andMe will retain your genetic information, even if you delete the account
Sure, you can request a deletion of your data from 23andMe, but that doesn't mean the company will delete it entirely.
https://www.malwarebytes.com/blog/news/2024/10/23andme-will-retain-your-genetic-information-even-if-you-delete-the-account
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SAS CTF and the many ways to persist a kernel shellcode on Windows 7
In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7.
https://securelist.com/sas-ctf-windows-7-challenge-explained/114180/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism
Explore how macOS Gatekeeper's security could be compromised by third-party apps not enforcing quarantine attributes effectively.
The post Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism appeared first on Unit 42.
https://unit42.paloaltonetworks.com/gatekeeper-bypass-macos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AlpineReplay - 898,681 breached accounts
In 2019, the snow sports tracking app AlpineReplay suffered a data breach that exposed 900k unique email addresses. Later rolled into the Trace service, the breach included names, usernames, genders, dates of birth, weights and passwords stored as either unsalted MD5 or bcrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#AlpineReplay
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenSSH regreSSHion Attack (CVE-2024-6387)
CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This could lead to remote code execution with root privileges.
https://fortiguard.fortinet.com/psirt/FG-IR-24-258
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top Threat #4 - Cloudy with a Chance of Breach: The Cloud Security Strategy Storm
Written by CSA's Top Threats Working Group.In this blog series, we cover the key security challenges from CSA's Top Threats to Cloud Computing 2024. Drawing from the insights of over 500 experts, we'll discuss the 11 top cybersecurity threats, their business impact, and how to tackle them. Whether you're a professional or a beginner, this series offers a clear guide to the evolving cloud security landscape.Today's post covers the #4 top threat: Inadequate Cloud Security Strategy.What is a Clo...
https://cloudsecurityalliance.org/articles/top-threat-4-cloudy-with-a-chance-of-breach-the-cloud-security-strategy-storm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Root Access for Data Control: A DEF CON IoT Village Story
Our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed attendees many methods of extracting firmware from IoT devices and manipulating the systems in the name of control and operations.
https://blog.rapid7.com/2024/10/16/root-access-for-data-control-a-def-con-iot-village-story/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
File-Sharing Fraud: Data Reveals 350% Increase in Hard-to-Detect Phishing Trend
Originally published by Abnormal Security.Phishing has long remained a favorite strategy among cybercriminals, and as security awareness has evolved, so have their tactics. According to our H2 2024 Email Threat Report, which was released today, phishing makes up nearly 72% of all advanced attacks, with one method outpacing all others.File-sharing phishing—a type of attack in which threat actors send emails that appear to be from trusted file-sharing platforms—has increased 350% year over year...
https://cloudsecurityalliance.org/articles/file-sharing-fraud-data-reveals-350-increase-in-hard-to-detect-phishing-trend
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Emulating Cryptomining Attacks: A Deep Dive into Resource Draining with GPU Programming
Originally published by Pentera.Cryptomining has surged in popularity, driven by the growing value of cryptocurrencies like Bitcoin and Ethereum. With leaked credentials easier than ever to acquire, attackers are looking for ways to profit, which has led to a rise in malicious cryptomining, or cryptojacking. This is where attackers hijack computer resources to mine cryptocurrency without the owner's consent. These cryptojacking attacks can significantly degrade system performance, increase el...
https://cloudsecurityalliance.org/articles/emulating-cryptomining-attacks-a-deep-dive-into-resource-draining-with-gpu-programming
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Look At Strong Password Practices: A Shield For Your Digital Life
Written by Abel E. Molina, Softchoice."An ounce of prevention is worth a pound of cure." - Benjamin FranklinIn the digital age, our lives are intricately tied to the online world, from managing finances to sharing moments with loved ones. Yet, with the convenience of the internet comes a significant risk: cyber threats. As the famous tech visionary Bill Gates once said, "Security is, I would say, our top priority because for all the exciting things you will be able to do with computers—organi...
https://cloudsecurityalliance.org/articles/a-look-at-strong-password-practices-a-shield-for-your-digital-life
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Test Driving a New Benefit Programme in Belfast
Rapid7's electric vehicle scheme was rolled out in late 2023 for Belfast employees. The programme enables employees to lease an electric car via their employer and pay for it on a salary sacrifice basis, offering substantial tax and national insurance savings.
https://blog.rapid7.com/2024/10/16/test-driving-a-new-benefit-programme-in-belfast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Nudify” deepfake bots remove clothes from victims in minutes, and millions are using them
Millions of people are turning normal pictures into nude images using bots on Telegram, and it can be done in minutes.
https://www.malwarebytes.com/blog/news/2024/10/nudify-deepfake-bots-remove-clothes-from-victims-in-minutes-and-millions-are-using-them
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating the ethics of AI in cybersecurity
Even if we’re not always consciously aware of it, artificial intelligence is now all around us. We’re already used to personalized recommendation systems in e-commerce, customer service chatbots powered by conversational AI and a whole lot more. In the realm of information security, we’ve already been relying on AI-powered spam filters for years to protect […]
The post Navigating the ethics of AI in cybersecurity appeared first on Security Intelligence.
https://securityintelligence.com/articles/navigating-ethics-ai-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Trends In Cybersecurity Budgeting
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full Techspective Article Sausalito, Calif. – Oct. 16, 2024 Over the past five years, cybersecurity budgets have witnessed a steady and substantial increase. Global spending on cybersecurity products and services will reach .75 trillion cumulatively
The post Key Trends In Cybersecurity Budgeting appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/key-trends-in-cybersecurity-budgeting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tor Browser and Firefox users should update to fix actively exploited vulnerability
Mozilla warns that a vulnerability in Firefox and Tor Browser is actively being exploited against both browsers
https://www.malwarebytes.com/blog/news/2024/10/tor-browser-and-firefox-users-should-update-to-fix-actively-exploited-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks
The Unit 42 Threat Frontier report discusses GenAI's impact on cybersecurity, emphasizing the need for AI-specific defenses and proactive security.
The post Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks appeared first on Unit 42.
https://unit42.paloaltonetworks.com/prepare-for-emerging-ai-risks-unit-42-threat-frontier/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)
“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship
https://www.welivesecurity.com/en/videos/protecting-children-grooming-unlocked-403-cybersecurity-podcast-ep-7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti CSA (Cloud Services Appliance) zero-day Attack
What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access, bypass security measures, run arbitrary SQL commands, and execute code remotely.In a recent incident response engagement, FortiGuard Incident Response (FGIR) services were engaged where an advanced adversary was observed exploiting vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). To read more visit: Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA | FortiGuard Labs (fortinet.com)CVE-2024-9379: SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.CVE-2024-9380:...
https://fortiguard.fortinet.com/threat-signal-report/5556
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The EU AI Act: A Roadmap for Trustworthy AI
Originally published by Vanta.Written by Herman Errico.As artificial intelligence (AI) continues to revolutionize various sectors, ensuring it is developed and deployed in alignment with ethical standards and fundamental rights is critical for businesses that use it. The European Union's Artificial Intelligence Act (AI Act), formally adopted on March 13, 2024, addresses this critical necessity by establishing a comprehensive and detailed legal framework for AI systems within the EU. This land...
https://cloudsecurityalliance.org/articles/the-eu-ai-act-a-roadmap-for-trustworthy-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safer with Google: Advancing Memory Safety
Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers
Error-prone interactions between software and memory1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities2 in memory-unsafe codebases are due to memory safety bugs. Malicious actors exploit these vulnerabilities and continue to create real-world harm. In 2023, Google's threat intelligence teams conducted an industry-wide study and observed a close to all-time high number of vulnerabilities exploited in the wild. Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.
At Google, we have been mindful of these issues for over two decades, and are on a journey to continue...
http://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rowing the Same Direction: 6 Tips for Stronger IT and Security Collaboration
Originally published by Dazz.The Olympians make it look easy, but make no mistake: rowing is a more difficult sport than meets the eye. Changing conditions in the water and weather, exhaustion, and even a head tilt in the wrong direction can send the boat off course or cause the team to lose time. And perhaps the biggest (and first) lesson a team can learn is that no one person can control the boat single handedly. It requires a team fully focused and in unison to win. The correlation between...
https://cloudsecurityalliance.org/articles/rowing-the-same-direction-6-tips-for-stronger-it-and-security-collaboration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Leverage Automation Tools to Streamline Your Next Compliance Audit: 3 Tips for Security Teams
Originally published by BARR Advisory.Compliance automation tools are designed to assist organizations in streamlining the rigorous demands of cybersecurity frameworks such as SOC 2, ISO 27001, and HITRUST. These platforms can help address the heavy lifting involved in preparing, undergoing, and maintaining compliance by automating repetitive tasks, freeing up security teams to think more strategically and focus on the bigger picture. But as with any tool, the value it delivers largely depend...
https://cloudsecurityalliance.org/articles/how-to-leverage-automation-tools-to-streamline-your-next-compliance-audit-3-tips-for-security-teams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bringing new theft protection features to Android users around the world
Posted by Jianing Sandra Guo, Product Manager and Nataliya Stanetsky, Staff Program Manager, Android
Janine Roberta Ferreira was driving home from work in São Paulo when she stopped at a traffic light. A man suddenly appeared and broke the window of her unlocked car, grabbing her phone. She struggled with him for a moment before he wrestled the phone away and ran off. The incident left her deeply shaken. Not only was she saddened at the loss of precious data, like pictures of her nephew, but she also felt vulnerable knowing her banking information was on her phone that was just stolen by a thief.
Situations like Janine's highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform. Phone theft is a widespread concern in many countries...
http://security.googleblog.com/2024/10/android-theft-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI scammers target Gmail accounts, say they have your death certificate
Typical AI supported scams are after your Google account by pretending to follow up on account recovery requests
https://www.malwarebytes.com/blog/news/2024/10/ai-scammers-target-gmail-accounts-say-they-have-your-death-certificate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA
Phishing campaigns relentlessly continue to evolve, utilizing innovative tricks to deceive users. ANY.RUN, the interactive…
ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/15/any-run-discovers-tricky-phishing-attack-using-fake-captcha/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Election season raises fears for nearly a third of people who worry their vote could be leaked
The US presidential election is stirring fears amongst a third of people who worry that their vote could be exposed to outsiders.
https://www.malwarebytes.com/blog/personal/2024/10/election-season-raises-fears-for-nearly-a-third-of-people-who-worry-their-vote-could-be-leaked
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime Magazine Podcast Called A “Must-Listen” By The CTO Club
This week in cybersecurity from the editors at Cybercrime Magazine – Read The Full The CTO Club Report Sausalito, Calif. – Oct. 15, 2024 The CTO Club recently picked the top 20 cybersecurity podcasts to enhance your ninja skills in 2024. Cybersecurity Ventures is the only brand
The post Cybercrime Magazine Podcast Called A “Must-Listen” By The CTO Club appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-magazine-podcast-called-a-must-listen-by-the-cto-club/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Guidance on effective communications in a cyber incident
Supporting organisations of all sizes to manage their communications strategy before, during and after a cyber security incident.
https://www.ncsc.gov.uk/guidance/effective-communications-in-a-cyber-incident
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
H1 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in the first half of 2024. In this period...
https://www.hackmageddon.com/2024/10/15/h1-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the Surface: the evolution and expansion of the SideWinder APT group
Kaspersky analyzes SideWinder APT's recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques.
https://securelist.com/sidewinder-apt/114089/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quishing attacks are targeting electric car owners: Here's how to slam on the brakes
Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers' payment details
https://www.welivesecurity.com/en/scams/quishing-attacks-targeting-electric-car-owners-slam-on-brakes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Use HackerOne's Global Vulnerability Policy Map
Use HackerOne's Global Vulnerability Policy Map to keep up with evolving VDP mandates and recommendations.
https://www.hackerone.com/public-policy/global-vulnerability-policy-map
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Hacker's Journey Through Crime And Redemption
This week in cybersecurity from the editors at Cybercrime Magazine – Listen To The Full Cybercrime Magazine Podcast Sausalito, Calif. – Oct. 14, 2024 “I was born into an outlaw family,” said Eddie Miro, when he recently came on the Cybercrime Magazine Podcast and told us
The post A Hacker’s Journey Through Crime And Redemption appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/a-hackers-journey-through-crime-and-redemption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Robot vacuum cleaners hacked to spy on, insult owners
Multiple Ecovacs robot vacuum cleaners have been hacked to yell obscenities and insults through the onboard speakers.
https://www.malwarebytes.com/blog/news/2024/10/robot-vacuum-cleaners-hacked-to-spy-on-insult-owners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'PDNS for Schools' to provide cyber resilience for more institutions
The NCSC's ‘Protective Domain Name Service for Schools' scaled-up to protect a wider range of organisations.
https://www.ncsc.gov.uk/blog-post/pdns-for-schools-provide-cyber-resilience-for-more-institutions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships
The world needs more cybersecurity professionals – here are three great ways to give you an ‘in' to the ever-growing and rewarding security industry
https://www.welivesecurity.com/en/cybersecurity/aspiring-digital-defender-explore-cybersecurity-internships-scholarships-apprenticeships/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (October 7 – October 13)
A list of topics we covered in the week of October 7 to October 13 of 2024
https://www.malwarebytes.com/blog/news/2024/10/a-week-in-security-october-7-october-13
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Whispers from the Dark Web Cave. Cyberthreats in the Middle East
The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on.
https://securelist.com/meta-threat-landscape-h1-2024/114164/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Human Risk Is Today's Biggest Cybersecurity Gap
This week in cybersecurity from the editors at Cybercrime Magazine – Read The State of Email & Collaboration Security 2024 Report Sausalito, Calif. – Oct. 12, 2024 Cybercrime is expected to grow from trillion globally in 2023 to .5 trillion by 2025, according to Cybersecurity
The post Human Risk Is Today’s Biggest Cybersecurity Gap appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/human-risk-is-todays-biggest-cybersecurity-gap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiOS - IP address validation mishandles zero characters
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiOS and FortiProxy IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-446
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weak key derivation for backup file
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS and FortiProxy may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.
https://fortiguard.fortinet.com/psirt/FG-IR-23-423
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities
CVE-2023-38545: severity HIGH (affects both libcurl and the curl tool)A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to "let the host resolve the name" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.https://curl.se/docs/CVE-2023-38545.html## CVE-2023-38546: severity...
https://fortiguard.fortinet.com/psirt/FG-IR-23-385
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2023-44487 - Rapid Reset HTTP/2 vulnerability
The Fortinet Product Security team has evaluated the impact of the vulnerablity HTTP/2 Rapid Reset Attack, listed below:CVE-2023-44487:The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly.https://nvd.nist.gov/vuln/detail/CVE-2023-44487
https://fortiguard.fortinet.com/psirt/FG-IR-23-397
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypass of root file system integrity checks at boot time on VM
An improper validation of integrity check value vulnerability [CWE-354] in FortiOS VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesytem integrity check in place.
https://fortiguard.fortinet.com/psirt/FG-IR-22-396
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GUI Console WebSockets do not terminate on logout
An insufficient session expiration vulnerability [CWE-613] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager GUI may allow attackers to re-use websessions after GUI logout, should they manage to acquire the required credentials.
https://fortiguard.fortinet.com/psirt/FG-IR-22-445
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
European Council Adopts Cyber Resilience Act
Learn about the EU Council's Cyber Resilience Act, where we're headed, and what we believe should happen next.
https://www.hackerone.com/public-policy/eu-council-cyber-resilience-act
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft's guidance to help mitigate Kerberoasting
Kerberoasting, a well-known Active Directory (AD) attack vector, enables threat actors to steal credentials and navigate through devices and networks. Microsoft is sharing recommended actions administrators can take now to help prevent successful Kerberoasting cyberattacks.
