L'Actu de la presse spécialisée
Pas d'actualité
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates
North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram. […]
https://securityaffairs.com/179643/malware/north-korea-linked-threat-actors-spread-macos-nimdoor-malware-via-fake-zoom-updates.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ingram Micro outage caused by SafePay ransomware attack
An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. [...]
https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: 2025:15311-1 moderate: xwayland security updates
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15311-1-moderate-xwayland-24-1-8-1-1-4tpax9jo1hrl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: 2025:15307-1 moderate: velociraptor access control
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15307-1-moderate-velociraptor-0-7-0-4-git163-87ee3570-1-1-mujp7yxphsnh
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE Tumbleweed: 2025:15310-1 moderate: xorg-x11-server security
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15310-1-moderate-xorg-x11-server-21-1-15-6-1-tiyfojpql1mb
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE Tumbleweed moderate: 2025:15309-1 CVE-2024-58249 DoS Issue
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15309-1-moderate-libwx-gtk2u-adv-suse16-0-0-3-2-8-4-1-s8uvpqlwo2vs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE Tumbleweed: 2025:15308-1 moderate: libwireshark cross-reference
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15308-1-moderate-libwireshark18-4-4-7-1-1-mrzcuayhk9h0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE Tumbleweed: 2025:15304-1 moderate: traefik security issues
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15304-1-moderate-traefik-3-4-3-1-1-z6vfcb1wt8cb
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
No, Hal - Big Banking Has Not Captured Bitcoin - It Is the Reverse
Bitcoin Banks will not capture Bitcoin if they're pumping debt into it. They'll orange-pill more decentralized banking.
https://hackernoon.com/no-hal-big-banking-has-not-captured-bitcoin-it-is-the-reverse?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation
Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security experts warning of potential widespread exploitation, drawing alarming parallels to the devastating “CitrixBleed” attacks that plagued organizations in 2023. The vulnerability, tracked as CVE-2025-5777 and dubbed “CitrixBleed 2,” allows […]
The post “CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation appeared first on Cyber Security News.
https://cybersecuritynews.com/citrixbleed-2-poc-released/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Godot 4.4 Beta 4: A Deeper Look
In practice, this means that all further changes will be strictly regression fixes, so the content available here will be largely reflective of the 4.4 release.
https://hackernoon.com/godot-44-beta-4-a-deeper-look?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under direct orders from Ukrainian intelligence services. The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network targeting Russia’s governmental, industrial, and financial information systems. The primary suspect, a 36-year-old resident […]
The post Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure appeared first on Cyber Security News.
https://cybersecuritynews.com/russia-jailed-hacker-who-worked-for-ukrainian-intelligence/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Turning Job Offers Into Traps, Over 4 Million Lost in 2024 Alone
Cybercriminals are exploiting the economic uncertainty and remote work trends to orchestrate sophisticated employment fraud schemes, with victims losing over 4 million in 2024 alone according to FBI reports. These malicious campaigns, known as “task scams,” represent a rapidly evolving threat landscape where fraudsters weaponize legitimate job-seeking behavior to extract cryptocurrency payments from unsuspecting victims […]
The post Threat Actors Turning Job Offers Into Traps, Over 4 Million Lost in 2024 Alone appeared first on Cyber Security News.
https://cybersecuritynews.com/threat-actors-turning-job-offers-into-traps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Instagram Started Using 1-Week Validity TLS Certificates and Changes Them Daily
Instagram has adopted an unprecedented approach to web security by implementing daily rotation of TLS certificates that maintain validity periods of just one week, according to a recent technical analysis. This practice represents a significant departure from industry standards, where certificates typically remain valid for 90 days or longer, suggesting a strategic shift toward enhanced […]
The post Instagram Started Using 1-Week Validity TLS Certificates and Changes Them Daily appeared first on Cyber Security News.
https://cybersecuritynews.com/instagram-started-using-1-week-validity-tls-certificates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Writable File in Lenovo's Windows Directory Enables a Stealthy AppLocker Bypass
A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework. The issue affects all variants of Lenovo machines running default Windows installations and poses serious implications for enterprise security environments. The vulnerability centers around the MFGSTAT.zip […]
The post Writable File in Lenovo's Windows Directory Enables a Stealthy AppLocker Bypass appeared first on Cyber Security News.
https://cybersecuritynews.com/writable-file-in-lenovos-windows-directory/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Stop Your TV From Watching You
For anyone who'd rather not have ACR looking over their shoulder while they watch, we've put together a guide to turning it off on three of the most popular smart TV software platforms in use last year. Depending on the platform, turning off ACR took us between 10 and 37 clicks.
https://hackernoon.com/how-to-stop-your-tv-from-watching-you?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data
A sophisticated phishing campaign targeting UK citizens has emerged, masquerading as official communications from the Department for Work and Pensions (DWP) to steal sensitive financial information. The campaign, which has been active since late May 2025, represents a significant escalation in social engineering attacks against British residents, exploiting concerns about government benefits and seasonal allowances. […]
The post New Phishing Attack Impersonates as DWP Attacking Users to Steal Credit Card Data appeared first on Cyber Security News.
https://cybersecuritynews.com/new-phishing-attack-impersonates-as-dwp/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XWorm – The Most Active RAT Uses New Stagers and Loaders to Bypass Defenses
XWorm has emerged as one of the most versatile and actively distributed remote access trojans in the current threat landscape, establishing itself as a formidable tool in cybercriminals’ arsenals. This sophisticated malware has evolved far beyond traditional RAT capabilities, incorporating advanced features including keylogging, remote desktop access, data exfiltration, and command execution that make it […]
The post XWorm – The Most Active RAT Uses New Stagers and Loaders to Bypass Defenses appeared first on Cyber Security News.
https://cybersecuritynews.com/xworm-the-most-active-rat-uses-new-stagers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Abused AV – EDR Evasion Framework In-The-Wild to Deploy Malware Payloads
Cybersecurity researchers have uncovered a concerning development as malicious actors began exploiting SHELLTER, a commercial anti-virus and endpoint detection response (EDR) evasion framework, to deploy sophisticated malware payloads. Originally designed for legitimate penetration testing operations, this framework has been weaponized by cybercriminals since late April 2025, marking a significant escalation in evasion capabilities available to […]
The post Threat Actors Abused AV – EDR Evasion Framework In-The-Wild to Deploy Malware Payloads appeared first on Cyber Security News.
https://cybersecuritynews.com/threat-actors-abused-av-edr-evasion-framework/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Digital Executive Protection Shields Top Leaders from Modern Threats
Cybersecurity threats have emerged so quickly that most companies struggle to keep up and executives are often the…
https://hackread.com/how-digital-executive-protection-leaders-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence
The cybercriminal group known as Scattered Spider has significantly evolved its attack methodologies, demonstrating alarming sophistication in exploiting legitimate administrative tools to maintain persistent access to compromised networks. Also tracked under aliases including UNC3944, Scatter Swine, and Muddled Libra, this financially motivated threat actor has been actively targeting large enterprises since May 2022, with particular […]
The post Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence appeared first on Cyber Security News.
https://cybersecuritynews.com/scattered-spider-upgraded-their-tactics-to-abuse-legitimate-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle
Cybercriminals have increasingly turned to legitimate software installation frameworks as vehicles for malware distribution, with Inno Setup emerging as a preferred tool for threat actors seeking to bypass security measures. This legitimate Windows installer framework, originally designed to simplify software deployment, has become a sophisticated delivery mechanism for information-stealing malware campaigns that target browser credentials […]
The post Hackers Exploit Legitimate Inno Setup Installer to Use as a Malware Delivery Vehicle appeared first on Cyber Security News.
https://cybersecuritynews.com/hackers-exploit-legitimate-inno-setup-installer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The TechBeat: AI Security Posture Management (AISPM): How to Handle AI Agent Security (7/5/2025)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## Business Pros Underestimate AI Risks Compared to Tech Teams, Social Links Study Shows
By @pressreleases [ 4 Min read ]
Business Professionals Are Half as Concerned as Technical Teams About AI-Driven Threats, Social Links Report Reveals Read More.
5 Data Breaches That Ended in Disaster (and Lessons Learned)
By @n2w [ 2 Min read ]
Explore 5 major data breaches that shut down companies—and learn key lessons in backup, security, and disaster recovery to protect your business. Read More.
Machine Identities Are Taking Over—Is Your Access Model Ready?
By @permit [ 10 Min read ]
Machine...
https://hackernoon.com/7-5-2025-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Monitoring Tools For OSINT Investigation
must-have tools for OSINT investigatorsContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/web-monitoring-tools-for-osint-investigation-5ab926a8fe16?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Password I Never Reset — And Still Got In
😶 The Password I Never Reset — And Still Got In“Wait… I didn't even set a new password. How am I inside the account?”That's not how it's supposed to work… right?But that's exactly what happened — and it all started with a simple “Forgot Password” link.What I uncovered was a critical logic flaw in an authentication flow — one that quietly bypassed passwords, ignored MFA, and left every user account exposed to invisible hijack.🕵️♂️💻 “I Didn't Plan to Find a P1… But My Script Had Other Plans 🧠💣”🧩 Just Another Reset Test — Or So I ThoughtIt began like any other night of casual security poking.I was testing the login and password reset functionality of a platform — let's call it redacted.com to keep things...
https://infosecwriteups.com/the-password-i-never-reset-and-still-got-in-a3ff502b03ee?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Just Wanted to Be a Driver, Ended Up Discovering a Time Capsule
I just wanted to hustle and make some side cash. Instead, I unearthed a digital fossil from the Yahoo era.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/just-wanted-to-be-a-driver-ended-up-discovering-a-time-capsule-085808a4baa8?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Behind the Scenes: How Pre-Prod Leaks Led Me to Prod Secrets
Hey there!😁Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/behind-the-scenes-how-pre-prod-leaks-led-me-to-prod-secrets-6cea22dcc64e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Multi-Factor Authentication Still Isn't Enough
Last month, a company got breached. The attackers waltzed through their systems like they owned the place. Every single user had…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/why-multi-factor-authentication-still-isnt-enough-28ee0fbdf6c2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Rise of Ransomware-as-a-Service
How cybercriminals transformed from lone wolves into organized crime syndicatesContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/the-rise-of-ransomware-as-a-service-48c9bc05936c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quantum Computing vs. Current Encryption: The Ticking Time Bomb
The cryptographic foundation of our digital world is about to crumble.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/quantum-computing-vs-current-encryption-the-ticking-time-bomb-42a411ff80fd?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Incident Response: What It Really Means
Before we dive into the step-by-step of incident response, let’s get one thing straight:
Not every little glitch or ping deserves to be…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/incident-response-what-it-really-means-f32481abb50b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
,000 Bounty: Breaking Capability Enforcement in CosmWasm Contracts
How One Line of Compiler Code Let Attackers Execute Unauthorized Actions on Restricted ChainsContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/2-000-bounty-breaking-capability-enforcement-in-cosmwasm-contracts-ddea3aa5d3dc?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enumerating Subdomains With Python
Source: https://www.ceeyu.io/resources/blog/subdomain-enumeration-tools-and-techniquesIntroductionSubdomain enumeration is a critical reconnaissance phase in security assessments that involves systematically discovering all subdomains associated with a target domain. The primary value is attack surface expansion. While a target organization might have a well-secured main website at example.com, they mave have dozens or hundreds of subdomains that are less carefully maintained. Subdomains may also reveal an organization‘s structure and their technology stack. For example:jenkins.example.com indicates they use Jenkins for CI/CDconfluence.example.com suggests Atlassian tools for documentationvpn.example.com shows VPN infrastructuretest-db.example.com might expose database instancesFrom an...