The post Microsoft’s guidance to help mitigate Kerberoasting appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SDLC Methodologies: The 7 Most Common
The software development lifecycle (SDLC) looks different for every team, but standard methodologies have emerged and evolved to help teams plan, test, and maintain projects with consistency and accuracy. These methodologies offer a clear approach to software development, ensuring each phase of development—from initial design to post-deployment maintenance—executes effectively.
https://www.legitsecurity.com/blog/top-sdlc-methodologies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is the Agile SDLC? Benefits, Stages And Implementation
The goal of any software development lifecycle (SDLC) is to create a great product. And that requires flexibility, customer-centricity, and a philosophy of constant improvement—all attributes of the Agile SDLC.
https://www.legitsecurity.com/blog/agile-sdlc-benefits-stages-implementation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ADDO session: Secure your application supply chain on AWS
We've wrapped up our 9th All Day DevOps (ADDO) event, where we've learned from the industry's best and brightest about the latest tools and methodologies for securing the software supply chain. Hossam Barakat, Senior Cloud Architect at Amazon Web Services (AWS), led a session titled "Secure Your Application Supply Chain on AWS" that explored topics including Supply-chain Levels for Software Artifacts (SLSA), software bill of materials (SBOM), and how these tools can help build a secure pipeline.
https://www.sonatype.com/blog/addo-session-secure-your-application-supply-chain-on-aws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe
ESET research dives deep into a series of attacks that leveraged bespoke toolsets to compromise air-gapped systems belonging to governmental and diplomatic entities
https://www.welivesecurity.com/en/videos/goldenjackal-jumps-air-gap-twice-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How governance, risk and compliance (GRC) addresses growing data liability concerns
In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments. According to a study by IBM’s Institute for Business Value, confidence in the effectiveness of […]
The post How governance, risk and compliance (GRC) addresses growing data liability concerns appeared first on Security Intelligence.
https://securityintelligence.com/articles/how-governance-risk-compliance-addresses-growing-liability-concerns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You've been hacked! Now what? Advice from Experian
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Grand Forks Herald Story Sausalito, Calif. – Oct. 11, 2024 The global annual cost of cybercrime is predicted to reach .5 trillion this year and is expected to hit .5 trillion by 2025, according
The post You’ve been hacked! Now what? Advice from Experian appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/youve-been-hacked-now-what-advice-from-experian/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber security tips for barristers, solicitors and legal professionals
Steps to take to help reduce the likelihood of falling victim to a cyber attack.
https://www.ncsc.gov.uk/guidance/cyber-security-tips-for-barristers-solicitors-and-legal-professionals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
App-Specific Passwords: Origins, Functionality, Security Risks and Mitigation
Originally published by Astrix on August 14, 2024.Written by Tomer Yahalom.Google announced it will terminate support for Less Secure Apps (LSAs) on September 30, which presents a great opportunity to dive into their evolution – App-Specific Passwords, and the security concerns that still remain.Less Secure Apps (LSAs): How it all beganLess Secure Apps (probably called regular apps back in the day) are applications that were created before the introduction of the Open Authorization Framework ...
https://cloudsecurityalliance.org/articles/app-specific-passwords-origins-functionality-security-risks-and-mitigation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ADDO session: Building observability to increase resiliency
As part of the DevOps and DevSecOps track during Sonatype's 9th All Day DevOps (ADDO) event, AWS Senior Developer Advocate Guillermo Ruiz presented his session titled "Building Observability to Increase Resiliency." Well-applied observability helps you find early signs of problems before they impact customers and makes it possible to react quickly to disruptions.
https://www.sonatype.com/blog/addo-session-building-observability-to-increase-resiliency
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Measure Your AI Risk Preparedness with This Interactive Self-Assessment Tool
Learn how HackerOne's AI Risk Readiness Self-Assessment Tool helps measure your AI security and compliance preparedness.
https://www.hackerone.com/ai/ai-security-readiness-quiz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lynx Ransomware: A Rebranding of INC Ransomware
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics.
The post Lynx Ransomware: A Rebranding of INC Ransomware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ADDO session: The state of SBOM, what's coming in standards and regulations
In 2021, the Log4j vulnerability catalyzed the industry to take action to boost the security of open source components. The development community is leading this movement, but governments are also taking notice and writing legislation to regulate how organizations approach software transparency.
https://www.sonatype.com/blog/addo-session-the-state-of-sbom-whats-coming-in-standards-and-regulations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using Chrome's accessibility APIs to find security bugs
Posted by Adrian Taylor, Security Engineer, Chrome
Chrome's user interface (UI) code is complex, and sometimes has bugs.
Are those bugs security bugs? Specifically, if a user's clicks and actions result in memory corruption, is that something that an attacker can exploit to harm that user?
Our security severity guidelines say “yes, sometimes.” For example, an attacker could very likely convince a user to click an autofill prompt, but it will be much harder to convince the user to step through a whole flow of different dialogs.
Even if these bugs aren't the most easily exploitable, it takes a great deal of time for our security shepherds to make these determinations. User interface bugs are often flakey (that is, not reliably reproducible). Also, even...
http://security.googleblog.com/2024/10/using-chromes-accessibility-apis-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 years of software supply chains: Navigating the growth, risks, and future of open source
Reflecting on 10 years of the State of the Software Supply Chain report is both a milestone and a call to action. Over the past decade, the world of software development has been transformed by open source consumption. We've seen unprecedented innovation, but also a rise in new challenges, particularly in managing the security and integrity of the software supply chain.
https://www.sonatype.com/blog/10-years-of-software-supply-chains-navigating-the-growth-risks-and-future-of-open-source
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Risk, reward and reality: Has enterprise perception of the public cloud changed?
Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%. With enterprises historically reticent to adopt public clouds, adoption […]
The post Risk, reward and reality: Has enterprise perception of the public cloud changed? appeared first on Security Intelligence.
https://securityintelligence.com/articles/risk-reward-reality-enterprise-perception-public-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 July 2024 Cyber Attacks Timeline
In the first timeline of July 2024 I collected 102 events (6.8 events/day) with a threat landscape dominated by ransomware...
https://www.hackmageddon.com/2024/10/10/1-15-july-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools
This edition of Cyber Signals delves into the cybersecurity challenges facing classrooms and campuses, highlighting the critical need for robust defenses and proactive measures. From personal devices to virtual classes and research stored in the cloud, the digital footprint of school districts, colleges, and universities has multiplied exponentially.
The post Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/10/cyber-signals-issue-8-education-under-siege-how-cybercriminals-target-our-schools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Not all types of MFA are created equal...
Our updated multi-factor authentication (MFA) guidance recommends organisations use techniques that give better protection against phishing attacks.
https://www.ncsc.gov.uk/blog-post/not-all-types-mfa-created-equal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Telekopye transitions to targeting tourists via hotel booking scam
ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms
https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Recruitment Process: What to Expect When You Apply at HackerOne
https://www.hackerone.com/culture-and-talent/recruitment-process-what-expect-when-you-apply-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Internet Archive - 31,081,179 breached accounts
In September 2024, the digital library of internet sites Internet Archive suffered a data breach that exposed 31M records. The breach exposed user records including email addresses, screen names and bcrypt password hashes.
https://haveibeenpwned.com/PwnedWebsites#InternetArchive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lamborghini Carjackers Lured by 3M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a 3 million cryptocurrency heist in August were carjacked a week later, while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.
https://krebsonsecurity.com/2024/10/lamborghini-carjackers-lured-by-243m-cyberheist/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentesting for Internal Networks
Learn how to optimize internal network pentesting through community-driven pentesting as a service (PTaaS).
https://www.hackerone.com/penetration-testing/internal-network-pentests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Awareness Month: Horror stories
When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior. October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to […]
The post Cybersecurity Awareness Month: Horror stories appeared first on Security Intelligence.
https://securityintelligence.com/articles/cybersecurity-awareness-month-horror-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers.
The post Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Optimizing Secrets Management to Enhance Security and Reduce Costs
Written by Itzik Alvas, Entro Security.Cyber threats are evolving rapidly. Organizations must navigate the delicate balance between robust security measures and cost-efficiency. One critical aspect of this balancing act is Non-Human identities & secrets management; secrets management is how organizations handle and protect sensitive information such as secrets, API keys, and encryption keys. Effective secrets management not only fortifies security but can also significantly reduce costs. ...
https://cloudsecurityalliance.org/articles/optimizing-secrets-management-to-enhance-security-and-reduce-costs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, October 2024 Edition
Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 "Sequoia" update that broke many cybersecurity tools.
https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best practices for authentication and authorization: Yoshiyuki Tabata's keynote at ADDO
Authentication (authn) and authorization (authz) are cornerstones of security in cloud-native applications. And yet, they remain some of the most challenging aspects for many organizations today.
https://www.sonatype.com/blog/best-practices-for-authentication-and-authorization-yoshiyuki-tabatas-keynote-at-addo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Muah.AI - 1,910,261 breached accounts
In September 2024, the "AI girlfriend" website Muah.AI suffered a data breach. The breach exposed 1.9M email addresses alongside prompts to generate AI-based images. Many of the prompts were highly sexual in nature, with many also describing child exploitation scenarios.
https://haveibeenpwned.com/PwnedWebsites#Muah
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Transforming enterprises with generative AI: Pallavi Nargund's keynote at ADDO
Generative artificial intelligence (AI) is transforming industries, enabling businesses to harness the power of machine learning (ML) to reshape customer experiences and revolutionize software development.
https://www.sonatype.com/blog/transforming-enterprises-with-generative-ai-pallavi-nargunds-keynote-at-addo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - October 2024
5 zero-days. Configuration Manager pre-auth RCE. RDP RPC pre-auth RPC. Winlogon EoP. Hyper-V container escape. curl o-day RCE late patch. Management console zero-day RCE. Windows 11 lifecycle changes.
https://blog.rapid7.com/2024/10/08/patch-tuesday-october-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Format String Bug in fazsvcd
A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer fazsvcd daemon may allow a remote privileged attacker with admin profile to execute arbitrary code or commands via specially crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-196
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unveiling the trillion dollar engine of innovation: Manuel Hoffmann's keynote at ADDO
Open source software (OSS) has revolutionized the technology landscape, powering innovations across industries from finance to healthcare.
https://www.sonatype.com/blog/unveiling-the-trillion-dollar-engine-of-innovation-manuel-hoffmanns-keynote-at-addo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Third Annual Ponemon Institute Report: Nearly Seven in 10 Healthcare Organizations Experienced Disruption to Patient Care Due to Cyber Attacks
https://www.proofpoint.com/us/newsroom/press-releases/third-annual-ponemon-institute-report-nearly-seven-10-healthcare
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How an IDOR Vulnerability Led to User Profile Modification
Learn the ins and outs of IDOR vulnerabilities and how one exploitation led to malicious user profile modification.
https://www.hackerone.com/vulnerability-management/idor-vulnerability-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A decade of transformation: ADDO and the State of the Software Supply Chain
The software industry has seen remarkable changes over the past decade, driven by a surge in open source adoption, evolving development methodologies, and the growing integration of AI.
At this year's All Day DevOps (ADDO) event, a panel of industry leaders, including Sonatype's co-founder and CTO Brian Fox, will present "A Decade of Transformation - Unveiling the 10th Annual State of the Software Supply Chain Report."
This session promises to reveal key insights into how the software supply chain has evolved and what the future holds.
https://www.sonatype.com/blog/a-decade-of-transformation-the-10th-annual-state-of-the-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Revolutionizing software development: Frank Roe's keynote at ADDO
The world of software development is rapidly evolving, driven by increasing pressure to deliver faster, yet with fewer resources, and the widespread adoption of generative AI tools.
https://www.sonatype.com/blog/revolutionizing-software-development-frank-roes-keynote-at-addo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.
The post File hosting services misused for identity phishing appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Study: 92% of Healthcare Firms Hit by Cyberattacks This Year
https://www.proofpoint.com/us/newsroom/news/study-92-healthcare-firms-hit-cyberattacks-year
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's a Software Supply Chain Attack? Examples and Prevention
Sophisticated cyberattackers have now expanded their focus beyond front-end applications.
https://www.legitsecurity.com/blog/what-is-software-supply-chain-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST AI Risk Management Framework Explained
Like any good tool, artificial intelligence (AI) boasts a variety of use cases—but just as many risks.
https://www.legitsecurity.com/blog/nist-ai-risk-management-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is AI saving jobs… or taking them?
Artificial intelligence (AI) is coming to take your cybersecurity job. Or, AI will save your job. Well, which is it? As with all things security-related, AI-related and employment-related, it’s complicated. How AI creates jobs A major reason it’s complicated is that AI is helping to increase the demand for cybersecurity professionals in two broad ways. […]
The post Is AI saving jobs… or taking them? appeared first on Security Intelligence.
https://securityintelligence.com/articles/is-ai-saving-jobs-or-taking-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scalability Challenges in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon (UK Office of National Statistics (ONS)), and Sikha Pentyala (University of Washington Tacoma), who were winners in the
https://www.nist.gov/blogs/cybersecurity-insights/scalability-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber insurance, human risk, and the potential for cyber-ratings
Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people's financial responsibility?
https://www.welivesecurity.com/en/business-security/cyber-insurance-human-risk-potential-cyber-ratings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Defender VPN Detects Unsafe WiFi Networks
After the recent Defender VPN update, Microsoft users will receive warnings when interacting with unsafe…
Microsoft Defender VPN Detects Unsafe WiFi Networks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/08/microsoft-defender-vpn-detects-unsafe-wifi-networks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study
Forrester found that Microsoft Defender for Cloud markedly enhanced the security, compliance, and operational efficiency of each company participating.
The post Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/07/microsoft-defender-for-cloud-remediated-threats-30-faster-than-other-solutions-according-to-forrester-tei-study/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Awaken Likho is awake: new techniques of an APT group
Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations.
https://securelist.com/awaken-likho-apt-new-implant-campaign/114101/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mind the (air) gap: GoldenJackal gooses government guardrails
ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal
https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to talk to board members about cyber
New guidance helps CISOs communicate with Boards to improve oversight of cyber risk.
https://www.ncsc.gov.uk/blog-post/how-to-talk-to-board-members-about-cyber
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
High-Risk Vulnerabilities in Apache HTTP Server's mod_proxy Encoding Problem Allow Authentication…
Bounty -CVE-2024–38473Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/high-risk-vulnerabilities-in-apache-http-servers-mod-proxy-encoding-problem-allow-authentication-cbe8d422738d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IOS Penetration Testing: Guide to Static Testing
During an iOS application penetration test, a penetration tester utilizes a range of techniques, tools, and methodologies to evaluate the application's security posture. One such method is static analysis. Static analysis tools assist in identifying security vulnerabilities in the application's source code or binary without executing it. This process aids in detecting issues like insecure coding practices, improper utilization of cryptographic functions, the presence of backdoors, hardcoded sensitive information, and more.iOS Static Analysis ChecklistI will demonstrate the test cases of static analysis using an intentionally vulnerable iOS application (DVIA). For this demonstration, I'll utilize a jailbroken iPhone running iOS 15.7.1, jailbroke using the Palera1n tool, following the...
https://infosecwriteups.com/ios-penetration-testing-guide-to-static-analysis-4a9dea5d672d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Studied 100+ SSRF Reports, and Here's What I Learned
After diving into over 100 write-ups and reports on Server-Side Request Forgery (SSRF), I've compiled the key insights and knowledge I've gained into this blog. Here, I aim to share a comprehensive overview of SSRF vulnerabilityServer-Side Request Forgery (SSRF)Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to send crafted requests from a vulnerable server to other internal or external resources. SSRF occurs when a web application accepts a URL or IP address input from a user and uses that input to make requests without properly validating or sanitizing it.Identifying SSRF VulnerabilitiesIdentifying SSRF in a target application is about understanding how that application interacts with external resources, processes URLs, and handles user input. The first...
https://infosecwriteups.com/i-studied-100-ssrf-reports-and-heres-what-i-learned-1654c72ee2df?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IDOR Leads To Account Takeover
IDOR, one of the most common vulnerabilities in applications, can lead to major security leaks. Today, I'll walk you through how I discovered an IDOR flaw that allowed access to other users' accounts in the vulnerable application.What is IDOR?Insecure Direct Object Reference (IDOR) is a security vulnerability that arises when the application exposes its internal implementation objects directly to users without proper access controls in place.Typically, web applications or APIs use references or identifiers to access and retrieve data from their underlying storage systems. These references, if not properly protected, can be manipulated by attackers to gain unauthorized access to sensitive resources.The vulnerability occurs when the application fails to enforce proper authorization checks...
https://infosecwriteups.com/idor-leads-to-account-takeover-28fe6e300a49?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why I Quit Bug Bounty Hunting :(
It was purely my experience , i respect other bug bounty hunters :)Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/why-i-quit-bug-bounty-hunting-95e81c907a6f?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Switch - 5,397 breached accounts
In October 2024, the Hungarian IT headhunting service Switch inadvertently exposed thousands of customer records via a public GitHub repository. The exposed data contained job applications with names, email addresses and in some cases, commentary on the applicant.
https://haveibeenpwned.com/PwnedWebsites#Switch
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast bait, malware switch.
https://www.proofpoint.com/us/newsroom/news/podcast-bait-malware-switch
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
Four DNS tunneling campaigns identified through a new machine learning tool expose intricate tactics when targeting vital sectors like finance, healthcare and more.
The post No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection appeared first on Unit 42.
https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Weekly Wrap-Up 10/04/2024
This week's Metasploit Weekly Wrap-Up includes; 3 new module content, 3 new enhancements and features, and 2 bug fixes. Learn more!
https://blog.rapid7.com/2024/10/04/metasploit-weekly-wrap-up-10-04-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Main Components of an Attack Surface Management (ASM) Strategy
In part one of this blog series, we looked at some of the core challenges that are driving the demand for a new approach to Attack Surface Management. In this second blog I explore some of the key technology approaches to ASM and also some of the core asset types we need to understand.
https://blog.rapid7.com/2024/10/04/the-main-components-of-an-attack-surface-management-asm-strategy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are we getting better at quantifying risk management?
As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become […]
The post Are we getting better at quantifying risk management? appeared first on Security Intelligence.
https://securityintelligence.com/articles/are-we-getting-better-at-quantifying-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The complexities of attack attribution – Week in security with Tony Anscombe
Attributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this week
https://www.welivesecurity.com/en/videos/complexities-attack-attribution-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Engaging with Boards to improve the management of cyber security risk
How to communicate more effectively with board members to improve cyber security decision making.
https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scam Information and Event Management
Malicious actors are spreading miners through fake websites with popular software, Telegram channels and YouTube, installing Wazuh SIEM agent on victims' devices for persistence.
https://securelist.com/miner-campaign-misuses-open-source-siem-agent/114022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero
Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. After the disclosure, I received some questions about how this issue was discovered, since dav1d is already being fuzzed by at least oss-fuzz. This blog post explains what happened. It’s a useful case study in how to construct fuzzers to exercise as much code as possible. But first, some background...BackgroundDav1d
Dav1d is a highly-optimized AV1 decoder. AV1 is a royalty-free video coding format developed by the Alliance...
https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Groups Demystified: CyberVolk Ransomware
As part of our ongoing efforts to monitor emerging cyber threats, we have analyzed the activities of CyberVolk, a politically motivated hacktivist group that transitioned into using ransomware and has been active since June 2024.
https://blog.rapid7.com/2024/10/03/ransomware-groups-demystified-cybervolk-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems
Posted by Sherk Chung, Stephan Chen, Pixel team, and Roger Piqueras Jover, Ivan Lozano, Android team
Pixel phones have earned a well-deserved reputation for being security-conscious. In this blog, we'll take a peek under the hood to see how Pixel mitigates common exploits on cellular basebands.
Smartphones have become an integral part of our lives, but few of us think about the complex software that powers them, especially the cellular baseband – the processor on the device responsible for handling all cellular communication (such as LTE, 4G, and 5G). Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult. Security researchers have increasingly exploited this attack vector and routinely demonstrated the possibility of...
http://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evaluating Mitigations & Vulnerabilities in Chrome
Posted by Alex Gough, Chrome Security Team
The Chrome Security Team is constantly striving to make it safer to browse the web. We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue. When choosing where to invest it is helpful to consider how bad actors find and exploit vulnerabilities. In this post we discuss several axes along which to evaluate the potential harm to users from exploits, and how they apply to the Chrome browser.
Historically the Chrome Security Team has made major investments and driven the web to be safer. We pioneered browser sandboxing, site isolation and the migration to an encrypted web. Today we're investing...
http://security.googleblog.com/2024/10/evaluating-mitigations-vulnerabilities.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.
https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modernizing Your VM Program with Rapid7 Exposure Command: A Path to Effective Continuous Threat Exposure Management
This is where continuous threat exposure management (CTEM) comes into play – an approach that shifts the focus from merely identifying vulnerabilities to understanding and mitigating exposures across the entire attack surface.
https://blog.rapid7.com/2024/10/03/modernizing-your-vm-program-with-rapid7-exposure-command-a-path-to-effective-continuous-threat-exposure-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Makes Recall Opt-In While Improving Privacy
After much backlash around privacy, Microsoft finally improvised Windows Recall, rolling it as an opt-in…
Microsoft Makes Recall Opt-In While Improving Privacy on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/03/microsoft-makes-recall-opt-in-while-improving-privacy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q2 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q2 2024. In this period, I collected 688 events dominated by Cyber Crime with ...
https://www.hackmageddon.com/2024/10/03/q2-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating eight years of being the NCSC – a part of GCHQ
As Felicity Oswald hands over to the new NCSC CEO, she reflects on why cyber security and intelligence are so connected.
https://www.ncsc.gov.uk/blog-post/celebrating-eight-years-being-the-ncsc-part-of-gchq
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers exploit critical Zimbra vulnerability using cc'd email addresses
https://www.proofpoint.com/us/newsroom/news/attackers-exploit-critical-zimbra-vulnerability-using-ccd-email-addresses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia
https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Penetration testing
How to get the most from penetration testing
https://www.ncsc.gov.uk/guidance/penetration-testing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Finding a needle in a haystack: Machine learning at the forefront of threat hunting research
How Kaspersky implemented machine learning for threat hunting in Kaspersky Security Network (KSN) global threat data.
https://securelist.com/machine-learning-in-threat-hunting/114016/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133)
Publication Date: 2024/10/01 6:35 PM PDT
AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin.
Amazon Elastic Kubernetes Service (Amazon EKS)
Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images (AMIs) version v20240928 with the patched NVIDIA container toolkit v1.16.2. Customers using Managed node groups can upgrade their node groups by referring to the EKS documentation. Customers using Karpenter can update their nodes by following the documentation on drift or AMI selection. Customers using self-managing worker nodes can replace existing nodes by referring to the...
https://aws.amazon.com/security/security-bulletins/AWS-2024-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity spotlight on bug bounty researcher @imrerad
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@imrerad!
The post Cybersecurity spotlight on bug bounty researcher @imrerad appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cybersecurity-spotlight-on-bug-bounty-researcher-imrerad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Awareness Month: Securing our world—together
To help our global cyberdefenders, Microsoft has put together the Be Cybersmart Kit, designed to educate everyone, on best practices for going passwordless, not falling for sophisticated phishing or fraud, device protection, AI safety, and more.
The post Cybersecurity Awareness Month: Securing our world—together appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/01/cybersecurity-awareness-month-securing-our-world-together/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BudTrader - 2,721,185 breached accounts
In July 2024, a data breach of the now defunct cannabis social platform BudTrader was posted for sale on a hacking forum. Dating back to the previous month, the breach of the website exposed 2.7M email addresses, usernames and WordPress password hashes.
https://haveibeenpwned.com/PwnedWebsites#BudTrader
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Rapid7 Products & Services: Q3 2024 in Review
This was one of the most exciting quarters at Rapid7 as we announced the next chapter in our mission to give customers command of their attack surface: the Rapid7 Command Platform, our unified threat exposure and detection and response platform.
https://blog.rapid7.com/2024/10/01/whats-new-in-rapid7-products-services-q3-2024-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why system resilience should mainly be the job of the OS, not just third-party applications
Building efficient recovery options will drive ecosystem resilience
https://www.welivesecurity.com/en/cybersecurity/system-resilience-job-os-not-just-third-party-applications/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kia Dealer Portal Vulnerability Risked Millions of Cars
Kia recently addressed a serious security vulnerability, risking its cars. The vulnerability existed in the…
Kia Dealer Portal Vulnerability Risked Millions of Cars on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/10/01/kia-dealer-portal-vulnerability-risked-millions-of-cars/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Group: another ransomware group using leaked builders
Kaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram.
https://securelist.com/key-group-ransomware-samples-and-telegram-schemes/114025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning
Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model.