https://infosecwriteups.com/enumerating-subdomains-with-python-14f06c94239c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Qantas attack reveals one phone call is all it takes to crack cybersecurity's weakest link
... cyber-attack. 2d ago. Super funds demand answers from for-profit childcare operator where children were allegedly sexually abused. 20h ago ...
https://www.theguardian.com/business/2025/jul/06/qantas-attack-reveals-one-phone-call-is-all-it-takes-to-crack-cybersecuritys-weakest-link-humans
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Homes and offices approved for former factory site - Yahoo
Major Qantas update after 6 million customer details stolen in cyber attack: 'Suspicious'. 2 days ago. HuffPost. 'Isn't It Terrible?': Trump Reveals ...
https://au.news.yahoo.com/homes-offices-approved-former-factory-073627977.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hawaiian Pilots Call Out Alaska as Integration Turmoil Grows - Beat of Hawaii
... Cyber Attack on Hawaiian Airlines · Why Hawaiian Airlines' Silence Stands Out After Cyber Attack. July 1, 2025 / 4 ...
https://beatofhawaii.com/hawaiian-pilots-call-out-alaska-as-integration-turmoil-grows/%3Fadt_ei%3D*%7CEMAIL%7C*%26utm_source%3Drss%26utm_medium%3Drss%26utm_campaign%3Dhawaiian-pilots-call-out-alaska-as-integration-turmoil-grows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Temporary measures introduced after Glasgow City Council hit by cyber attack | STV News
... cyber attack continues almost two weeks after the incident. The local authority is continuing to take a “cautious approach” when dealing with ...
https://news.stv.tv/west-central/temporary-measures-introduced-after-glasgow-city-council-hit-by-cyber-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trump issues blunt response to claims Iran could use UN to force US to pay for strike damage
Meanwhile, cyberdefence agency CISA's director of public affairs Marci McCarthy went on to tweeted: "This so-called cyber 'attack' is nothing more ...
https://www.unilad.com/news/us-news/donald-trump-response-iran-un-letter-124549-20250705
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AutoLabel: Automated Fine-Grained Log Labeling for Cyber Attack Dataset Generation | USENIX
AutoLabel: Automated Fine-Grained Log Labeling for Cyber Attack Dataset Generation. Authors: Yihao Peng and Tongxin Zhang, Tsinghua University ...
https://www.usenix.org/conference/usenixsecurity25/presentation/peng-yihao
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Catwatchful Android Spyware Leaks Credentials of 62,000+ Users - GBHackers
Cyber Attack · Data Breach · Vulnerability · What is · DFIR · Top 10. Search. Follow us On Linkedin. Catwatchful Android Spyware Leaks Credentials of ...
https://gbhackers.com/catwatchful-android-spyware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Qantas customers still unsure of what data has been taken following cyber attack - MSN
“They're still sifting through what exactly was taken,” Mr Fenech told Sky News Australia. Qantas customers still unsure of what data ...
https://www.msn.com/en-au/news/other/qantas-customers-still-unsure-of-what-data-has-been-taken-following-cyber-attack/ar-AA1I03bD
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Czech gov't says no cyberattack behind power outage - TVP World
All power had been fully restored by the end of the day, Radion Prague International reported. #BLACKOUT#DEFENSE#CYBER ATTACK#CZECH REPUBLIC#EMERGENCY ...
https://tvpworld.com/87654453/czech-govt-rules-out-cyberattack-as-cause-of-mass-power-outage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The connected factory conundrum - Manufacturing Today India
Dr Nishant Dongari explains the human and operational cost, “A cyber-attack on a semi-automated machine can lock operations or corrupt firmware, ...
https://www.manufacturingtodayindia.com/the-connected-factory-conundrum
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Melbourne synagogue set alight, protest at Israeli restaurant - 1News
Friday 1:12pm. A Qantas A330. Qantas cyber attack: Culprits and motive unknown. The hack occurred on a third-party system used by a call centre ...
https://www.1news.co.nz/2025/07/05/melbourne-synagogue-set-alight-protest-at-israeli-restaurant/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Poundland announces store closure coming in next month amid recovery plans
M&S shoppers warned 'it's only a matter of time' after cyber attack update ... cyber attack · M&S boss issues 'hopeful' update on when online ...
https://www.manchestereveningnews.co.uk/news/uk-news/poundland-announces-store-closure-coming-31997973
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
Google's AI video maker Veo 3 is now available via Gemini
Google says Veo 3, which is the company's state-of-the-art video generator, is now shipping to everyone using the Gemini app with a subscription. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/googles-ai-video-maker-veo-3-is-now-available-via-20-gemini/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ChatGPT Deep Research tests new connectors for more context
ChatGPT Deep Research, which is an AI research tool to automate research, is getting support for new connectors (integrations), including Slack. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-deep-research-tests-new-connectors-for-more-context/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Sudo bugs expose major Linux distros to local Root exploits
Critical Sudo flaws let local users gain root access on Linux systems, the vulnerabilities affect major Linux distributions. Cybersecurity researchers disclosed two vulnerabilities in the Sudo command-line utility for Linux and Unix-like operating systems. Local attackers can exploit the vulnerabilities to escalate privileges to root on affected systems. Sudo (short for “superuser do”) is a […]
https://securityaffairs.com/179637/security/critical-sudo-bugs-expose-major-linux-distros-to-local-root-exploits.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reality Is a Shared Delusion — Pick a Better One
Everything you think is “realistic” about your life is just someone else's delusion. Every breakthrough in history happened because someone chose their delusion over consensus reality. Every time you act like something impossible might be possible, you're running an experiment in reshaping what everyone else thinks is real.
https://hackernoon.com/reality-is-a-shared-delusion-pick-a-better-one?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Things to Do After Your First Win—So It's Not Your Last
Traction too early, too soon changes everything—mostly for the worse. This is the article that slaps you sober.
10 sharp and unsentimental things to do after you “make it,” so your startup doesn't become a Medium obituary with a cap table.
If you don't fight like hell to stay paranoid, ugly, and dangerous, you'll be forgotten before your next deploy finishes indexing.
https://hackernoon.com/10-things-to-do-after-your-first-winso-its-not-your-last?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You Can't Wing It to M: The Brutal Truth About Startup Sales
Early revenue hides dangerous flaws. Most startups hit M ARR on founder hustle and duct-taped processes, but confuse that for scalable growth. This article breaks down how to escape the “Revenue Engine Paradox” by building a disciplined, repeatable sales machine before your growth stalls.
https://hackernoon.com/you-cant-wing-it-to-m-the-brutal-truth-about-startup-sales?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerNoon Newsletter: The Video Game Industry Is Having Its Peter Pan Moment Now With AI (7/4/2025)
How are you, hacker?
🪐 What's happening in tech today, July 4, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
homepage
straight to your inbox.
On this day,
Hotmail Launches as a Free Email Service in 1996, Lou Gehrig's Retirement Speech in 1939, Scientists Discover the Higgs Boson Particle in 2012,
and we present you with these top quality stories.
The Video Game Industry Is Having Its Peter Pan Moment Now With AI
By @latner [ 5 Min read ] Criticly reflecting on the adoption of AI technology in the video game industry and contrasting it with adoption...
https://hackernoon.com/7-4-2025-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7609-3: Linux kernel (IBM) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- InfiniBand drivers;
- Netfilter;
- Network traffic control;
(CVE-2025-38001, CVE-2025-37798, CVE-2025-37932, CVE-2025-37997,
CVE-2025-38000, CVE-2025-22088, CVE-2025-37890)
https://ubuntu.com/security/notices/USN-7609-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7591-5: Linux kernel (Intel IoTG) vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Clock framework and drivers;
- GPU drivers;
- HID subsystem;
-...
https://ubuntu.com/security/notices/USN-7591-5
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7618-1: Linux kernel (OEM) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Bluetooth drivers;
- Netfilter;
- Network traffic control;
(CVE-2025-37890, CVE-2025-37918, CVE-2025-37932, CVE-2025-38000,
CVE-2025-37997, CVE-2025-38001)
https://ubuntu.com/security/notices/USN-7618-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ingram Micro suffers global outage as internal systems inaccessible
IT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. [...]
https://www.bleepingcomputer.com/news/security/ingram-micro-suffers-global-outage-as-internal-systems-inaccessible/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacker leaks Telefónica data allegedly stolen in a new breach
A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. [...]
https://www.bleepingcomputer.com/news/security/hacker-leaks-telef-nica-data-allegedly-stolen-in-a-new-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Valhalla, FLOKI's Flagship Browser-Based, Play-to-Earn MMORPG, Officially Launches On Mainnet
Valhalla is a browser-based, play-to-earn MMORPG built to bring Web3 gaming to the masses. The game features turn-based tactical combat in hexagonal battle arenas, NFT creatures called Veras, and an expansive open world that players can explore and conquer.
https://hackernoon.com/valhalla-flokis-flagship-browser-based-play-to-earn-mmorpg-officially-launches-on-mainnet?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7605-2: Linux kernel (Low Latency) vulnerabilities
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and drivers;
- DMA engine subsystem;
- DPLL subsystem;
- Qualcomm firmware drivers;
- GPIO subsystem;
...