The post Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning appeared first on Unit 42.
https://unit42.paloaltonetworks.com/machine-learning-new-swiss-army-suite-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
June 2024 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for June 2024 where I collected and analyzed 230 events. During June 2024 Cyber Crime continued to lead...
https://www.hackmageddon.com/2024/10/01/june-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
COM Cross-Session Activation
Once again, reading blogs and tweets from James Forshaw led me to wonder how things work. This time, I was working on DCOM for my last blog post and while reading about cross-session activation, I had trouble believing what I was reading.
https://blog.compass-security.com/2024/10/com-cross-session-activation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crooked Cops, Stolen Laptops & the Ghost of UGNazi
A California man accused of failing to pay taxes on tens of millions of dollars allegedly earned from cybercrime also paid local police officers hundreds of thousands of dollars to help him extort, intimidate and silence rivals and former business partners, a new indictment charges. KrebsOnSecurity has learned that many of the man's alleged targets were members of UGNazi, a hacker group behind multiple high-profile breaches and cyberattacks back in 2012.
https://krebsonsecurity.com/2024/09/crooked-cops-stolen-laptops-the-ghost-of-ugnazi/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Find Broken Access Control Vulnerabilities in the Wild
Learn the ins and outs of broken access control vulnerabilities and how to find them in your security research.
https://www.hackerone.com/community/find-broken-access-control-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Central Tickets - 722,860 breached accounts
In September 2024, data from the ticketing service Central Tickets was publicly posted to a hacking forum. The data suggests the breach occurred several months earlier and exposed 723k unique email addresses alongside names, phone numbers, IP addresses, purchases and passwords stored as unsalted SHA-1 hashes.
https://haveibeenpwned.com/PwnedWebsites#CentralTickets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proactive Visibility Is Foundational to Strong Cybersecurity
Exposures are more than CVEs, so organizations need to move beyond the traditional thinking of vulnerability management to a holistic view.
https://blog.rapid7.com/2024/09/30/proactive-visibility-is-foundational-to-strong-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tor And Tails OS Announce Merger For Streamlined Operations
The popular privacy tools Tor and Tails OS formally announced a merger to enhance their…
Tor And Tails OS Announce Merger For Streamlined Operations on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/30/tor-and-tails-os-announce-merger-for-streamlined-operations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Open-Source Tools Can Help Keep Your Computer Secure
If you're thinking security, you've got a lot of options. With the intensity of cybercrime…
How Open-Source Tools Can Help Keep Your Computer Secure on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/30/how-open-source-tools-can-help-keep-your-computer-secure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIS2: Next Step Forward on EU Security Requirements
Everything you need to know about the next NIS2 Directive, what it means for you, and how to be compliant.
https://www.hackerone.com/public-policy/nis2-eu-security-requirements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Justice Dept. charges three men in alleged Iran hack of Trump campaign
https://www.proofpoint.com/us/newsroom/news/justice-dept-charges-three-men-alleged-iran-hack-trump-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How online scammers hijack your brain
https://www.proofpoint.com/us/newsroom/news/how-online-scammers-hijack-your-brain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, […]
The post Storm-0501: Ransomware attacks expanding to hybrid cloud environments appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex
The United States today unveiled sanctions and indictments against the alleged proprietor of Joker's Stash, a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted a top Russian cybercriminal known as Taleon, whose cryptocurrency exchange Cryptex has evolved into one of Russia's most active money laundering networks.
https://krebsonsecurity.com/2024/09/u-s-indicts-2-top-russian-hackers-sanctions-cryptex/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Social Media: how to use it safely
Use privacy settings across social media platforms to manage your digital footprint.
https://www.ncsc.gov.uk/guidance/social-media-how-to-use-it-safely
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Evaluate and Choose the Best Web Hosting Service
Understanding Your Hosting Needs What kind of website are you going to host? It may…
How to Evaluate and Choose the Best Web Hosting Service on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/09/26/how-to-evaluate-and-choose-the-best-web-hosting-service/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Transportation and Logistics Firms Targeted With Infostealers, Backdoors
https://www.proofpoint.com/us/newsroom/news/us-transportation-and-logistics-firms-targeted-infostealers-backdoors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-30 June 2024 Cyber Attacks Timeline
In the second timeline of June 2024, I collected 106 events (7.07 events/day) with a threat landscape dominated by...
https://www.hackmageddon.com/2024/09/26/16-30-june-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unraveling Sparkling Pisces's Tool Set: KLogEXE and FPSpy
We analyze new tools DPRK-linked APT Sparkling Pisces (aka Kimsuky) used in cyberespionage campaigns: KLogExe (a keylogger) and FPSpy (a backdoor variant).
The post Unraveling Sparkling Pisces's Tool Set: KLogEXE and FPSpy appeared first on Unit 42.
https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Guide To Subdomain Takeovers 2.0
Written by experienced security researcher EdOverflow, this blog provides an understanding of subdomain configurations with current resources and tools.
https://www.hackerone.com/community/guide-subdomain-takeovers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
Gartner® names Microsoft a Leader in Endpoint Protection Platforms—a reflection, we believe, of our continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center teams.
The post Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/09/25/microsoft-is-named-a-leader-in-the-2024-gartner-magic-quadrant-for-endpoint-protection-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Streamline Your SDLC With Hai
Hai streamlines the SDLC with the tools to maintain consistency, automate tasks, and improve overall efficiency.
https://www.hackerone.com/ai/streamline-sdlc-with-hai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Eliminating Memory Safety Vulnerabilities at the Source
Posted by Jeff Vander Stoep - Android team, and Alex Rebert - Security Foundations
Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding, a secure-by-design approach that prioritizes transitioning to memory-safe languages.
This post demonstrates why focusing on Safe Coding for new code quickly and counterintuitively reduces the overall security risk of a codebase, finally breaking through the stubbornly high plateau of memory safety vulnerabilities and starting an exponential decline, all while being scalable and cost-effective.
We'll also share updated data on how the percentage of memory safety vulnerabilities in Android...
http://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Timeshare Owner? The Mexican Drug Cartels Want You
The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick elderly people into believing someone wants to buy their property. This is the story of a couple who recently lost more than ,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.
https://krebsonsecurity.com/2024/09/timeshare-owner-the-mexican-drug-cartels-want-you/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Activate your data responsibly in the era of AI with Microsoft Purview
We are announcing preview for Microsoft Purview Information Protection to restrict content in Microsoft Fabric with sensitivity labels and Microsoft Purview Data Loss Prevention policies for lakehouses, and spotlighting our recent general availability of Microsoft Purview Data Governance solution.
The post Activate your data responsibly in the era of AI with Microsoft Purview appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/09/25/activate-your-data-responsibly-in-the-era-of-ai-with-microsoft-purview/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware
https://www.proofpoint.com/us/newsroom/news/transportation-companies-hit-cyberattacks-using-lumma-stealer-and-netsupport-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz
Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its unique aspects and more.
The post Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz appeared first on Unit 42.
https://unit42.paloaltonetworks.com/phishing-platform-sniper-dz-unique-tactics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OSINT : User Privacy in Linux
Linux telemetry involves gathering and sending data from a Linux-based system to an external server or service. The purpose of this process is often to
The post OSINT : User Privacy in Linux appeared first on Hacking Articles.
https://www.hackingarticles.in/osint-user-privacy-in-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google & Arm - Raising The Bar on GPU Security
Posted by Xuan Xing, Eugene Rodionov, Jon Bottarini, Adam Bacchus - Android Red Team;
Amit Chaudhary, Lyndon Fawcett, Joseph Artgole - Arm Product Security Team
Who cares about GPUs?
You, me, and the entire ecosystem! GPUs (graphics processing units) are critical in delivering rich visual experiences on mobile devices. However, the GPU software and firmware stack has become a way for attackers to gain permissions and entitlements (privilege escalation) to Android-based devices. There are plenty of issues in this category that can affect all major GPU brands, for example, CVE-2023-4295, CVE-2023-21106, CVE-2021-0884, and more. Most exploitable GPU vulnerabilities are in the implementation of the GPU kernel mode modules. These modules are pieces of code that load/unload during runtime,...
http://security.googleblog.com/2024/09/google-arm-raising-bar-on-gpu-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Trustworthy AI: Unlocking human potential starts with trust
At Microsoft, we have commitments to ensuring Trustworthy AI and are building industry-leading supporting technology. Our commitments and capabilities go hand in hand to make sure our customers and developers are protected at every layer. Building on our commitments, today we are announcing new product capabilities to strengthen the security, safety and privacy of AI systems.
The post Microsoft Trustworthy AI: Unlocking human potential starts with trust appeared first on Microsoft Security Blog.
https://blogs.microsoft.com/blog/2024/09/24/microsoft-trustworthy-ai-unlocking-human-potential-starts-with-trust/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others. How It Works By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass...
http://www.kitploit.com/2024/09/safeline-serve-as-reverse-proxy-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside SnipBot: The Latest RomCom Malware Variant
We deconstruct SnipBot, a variant of RomCom malware. Its authors, who target diverse sectors, seem to be aiming for espionage instead of financial gain.
The post Inside SnipBot: The Latest RomCom Malware Variant appeared first on Unit 42.
https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing our future: September 2024 progress update on Microsoft's Secure Future Initiative (SFI)
Since the Secure Future Initiative (SFI) began, we've dedicated the equivalent of 34,000 full-time engineers to SFI—making it the largest cybersecurity engineering effort in history. And now, we're sharing key updates and milestones from the first SFI Progress Report.
The post Securing our future: September 2024 progress update on Microsoft's Secure Future Initiative (SFI) appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/09/23/securing-our-future-september-2024-progress-update-on-microsofts-secure-future-initiative-sfi/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious source code and the trusted script interpeter are safely written to the target system, one could simply execute said source code via the trusted script interpreter. PolyDrop - Leverages thirteen scripting languages to perform the above attack. The following langues are wholly ignored by AV vendors including MS-Defender: - tcl - php - crystal - julia - golang - dart - dlang - vlang - nodejs - bun - python - fsharp - deno All of these languages were allowed to completely execute, and...
http://www.kitploit.com/2024/09/polydrop-byosi-bring-your-own-script.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GameVN - 1,369,485 breached accounts
In May 2016, the Vietnamese gaming forum GameVN suffered a data breach that was later redistributed as part of a larger corpus of data. Data breached from the XenForo-based forum included 1.4M unique email addresses, usernames, IP addresses and salted MD5 password hashes.
https://haveibeenpwned.com/PwnedWebsites#GameVN
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secator - The Pentester'S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library usage Distributed options with Celery Complexity from simple tasks to complex workflows Customizable Supported tools secator integrates the following tools: Name Description Category httpx Fast HTTP prober. http cariddi Fast crawler and endpoint secrets / api keys / tokens matcher. http/crawler gau Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). http/crawler gospider Fast web spider written in Go. http/crawler katana Next-generation crawling...
http://www.kitploit.com/2024/09/secator-pentesters-swiss-knife.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a virtually simulated environment designed for offensive security professionals to safely learn and practice drone hacking techniques. It simulates real-world ArduPilot & MAVLink drone architectures and vulnerabilities, offering a hands-on experience in exploiting drone systems. Why was it built? The Damn Vulnerable Drone aims to enhance offensive security skills within a controlled environment, making it an invaluable tool for intermediate-level security professionals, pentesters, and hacking enthusiasts....
http://www.kitploit.com/2024/09/damn-vulnerable-drone-intentionally.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable (PE) files. It provides a range of features to help developers and security professionals work with PE files more effectively. Features PE Header Fixing: file-unpumper can fix and align the PE headers of a given executable file. This is particularly useful for resolving issues caused by packers or obfuscators that modify the headers. Resource Extraction: The tool can extract embedded resources from a PE file, such as icons, bitmaps, or other data resources. This can be helpful for reverse engineering or analyzing the contents of an executable. Metadata Analysis: file-unpumper provides a comprehensive analysis of the PE file's metadata, including information about the machine...
http://www.kitploit.com/2024/09/file-unpumper-tool-that-can-be-used-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Accelerate Vulnerability Remediation with Hai
Hai, HackerOne's AI co-pilot, streamlines remediation efforts and accelerates the find-to-fix process.
https://www.hackerone.com/ai/accelerate-vulnerability-remediation-with-hai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This Windows PowerShell Phish Has Scary Potential
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it's unlikely that many programmers fell for this scam, it's notable because less targeted versions of it are likely to be far more successful against the average Windows user.
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Managing Cybersecurity and Privacy Risks in the Age of Artificial Intelligence: Launching a New Program at NIST
The rapid proliferation of Artificial Intelligence (AI) promises significant value for industry, consumers, and broader society, but as with many technologies, new risks from these advancements in AI must be managed to realize it's full potential. The NIST AI Risk Management Framework (AI RMF) was developed to manage the benefits and risks to individuals, organizations, and society associated with AI and covers a wide range of risk ranging from safety to lack of transparency and accountability. For those of us at NIST working in cybersecurity, privacy and AI, a key concern is how advancements
https://www.nist.gov/blogs/cybersecurity-insights/managing-cybersecurity-and-privacy-risks-age-artificial-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from the response to a second request provided, one parameter at a time. This approach allows for the automated testing and exploitation of potential mass assignment vulnerabilities. Disclaimer This tool actively modifies server-side data. Please ensure you have proper authorization before use. Any unauthorized or illegal activity using this tool is entirely at your own risk. Features Enables the addition of custom headers within requests Offers customization of various HTTP methods for both origin and...
http://www.kitploit.com/2024/09/mass-assigner-simple-tool-made-to-probe.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers.
The post Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool appeared first on Unit 42.
https://unit42.paloaltonetworks.com/analysis-pentest-tool-splinter/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Single IP is Scanning Intensely, and Yields a List of Malware Loaders
Overall scanning for CVEs we track is down, but one specific scanner caught our attention. We dig into what it’s doing.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HuntStand - 2,795,947 breached accounts
In March 2024, millions of records scraped from the hunting and land management service HuntStand were publicly posted to a popular hacking forum. The data included 2.8M unique email addresses with many records also containing name, date of birth and country.
https://haveibeenpwned.com/PwnedWebsites#HuntStand
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors.
The post Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors appeared first on Unit 42.
https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scam ‘Funeral Streaming' Groups Thrive on Facebook
Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook. Here's a closer look at the size of this scheme, and some findings about who may be responsible.
https://krebsonsecurity.com/2024/09/scam-funeral-streaming-groups-thrive-on-facebook/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Imperius - Make An Linux Kernel Rootkit Visible Again
A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched. It involves getting the memory address of a rootkit's "show_module" function, for example, and using that to call it, adding it back to lsmod, making it possible to remove an LKM rootkit. We can obtain the function address in very simple kernels using /sys/kernel/tracing/available_filter_functions_addrs, however, it is only available from kernel 6.5x onwards. An alternative to this is to scan the kernel memory, and later add it to lsmod again, so it can be removed. So in summary, this LKM abuses the function of lkm rootkits that have the functionality to become visible again. OBS: There is another trick of removing/defusing a LKM rootkit, but it will be in the research that will...
http://www.kitploit.com/2024/09/imperius-make-linux-kernel-rootkit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Looking for a job? Work at one of these 10 companies with the happiest employees
https://www.proofpoint.com/us/newsroom/news/looking-job-work-one-these-10-companies-happiest-employees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Doubles Down On Partner Services, AI, Data Security
https://www.proofpoint.com/us/newsroom/news/proofpoint-doubles-down-partner-services-ai-data-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Three-Headed Potato Dog
Earlier this year, several security researchers published research about using DCOM to coerce Windows systems to authenticate to other systems. This can be misused to relay the authentication to NTLM or Kerberos, to AD CS over HTTP for instance. This sounds like a hot and complex topic. Let’s take a look back how this started […]
https://blog.compass-security.com/2024/09/three-headed-potato-dog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be unfortunate for them, it's an opportunity for us to profit. Flashy methods like residing in memory or thread injection are heavily monitored. Without a binary signed by a valid Certificate Authority, execution is nearly impossible. Enter BYOSI (Bring Your Own Scripting Interpreter). Every scripting interpreter is signed by its creator, with each certificate being valid. Testing in a live environment revealed surprising results: a highly signatured PHP script from this repository not only ran on systems monitored by CrowdStrike and Trellix but also established an external connection without triggering...
http://www.kitploit.com/2024/09/byosi-evade-edrs-simple-way-by-not.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protective Monitoring for HMG ICT Systems (GPG 13)
Please note that this document is out of date and is provided for historical reference only. It should not be used in the design and operation of new systems.
https://www.ncsc.gov.uk/guidance/protective-monitoring-hmg-ict-systems-gpg-13
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Instituto Nacional de Deportes de Chile - 319,613 breached accounts
In September 2024, the Instituto Nacional de Deportes de Chile (Chile's National Sports Institute) suffered a data breach. The incident exposed 1.7M rows of data with 320k unique email addresses alongside names, dates of birth, genders and bcrypt password hashes. The newest records in the data date back to August 2022, suggesting the breach may be of an older data set.
https://haveibeenpwned.com/PwnedWebsites#InstitutoNacionalDeDeportesDeChile
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing HackerOne Automations
https://www.hackerone.com/vulnerability-management/introducing-hackerone-automations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SBOM Tools and Alternatives to Assess and Protect Your Software
Third-party integrations save time and effort during the software development lifecycle—but they also increase the risk of security breaches and make it more challenging to comply with cybersecurity regulations.Keeping a software bill of materials (SBOM) with the right SBOM tools can help you better understand your attack surface to keep cyber attackers at bay and auditors satisfied.
https://www.legitsecurity.com/blog/top-sbom-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Software Supply Chain Vulnerability Protection 101
According to a Data Theorem report, 91% of organizations faced a software supply chain attack in 2023.
https://www.legitsecurity.com/blog/software-supply-chain-vulnerability-protection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Psobf - PowerShell Obfuscator
Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the obfuscation level to their specific needs../psobf -h ██████╗ ███████╗ ██████╗ ██████╗ ███████╗ ██╔══██╗██╔════╝██╔═══██╗██╔══██╗██╔════╝ ██████╔╝███████╗██║ ██║██████╔╝█████╗ ██╔═══╝ ╚════██║██║ ██║██╔══██╗██╔══╝...
http://www.kitploit.com/2024/09/psobf-powershell-obfuscator.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CloudImposer
Google Cloud Composer is a managed service for Apache Airflow. Tenable discovered that the Cloud Composer package was vulnerable to dependency confusion, which could have allowed attackers to
inject malicious code when the package was compiled from source. This could have led to remote code execution on machines running Cloud Composer, which include various other GCP services as
well as internal servers at Google. The dependency confusion stemmed from Google's risky recommendation in their documentation to use the --extra-index-url argument when installing private
Python packages. Following disclosure, Google fixed the dependency confusion vulnerability and also updated their documentation.
https://www.cloudvulndb.org/cloudimposer-gcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Document AI data exfiltration
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project, in a way that isn't properly documented.
The Document AI service agent is auto-assigned with excessive permissions, allowing it to access all objects from Cloud Storage buckets in the same project.
Malicious actors can exploit this to exfiltrate data from Cloud Storage by indirectly leveraging the service agent's permissions.
This vulnerability is an instance of transitive access abuse, a class of security flaw where unauthorized access is gained indirectly
through a trusted intermediary.
https://www.cloudvulndb.org/gcp-document-ai-data-exfil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/ImperiusDownload ModTracer
http://www.kitploit.com/2024/09/modtracer-modtracer-finds-hidden-linux.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Games Box - 1,439,354 breached accounts
In September 2020, now defunct website Games Box suffered a data breach that was later redistributed as part of a larger corpus of data. The impacted data included 1.4M email addresses alongside usernames, genders, ages and passwords stored as either a hash or plain text.
https://haveibeenpwned.com/PwnedWebsites#GamesBox
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology. Containers allow developers to package an application and its dependencies into a single, portable unit that can run consistently across various computing environments. Docker simplifies the development and deployment process by ensuring that applications run the same way regardless of where they are deployed. About Docker Hub Docker Hub is a cloud-based repository where developers can store, share, and distribute container images. It serves as the largest library of container images, providing access...
http://www.kitploit.com/2024/09/dockerspy-dockerspy-searches-for-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A new path for Kyber on the web
Posted by David Adrian, David Benjamin, Bob Beck & Devon O'Brien, Chrome Team
We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients. The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber. At the time, the NIST standardization process for Kyber had not yet finished.
Since then, the Kyber algorithm has been standardized with minor technical changes and renamed to the Module Lattice Key Encapsulation Mechanism (ML-KEM). We have implemented ML-KEM in Google's cryptography library, BoringSSL, which allows for it to be deployed and utilized by services that depend on this library.
The changes to the final version of ML-KEM make it incompatible with the previously...
http://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Configuring Microsoft Outlook 365's 'Report Phishing' add-in
How to report emails to the NCSC's Suspicious Email Reporting Service (SERS) using the 'Report Phishing' add-in for Microsoft Outlook 365.
https://www.ncsc.gov.uk/guidance/configuring-o365-outlook-report-phishing-for-sers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 June 2024 Cyber Attacks Timeline
In the first timeline of June 2024 I collected 124 events (8.27 events/day) with a threat landscape dominated by...
https://www.hackmageddon.com/2024/09/12/1-15-june-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Detailed Guide on Feroxbuster
Feroxbuster is a robust tool designed to identify directories and files on web servers using brute-force techniques. It is frequently utilized in penetration testing and
The post A Detailed Guide on Feroxbuster appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-feroxbuster/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing Pages Delivered Through Refresh HTTP Response Header
We detail a rare phishing mechanism using a refresh entry in the HTTP response header for stealth redirects to malicious pages, affecting finance and government sectors.
The post Phishing Pages Delivered Through Refresh HTTP Response Header appeared first on Unit 42.
https://unit42.paloaltonetworks.com/rare-phishing-page-delivery-header-refresh/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SBOMs and the importance of inventory
Can a Software Bill of Materials (SBOM) provide organisations with better insight into their supply chains?
https://www.ncsc.gov.uk/blog-post/sboms-and-the-importance-of-inventory
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Ways to Mitigate Risk in Cybersecurity
Cybersecurity refers to practices designed to defend computers, mobile devices, electronic data storage platforms and networks against attacks such as ransomware extortion and data breaches. Preventative techniques are key in...
The post 5 Ways to Mitigate Risk in Cybersecurity appeared first on Hacker Combat.
https://www.hackercombat.com/five-ways-to-mitigate-risk-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Malware
Malware refers to any form of malicious software which aims to disrupt, harm or steal private information for criminal use. Furthermore, malware can mine cryptocurrency for cybercriminals as an additional...
The post What is Malware appeared first on Hacker Combat.
https://www.hackercombat.com/malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Classroom into Bug Bounty: Investigating Motivational Factors Among Swiss Students
Bug bounty programs have evolved into a critical element of modern cybersecurity. In this post, we give some answers to how bug bounty programs can attract students as hunters.
https://blog.compass-security.com/2024/09/from-classroom-into-bug-bounty-investigating-motivational-factors-among-swiss-students/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Identify and Stop Scrapers
Fighting sophisticated scrapers requires advanced detection methods. Discover the techniques needed to identify and manage these hidden threats outlined in our investigation.
https://www.f5.com/labs/articles/threat-intelligence/how-to-identify-and-stop-scrapers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying Rust in Existing Firmware Codebases
Posted by Ivan Lozano and Dominik Maier, Android Team Android's use of safe-by-design principles drives our adoption of memory-safe languages like Rust, making exploitation of the OS increasingly difficult with every release. To provide a secure foundation, we're extending hardening and the use of memory-safe languages to low-level firmware (including in Trusty apps).In this blog post, we'll show you how to gradually introduce Rust into your existing firmware, prioritizing new code and the most security-critical code. You'll see how easy it is to boost security with drop-in Rust replacements, and we'll even demonstrate how the Rust toolchain can handle specialized bare-metal targets.Drop-in Rust replacements for C code are not a novel idea and have been used in other cases, such as librsvg's...
http://security.googleblog.com/2024/09/deploying-rust-in-existing-firmware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learning, Sharing, and Exploring with NIST's New Human-Centered Cybersecurity Community of Interest
Human-centered cybersecurity (also known as ‘usable security') involves the social, organizational, and technological influences on people's understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity (HCC) approach, we can both improve people's cybersecurity experiences and achieve better cybersecurity outcomes, which is so important in today's digitally interconnected world. At NIST, we understand the value of making connections, listening, and interactivity. We also understand that researchers and practitioners want to hear directly from each other—and
https://www.nist.gov/blogs/cybersecurity-insights/learning-sharing-and-exploring-nists-new-human-centered-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blooms Today - 3,184,010 breached accounts
In April 2024, 15M records from the online florist Blooms Today were listed for sale on a popular hacking forum. The most recent data in the breach corpus was from November 2023 and appeared alongside 3.2M unique email addresses, names, phone numbers physical addresses and partial credit card data (card type, 4 digits of the number and expiry date). The breach did not expose sufficient card data to make purchases. Blooms Today did not respond when contacted about the incident.
https://haveibeenpwned.com/PwnedWebsites#BloomsToday
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May 2024 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for May 2024 where I collected and analyzed 242 events...
https://www.hackmageddon.com/2024/08/29/may-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 May 2024 Cyber Attacks Timeline
In the second timeline of May 2024 I collected 136 events (8.5 events/day) with a threat landscape dominated by...
https://www.hackmageddon.com/2024/08/27/16-31-may-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MSSQL for Pentester: NetExec
NetExec (nxc) is a powerful network exploitation tool developed as a modern successor to CrackMapExec (CME), which was widely used by penetration testers and red
The post MSSQL for Pentester: NetExec appeared first on Hacking Articles.
https://www.hackingarticles.in/mssql-for-pentester-netexec/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scanning for CVE-2017-9841 Drops Precipitously
Last issue, we observed huge amounts of scanning for the rather old CVE-2017-9841, an RCE in PHPUnit. This time it’s fallen off nearly as sharply. We look into why!
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-july-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 May 2024 Cyber Attacks Timeline
In the first timeline of May 2024, I collected 105 events (7 events/day) with a threat landscape still dominated by malware.
https://www.hackmageddon.com/2024/08/21/1-15-may-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementation Challenges in Privacy-Preserving Federated Learning
In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool), Dr. Mat Weldon ( United Kingdom (UK) Office of National Statistics (ONS)), and Dr. Michael Fenton (Trūata) who were winners in the UK-US Privacy-Enhancing Technologies ( PETs) Prize Challenges. We discuss implementation challenges of privacy-preserving federated learning (PPFL) - specifically, the areas of threat modeling and real world deployments. Threat Modeling In research on privacy-preserving federated learning (PPFL), the protections of a PPFL system are usually encoded in a threat model that defines
https://www.nist.gov/blogs/cybersecurity-insights/implementation-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Patchdiffing Journey – TP-Link Omada
Last year we participated in the Pwn2Own 2023 Toronto competition and successfully exploited the Synology BC500 camera. The DEVCORE Internship Program team managed to exploit a bug in the TP-Link Omada Gigabit VPN Router. So I was naturally curious and wanted to figure out how difficult it would be to recreate that exploit having access only to a high-level bug description and the firmware.
https://blog.compass-security.com/2024/08/a-patchdiffing-journey-tp-link-omada/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Copilot Studio information disclosure via SSRF
https://www.cloudvulndb.org/copilot-studio-infoleak-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Private AI For All: Our End-To-End Approach to AI Privacy on Android
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy, and Giles Hogben, Senior Director, Privacy Engineering, Android
Your smartphone holds a lot of your personal information to help you get things done every day. On Android, we are seamlessly integrating the latest artificial intelligence (AI) capabilities, like Gemini as a trusted assistant – capable of handling life's essential tasks. As such, ensuring your privacy and security on Android is paramount. As a pioneer in responsible AI and cutting-edge privacy technologies like Private Compute Core and federated learning, we made sure our approach to the assistant experience with Gemini on Android is aligned with our existing Secure AI framework, AI Principles and Privacy Principles.
We've always safeguarded...
http://security.googleblog.com/2024/08/android-private-ai-approach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars.
The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Post-Quantum Cryptography: Standards and Progress
Posted by Royal Hansen, VP, Privacy, Safety and Security Engineering, Google, and Phil Venables, VP, TI Security & CISO, Google Cloud
The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures. In progress since 2016, this achievement represents a major milestone towards standards development that will keep information on the Internet secure and confidential for many years to come.
Here's a brief overview of what PQC is, how Google is using PQC, and how other organizations can adopt these new standards. You can also read more about PQC and Google's role in the standardization process in this 2022 post from Cloud CISO Phil Venables.
What is PQC?
Encryption...
http://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azue Health privilege escalation via SSRF
https://www.cloudvulndb.org/azure_health_pe_ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Penetration Testing on MYSQL (Port 3306)
MySQL is an open-source Relational Database Management System (RDBMS). It is widely used for managing and organizing data in a structured format, using tables to
The post Penetration Testing on MYSQL (Port 3306) appeared first on Hacking Articles.
https://www.hackingarticles.in/penetration-testing-on-mysql-port-3306/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Are Scrapers and Why Should You Care?