https://ubuntu.com/security/notices/USN-7605-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious SEO Plugins on WordPress Can Lead to Site Takeover
A new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated malware campaigns where attackers disguise their plugins to blend seamlessly with legitimate site components, making detection extremely challenging for administrators. One particularly insidious tactic involves naming the malicious plugin after […]
The post Malicious SEO Plugins on WordPress Can Lead to Site Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/malicious-seo-plugins-on-wordpress/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google fined 4M for misusing idle Android users' data
Google must pay 4M after a California court ruled it misused idle Android users’ data. The case ends a class-action suit filed in August 2019. A San Jose jury ruled that Google misused Android users’ cell phone data and must pay over 4.6 million in damages to affected users in California. Google is liable for […]
https://securityaffairs.com/179628/laws-and-regulations/google-fined-314m-for-misusing-idle-android-users-data.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache APISIX Vulnerability Enables Cross-Issuer Access Under Misconfigurations
A newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway. This flaw, rated as important, could allow attackers to gain unauthorized access across different identity issuers under specific misconfigurations. The vulnerability was reported by JunXu Chen to the Apache APISIX development mailing list on July 2, […]
The post Apache APISIX Vulnerability Enables Cross-Issuer Access Under Misconfigurations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/apache-apisix-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Instagram Now Rotating TLS Certificates Daily with 1-Week Validity
Instagram has begun rotating its TLS certificates on a daily basis, with each certificate valid for just over a week. This approach, which goes far beyond current industry standards, was discovered during routine network debugging and has since been confirmed through systematic monitoring and analysis. Setup and Discovery The anomaly was first noticed when a […]
The post Instagram Now Rotating TLS Certificates Daily with 1-Week Validity appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/instagram-tls-certificates-1-week-validity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are
Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX's research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest link that enterprisesecurity teams need to look out for. Browser AI Agents are software applications […]
The post SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/squarex-reveals-that-employees-are-no-longer-the-weakest-link-browser-ai-agents-are/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scattered Spider Enhances Tactics to Exploit Legitimate Tools for Evasion and Persistence
Scattered Spider, also tracked under aliases such as UNC3944, Scatter Swine, and Muddled Libra, has emerged as a formidable financially motivated cybercriminal group since at least May 2022. Initially known for targeting telecommunications and tech firms with phishing and SIM-swapping campaigns, the group has significantly evolved, orchestrating full-spectrum, multi-stage intrusions across both cloud and on-premises […]
The post Scattered Spider Enhances Tactics to Exploit Legitimate Tools for Evasion and Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/scattered-spider-enhances-tactics-to-exploit-legitimate-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks Spike Despite Gang Closure
New research from Comparitech revealed that in the first half of 2025, 3,627 ransomware attacks were reported and logged. This is a 47% increase since the first half of 2024, which is highly concerning for major organisations due to the frequency of these attacks. However, popular ransomware groups, like Hunter international and Lockbit, have closed […]
The post Ransomware Attacks Spike Despite Gang Closure appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/04/ransomware-attacks-spike-despite-gang-closure/?utm_source=rss&utm_medium=rss&utm_campaign=ransomware-attacks-spike-despite-gang-closure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Next.js Vulnerability Allows Attackers to Trigger DoS via Cache Poisoning
A critical vulnerability, tracked as CVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and <15.1.8, allowed attackers to exploit a cache poisoning bug, potentially leading to a Denial of Service (DoS) condition for affected applications, as per a report by Vercel. CVE ID Affected Versions Severity […]
The post Next.js Vulnerability Allows Attackers to Trigger DoS via Cache Poisoning appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/next-js-vulnerability-allows-attackers-to-trigger-dos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware
Cybercriminals are increasingly weaponizing legitimate software installer frameworks like Inno Setup to distribute malware, turning user-friendly tools into covert vehicles for malicious payloads. Originally designed to simplify software deployment on Windows, Inno Setup has become a favored tool among threat actors due to its trusted appearance and powerful Pascal scripting capabilities. This sophisticated abuse allows […]
The post Hackers Abuse Legitimate Inno Setup Installer to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/hackers-abuse-legitimate-inno-setup-installer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Writable File in Lenovo Path Lets Attackers Evade AppLocker Restrictions
A security researcher has uncovered a significant vulnerability affecting Lenovo computers: a writable file within the Windows directory that can be exploited to bypass AppLocker restrictions. The file in question, C:\Windows\MFGSTAT.zip, is present on many Lenovo machines that ship with the manufacturer's default Windows image. This issue, initially thought to affect only a handful of […]
The post Writable File in Lenovo Path Lets Attackers Evade AppLocker Restrictions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/writable-file-in-lenovo-path-attackers-evade-applocker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM
Cisco fixes critical root credential vulnerability in Unified CM rated CVSS 10 urging users to patch now to stop remote admin takeovers.
https://hackread.com/cisco-emergency-fix-critical-root-credential-flaw-unified-cm/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Discover New Method to Identify Azure Arc in Enterprise Environments and Maintain Persistence
Security researchers have discovered novel ways to identify and take advantage of Microsoft Azure Arc in business settings, which is a major advancement in cybersecurity and may reveal weaknesses in this hybrid management system. Introduced in 2019, Azure Arc extends Azure's native management capabilities to non-Azure resources, including on-premises servers and Kubernetes clusters, through the […]
The post Researchers Discover New Method to Identify Azure Arc in Enterprise Environments and Maintain Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/researchers-discover-new-method-to-identify-azure-arc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical HIKVISION applyCT Flaw Allows Remote Code Execution
A newly disclosed vulnerability, tracked as CVE-2025-34067, has been identified in HIKVISION's widely deployed security management platform, applyCT (also known as HikCentral). This critical flaw allows unauthenticated remote code execution (RCE), putting countless surveillance and security infrastructures at risk across government, commercial, and industrial sectors. Its advanced analytics and scalable architecture make it a popular choice […]
The post Critical HIKVISION applyCT Flaw Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/critical-hikvision-applyct-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
phi-3-mini's Triumph: Redefining Performance on Academic LLM Benchmarks
Witness phi-3-mini's impressive results on standard academic benchmarks for reasoning and logic, challenging models like Mistral 8x7B, Gemma 7B, and GPT-3.5 with comparable performance.
https://hackernoon.com/phi-3-minis-triumph-redefining-performance-on-academic-llm-benchmarks?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microservices Observability: Leveraging OpenTelemetry in Real-World Systems by Gajinder Sharma
Debugging distributed systems is painful without proper observability. This guide shows how we implemented OpenTelemetry in our Node.js microservices stack—from setup to best practices—boosting traceability, performance monitoring, and cross-service debugging with tools like Jaeger and Grafana.
https://hackernoon.com/microservices-observability-leveraging-opentelemetry-in-real-world-systems-by-gajinder-sharma?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the Perimeter: Architecting Trust in the Cloud-Native Era by Mohit Kumar Singh
In a world where perimeters have dissolved, Zero Trust is essential for securing cloud-native environments. This guide breaks down the core principles of Zero Trust—Never Trust, Always Verify; Assume Breach; Least Privilege—and applies them to the realities of dynamic infrastructure, microservices, APIs, and multi-cloud complexity. It offers practical tools, implementation strategies, and cultural considerations to help DevSecOps teams and security leaders build resilient systems from the inside out.
https://hackernoon.com/beyond-the-perimeter-architecting-trust-in-the-cloud-native-era-by-mohit-kumar-singh?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)
Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.
https://www.welivesecurity.com/en/videos/how-get-cybersecurity-unlocked-403-cybersecurity-podcast-s2e3/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hunters International Ransomware Gang Rebrands as World Leaks
Hunters International ransomware gang closes after 55 confirmed and 199 unconfirmed cyberattacks. Read about its rebrand to World…
https://hackread.com/hunters-international-ransomware-rebrands-world-leaks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Task scams: Why you should never pay to get paid
Some schemes might sound unbelievable, but they're easier to fall for than you think. Here's how to avoid getting played by gamified job scams.
https://www.welivesecurity.com/en/scams/task-scams-why-you-should-never-pay-to-get-paid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Simplify Onboarding With Hospitality Training Software
Effective onboarding is essential in fast-paced hospitality, with high turnover rates and a multitude of expectations as the…
https://hackread.com/simplify-onboarding-hospitality-training-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A flaw in Catwatchful spyware exposed logins of +62,000 users
A flaw in Catwatchful spyware exposed logins of 62,000 users, turning the spy tool into a data leak, security researcher Eric Daigle revealed. A flaw in the Catwatchful Android spyware exposed its full user database, leaking email addresses and plaintext passwords of both customers and its admin, TechCrunch first reported. Security researcher Eric Daigle first discovered […]
https://securityaffairs.com/179620/malware/a-flaw-in-catwatchful-spyware-exposed-logins-of-62000-users.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Leaks hint at Operator-like tool in ChatGPT ahead of GPT-5 launch
A few new code references in the ChatGPT web app and Android point to an Operator-like tool in GPT's chain of thoughts. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/leaks-hint-at-operator-like-tool-in-chatgpt-ahead-of-gpt-5-launch/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Catwatchful - 61,641 breached accounts
In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.
https://haveibeenpwned.com/Breach/Catwatchful
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.
The post CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Your Business Communications: The Critical Role of Secure Email Gateways
Email is still the backbone of how businesses communicate, with more than 300 billion messages sent every day.…
https://hackread.com/protecting-business-communications-secure-email-gateway/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xAI prepares Grok 4 Code as it plans to take on Claude and Gemini
xAI is preparing the rollout of Grok 4, which replaces Grok 3 as the new state-of-the-art model. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/xai-prepares-grok-4-code-as-it-plans-to-take-on-claude-and-gemini/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7608-4: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- SMB network file system;
- Memory management;
- Netfilter;
- Network traffic control;
(CVE-2025-37890, CVE-2024-46787, CVE-2025-37798, CVE-2025-38000,
CVE-2025-37932, CVE-2025-38001, CVE-2025-37997, CVE-2024-50047,
CVE-2024-53051)
https://ubuntu.com/security/notices/USN-7608-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-linked group Houken hit French organizations using zero-days
China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France's ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set, […]
https://securityaffairs.com/179602/apt/china-linked-group-houken-hit-french-organizations-using-zero-days.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7617-1: libtpms vulnerability
It was discovered that libtpms did not properly manage memory
when performing crafted cryptographic operations. An attacker could
possibly use this issue to cause a denial of service.
https://ubuntu.com/security/notices/USN-7617-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7585-6: Linux kernel (BlueField) vulnerabilities
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- SCSI subsystem;
- Thermal drivers;
- JFS file system;
- File systems infrastructure;
- Tracing infrastructure;
- 802.1Q...
https://ubuntu.com/security/notices/USN-7585-6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Police dismantles investment fraud ring stealing €10 million
The Spanish police have dismantled a large-scale investment fraud operation based in the country, which has caused cumulative damages exceeding €10 million (.8M). [...]
https://www.bleepingcomputer.com/news/legal/police-dismantles-investment-fraud-ring-stealing-10-million/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Fake Marketplace From China Mimics Top Retail Brands for Fraud
Silent Push exposes thousands of fake e-commerce websites spoofing major brands like Apple and Michael Kors. Learn how this Chinese phishing scam targets shoppers and steals financial data, impacting global consumers.
https://hackread.com/china-fake-marketplace-mimics-top-retail-brands-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach
Resecurity found a breach in Brazil's CIEE One platform, exposing PII and documents, later sold by data broker “888” on the dark web. Resecurity identified a data breach of one of the major platforms in Brazil connecting businesses and trainees called CIEE One – leading to the compromise of sensitive PII, including ID records, contact […]
https://securityaffairs.com/179609/data-breach/cybercriminals-target-brazil-248725-exposed-in-ciee-one-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Grafana releases critical security update for Image Renderer plugin
Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. [...]
https://www.bleepingcomputer.com/news/security/grafana-releases-critical-security-update-for-image-renderer-plugin/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Big Tech's Mixed Response to U.S. Treasury Sanctions
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.
https://krebsonsecurity.com/2025/07/big-techs-mixed-response-to-u-s-treasury-sanctions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Cyber Blueprint Aims to Guide Organizations on AI Journey
Deloitte's new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees.
https://www.darkreading.com/cyber-risk/cyber-blueprint-guide-ai-journey
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IdeaLab confirms data stolen in ransomware attack last year
IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. [...]
https://www.bleepingcomputer.com/news/security/idealab-confirms-data-stolen-in-ransomware-attack-last-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 1st Week of July, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of July, 2025”
https://asec.ahnlab.com/en/88793/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft investigates ongoing SharePoint Online access issues
Microsoft is investigating an ongoing incident causing intermittent issues for users attempting to access SharePoint Online sites. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-ongoing-sharepoint-online-access-issues/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dark Web Vendors Shift to Third Parties, Supply Chains
As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.