Data miners and scraper bots are everywhere, feeding AI LLMs and more, and many of them are NOT harmless.
https://www.f5.com/labs/articles/threat-intelligence/what-are-scrapers-and-why-should-you-care
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
April 2024 Cyber Attacks Statistics
During April 2024 Cyber Crime continued to lead the Motivations with a value (73%) practically equal to March when it was 72.9%. Operations driven by Cyber Espionage ranked at number two with...
https://www.hackmageddon.com/2024/08/01/april-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Huge Increase in Scanning for CVE-2017-9841 With Large Variability in Scanning Infrastructure
The rather old CVE-2017-9841, an RCE in PHPUnit, suddenly jumps to the top of our list, with an increase of nearly 400% since last month. We dig into the scanning infrastructure.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-june-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with AWS Client VPN - CVE-2024-30164, CVE-2024-30165
Publication Date: 2024/07/16 3:30 PM PDT
AWS is aware of CVE-2024-30164 and CVE-2024-30165 in AWS Client VPN. These issues could potentially allow an actor with access to an end user's device to escalate to root privilege and execute arbitrary commands on that device. We addressed these issues on all platforms. Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux.
For additional information on configuring AWS Client VPN to meet your security and compliance requirements, please refer to our "Security in AWS Client VPN" user guide.
We would like to thank Robinhood for collaborating on this issue through the coordinated vulnerability disclosure process.
Security-related questions...
https://aws.amazon.com/security/security-bulletins/AWS-2024-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with PyTorch TorchServe - CVE-2024-35198, CVE-2024-35199
Publication Date: 2024/07/18 2:50 PM PDT
AWS is aware of the issues described in CVE-2024-35198 and CVE-2024-35199 in PyTorch TorchServe versions 0.3.0 to 0.10.0. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker are not affected.
CVE-2024-35198 does not prevent a model from being downloaded into the model store if the URL contains characters such as ".." when TorchServe model registration API is called. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and Amazon Elastic Kubernetes Service (Amazon EKS) are not affected by this issue.
CVE-2024-35199 does not bind two gRPC ports 7070 and 7071 to localhost by default. These two interfaces are bound to all interfaces when TorchServe is natively launched...
https://aws.amazon.com/security/security-bulletins/AWS-2024-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3 ways to get Remote Code Execution in Kafka UI
In this blog post, we'll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.
The post 3 ways to get Remote Code Execution in Kafka UI appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/3-ways-to-get-remote-code-execution-in-kafka-ui/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
File Transfer Cheatsheet: Windows and Linux
File transfer is a crucial step in the post-exploitation scenario while performing penetration testing or red teaming. There are various ways to do the file
The post File Transfer Cheatsheet: Windows and Linux appeared first on Hacking Articles.
https://www.hackingarticles.in/file-transfer-cheatsheet-windows-and-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 DDoS Attack Trends
Unveiling the rise of Hacktivism in a tense global climate.
https://www.f5.com/labs/articles/threat-intelligence/2024-ddos-attack-trends
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WinRM Penetration Testing
Windows Remote Management (WinRM) is a protocol developed by Microsoft for remotely managing hardware and operating systems on Windows machines. It is a component of
The post WinRM Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/winrm-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Trained Models in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . The last two posts in our series covered techniques for input privacy in privacy-preserving federated learning in the context of horizontally and vertically partitioned data. To build a complete privacy-preserving federated learning
https://www.nist.gov/blogs/cybersecurity-insights/protecting-trained-models-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]
The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MSSQL for Pentester: Command Execution with xp_cmdshell
Transact-SQL (T-SQL) is an extension of the SQL language used primarily in Microsoft SQL Server. T-SQL expands the functionality of SQL by adding procedural programming
The post MSSQL for Pentester: Command Execution with xp_cmdshell appeared first on Hacking Articles.
https://www.hackingarticles.in/mssql-for-pentester-command-execution-with-xp_cmdshell/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SAML Raider Release 2.0.0
SAML Raider is a Burp Suite extension and the tool of choice for many pentesters for testing SAML infrastructures. This blog post should give a brief introduction to what has changed in the new version 2.0.0. From Improving developer and user experience to bug fixes.
https://blog.compass-security.com/2024/07/saml-raider-release-2-0-0/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project
Zero
When tackling a new vulnerability research target, especially a closed-source one, I
prioritize gathering as much information about it as possible. This gets especially interesting when
it's a subsystem as old and fundamental as the Windows registry. In that case, tidbits of valuable data
can lurk in forgotten documentation, out-of-print books, and dusty open-source code – each potentially
offering a critical piece of the puzzle. Uncovering them takes some effort, but the payoff is often immense.
Scraps of information can contain hints as to how certain parts of the software are implemented, as well as
why – what were
...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attack of the clones: Getting RCE in Chrome's renderer with duplicate object properties
In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
The post Attack of the clones: Getting RCE in Chrome's renderer with duplicate object properties appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/attack-of-the-clones-getting-rce-in-chromes-renderer-with-duplicate-object-properties/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine- Google Dorking without limits- Github Information Grabbing- Subdomain Identifier - Cms/Technology Detector With Custom Headers Installation ~> git clone https://github.com/ankitdobhal/Ashok~> cd Ashok~> python3.7 -m pip3 install -r requirements.txt How to use Ashok? A detailed usage guide is available on Usage section of the Wiki. But Some index of options is given below:...
http://www.kitploit.com/2024/06/ashok-osint-recon-tool-aka-swiss-army.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scanning for TP-Link Wifi Router Vulnerability Increases by 100%
The TP-Link Archer AX21 Wifi Router vulnerability CVE-2023-1389 experiences massive targeting along with a rather old critical RCE in PHPUnit.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-may-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero
IntroductionAt Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches.
As the code comprehension and general reasoning ability of Large Language Models (LLMs) has improved, we have been exploring how these models can reproduce the systematic approach of a human security researcher when identifying and demonstrating security vulnerabilities. We hope that in the future, this can close some of the blind spots of current automated vulnerability discovery approaches, and enable automated detection of "unfuzzable" vulnerabilities.
...
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we'll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.
The post Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/execute-commands-by-sending-json-learn-how-unsafe-deserialization-vulnerabilities-work-in-ruby-projects/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild. Diamorphine is a well-known […]
The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Conkeyscan – Confluence Keyword Scanner
TL;DR Release of Conkeyscan – A Confluence Keyword/Secret Scanner, which is tailored towards pentesters. Secrets Everywhere Many companies, especially larger ones, need to store knowledge in a centralized way. A wiki is the usual choice for this. One product that is frequently used for this purpose is Confluence from Atlassian. Similar to how sensitive data […]
https://blog.compass-security.com/2024/06/introducing-conkeyscan-confluence-keyword-scanner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with DeepJavaLibrary - CVE-2024-37902
Publication Date: 2024/06/17 10:30 AM PDT
AWS is aware of CVE-2024-37902, relating to a potential issue with the archive extraction utilities for DeepJavaLibrary (DJL). On May 15, 2024, we released version 0.28.0 to address this issue. If you are using an affected version (0.1.0 through 0.27.0), we recommend you upgrade to 0.28.0 or higher.
For additional information, please refer to the DJL release notes.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2024-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure Machine Learning SSRF
https://www.cloudvulndb.org/azure_ml_ssrf_pt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GCP HMAC Keys do not log creation, deletion or usage
Cloud Audit Logs do not capture actions mediated through the cloud console private API
service (cloudconsole-pa). Consequently, there is no logging of HMAC key creation or deletion
linked to user accounts. This absence of logs hampers defenders' ability to alert or monitor
the creation of HMAC keys for user accounts, posing a persistence risk, or their deletion,
presenting a denial of service risk.
https://www.cloudvulndb.org/gcp-hmac-keys-insufficient-logging
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GCP HMAC Keys are not discoverable or revokable other than for self
GCP administrators face challenges in managing HMAC keys within their organizations,
lacking visibility into which user accounts have generated these keys and whether they are
actively being used to access storage objects. Additionally, there's a lack of functionality
to revoke keys associated with other users, restricting their ability to enforce security
policies effectively. Similarly, GCP incident response teams rely on Cloud Logging to monitor
Cloud Storage object access, but they lack specific indicators to determine if HMAC keys are
being utilized in these access attempts.
https://www.cloudvulndb.org/gcp-hmac-keys-unauditable
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Driving forward in Android drivers
Posted by Seth Jenkins, Google Project ZeroIntroduction
Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases carry the potential to compromise a significant segment of Android phones. There are recent public examples of third-party drivers containing serious vulnerabilities that are exploited on Android. While there exists a well-established body of public (and In-the-Wild) security research on Android GPU drivers, other chipset components may not be as frequently audited so this research sought to explore those drivers in greater detail.Driver Enumeration: Not as Easy as it Looks
This...
https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – Mexico City, RSA Conference, and More
The last few months have brought even more opportunities for NIST to engage with our international partners to enhance cybersecurity. Here are some updates on our recent international engagement: Conversations have continued with our partners throughout the world on the recent release of the Cybersecurity Framework Version 2.0 . NIST international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international dialogues. Most recently, NIST participated in interagency dialogues to share information on NIST
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-mexico
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 years of the GitHub Security Bug Bounty Program
Let's take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program.
The post 10 years of the GitHub Security Bug Bounty Program appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/10-years-of-the-github-security-bug-bounty-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blockchain / Smart Contract Bugs
To identify and understand threats and weaknesses of smart contracts, it is important to be at least familiar with common smart contract bugs and vulnerabilities, how they can be leveraged by a malicious attacker, and how these issues can be mitigated.
This blog article aims to raise awareness about common smart contract vulnerabilities and their corresponding mitigation strategies.
https://blog.compass-security.com/2024/06/blockchain-smart-contract-bugs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building DDoS Botnets with TP-Link and Netgear Routers
Threat actors double down with their botnet building efforts. Vulnerable Netgear routers join exploitable TP-Link and other IoT devices, expanding attacker DDoS capabilities.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-april-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Your Wallet? How Mobile Driver's Licenses are Changing Online Transactions
Can you recall the last time you opened a bank account? It's likely you walked into a local bank branch and spoke to a representative who asked for your driver's license and social security card to verify your identity. Now imagine you want to create a bank account online. The process is likely similar—type in your social security number, take a picture of your driver's license, and submit both to the bank via their webpage. Seems straightforward, right? Identity verification is important—it protects us from identity theft and reduces the risk of fraud and unauthorized access for organizations
https://www.nist.gov/blogs/cybersecurity-insights/check-your-wallet-how-mobile-drivers-licenses-are-changing-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to become a Hacker
Introduction Last year, I attended a job fair organized by the Association of Computer Science Students at ETH Zürich. It was a rewarding experience to be able to share my day-to-day work in a field I am so passionate about. We got to talk to numerous students at different stages of their studies, as well […]
https://blog.compass-security.com/2024/05/how-to-become-a-hacker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Internal Azure Container Registry writable via exposed secret
A Microsoft employee accidentally published credentials via a git commit to a public repository.
These credentials granted privileged access to an internal Azure Container Registry (ACR) used by Azure,
which reportedly held container images utilized by multiple Azure projects, including Azure IoT Edge, Akri,
and Apollo. The privileged access could have allowed an attacker to download private images as well
as upload new images and (most importantly) overwrite existing ones. In theory, an attacker could have
leveraged the latter to implement a supply chain attack against these Azure projects and their users.
However, it is currently unknown precisely which images this ACR contained or how they were used,
so the effective impact of this issue remains undetermined.
https://www.cloudvulndb.org/azure-internal-acr-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors.
In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign
The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reel HackTheBox Walkthrough
Summary Reel is a windows Active Directory machine and is considered as a hard box in HTB. This box stands out for its uniqueness, featuring
The post Reel HackTheBox Walkthrough appeared first on Hacking Articles.
https://www.hackingarticles.in/reel-hackthebox-walkthrough/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploiting Race Condition using Turbo Intruder
In web security, a race condition refers to a scenario where the behaviour of a web application is influenced by the sequence or timing of
The post Exploiting Race Condition using Turbo Intruder appeared first on Hacking Articles.
https://www.hackingarticles.in/exploiting-race-condition-using-turbo-intruder/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty: Insights from Our First-hand Experience
At Compass Security, we recently launched our managed bug bounty service. We openly invite hunters to probe our publicly exposed services for vulnerabilities. In return for their valuable feedback, we offer monetary bounties up to CHF 5000. This blog posts presents an interesting vulnerability found by a hunter on the bug bounty program of our subsidiary, Hacking-Lab.
https://blog.compass-security.com/2024/05/bug-bounty-insights-from-our-first-hand-experience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lethal Injection
Multiple vulnerabilities were uncovered in Azure Health Bot service, Microsoft's health chatbot platform.
These could have potentially exposed sensitive user data and granted attackers extensive control, allowing
unrestricted code execution as root on the bot backend, unrestricted access to authentication secrets &
integration auth providers, unrestricted memory read in the bot backend, exposing sensitive secrets,
allowing cross-tenant data access and unrestricted deletion of other tenants' public resources.
These issues stemmed from various bugs related to URL sanitization, shared compute, and sandboxing.
Following disclosure, Microsoft changed the service architecture to run a completely separate ACI
instance per customer, thereby mitigating future sandbox escapes, and changed the sandboxing...
https://www.cloudvulndb.org/lethal-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Where does your software (really) come from?
GitHub is working with the OSS community to bring new supply chain security capabilities to the platform.
The post Where does your software (really) come from? appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/where-does-your-software-really-come-from/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in March 2024
TP-Link Archer AX21 Wifi Router targeting, plus a handful of new CVEs! See what mass scanning looks like in March 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-march-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 3: Security research with CodeQL
Learn how to use CodeQL for security research and improve your security research workflow.
The post CodeQL zero to hero part 3: Security research with CodeQL appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-3-security-research-with-codeql/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GraphNinja
A vulnerability in Microsoft Graph allowed attackers to conduct password-spray attacks without detection.