https://www.darkreading.com/threat-intelligence/dark-web-vendors-third-parties-supply-chains
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Criminals Sending QR Codes in Phishing, Malware Campaigns
The Anti-Phishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware.
https://www.darkreading.com/endpoint-security/criminals-send-qr-codes-phishing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IDE Extensions Pose Hidden Risks to Software Supply Chain
Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.
https://www.darkreading.com/application-security/ide-extensions-risks-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drug cartel hacked cameras and phones to spy on FBI and identify witnesses
The “El Chapo” Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to...
https://www.malwarebytes.com/blog/news/2025/07/drug-cartel-hacked-cameras-and-phones-to-spy-on-fbi-and-identify-witnesses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SSH Under Siege: Hardening Your Linux Server Against Proxy Abuse
Let's be honest''your Linux server isn't the fortress you hope it is if your SSH setup isn't locked down tight. Recently, security teams have been tracking a spike in attacks, and it's not just the usual malware game we've seen before. Attackers are going low-key and crafty, exploiting weak SSH security to install legitimate tools like TinyProxy and Sing-box to turn compromised servers into proxy nodes. These tools are completely normal when used properly, but they're a dream for attackers who want to hide their tracks or sell access to your system.
https://linuxsecurity.com/features/features/ssh-under-siege-proxy-abuse
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Impersonate Top Brands in Callback Phishing
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
https://www.darkreading.com/endpoint-security/attackers-top-brands-callback-phishing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't Be Clueless About AI, Social Media, And Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 3, 2025 – Read the full story in Bolde In an age where even your fridge can be hacked, not knowing basic cybersecurity is a rookie mistake, according to Bolde, a top
The post Don’t Be Clueless About AI, Social Media, And Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/dont-be-clueless-about-ai-social-media-and-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Catwatchful “child monitoring” app exposes victims’ data
Stalkerware app Catwatchful has been leaking customer and victim information. It is one in a long line of such apps to do this.
https://www.malwarebytes.com/blog/news/2025/07/catwatchful-child-monitoring-app-exposes-victims-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti CSA Flaws Weaponized by Houken for Linux Rootkit Attacks
Linux admins and infosec pros, we've got a real problem on our hands. There's a group out there''the Houken threat actor''that's not messing around. These guys have been targeting industries that form the backbone of society: government, telecoms, finance, you name it. Using unpatched Ivanti devices as their entry point, they're pulling off some slick and dangerous moves. This isn't some dime-a-dozen botnet attack or basic ransomware scheme''it's targeted, it's precise, and it's making life a nightmare for Linux admins tasked with safeguarding critical systems.
https://linuxsecurity.com/news/security-vulnerabilities/ivanti-csa-flaws-weaponized-by-houken
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Rise of Rust-Based Malware: Memory Safetys Double-Edged Sword
When Rust emerged as the "memory-safe" poster child of programming languages, it didn't take long for its influence to spread. From systems programming to infrastructure tools, Rust is being embraced in areas long dominated by C and C++. It's cleaner, safer, and the way forward for Linux kernel modules, system utilities, and network drivers.
https://linuxsecurity.com/features/features/rise-of-rust-based-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: Exchange Server Subscription Edition now available
Microsoft has announced that the Exchange Server Subscription Edition (SE) is now available to all customers of its enterprise email service. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-server-subscription-edition-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
N Korean Hackers Drop NimDoor macOS Malware Via Fake Zoom Updates
SentinelLabs uncovers NimDoor, new North Korea-aligned macOS malware targeting Web3 and crypto firms. Exploits Nim, AppleScript, and steals Keychain, browser, shell, and Telegram data.
https://hackread.com/n-korean-hackers-nimdoor-macos-malware-fake-zoom-updates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams
Callback phishing scam emails are masquerading as messages from popular brands used for everyday tasks that put small businesses at risk.
https://www.malwarebytes.com/blog/news/2025/07/microsoft-paypal-docusign-and-geek-squad-faked-in-callback-phishing-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Under the Lens: Tomcat's Partial PUT and Camel's Header Hijack
We analyze CVE-2025-24813 (Tomcat Partial PUT RCE), CVE-2025-27636 and CVE-2025-29891 (Camel Header Hijack RCE).
The post Apache Under the Lens: Tomcat's Partial PUT and Camel's Header Hijack appeared first on Unit 42.
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Europol shuts down Archetyp Market, longest-running dark web drug marketplace
Europol shuts down Archetyp Market, longest-running dark web drug site, the police arrested the admin in Spain, top vendors hit in Sweden. An international law enforcement operation led by German authorities has shut down Archetyp Market, the longest-running dark web drug marketplace, in a coordinated operation across six countries with support from Europol and Eurojust. […]
https://securityaffairs.com/179591/cyber-crime/europol-shuts-down-archetyp-market-longest-running-dark-web-drug-marketplace.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Psychological Contract Breach and the Power of Security Culture – Research Insights
Employees are expected to behave securely, and the definition of “securely” is often written down in a myriad of security policies. Yet, people do not always comply with security policies or make use of available tools. Gartner documents in their research that 69% of all employees intentionally bypass cybersecurity guidance, and 93% behave consciously and […]
The post Psychological Contract Breach and the Power of Security Culture – Research Insights appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/03/psychological-contract-breach-and-the-power-of-security-culture-research-insights/?utm_source=rss&utm_medium=rss&utm_campaign=psychological-contract-breach-and-the-power-of-security-culture-research-insights
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How government cyber cuts will affect you and your business
Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks
https://www.welivesecurity.com/en/business-security/how-government-cyber-cuts-will-affect-you-and-your-business/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China Linked Houken Hackers Breach French Systems with Ivanti Zero Days
ANSSI report details the Chinese UNC5174 linked Houken cyberattack using Ivanti zero-days (CVE-2024-8190, 8963, 9380) against the French government, defence and finance sector.
https://hackread.com/china-houken-hackers-breach-french-ivanti-zero-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ethereum's Pivotal Role in Decentralized Finance Evolution
Once upon a time, say, 2016, Ethereum was a curious new arrival in the crypto space. It promised…
https://hackread.com/ethereum-role-in-decentralized-finance-evolution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses
A data breach at Kelly Benefits has impacted 550,000 people, with the number of affected individuals growing as the investigation continues. Benefits and payroll solutions firm Kelly Benefits has confirmed that a recent data breach has affected 550,000 individuals. As the investigation continued, the scale of the impact expanded, revealing that more people were affected […]
https://securityaffairs.com/179583/uncategorized/the-kelly-benefits-data-breach-has-impacted-550000-people-and-the-situation-continues-to-worsen-as-the-investigation-progresses.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Qantas Airlines Breached, Impacting 6M Customers
Passengers' personal information was likely accessed via a third-party platform used at a call center, but didn't include passport or credit card info.
https://www.darkreading.com/cyberattacks-data-breaches/qantas-airlines-breached-6m-customers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Browser Extensions Pose Heightened, but Manageable, Security Risks
Attackers can abuse malicious extensions to access critical data, including credentials, but organizations can reduce the risks by raising awareness and enforcing strict policy controls.
https://www.darkreading.com/cyber-risk/browser-extensions-heightened-manageable-security-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Initial Access Broker Self-Patches Zero Days as Turf Control
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking into the same network.
https://www.darkreading.com/cyber-risk/initial-access-broker-self-patches-zero-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Treasury Sanctions BPH Provider Aeza Group
In the past, the bulletproof group has been affiliated with many well-known ransomware and malware groups, such as BianLian and Lumma Stealer.
https://www.darkreading.com/threat-intelligence/us-treasury-bph-provider-aeza-group
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Tackles Binary Code Challenges to Fortify Supply Chain Security
Analyzing binary code helps vendors and organizations detect security threats and zero-day vulnerabilities in the software supply chain, but it doesn't come without challenges. It looks like AI has come to the rescue.
https://www.darkreading.com/application-security/ai-tackles-binary-code-challenges-fortify-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing
A Russian APT known as "Gamaredon" is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine.
https://www.darkreading.com/cyberattacks-data-breaches/russian-apt-gamaredon-ukraine-phishing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco removed the backdoor account from its Unified Communications Manager
Digital communications technology giant Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). A flaw, tracked as CVE-2025-20309 (CVSS score of 10), in Cisco Unified Communications Manager and its Session Management Edition lets remote attackers log in using hardcoded root credentials set during development. Cisco Unified Communications Manager (CUCM) is a call […]
https://securityaffairs.com/179577/security/cisco-removed-the-backdoor-account-from-its-unified-communications-manager.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7616-1: logback vulnerabilities
It was discovered that logback could read malicious configuration files
from LDAP servers. An attacker with the required permissions could possibly
use this issue to execute arbitrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-42550) It was
discovered that logback contained a serialization vulnerability. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-6378)
https://ubuntu.com/security/notices/USN-7616-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClickFix Spin-Off Attack Bypasses Key Browser Safeguards
A new threat vector exploits how modern browsers save HTML files, bypassing Mark of the Web and giving attackers another social-engineering attack for delivering malware.
https://www.darkreading.com/endpoint-security/clickfix-spin-off-bypassing-key-browser-safeguards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Qantas Confirms Major Data Breach Linked to Third-Party Vendor
Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions…
https://hackread.com/qantas-confirms-data-breach-linked-third-party-vendor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, July 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, July 2025 A new ransomware group named Kawa4096 Tonga’s Ministry of Health hit by INC RANSOM ransomware attack User data from three cryptocurrency exchanges in Austria, globally, and South Korea traded on two cybercrime forums
https://asec.ahnlab.com/en/88778/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Joining the FINOS AI security initiative
It's only been four months since I last posted about Sonatype's contributions to the open source security ecosystem — not too bad!
https://www.sonatype.com/blog/joining-the-finos-ai-security-initiative
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A third of organisations take more than 90 days to remediate threats
The recent Global Industrial Cybersecurity Benchmark 2025 by Takepoint Research, sponsored by Forescout, revealed an overconfidence in critical infrastructure security. Notably, the research found that 44% of industrial organisations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their Operational Technology (OT) and Internet of Things (IoT) threat […]
The post A third of organisations take more than 90 days to remediate threats appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/02/a-third-of-organisations-take-more-than-90-days-to-remediate-threats/?utm_source=rss&utm_medium=rss&utm_campaign=a-third-of-organisations-take-more-than-90-days-to-remediate-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TA829, UNK_GreenSec malware campaigns underpinned by same infrastructure
https://www.proofpoint.com/us/newsroom/news/ta829-unkgreensec-malware-campaigns-underpinned-same-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting
U.S. Treasury sanctions Russia-based Aeza Group and affiliates for aiding cybercriminals via bulletproof hosting services. The U.S. Treasury's Office of Foreign Assets Control (OFAC) sanctioned Russia-based Aeza Group for aiding global cybercriminals via bulletproof hosting services. A bulletproof hosting service is a type of internet hosting provider that knowingly allows cybercriminals to host malicious content […]
https://securityaffairs.com/179565/cyber-crime/u-s-sanctions-russias-aeza-group-for-aiding-crooks-with-bulletproof-hosting.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
George Kurtz On The Genesis Of CrowdStrike: “Salesforce Of Security”
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 2, 2025 – Watch the YouTube video George Kurtz, CrowdStrike’s founder and CEO, sat down with Cybersecurity Ventures at the RSA Conference USA 2025 in San Francisco and shared the past,
The post George Kurtz On The Genesis Of CrowdStrike: “Salesforce Of Security” appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/george-kurtz-on-the-genesis-of-crowdstrike-salesforce-of-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7615-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled scanning UDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2025-20234)
It was discovered that ClamAV incorrectly handled scanning PDF files. A
remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2025-20260)
https://ubuntu.com/security/notices/USN-7615-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero-Day Alert: Chrome's V8 Security Flaw Fixed in Emergency Patch
If you're a Linux admin or happen to be neck-deep in infosec, here's something worth your immediate attention: a critical security hole in Google Chrome'' CVE-2025-6554 ''has been patched. Trust me, this one isn't just a ''check the box'' type of update; it's as real as it gets.
https://linuxsecurity.com/news/security-vulnerabilities/chrome-v8-security-flaw-fixed
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Qantas: Breach affects 6 million people, “significant” amount of data likely taken
Australian airline Qantas has confirmed a data breach at a third party provider that affects six million customers.
https://www.malwarebytes.com/blog/news/2025/07/qantas-breach-affects-6-million-people-significant-amount-of-data-likely-taken
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Secure Your Promo Codes Against Cyber Exploits
Promo codes provide a fantastic opportunity to increase customer traffic and generate sales, yet there is a potential risk with them. Promo codes are one of the objects of interest to cybercriminals because they exploit those codes and use them to their personal advantage, which can cost your company its customers. Among the most popular […]
The post How to Secure Your Promo Codes Against Cyber Exploits appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/02/how-to-secure-your-promo-codes-against-cyber-exploits/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-secure-your-promo-codes-against-cyber-exploits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Shortcut (LNK) Malware Strategies
Our telemetry shows a surge in Windows shortcut (LNK) malware use. We explain how attackers exploit LNK files for malware delivery.
The post Windows Shortcut (LNK) Malware Strategies appeared first on Unit 42.
https://unit42.paloaltonetworks.com/lnk-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset
ESET Research analyzes Gamaredon's updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024
https://www.welivesecurity.com/en/eset-research/gamaredon-2024-cranking-out-spearphishing-campaigns-ukraine-evolved-toolset/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7614-1: pcs vulnerabilities
Cedric Buissart discovered that pcs did not correctly handle certain
parameters. An attacker could possibly use this issue to leak sensitive
information or elevate their privileges. This issue only affected
Ubuntu 16.04 LTS. (CVE-2018-1086)
Ondrej Mular discovered that pcs did not correctly handle Unix socket
permissions. An attacker could possibly use this issue to elevate their
privileges. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2735)
It was discovered that pcs did not correctly handle PAM authentication.
An attacker could possibly use this issue to bypass authentication
mechanisms. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-1049)
It was discovered that pcs did not correctly handle the validation of
Node names. An attacker could possibly use...
https://ubuntu.com/security/notices/USN-7614-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infinity Global Services' Pen Testing Achieves CREST-Accreditation
With today’s unpredictable cyber threat landscape, proactive security measures are crucial. Infinity Global Services (IGS) offers penetration testing (PT), a vital service that uncovers vulnerabilities before exploitation. Delivered by a team of seasoned experts, IGS’s penetration testing service has now achieved CREST accreditation. This globally recognised standard validates the quality, methodology, and integrity of IGS’s […]
The post Infinity Global Services' Pen Testing Achieves CREST-Accreditation appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/07/01/infinity-global-services-pen-testing-achieves-crest-accreditation/?utm_source=rss&utm_medium=rss&utm_campaign=infinity-global-services-pen-testing-achieves-crest-accreditation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Live Network Traffic Analysis: The Shockwave That Warns Before the Cyber Tsunami
Why Real-Time Visibility Is No Longer Optional – Subo Guha, Senior Vice President, Product Management, Stellar Cyber San Jose, Calif. – Jul. 1, 2025 On average, it takes organizations nearly 200 days to detect a breach, according to industry reports, with containment taking an additional
The post Live Network Traffic Analysis: The Shockwave That Warns Before the Cyber Tsunami appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/live-network-traffic-analysis-the-shockwave-that-warns-before-the-cyber-tsunami/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers
Microsoft is transitioning Microsoft Sentinel into the Microsoft Defender portal to create a unified security operations experience.
The post Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/planning-your-move-to-microsoft-defender-portal-for-all-microsoft-sentinel-custo/4428613
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understand your software's supply chain with GitHub's dependency graph
The GitHub dependency graph maps every direct and transitive dependency in your project, so you can identify risks, prioritize fixes, and keep your code secure.
The post Understand your software's supply chain with GitHub's dependency graph appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/understand-your-softwares-supply-chain-with-githubs-dependency-graph/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Update your Chrome to fix new actively exploited zero-day vulnerability
Google has released an urgent update for the Chrome browser to patch a vulnerability which has already been exploited.
https://www.malwarebytes.com/blog/news/2025/07/update-your-chrome-to-fix-new-actively-exploited-zero-day-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bluetooth vulnerability in audio devices can be exploited to spy on users
Researchers have found a set of vulnerabilities in Bluetooth connected devices that could allow an attacker to spy on users.
https://www.malwarebytes.com/blog/news/2025/07/bluetooth-vulnerability-in-audio-devices-can-be-exploited-to-spy-on-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Quantum Computing?
Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.
https://www.f5.com/labs/learning-center/what-is-quantum-computing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insecure LLM output handling and how to build safe defenses
As large language models (LLMs) increasingly shape how modern software is built and used, organizations must heed new categories of risk.
https://www.sonatype.com/blog/insecure-llm-output-handling-and-how-to-build-safe-defenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Cyber Risk SMBs Can't Afford To Ignore
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 1, 2025 – Read the full story in Forbes While awareness is supposedly on the rise, cybercrime losses have been steadily increasing, and projections indicate a continued upward trend. Globally, cybercrime costs
The post The Cyber Risk SMBs Can't Afford To Ignore appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-cyber-risk-smbs-cant-afford-to-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET Threat Report H1 2025: Key findings
ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025
https://www.welivesecurity.com/en/videos/eset-threat-report-h1-2025-key-findings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Facebook wants to look at your entire camera roll for “AI restyling” suggestions, and more
Facebook's pursuit of your personal data continues, and now it has a new target: photos on your phone that you haven't shared with it yet.
https://www.malwarebytes.com/blog/news/2025/07/facebook-wants-to-look-at-your-entire-camera-roll-for-ai-restyling-suggestions-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits
ESET experts discuss Sandworm's new data wiper, relentless campaigns by UnsolicitedBooker, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report
https://www.welivesecurity.com/en/podcasts/eset-apt-activity-report-q4-2024q1-2025-malware-sharing-wipers-exploits/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Detection Best Practices: How to Catch Attacks Before Data is Lost
Ransomware isn't just a buzzword—it's a real, growing threat that can cripple your business in…
Ransomware Detection Best Practices: How to Catch Attacks Before Data is Lost on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/07/01/ransomware-detection-best-practices-how-to-catch-attacks-before-data-is-lost/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
June Patch Tuesday from Microsoft Fixed 70+ Bugs, Including A Zero-Day
The June 2025 Patch Tuesday update bundle from Microsoft addressed numerous critical vulnerabilities and zero-day…
June Patch Tuesday from Microsoft Fixed 70+ Bugs, Including A Zero-Day on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/07/01/june-patch-tuesday-from-microsoft-fixed-70-bugs-including-a-zero-day/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jasper Sleet: North Korean remote IT workers' evolving tactics to infiltrate organizations
Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government.
The post Jasper Sleet: North Korean remote IT workers' evolving tactics to infiltrate organizations appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north-korean-remote-it-workers-evolving-tactics-to-infiltrate-organizations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Senator Chides FBI for Weak Advice on Mobile Security
Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to U.S. lawmakers. But in a letter this week to the FBI, one of the Senate's most tech-savvy lawmakers says the feds aren't doing enough to recommend more appropriate security protections that are already built into most consumer mobile devices.
https://krebsonsecurity.com/2025/06/senator-chides-fbi-for-weak-advice-on-mobile-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Corpse-eating selfies, and other ways to trick scammers (Lock and Code S06E14)
This week on the Lock and Code podcast, we speak with Becky Holmes about how she tricks, angers, and jabs at romance scammers online.
https://www.malwarebytes.com/blog/podcast/2025/06/corpse-eating-selfies-and-other-ways-to-trick-scammers-lock-and-code-s06e14
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scammers have a new tactic: impersonating DOGE
https://www.proofpoint.com/us/newsroom/news/scammers-have-new-tactic-impersonating-doge
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building Trust in the Age of Agentic AI
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 30, 2025 – Read the full story from USA Today According to Cybersecurity Ventures, global damage from cybercrime is projected to reach .5 trillion annually by 2025. Much of this risk is
The post Building Trust in the Age of Agentic AI appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/building-trust-in-the-age-of-agentic-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet Legit MCP: AI-Powered Security That Works Where Your Team Works
Get details on the newly released Legit MCP Server.
https://www.legitsecurity.com/blog/meet-legit-mcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AT&T to pay compensation to data breach victims. Here’s how to check if you were affected
AT&T is set to pay 7 million to customers affected by two significant data breaches. Were you affected and how can you submit your claim?
https://www.malwarebytes.com/blog/news/2025/06/att-to-pay-compensation-to-data-breach-victims-heres-how-to-check-if-you-were-affected
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android threats rise sharply, with mobile malware jumping by 151% since start of year
We've seen several spikes in Android threats since the start of 2025. Here's how to protect yourself.
https://www.malwarebytes.com/blog/news/2025/06/android-threats-rise-sharply-with-mobile-malware-jumping-by-151-since-start-of-year
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (June 23 – June 29)
A list of topics we covered in the week of June 23 to June 29 of 2025
https://www.malwarebytes.com/blog/news/2025/06/a-week-in-security-june-23-june-29
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of Attacks Targeting Linux SSH Servers for Proxy Installation
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting Linux servers that are inappropriately managed using honeypots. One of the representative honeypots is the SSH service that uses weak credentials, which is targeted by a large number of DDoS and coinminer attackers. ASEC has identified cases where Linux servers were attacked to install proxies. In […]
https://asec.ahnlab.com/en/88749/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – June 2025 edition
From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-june-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Citrix NetScaler ADC and NetScaler Gateway Vulnerabilities
What is the Vulnerability?Citrix has published security advisories addressing three critical vulnerabilities, CVE-2025-6543, CVE-2025-5349, and CVE-2025-5777, affecting the NetScaler ADC and NetScaler Gateway under specific pre-conditions.CVE-2025-6543: A memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Citrix reports that exploitation of CVE-2025-6543 against unmitigated appliances has been observed.CVE-2025-5349: An improper access control on the NetScaler Management Interface. CVE-2025-5777: A flaw due to insufficient input validation, potentially causing memory overreads.As of now, there have been no reports of CVE-2025-5777...
https://fortiguard.fortinet.com/threat-signal-report/6134
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
As threat actors are adopting Rust for malware development, RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry.