The issue involved switching the 'common' authentication endpoint with that of an unrelated tenant,
thereby avoiding the appearance of logon attempts in the victim's logs.
This technique could allow attackers to validate user credentials through verbose error messages,
but actual successful logons using these credentials would still be recorded in the victims' logs (regardless of endpoint).
https://www.cloudvulndb.org/graph-ninja
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing millions of developers through 2FA
We've dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we're urging more organizations to join us in these efforts.
The post Securing millions of developers through 2FA appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/securing-millions-of-developers-through-2fa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.
The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #2: A brief history of the feature
Posted by Mateusz Jurczyk, Google Project Zero
Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values", used by Windows and applications to store a variety of settings and configuration data. It is represented by a tree structure, in which keys may have one or more sub-keys, and every subkey is associated with exactly one parent key. Furthermore, every key may also contain one or more values, which have a type (integer, string, binary blob etc.) and are used to store actual data in the registry. Every key can be uniquely identified by its name and the names of all of its ascendants...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero
In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. It all started unexpectedly: I was in the process of developing a coverage-based Windows kernel fuzzer based on the Bochs x86 emulator (one of my favorite tools for security research: see Bochspwn, Bochspwn Reloaded, and my earlier font fuzzing infrastructure), and needed some binary formats to test it on. My first pick were PE files: they are very popular in the Windows environment, which makes it easy to create an initial corpus of input samples, and a basic fuzzing harness is equally easy to develop with just a single GetFileVersionInfoSizeW API call. The test was successful: even though...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […]
The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-28056
Publication Date: 2024/04/15 07:00 AM PST
AWS is aware of CVE-2024-28056, which affects Amplify CLI versions prior to 12.10.1 and Amplify Studio, which uses Amplify CLI. We released a fix to Amplify CLI on January 10, 2024 that also fixed Amplify Studio, and recommend customers upgrade to Amplify CLI 12.10.1 or higher to address this issue. We have proactively communicated with the customers using affected versions.
AWS has taken two additional steps to protect customers using Amplify from unintentional misconfigurations. First, AWS added a mitigation to the AWS Security Token Service (STS) where attempts to make a cross-account role assumption with a trust policy referencing Amazon Cognito as the trusted principal, without conditions to scope down access to specific Amazon Cognito...
https://aws.amazon.com/security/security-bulletins/AWS-2024-003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Amplify IAM role publicly assumable exposure
The AWS Amplify service was found to be misconfiguring IAM roles associated
with Amplify projects. This misconfiguration caused these roles to be assumable
by any other AWS account. Both the Amplify Studio and the Amplify CLI
exhibited this behavior. Any Amplify project created using the Amplify CLI
built between July 3, 2018 and August 8, 2019 had IAM roles that were assumable by
anyone in the world. The same was true if the authentication component was removed
from an Amplify project using the Amplify CLI or Amplify Studio built between
August 2019 and January 2024. AWS mitigated this vulnerability through backend changes to
STS and IAM, and also released a patch for the Amplify CLI to ensure that newly
created roles are properly configured in accordance with these changes.
https://www.cloudvulndb.org/aws-amplify-iam-role-publicly-assumable-exposure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Glue database password leakage
A principal with the permissions glue:GetConnection and ec2:DescribeSubnets
can retrieve the database password of a connection, since the password is loaded into
the AWS console website when a connection's edit page is requested. The severity of
this issue is low since it requires sufficient prior access.
https://www.cloudvulndb.org/aws-glue-database-password-leakage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting
This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.
The post Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/security-research-without-ever-leaving-github-from-code-scanning-to-cve-via-codespaces-and-private-vulnerability-reporting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-3094
Publication Date: 2024/03/29 12:30 PM PST CVE Identifier: CVE-2024-3094
AWS is aware of CVE-2024-3094, which affects versions 5.6.0 and 5.6.1 of the xz-utils package. This issue may attempt to introduce security issues in openssh through the use of liblzma within some operating system environments. Amazon Linux customers are not affected by this issue, and no action is required. AWS infrastructure and services do not utilize the affected software and are not impacted. Users of Bottlerocket are not affected.
Customers using other operating systems are advised to refer to information provided by the OS vendor to address any concerns originating from this reported issue.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2024-002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in February 2024
27 new CVEs, and continued IoT targeting. See what's new from February 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-february-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Bad Bots Review
Learn the latest trends in bots and malicious automation so you can compare with attacks against your own organizations.
https://www.f5.com/labs/articles/threat-intelligence/2024-bad-bots-review
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sponsored Ad Fraud: Mystery Box Scams Flood Social Media
Social media platforms are overflowing with scams.
In the past couple of months, Bitdefender Labs has been monitoring a steep increase in fraudulent social media ads on Facebook promoting various swindles ranging from crypto-doubling to AI-generated celebrity-endorsed giveaways.
Our latest analysis has spotted a consistent trend, with fraudsters continuing to exploit Meta's ad system to deceive consumers.
The hustle? A long-established ruse that involves peddling so-called mystery boxes from
https://www.bitdefender.com/en-us/blog/labs/sponsored-ad-fraud-mystery-box-scams-flood-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Stealers Converge: New Variant of Atomic Stealer in the Wild
Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our malware zoo. During routine verifications, we were able to isolate multiple suspicious and undetected macOS disk image files surprisingly small for files of this kind (1.3 MB per file).
A short look into the code revealed that these files are significantly similar to other samples analysed in the
https://www.bitdefender.com/en-us/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Details on Apple's Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 sheds light on the critical importance of continuous security vigilance. Apple's Shortcuts application, designed to enhance user automation, can inadvertently become a potential vector for privacy breaches. This analysis aims to provide users, developers, and security professionals with insights into the nature of the vulnerability, its potential impact, and recommended mitigation measures.
At a glance:
* We have discovered a vulnerability in Apple Shortcuts that lets a potent
https://www.bitdefender.com/en-us/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: HomuWitch Ransomware
HomuWitch is a ransomware strain that initially emerged in July 2023. Unlike the majority of current ransomware strains, HomuWitch targets end-users - individuals - rather than institutions and companies.
The post Decrypted: HomuWitch Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-homuwitch-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-homuwitch-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Audio deepfakes: Celebrity-endorsed giveaway scams and fraudulent investment opportunities flood social media platforms
Bitdefender Labs has been keeping up with the latest modus operandi of cybercrooks who adapt emerging technologies to siphon money from consumers.
Artificial intelligence is just one of the many tools that help in the creation and successful dissemination of online schemes to extort money and sensitive information.
This paper focuses on voice cloning (audio deepfakes) schemes and how they are proliferated via social media to trick unsuspecting victims.
Before delving deeper into the main subj
https://www.bitdefender.com/en-us/blog/labs/audio-deepfakes-celebrity-endorsed-giveaway-scams-and-fraudulent-investment-opportunities-flood-social-media-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: Rhysida Ransomware
The team at Avast has developed a decryptor for the Rhysida ransomware and released it for public download. The Rhysida ransomware has been active since May 2023. As of Feb 2024, their TOR site lists 78 attacked companies, including IT (Information Technology) sector, healthcare, universities, and government organizations.
The post Decrypted: Rhysida Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-rhysida-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-rhysida-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
UPDATE:
Following our initial release, we have been contacted by our fellow researchers at Jamf who were able to identify three more samples that act like first-stage payloads. They are responsible for downloading the backdoor:
* e7cab6f2be47940bf36e279bbec54ec7 - Jobinfo.app.zip
* 26d6a7e3507edf9953684d367dcd44bd - Jobinfo.zip
* 775851f86cbde630808ff6d2cf8cedbf - Jobinfo.zip
Combined with information in our previous research, the investigation of these samples revealed new components of t
https://www.bitdefender.com/en-us/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q4/2023 Threat Report
10 Billion Attacks Blocked in 2023, Qakbot's Resurrection, and Google API Abused
The post Avast Q4/2023 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q4-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2023-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-21626 - Runc container issue
Publication Date: 2024/01/31 1:30 PM PST CVE Identifier: CVE-2024-21626
AWS is aware of a recently disclosed security issue affecting the runc component of several open source container management systems (CVE-2024-21626). With the exception of the AWS services listed below, no customer action is required to address this issue.
Amazon Linux An updated version of runc is available for Amazon Linux 1 (runc-1.1.11-1.0.amzn1), Amazon Linux 2 (runc-1.1.11-1.amzn2) and for Amazon Linux 2023 (runc-1.1.11-1.amzn2023). AWS recommends that customers using runc or other container-related software apply those updates or a newer version. Further information is available in the Amazon Linux Security Center.
Bottlerocket OS An updated version of runc will be included in Bottlerocket 1.19.0, which will...
https://aws.amazon.com/security/security-bulletins/AWS-2024-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating Worldwide SMS Scams, and Tens of Millions of Dollars in Fraud
SMS services remain a critical part of telecommunications; they don't require Internet access, and companies use them to inform their customers. This combination of features makes them incredibly useful for criminals who use the technology as a stepping stone in their never-ending campaigns. And if you think that the new RCS messaging standard will offer any protection, you would be wrong. These types of scams will continue to spread regardless of the messaging standard used.
SMS scams are ever
https://www.bitdefender.com/en-us/blog/labs/investigating-worldwide-sms-scams-and-tens-of-millions-of-dollars-in-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Recover an Unsaved Excel File
If your Excel file was left unsaved by accident, don’t fret – Microsoft understands mistakes happen and provides built-in functionality to help recover it. To recover an unsaved file, navigate...
The post How to Recover an Unsaved Excel File appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-recover-unsaved-excel-file/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to See Who Blocked You on Facebook
If you suspect someone has blocked you on Facebook, various methods exist to investigate their actions. One option would be searching for their name; they may have blocked you if...
The post How to See Who Blocked You on Facebook appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-see-who-blocked-you-on-facebook/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Access Your Photos On iCloud
iCloud can be an easy and secure way to back up photos and videos, but accessing those files across devices may prove challenging. Thank goodness there are multiple ways to...
The post How To Access Your Photos On iCloud appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-access-your-photos-on-icloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why is the iPhone Force Restart Not Working?
If the iPhone force restart does not work as intended, there may be an issue with the iOS system. To address this, look for physical damage to buttons used for...
The post Why is the iPhone Force Restart Not Working? appeared first on Hacker Combat.
https://www.hackercombat.com/iphone-force-restart-not-working/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
YouTube Not Working on iPhone? Here's How to Fix It
If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and...
The post YouTube Not Working on iPhone? Here’s How to Fix It appeared first on Hacker Combat.
https://www.hackercombat.com/youtube-not-working-on-iphone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool
BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground
https://www.darknet.org.uk/2024/01/best-edr-of-the-market-beotm-endpoint-detection-and-response-testing-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Temporarily Deactivate Instagram?
Instagram is an amazing social platform where you can stay in touch with your friends and influencers, but sometimes it can be too much. Taking a break may help. Instagram...
The post How to Temporarily Deactivate Instagram? appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-temporarily-deactivate-instagram/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Delete Facebook Business Page?
An inactive Facebook business page won’t do your brand any good; sometimes, it may be best to delete it and start fresh. Deleting a page is straightforward and can be...
The post How To Delete Facebook Business Page? appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-delete-facebook-business-page/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do AirPods Work With Android?
AirPods work well with Android, but the experience may be less satisfying or convenient compared to Apple’s ecosystem. Certain features are unavailable such as customizing double-tap functionality and access to...
The post Do AirPods Work With Android? appeared first on Hacker Combat.
https://www.hackercombat.com/do-airpods-work-with-android/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 release candidate now available!
The ClamAV 1.3.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2023/12/clamav-130-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
First handset with MTE on the market
By Mark Brand, Google Project ZeroIntroduction
It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said (to far too many people at this point to be able to back out…) that I'd immediately switch to the first available device that supported this feature. It's been a long wait (since late 2017) but with the release of the new Pixel 8 / Pixel 8 Pro handsets, there's finally a production handset that allows you to enable MTE!
The ability of MTE to detect memory corruption exploitation at the first dangerous access is a significant improvement in diagnostic and potential security effectiveness. The availability of MTE on a production handset for the first time is a big step forward, and I think there's...
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.2.1, 1.1.3, 1.0.4, 0.103.11 patch versions published
Today, we are publishing the 1.2.1, 1.1.3, 1.0.4, and 0.103.11 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. Continue reading to learn what changed in each version.1.2.1ClamAV 1.2.1 is a patch release with the following fixes:Eliminate security warning about unused "atty" dependency.GitHub pull request.Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.GitHub pull request.Build system: Fix link error with Clang/LLVM/LLD version 17. Patch courtesy of Yasuhiro Kimura.GitHub pull request.Fix alert-exceeds-max feature for files > 2GB and < max-filesize.GitHub pull request. Special thanks to Yasuhiro Kimura for code contributions and bug reports.1.1.3ClamAV...
http://blog.clamav.net/2023/10/clamav-121-113-104-010311-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first.
As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon.
Contents
Why not Share₂Fedi?
Share on Mastodon or on Fediverse?
...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
By Ian Beer
A graph representation of the sandbox escape NSExpression payload
In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious link. The chain was reported to Apple under a 7-day disclosure deadline and Apple released iOS 16.4.1 on April 7, 2023 fixing CVE-2023-28206 and CVE-2023-28205.
Over the last few years Apple has been hardening the Safari WebContent (or "renderer") process sandbox attack surface on iOS, recently removing the ability for the WebContent process to access GPU-related hardware directly. Access to graphics-related drivers is now brokered via a GPU process which runs in a separate sandbox.
...
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing a Modern In-the-wild Android Exploit
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google's Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG's blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel arbitrary read/write access.Notably, several of the previous stages of the exploit chain used n-day vulnerabilities:CVE-2022-4262, a 0-day vulnerability in Chrome was exploited in the Samsung browser to achieve RCE.CVE-2022-3038, a Chrome n-day that unpatched in the Samsung browser, was used...