The post Unveiling RIFT: Enhancing Rust malware analysis through pattern matching appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/27/unveiling-rift-enhancing-rust-malware-analysis-through-pattern-matching/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them
Use these insights to automate software security (where possible) to keep your projects safe.
The post GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them appeared first on The GitHub Blog.
https://github.blog/security/github-advisory-database-by-the-numbers-known-security-vulnerabilities-and-what-you-can-do-about-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake DocuSign email hides tricky phishing attempt
An invitation to sign a DocuSign document went through mysterious ways and a way-too-easy Captcha to fingerprint the target.
https://www.malwarebytes.com/blog/news/2025/06/fake-docusign-email-hides-tricky-phishing-attempt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Betting Sites Keep Your Information Safe (Without You Even Noticing)
Ever wondered what's going on behind the scenes when you place a bet online? No, not the odds or the algorithms that somehow know your team's about to blow a 2–0 lead again – we're talking about the security side of things. Because let's face it: if you're logging in, placing wagers, and moving money […]
The post How Betting Sites Keep Your Information Safe (Without You Even Noticing) appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/27/how-betting-sites-keep-your-information-safe-without-you-even-noticing/?utm_source=rss&utm_medium=rss&utm_campaign=how-betting-sites-keep-your-information-safe-without-you-even-noticing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Redefining Cybersecurity In The Age Of Autonomous Agents
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 27, 2025 – Read the full story from The Week Today's threat actors are leveraging AI to deploy phishing kits, weaponise ransomware-as-a-service, automate credential stuffing, and exploit vulnerabilities at microsecond speed. According to
The post Redefining Cybersecurity In The Age Of Autonomous Agents appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/redefining-cybersecurity-in-the-age-of-autonomous-agents/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defining Cyber Resilience: Industry Leaders Meet in London as AI Threats Accelerate
Last week, Check Point hosted its annual Cyber Leader Summit at Landing Forty-Two in London's iconic Leadenhall Building. The summit convened influential figures from the cybersecurity, law enforcement, and enterprise communities to explore the rapidly evolving threat landscape and the transformative role of artificial intelligence. Key discussions focused on the urgent need for proactive, resilience-focused […]
The post Defining Cyber Resilience: Industry Leaders Meet in London as AI Threats Accelerate appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/27/defining-cyber-resilience-industry-leaders-meet-in-london-as-ai-threats-accelerate/?utm_source=rss&utm_medium=rss&utm_campaign=defining-cyber-resilience-industry-leaders-meet-in-london-as-ai-threats-accelerate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Traditional Technology Adoption Curve Doesn't Work for AI
The trajectory of technological progress has historically followed a familiar cadence—slow initial adoption, steady refinement, and eventual widespread integration. However, in the age of artificial intelligence (AI), innovation has advanced dramatically—now unfolding in mere months. This blog explores the dramatic compression of development cycles and human resistance to this shift.
Historical Patterns
Historically, the technology adoption lifecycle has followed a predictable ...
https://cloudsecurityalliance.org/articles/the-traditional-technology-adoption-curve-doesn-t-work-for-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What We Can Learn from the 2024 CrowdStrike Outage
CSA's Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we're reflecting on the third incident covered in the Deep Dive: CrowdStrike 2024.
The CrowdStrike outage in July 2024 exposed how much the world depends on centralized security solutions. It highlighted the risk of single points of failure in endpoint pr...
https://cloudsecurityalliance.org/articles/what-we-can-learn-from-the-2024-crowdstrike-outage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strategic Synergy: CSA STAR, CCM, and FedRAMP 20x
Security compliance, as we've traditionally known it, is buckling under the weight of modern complexity. Burdensome documentation, excessive manual oversight, and frameworks that are misaligned with today's cloud-native architectures are pushing compliance past the breaking point. Legacy compliance regimes strain to keep pace with the speed, scale, and dynamism of contemporary technology. Nowhere is this more apparent than in government security programs like FedRAMP.
FedRAMP was bu...
https://cloudsecurityalliance.org/articles/strategic-synergy-csa-star-ccm-and-fedramp-20x
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building security that lasts: Microsoft's journey towards durability at scale
In late 2023, Microsoft launched its most ambitious security transformation to date, the Microsoft Secure Future Initiative (SFI). An initiative with the equivalent of 34,000 engineers working across 14 product divisions, supporting more than 20,000 cloud services on 1.2 million Azure subscriptions, the scope is massive. These services operate on 21 million compute nodes, protected by 46.7 million certificates, and developed across 134,000 code repositories.
The post Building security that lasts: Microsoft's journey towards durability at scale appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/26/building-security-that-lasts-microsofts-journey-towards-durability-at-scale/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing the OWASP NHI Top 10: Standardizing Non-Human Identity Security
Originally published by Astrix.
Written by Tal Skverer.
The non-human identity market has significantly matured in the past couple of years. While NHIs like service accounts, API keys, and OAuth apps are not new, the realization that managing and securing them has to be a priority is somewhat recent.
With that, many security teams lack a clear, standardized view of the risks these identities pose, and how to go about including them in security programs....
https://cloudsecurityalliance.org/articles/introducing-the-owasp-nhi-top-10-standardizing-non-human-identity-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Future of DevSecOps is Deterministic
Originally published by Gomboc.
Written by John Kamenik, Principal DevSecOps Engineer, Gomboc.
For years, DevSecOps has aimed to integrate security seamlessly into every phase of the software development lifecycle. Despite major advancements in tooling and cultural practices, one persistent challenge remains: most security workflows still rely on manual intervention, inconsistent remediations, and reactive triage. As cloud complexity grows, traditional approaches to se...
https://cloudsecurityalliance.org/articles/the-future-of-devsecops-is-deterministic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 4st Week of June, 2025
ASEC Blog publishes ” Mobile Security & Malware Issue 4st Week of June, 2025
https://asec.ahnlab.com/en/88653/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]
https://blog.compass-security.com/2025/06/pwn2own-ireland-2024-ubiquiti-ai-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HACK Cybersecurity ETF Rises 34 Percent Over The Past Year
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 26, 2025 – Read the full story from Money & Markets Microsoft estimates there are nearly 600 million cyberattacks globally every day. What's even more staggering is the cost. Cybersecurity Ventures estimates
The post HACK Cybersecurity ETF Rises 34 Percent Over The Past Year appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/hack-cybersecurity-etf-rises-34-percent-over-the-past-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET Threat Report H1 2025
A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing CCM: Infrastructure Security Controls
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM contains 197 control objectives structured into 17 domains that cover all key aspects of cloud technology:
CCM Domains
Today we're looking at implementing the twelfth domain of CCM: Infrastructure & Virtualization Security (IVS). This domain applies to b...
https://cloudsecurityalliance.org/articles/implementing-ccm-infrastructure-security-controls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploit Kits vs. Patch Cycles: Closing the 48-Hour Exposure Gap
The ever-evolving cybersecurity landscape now pits exploit kits against patch cycles, making time the critical…
Exploit Kits vs. Patch Cycles: Closing the 48-Hour Exposure Gap on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/06/25/exploit-kits-vs-patch-cycles-closing-the-48-hour-exposure-gap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 30)
Unit 42 details recent Iranian cyberattack activity, sharing direct observations. Tactical and strategic recommendations are provided for defenders.
The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 30) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/iranian-cyberattacks-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Named a Leader in the 2025 IDC CNAPP MarketScape: Key Takeaways for Security Buyers
The cloud-native application protection platform (CNAPP) market continues to evolve rapidly as organizations look to secure increasingly complex cloud environments. In the recently published 2025 IDC MarketScape for Worldwide CNAPP, Microsoft has been recognized as a Leader, reaffirming its commitment to delivering comprehensive, AI-powered, and integrated security solutions for multicloud environments. A diagram of a […]
The post Microsoft Named a Leader in the 2025 IDC CNAPP MarketScape: Key Takeaways for Security Buyers appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/microsoft-named-a-leader-in-the-idc-marketscape-for-cnapp-key-takeaways-for-secu/4427071
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, June 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, June 2025 Military-related data from Taiwan, Iran, and Algeria leaked on a cybercrime forum. Hacktivist group LulzSec Black leaked critical infrastructure and employee information of an Indian nuclear-related company on a cybercrime forum. Five administrators of the notorious cybercrime […]
https://asec.ahnlab.com/en/88622/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Creating the right organisational culture for cyber security
Calling cyber security professionals, culture specialists and leaders to drive uptake of new Cyber security culture principles.
https://www.ncsc.gov.uk/blog-post/creating-the-right-organisational-culture-for-cyber-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Robinsons Malls - 195,597 breached accounts
In June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app. The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.
https://haveibeenpwned.com/Breach/RobinsonsMalls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passwords hacked worldwide: UAE companies urged to boost IT security
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 25, 2025 – Read the full story from Khaleej Times UAE-based cybersecurity experts are urging companies to boost password security to stay ahead of emerging threats in every aspect of operations, following
The post Passwords hacked worldwide: UAE companies urged to boost IT security appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/passwords-hacked-worldwide-uae-companies-urged-to-boost-it-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI and collaboration tools: how cyberattackers are targeting SMBs in 2025
In its annual SMB threat report, Kaspersky shares insights into trends and statistics on malware, phishing, scams, and other threats to small and medium-sized businesses, as well as security tips.
https://securelist.com/smb-threat-report-2025/116830/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Have you got what it takes to be a 'Cyber Advisor'?
Become a Cyber Advisor consultant and provide hands-on security advice tailored for SMEs.
https://www.ncsc.gov.uk/blog-post/have-you-got-what-it-takes-to-be-a-cyber-advisor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bridewell report indicates rise in lone wolf ransomware actors
Bridewell, a UK-based cybersecurity services company, has released its latest CTI Annual Report – a comprehensive deep dive into ransomware trends. It highlighted a significant shift in attack strategies, payment dynamics and threat actor behaviours, revealing that data theft and extortion have overtaken traditional encryption-only ransomware as the most successful approach for attackers. While encryption-based […]
The post Bridewell report indicates rise in lone wolf ransomware actors appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/25/bridewell-report-indicates-rise-in-lone-wolf-ransomware-actors/?utm_source=rss&utm_medium=rss&utm_campaign=bridewell-report-indicates-rise-in-lone-wolf-ransomware-actors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The State of Post-Quantum Cryptography (PQC) on the Web
We analyze the world’s most popular websites and most widely used web browsers to determine the current state of PQC adoption on the web.
https://www.f5.com/labs/articles/threat-intelligence/the-state-of-pqc-on-the-web
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Have Fun Teaching - 27,126 breached accounts
In August 2021, the teaching resources website Have Fun Teaching suffered a data breach that leaked 80k WooCommerce transactions which were later posted to a popular hacking forum. The data contained 27k unique email addresses along with physical and IP addresses, names, payment methods and the item purchased. Have Fun Teaching is aware of the incident.
https://haveibeenpwned.com/Breach/HaveFunTeaching
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Abuse Open-Source Tools To Target Africa's Financial Sector
Cybercriminals are targeting financial organizations across Africa, potentially acting as initial access brokers selling data on the dark web.