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A year after the disastrous breach, LastPass has not improved
In September last year, a breach at LastPass' parent company GoTo (formerly LogMeIn) culminated in attackers siphoning out all data from their servers. The criticism from the security community has been massive. This was not so much because of the breach itself, such things happen, but because of the many obvious ways in which LastPass made matters worse: taking months to notify users, failing to provide useful mitigation instructions, downplaying the severity of the attack, ignoring technical issues which have been publicized years ago and made the attackers' job much easier. The list goes on.
Now this has been almost a year ago. LastPass promised to improve, both as far as their communication goes and on the technical side of things. So let's take a look at whether they managed to...
https://palant.info/2023/09/05/a-year-after-the-disastrous-breach-lastpass-has-not-improved/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AgentSmith HIDS – Host Based Intrusion Detection
AgentSmith HIDS is a powerful component of a Host-based Intrusion Detection system, it has anti-rootkit functionalities and is a very performant way to collect information about a host.
https://www.darknet.org.uk/2023/08/agentsmith-hids-host-based-intrusion-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Sync privacy is still very bad
Five years ago I wrote an article about the shortcomings of Chrome Sync (as well as a minor issue with Firefox Sync). Now Chrome Sync has seen many improvements since then. So time seems right for me to revisit it and to see whether it respects your privacy now.
Spoiler: No, it doesn't. It improved, but that's an improvement from outright horrible to merely very bad. The good news: today you can use Chrome Sync in a way that preserves your privacy. Google however isn't interested in helping you figure out how to do it.
Contents
The default flow
The privacy-preserving flow
What does Google do with your data?
It could have been worse
Comparison to Firefox Sync
The default flow
Chrome Sync isn't some obscure feature of Google Chrome. In fact, as of Chrome...
https://palant.info/2023/08/29/chrome-sync-privacy-is-still-very-bad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.2.0 feature version and 1.1.2, 1.0.3, 0.103.10 patch versions published
The ClamAV 1.2.0 feature release is now stable and available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub.Today, we are also publishing the 1.1.2, 1.0.3, and 0.103.10 security patch versions. You may be surprised about the impromptu patch release. Indeed, we just published patch versions earlier this month. Unfortunately, a recent CVE for the UnRAR* library has prompted us to prepare these additional updates. We strongly encourage everyone to upgrade to one of these versions. The release files for the patch versions are also available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub. Because ClamAV 1.2.0 is now the latest release, the release files for version 1.1.2 will be found under the...
http://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.1.1, 1.0.2, 0.103.9 patch versions published
Today, we are releasing the following critical patch versions for ClamAV: 1.1.1 1.0.2 0.103.9 ClamAV 0.105 and 0.104 have reached end-of-life according to the ClamAV's End of Life (EOL) policy and will not be patched.The release files are available for download on ClamAV.net, on the Github Release page, and through Docker Hub.Note: We observed an issue building ClamAV on Windows using the recently released libjson-c version 0.17. If you are building ClamAV for Windows, you should use libjson-c version 0.16 or prior. 1.1.1 ClamAV 1.1.1 is a critical patch release with the following fixes: CVE-2023-20197 Fixed a possible denial of service vulnerability in the HFS+ file parser. This issue affects versions 1.1.0, 1.0.1 through 1.0.0, 0.105.2 through 0.105.0,...
http://blog.clamav.net/2023/07/2023-08-16-releases.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MTE As Implemented, Part 1: Implementation Testing
By Mark Brand, Project ZeroBackground
In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions).
Through mid-2022 and early 2023, Project Zero had access to pre-production hardware implementing this instruction set extension to evaluate the security properties of the implementation. In particular, we're interested in whether it's possible to use this instruction set extension to implement effective security mitigations, or whether its use is limited to debugging/fault detection purposes.
As of the v8.5a specification, MTE can operate in two distinct modes, which are switched between on a per-thread basis. The first mode is sync-MTE, where tag-check failure on a memory access will...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MTE As Implemented, Part 3: The Kernel
By Mark Brand, Project ZeroBackground
In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions).
In Part 1 we discussed testing the technical (and implementation) limitations of MTE on the hardware that we've had access to. In Part 2 we discussed the implications of this for mitigations built using MTE in various user-mode contexts. This post will now consider the implications of what we know on the effectiveness of MTE-based mitigations in the kernel context.
To recap - there are two key classes of bypass techniques for memory-tagging based mitigations, and these are the following:Known-tag-bypasses - In general, confidentiality of tag values is key to the effectiveness...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-3-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MTE As Implemented, Part 2: Mitigation Case Studies
By Mark Brand, Project ZeroBackground
In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions).
In Part 1 we discussed testing the technical (and implementation) limitations of MTE on the hardware that we've had access to. This post will now consider the implications of what we know on the effectiveness of MTE-based mitigations in several important products/contexts.
To summarize - there are two key classes of bypass techniques for memory-tagging based mitigations, and these are the following (for some examples, see Part 1):Known-tag-bypasses - In general, confidentiality of tag values is key to the effectiveness of memory-tagging as a mitigation. A breach of tag confidentiality...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-2-mitigation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why browser extension games need access to all websites
When installing browser extensions in Google Chrome, you are asked to confirm the extension's permissions. In theory, this is supposed to allow assessing the risk associated with an extension. In reality however, users typically lack the knowledge to properly interpret this prompt. For example, I've often seen users accusing extension developers of spying just because the prompt says they could.
On the other hand, people will often accept these cryptic prompts without thinking twice. They expect the browser vendors to keep them out of harm's way, trust that isn't always justified [1] [2] [3]. The most extreme scenario here is casual games not interacting with the web at all, yet requesting access to all websites. I found a number of extensions that will abuse this power to hijack...
https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Another cluster of potentially malicious Chrome extensions
We've already seen Chrome extensions containing obfuscated malicious code. We've also seen PCVARK's malicious ad blockers. When looking for more PCVARK extensions, I stumbled upon an inconspicuous extension called “Translator - Select to Translate.” The only unusual thing about it were its reviews, lots of raving positive reviews mixed with usability complains. That, and the permissions: why does a translator extension need webRequest and webRequestBlocking permissions?
When I looked into this extension, I immediately discovered a strange code block. Supposedly, it was buggy locale processing. In reality, it turned out to be an obfuscated malicious logic meant to perform affiliate fraud.
That extension wasn't alone. I kept finding similar extensions until I had a list of 109 extensions,...
https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing PCVARK and their malicious ad blockers
It isn't news that the overwhelming majority of ad blockers in Chrome Web Store is either outright malicious or waiting to accumulate users before turning malicious. So it wasn't a surprise that the very first ad blocker I chose semi-randomly (Adblock Web with 700,000 users) turned out malicious. Starting from it, I found another malicious extension (Ad-Blocker, 700,000 users) and two more that have been removed from Chrome Web Store a year ago (BitSafe Adblocker and Adblocker Unlimited).
All these ad blockers and probably some more were developed by the company PCVARK. According to Malwarebytes Labs, this company specializes in developing “potentially unwanted programs.” In other words: they show users warnings about alleged compromise, only to push them into installing their software....
https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How malicious extensions hide running arbitrary code
Two days ago I wrote about the malicious extensions I discovered in Chrome Web Store. At some point this article got noticed by Avast. Once their team confirmed my findings, Google finally reacted and started removing these extensions. Out of the 34 extensions I reported, only 8 extensions remain. These eight were all part of an update where I added 16 extensions to my list, an update that came too late for Avast to notice.
Note: Even for the removed extensions, it isn't “mission accomplished” yet. Yes, the extensions can no longer be installed. However, the existing installations remain. From what I can tell, Google didn't blocklist these extensions yet.
Avast ran their own search, and they found a bunch of extensions that I didn't see. So how come they missed eight extensions?...
https://palant.info/2023/06/02/how-malicious-extensions-hide-running-arbitrary-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
padre – Padding Oracle Attack Exploiter Tool
padre is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.
https://www.darknet.org.uk/2023/05/padre-padding-oracle-attack-exploiter-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue With IAM Supporting Multiple MFA Devices
Initial Publication Date: 04/25/2023 10:00AM EST
A security researcher recently reported an issue with AWS's recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when the following three conditions were met: (1) An IAM user had possession of long-term access key (AK)/secret key (SK) credentials, (2) that IAM user had the privilege to add an MFA to their own identity without using an MFA, and (3) that IAM user's overall access privileges beyond console sign-in had been configured by an administrator to be greater after adding the MFA. Under those narrow conditions, possession of AK/SK alone was equivalent to possession of AK/SK and a previously configured MFA....
https://aws.amazon.com/security/security-bulletins/AWS-2023-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy Implications of Web 3.0 and Darknets
The evolution of the internet has been rapid over the years and has impacted the privacy implications of Web 3.0 and Darknets
https://www.darknet.org.uk/2023/03/privacy-implications-of-web-3-0-and-darknets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DataSurgeon – Extract Sensitive Information (PII) From Logs
DataSurgeon (ds) is a versatile tool designed to Extract Sensitive Information (PII) From Logs, it's intended to be used for incident response, penetration testing, and CTF challenges.
https://www.darknet.org.uk/2023/03/datasurgeon-extract-sensitive-information-pii-from-logs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap
Pwnagotchi is an A2C-based "AI" leveraging bettercap that learns from its surrounding WiFi environment to maximize crackable WPA key material it captures
https://www.darknet.org.uk/2023/02/pwnagotchi-maximize-crackable-wpa-key-material-for-bettercap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons Learned from Cybersecurity Mentoring
I suppose one could say that I’ve been doing this far too long, and I’ve gained some knowledge about how the cybersecurity industry works, and how people succeed or fail at the field. To give back to newcomers, I recently opened up a Calendly to do ad hoc career mentoring, in addition to the career… Read More Lessons Learned from Cybersecurity Mentoring
https://tisiphone.net/2023/01/03/lessons-learned-from-cybersecurity-mentoring/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HardCIDR – Network CIDR and Range Discovery Tool
HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test.
https://www.darknet.org.uk/2022/12/hardcidr-network-cidr-and-range-discovery-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Career Counseling Office Hours!
I now have some limited appointments for career counseling and resume discussion open for sign-ups. These sessions are free for college students and current enlisted military, and tip-what-you can for everyone else, if you feel my help was meaningful. You can sign up here: https://calendly.com/lesleycarhart Keep in mind that I can only review North American… Read More Career Counseling Office Hours!
https://tisiphone.net/2022/12/05/career-counseling-office-hours/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I've Moved to Mastodon!
Hi friends! I hope you’re having a wonderful Thanksgiving weekend (for the US folks), or a nice weekend regardless of location. I just wanted to drop a quick note to let you all know that from now on the best way to follow my daily social media posts, which include Q&As, cybersecurity news, and news… Read More I’ve Moved to Mastodon!
https://tisiphone.net/2022/11/26/ive-moved-to-mastodon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast: Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Lesley Carhart | Episode 28
Via: https://www.itspmagazine.com/securing-bridges-podcast
https://tisiphone.net/2022/11/13/podcast-securing-bridges-a-live-stream-podcast-with-alyssa-miller-guest-lesley-carhart-episode-28/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infosec Mastodon Lists!
Hi pals! I hear you like lists as folks migrate over to Mastodon. Here are some I will keep relatively updated you may find useful, just to track people down! If you want me to remove you for some reason, contact me by DM or email. You can import these lists in your Mastodon preferences… Read More Infosec Mastodon Lists!
https://tisiphone.net/2022/11/10/infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
(Podcast) ITSP – Martial Arts, Marksmanship, And ICS Cyber Incident Response | A Conversation With Lesley Carhart
https://itspmagazinepodcast.com/episodes/martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart-cy-beat-podcast-with-deb-radcliff-2dWkd8yh
https://tisiphone.net/2022/10/10/podcast-itsp-martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ASIS Article – Preparing for OT Incident Response
https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2022/october/Your-Cyber-Response-Plan-Needs-These-6-Components/ Cybersecurity incidents are no longer a matter of if, but when. Building a good strategy and architecture to deter intrusions is incredibly important in reducing the frequency and severity of incidents, but there is no scenario where any organization is totally immune. That means that every organization must have a plan for what they… Read More ASIS Article – Preparing for OT Incident Response
https://tisiphone.net/2022/10/10/asis-article-preparing-for-ot-incident-response/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)
https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Other similar tools check username availability by requesting the profile page of the username in question and based on […]
https://www.darknet.org.uk/2022/04/socialscan-command-line-tool-to-check-for-email-and-social-media-username-usage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis
https://malwaretech.com/2022/04/video-exploiting-windows-rpc-cve-2022-26809-explained-patch-analysis.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks […]
https://www.darknet.org.uk/2022/01/cfripper-cloudformation-security-scanning-audit-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently. At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning […]
https://www.darknet.org.uk/2022/01/credninja-test-credential-validity-of-dumped-credentials-or-hashes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ask Lesley: How Much Should SOC Work Suck?
“Dear Lesley, I’ve been in a MSSP Security Operations Center (SOC) for a few months as my first cybersecurity job. The work is monotonous, I have access to only a few SIEM tools, and most of what I do is handle repetitive tickets for a ton of customers all by myself on awkward shifts. I… Read More Ask Lesley: How Much Should SOC Work Suck?
https://tisiphone.net/2021/09/22/ask-lesley-how-much-should-soc-work-suck/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable IR Team Expectations
With the surplus of ransomware attacks consistently increasing, I have unfortunately witnessed another increase – in shoddy and predatory cybersecurity incident response firms with good SEO taking advantage of victims. In some cases this may be opportunistic, and in others simply a side effect of the shortage of senior and principal level incident responders in… Read More Reasonable IR Team Expectations
https://tisiphone.net/2021/05/11/reasonable-ir-team-expectations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ask Lesley: From Ops to DFIR, a Tough Transition
Lesley, I am having the hardest time getting my foot in the door in an investigative role. I have spent almost 4 years at the same job, in the same role, and cannot find a way to transition out of the operations side of the house. I went into operations with the intent of doing… Read More Ask Lesley: From Ops to DFIR, a Tough Transition
https://tisiphone.net/2021/03/19/ask-lesley-from-ops-to-dfir-a-tough-transition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...]
The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)