The post Cybercriminals Abuse Open-Source Tools To Target Africa's Financial Sector appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cybercriminals-attack-financial-sector-across-africa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security Achieves SOC 3 Compliance
Keeper Security has achieved System and Organisation Controls (SOC) 3® compliance, demonstrating the company's commitment to the highest standards of security for all users. The SOC 3 report, governed by the American Institute of Certified Public Accountants (AICPA), is a public-facing certification that validates the security, availability and confidentiality of Keeper's systems. As part of […]
The post Keeper Security Achieves SOC 3 Compliance appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/24/keeper-security-achieves-soc-3-compliance/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-achieves-soc-3-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025
Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support SOC's critical mission.
The post Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/24/microsoft-is-named-a-leader-in-the-forrester-wave-security-analytics-platforms-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Sonatype leads in AI component analysis for supply chain security
From generative AI tools to pre-trained machine learning models, AI is rapidly transforming how software is developed.
https://www.sonatype.com/blog/how-sonatype-leads-in-ai-component-analysis-for-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Duck Teams with Arm to Boost EU Cyber Resilience Act Compliance
Software security company Black Duck is ramping up efforts to help organizations comply with the European Cyber Resilience Act (CRA), building on a 20-year partnership with British chip design giant Arm. The collaboration focuses on securing software running on Arm64-based systems, now widely used in hyperscaler and enterprise environments. Since 2005, Black Duck has played […]
The post Black Duck Teams with Arm to Boost EU Cyber Resilience Act Compliance appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/06/24/black-duck-teams-with-arm-to-boost-eu-cyber-resilience-act-compliance/?utm_source=rss&utm_medium=rss&utm_campaign=black-duck-teams-with-arm-to-boost-eu-cyber-resilience-act-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive into Automated Security Testing Tools
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 24, 2025 – Read the full story from Astra Data breaches cost businesses globally an average of .88 million, according to IBM, but it doesn’t have to be that way. Security
The post Deep Dive into Automated Security Testing Tools appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/deep-dive-into-automated-security-testing-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trusting the tech: using password managers and passkeys to help you stay secure online
How today's secure tools simplify your digital life, and reduce login stress and password fatigue
https://www.ncsc.gov.uk/blog-post/trust-the-tech-using-password-managers-passkeys-to-help-you-stay-secure-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Azure Identity & Access Management – 5 IAM & Entra ID Security Risks You Can't Ignore
Microsoft Azure is probably the most widely used cloud platform in Switzerland, powering businesses of all sizes, from startups to multinational companies. According the the official Microsoft page over 95% of Fortune 500 companies rely on Microsoft Azure in one form or another. With this industry-wide adoption, it has become a critical component of modern-day […]
https://blog.compass-security.com/2025/06/the-dark-side-of-azure-identity-access-management-5-iam-entra-id-security-risks-you-cant-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Teleport Remote Authentication Bypass
What is the Vulnerability?Teleport security engineers have discovered a critical vulnerability affecting Teleport versions earlier than 17.5.2. This flaw allows remote attackers to bypass SSH authentication on servers running Teleport SSH agents, OpenSSH-integrated deployments, and Teleport Git proxy setups. Exploiting this vulnerability could enable unauthorized access to Teleport-managed systems by circumventing standard authentication controls. View more information on the Community Article posted by FortiCNAPP. [FortiCNAPP - Fortinet Community]Teleport is an open-source platform that provides zero trust access to servers and cloud applications through protocols such as SSH, Kubernetes, databases, Remote Desktop Protocol (RDP), and HTTPS.Currently, there is no public proof-of-concept exploit...
https://fortiguard.fortinet.com/threat-signal-report/6132
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What MITRE ATT&CK v17 Means for ESXi Security: Key Risks & How to Respond
Originally published by Vali Cyber.
Written by Nathan Montierth.
MITRE ATT&CK v17 introduces a major development for defenders: the first-ever dedicated ESXi matrix, highlighting hypervisors as critical points of attack. This blog breaks down what the new matrix means for defenders—spotlighting high-risk TTPs, outlining why traditional defenses fall short, and offering guidance on how to secure ESXi environments in alignment with evolving threat models.
Framewo...
https://cloudsecurityalliance.org/articles/what-mitre-att-ck-v17-means-for-esxi-security-key-risks-how-to-respond
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MFA Made Easy: 8 Best Practices for Seamless Authentication Journeys
Written by Anastasios Arampatzis.
Multi-Factor Authentication (MFA) is a core part of compliance and Zero Trust security strategies. Yet, many organizations still struggle with deploying it across diverse user groups—employees, partners, and customers. The lack of MFA adoption often stems from the poor user experience, leaving organizations vulnerable to phishing attacks and data breaches. There's a common perception that there's too much burden placed on the end user to pr...
https://cloudsecurityalliance.org/articles/mfa-made-easy-8-best-practices-for-seamless-authentication-journeys
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESXi Ransomware: The Growing Threat to Virtualized Environments
Originally published by ValiCyber.
Written by Nathan Montierth.
Ransomware has reshaped the cybersecurity landscape, and a disturbing new trend is emerging: the targeting of ESXi environments. As the core of many organizations' IT infrastructure, ESXi hypervisors have become a prime target for cybercriminals seeking maximum disruption with minimal effort. This is no coincidence—hypervisors are critical to hosting and managing virtual machines (VMs), making them capable...
https://cloudsecurityalliance.org/articles/esxi-ransomware-the-growing-threat-to-virtualized-environments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Are Penetration Tests Important?
Originally published by A-LIGN.
Written by Joseph Cortese, Penetration Testing Practice Lead, A-LIGN.
How do you measure the effectiveness of your cybersecurity program? Ask this question of a dozen CISOs and you'll likely get twelve different answers. That's because there's no one-size-fits-all approach to measuring security but a penetration test plays into the most effective cybersecurity strategies.
While there may not be a single “right” way of measuring y...
https://cloudsecurityalliance.org/articles/why-are-penetration-tests-important
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CIEM and Secure Cloud Access Best Practices
Originally published by CyberArk.
Written by Sam Flaster, Director of IT Solutions Strategy, CyberArk and Shaked Rotlevi, Technical Product Marketing Manager, Wiz.
Let's cut the fluff out of cloud security. As you build and innovate in the cloud, you create a maze of roles, permissions and resources that you must secure thoughtfully. The dirty secret is that as organizations launch and build new infrastructure, they also create a labyrinth of permissions tha...
https://cloudsecurityalliance.org/articles/ciem-and-secure-cloud-access-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating cyber risks with Microsoft Security Exposure Management eBook
Microsoft Security Exposure Management's eBook helps educate teams on how to anticipate threats across hybrid environments, transforming risk into resilience.
The post Navigating cyber risks with Microsoft Security Exposure Management eBook appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/23/navigating-cyber-risks-with-microsoft-security-exposure-management-ebook/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Europe Can No Longer Think About Its Security In Silos
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 23, 2025 – Read the full story from Maddyness Globally, the cost of cybercrime was projected to reach .5 trillion in 2024 and .5 trillion in 2025, according to Cybersecurity Ventures — an
The post Europe Can No Longer Think About Its Security In Silos appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/europe-can-no-longer-think-about-its-security-in-silos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Appoints Tom Corn as Executive Vice President and General Manager, Threat Protection Group
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-appoints-tom-corn-executive-vice-president-and-general-manager
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkKitty, SparkCat's little brother: A new Trojan spy found in the App Store and Google Play
SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users' galleries.
https://securelist.com/sparkkitty-ios-android-malware/116793/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer overflow in fgfmd
A stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM and FortiSwitchManager may allow a remote attacker to execute arbitrary code or command via crafted packets reaching the fgfmd daemon, under certain conditions which are outside the control of the attacker. Revised on 2025-06-23 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-036
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 3st Week of June, 2025
ASEC Blog publishes ” Mobile Security & Malware Issue 3st Week of June, 2025″
https://asec.ahnlab.com/en/88562/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Case of Attacks Targeting South Korean Web Servers Using MeshAgent and SuperShell
Lately, attacks on South Korean web servers utilizing MeshAgent and SuperShell have been identified. The presence of ELF-based malware at the malicious code distribution address suggests that the attackers are targeting not only Windows servers but also Linux servers. It is assumed that the attackers installed a web shell using a file upload vulnerability and […]
https://asec.ahnlab.com/en/88627/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Resurgence of the Prometei Botnet
We identified a resurgence of the Prometei botnet's Linux variant. Our analysis tracks the activity of this cryptominer and its new features.
The post Resurgence of the Prometei Botnet appeared first on Unit 42.
https://unit42.paloaltonetworks.com/prometei-botnet-2025-activity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype expands global innovation with new India engineering center
At Sonatype, innovation knows no borders. We're excited to announce the opening of our new engineering hub in Hyderabad, India — a strategic milestone in our commitment to scale global innovation and deliver continuous value to our customers around the world.
https://www.sonatype.com/blog/sonatype-expands-global-innovation-with-new-india-engineering-center
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI in Cybersecurity: 5 Practical Use Cases for Stronger Defense
Originally published by Abnormal.
Written by Emily Burns.
AI is transforming cybersecurity, equipping organizations with advanced tools to detect, prevent, and respond to evolving threats. As cybercriminals increasingly use AI for sophisticated attacks, security teams must adopt AI-powered defenses to stay ahead.
The shift is already underway with 98.4% of security leaders reporting AI-driven attacks on their organizations and 66.4% of organizations hav...
https://cloudsecurityalliance.org/articles/ai-in-cybersecurity-5-practical-use-cases-for-stronger-defense
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Breach Reporting for regulatory requirements with Microsoft Data Security Investigations
Seventy-four percent of organizations surveyed experienced at least one data security incident with their business data exposed in the previous year as reported in Microsoft's Data Security Index: Trends, insights, and strategies to secure data report.
The post Data Breach Reporting for regulatory requirements with Microsoft Data Security Investigations appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/%E2%80%8B%E2%80%8Bdata-breach-reporting-for-regulatory-requirements-with-microsoft-data-security/4424950
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, June 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, June 2025 Operation Deep Sentinel: The dark web marketplace Archetyp Market shut down through international joint investigation. Internal data from a Spanish defense technology company leaked on a dark web forum. A surge in hacktivist activity following armed conflict between […]
https://asec.ahnlab.com/en/88541/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
http://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Timelines for migration to post-quantum cryptography
Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.
https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infostealer Disguised as Copyright Infringement Document Distributed in Korea
AhnLab SEcurity intelligence Center (ASEC) has confirmed that Infostealer malware disguised as a document containing legal responsibilities and copyright infringement facts is continuously being distributed in Korea. It is mainly distributed through links in email attachments, and the email instructs the recipients to download the evidence related to the copyright infringement. Link in Email […]
https://asec.ahnlab.com/en/88544/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint, Wiz Partner on Cloud Security
https://www.proofpoint.com/us/newsroom/news/proofpoint-wiz-partner-cloud-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation
We analyze two new KimJongRAT stealer variants, combining new research with existing knowledge. One uses a Portable Executable (PE) file and the other PowerShell.
The post Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation appeared first on Unit 42.
https://unit42.paloaltonetworks.com/kimjongrat-stealer-variant-powershell/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe
https://www.proofpoint.com/us/newsroom/news/cybercrime-crackdown-disrupts-malware-infostealers-marketplaces-across-globe
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Joins the Wiz Integration Network (WIN) to Strengthen Cloud Data Security
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-joins-wiz-integration-network-win-strengthen-cloud-data-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Case of Attacks Targeting MySQL Servers to Install RAT Malware
AhnLab SEcurity intelligence Center (ASEC) is monitoring attacks targeting poorly managed services, and has confirmed that MySQL servers have remained a continuous target of attacks. Threat actors are believed to be targeting various externally accessible systems, leading to the infection of multiple systems in Korea with malware. The majority of malware strains used in […]
https://asec.ahnlab.com/en/88514/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating prompt injection attacks with a layered defense strategy
Posted by Google GenAI Security TeamWith the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security...
http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://www.hackmageddon.com/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Serverless Tokens in the Cloud: Exploitation and Detections
Understand the mechanics of serverless authentication: three simulated attacks across major CSPs offer effective approaches for application developers.
The post Serverless Tokens in the Cloud: Exploitation and Detections appeared first on Unit 42.
https://unit42.paloaltonetworks.com/serverless-authentication-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ualabee - 472,296 breached accounts
In May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform. The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.
https://haveibeenpwned.com/Breach/Ualabee
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.
https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam
Scope: Amazon Content Type: Informational Publication Date: 2025/06/12 10:30 AM PDT
Description
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
Affected version: All
Resolution:
This product was end of life as of December 2, 2022 and should not be used.
References:
CVE-2025-6031
Acknowledgement:
We would like to...
https://aws.amazon.com/security/security-bulletins/AWS-2025-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber resilience begins before the crisis
Hear directly from Microsoft's Deputy CISO for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents.
The post Cyber resilience begins before the crisis appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/06/12/cyber-resilience-begins-before-the-crisis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 2st Week of June, 2025
ASEC Blog publishes ” Mobile Security & Malware Issue 2st Week of June, 2025″
https://asec.ahnlab.com/en/88458/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May 2025 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples collected, the number of affected systems, and affected companies in May 2025, as well as key ransomware issues in Korea and abroad. The following is a summary of the report. Disclaimer: The number of ransomware samples and damaged systems is based on the […]
https://asec.ahnlab.com/en/88474/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LLM vector and embedding risks and how to defend against them
As large language model (LLM) applications mature, the line between model performance and model vulnerability continues to blur.
https://www.sonatype.com/blog/llm-vector-and-embedding-risks-and-how-to-defend-against-them
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique
In an extensive campaign affecting 270k webpages, compromised websites were injected with the esoteric JavaScript programming style JSF*ck to redirect users to malicious content.
The post JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password Spraying Attacks Hit Entra ID Accounts
https://www.proofpoint.com/us/newsroom/news/password-spraying-attacks-hit-entra-id-accounts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
Sensor Intel Series: June 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authentication methods: choosing the right type
Recommended authentication models for organisations looking to move 'beyond passwords'.
https://www.ncsc.gov.uk/guidance/authentication-methods-choosing-the-right-type
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Toxic trend: Another malware threat targets DeepSeek
Kaspersky GReAT experts discovered a new malicious implant: BrowserVenom. It enables a proxy in browsers like Chrome and Mozilla and spreads through a DeepSeek-mimicking phishing website.
https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Products on your perimeter considered harmful (until proven otherwise)
As attackers' tactics change, so must network defenders'.
https://www.ncsc.gov.uk/blog-post/products-on-your-perimeter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TBK DVRs Botnet Attack
What is the Attack?Threat Actors are actively exploiting CVE-2024-3721, a command injection vulnerability in TBK DVR devices (Digital Video Recorders). This flaw allows unauthenticated remote code execution (RCE) via crafted HTTP requests to the endpoint. The compromised devices are being conscripted into a botnet capable of conducting DDoS attacks.If successfully exploited, there is a potential for significant disruption from DDoS attacks, lateral movement, or further malware delivery.FortiGuard sensors observes critical level of network telemetry related to the attack attempts targeting this vulnerability (CVE-2024-3721). In the past FortiGuard has release an Outbreak Alert for a different TBK vulnerability (CVE-2018-9995) exploited to spread Remote Access Trojan called HiatusRAT. TBK DVR...
https://fortiguard.fortinet.com/threat-signal-report/6127
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, June 2025 Edition
Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.
https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - June 2025
WebDAV & SMB client zero-days. KDC Proxy Service & Office critical RCEs.
https://blog.rapid7.com/2025/06/10/patch-tuesday-june-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond IPs: Addressing organizational overconsumption in Maven Central
When we published Maven Central and the Tragedy of the Commons, we highlighted a disturbing pattern: just 1% of IP addresses accounted for 83% of Maven Central's total bandwidth, often traced back to some of the world's largest organizations.
https://www.sonatype.com/blog/beyond-ips-addressing-organizational-overconsumption-in-maven-central
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Comparing Enterprise Browsers: Key Features to Look For
Organizations have big problems securing their digital platforms and being productive. Choosing an enterprise browser…
Comparing Enterprise Browsers: Key Features to Look For on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/06/10/comparing-enterprise-browsers-key-features-to-look-for/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta's Internal Conflict
Despite a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024, Rapid7 has observed sustained social engineering attacks. Evidence suggests that BlackSuit affiliates have either adopted Black Basta's strategy or absorbed its members.
https://blog.rapid7.com/2025/06/10/blacksuit-continues-social-engineering-attacks-in-wake-of-black-bastas-internal-conflict/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure mobile applications with Dart, Flutter, and Sonatype
The Dart coding language and the Flutter framework architecture are gaining traction among developers looking to build fast, reliable, cross-platform applications.
https://www.sonatype.com/blog/secure-mobile-applications-with-dart-flutter-and-sonatype
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR
Explore key takeaways from Take Command 2025 on modern cloud detection and response. Learn how SOCs are adapting. Watch the full session on demand.
https://blog.rapid7.com/2025/06/10/key-takeaways-from-the-take-command-summit-2025-demystifying-cloud-detection-response-the-future-of-soc-and-mdr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Evolution of Linux Binaries in Targeted Cloud Operations
Using data from machine learning tools, we predict a surge in cloud attacks leveraging reworked Linux Executable and Linkage Format (ELF) files.
The post The Evolution of Linux Binaries in Targeted Cloud Operations appeared first on Unit 42.
https://unit42.paloaltonetworks.com/elf-based-malware-targets-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WiredBucks - 918,529 breached accounts
In May 2022, the now defunct social media influencer platform WiredBucks suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed over 900k email and IP addresses alongside names, usernames, earnings via the platform, physical addresses and passwords stored as plain text.
https://haveibeenpwned.com/Breach/WiredBucks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LinkedIn for OSINT: tips and tricks
When it comes to open source intelligence (OSINT), LinkedIn is a treasure trove of information. With millions of professionals voluntarily sharing details about their careers, connections, personal achievements, or keeping up to date with what is happening in their professional sphere, the famous networking platform is not to be underestimated when it comes to OSINT. […]
https://blog.compass-security.com/2025/06/linkedin-for-osint-tips-and-tricks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blind SSRF in API
A server-side request forgery vulnerability [CWE-918] in FortiClientEMS may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-342
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall session injection in FGSP
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-287
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IPsec improper validation of certificate with host mismatch
An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiClient Windows may allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-365
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper Handling of Insufficient Permissions or Privileges in GUI websocket
An Improper Handling of Insufficient Permissions or Privileges Vulnerability [CWE-280] in FortiPAM and FortiSRA GUI websocket could allow a low privileged user to access to a unauthorized resources via specially crafted http requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-008
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Information Disclosure on SSLVPN endpoint
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-257
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insufficient Access Control Over API Endpoints
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiPortal may allow an authenticated attacker to view unauthorized device information via key modification in API requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-274
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insufficient Session Expiration in SSL-VPN cookie
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-339
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple OS command injection in Web Vulnerability Scanner
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-099
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privilege escalation in GUI websocket module
An Improper Privilege Management vulnerability [CWE-269] affecting FortiOS, FortiProxy & FortiWeb may allow an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-006
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privilege escalation in automation-stitch
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS and FortiProxy may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component. Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-385
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Erlang/OTP RCE
What is the Vulnerability?A critical SSH vulnerability has recently been identified in the Erlang/Open Telecom Platform (OTP). The vulnerability, tracked as CVE-2025-32433, has been assigned a CVSS score of 10.0. It is unauthenticated, remotely exploitable, and requires low complexity to execute.Erlang/OTP is commonly found in IoT devices and telecommunications platforms, and is prominently used by companies such as Ericsson, WhatsApp, and Cisco, among others.Update: June 9, 2025: CISA has added CVE-2025-32433 Erlang/OTP SSH Server Missing Authentication to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. What is the recommended Mitigation?A security patch for OTP has been made available via GitHub. FortiGuard Labs strongly recommends that organizations...
https://fortiguard.fortinet.com/threat-signal-report/6077
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Things Security Leaders Need to Know About Agentic AI
Generative AI has already transformed the way businesses work. But we're now entering a new phase where AI doesn't just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI', and it's moving fast.
https://blog.rapid7.com/2025/06/09/5-things-security-leaders-need-to-know-about-agentic-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating AWS Migration: Achieving Clarity and Confidence
Migrating workloads to Amazon Web Services (AWS) represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy introduce unforeseen risks, operational delays, and more.
https://blog.rapid7.com/2025/06/09/navigating-aws-migration-achieving-clarity-and-confidence-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sleep with one eye open: how Librarian Ghouls steal data by night
According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.
https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere
This examination of the Amazon Web Services (AWS) Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives.
The post Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere appeared first on Unit 42.
https://unit42.paloaltonetworks.com/aws-roles-anywhere/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Disk Union - 690,667 breached accounts
In June 2022, the Japanese record chain store Disk Union suffered a data breach. The incident exposed 690k unique email addresses along with names, post codes, phone numbers and plain text passwords.
https://haveibeenpwned.com/Breach/DiskUnion
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-up 06/06/25
This release adds new modules targeting ThinManager vulnerabilities (CVE-2023-27855, CVE-2023-2917, CVE-2023-27856), a udev persistence module for Linux, an Ivanti EPMM authentication bypass and remote code execution module (CVE-2025-4427, CVE-2025-4428), PHP payload adapters, and more
https://blog.rapid7.com/2025/06/06/metasploit-wrapup-76/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sausages and incentives: rewarding a resilient technology future
Why ‘thinking big' is required to shift the dynamics of the technology market.
https://www.ncsc.gov.uk/blog-post/sausages-incentives-rewarding-resilient-technology-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cultivating Growth and Development at Rapid7
At Rapid7, we're pushing the boundaries on what a cybersecurity company can be. With more than a dozen offices around the world, Rapid7's culture provides a foundation where people can grow their skills and progress in their careers, while driving meaningful impact to the business.
https://blog.rapid7.com/2025/06/06/cultivating-growth-and-development-at-rapid7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blitz Malware: A Tale of Game Cheats and Code Repositories
Blitz malware, active since 2024 and updated in 2025, was spread via game cheats. We discuss its infection vector and abuse of Hugging Face for C2.
The post Blitz Malware: A Tale of Game Cheats and Code Repositories appeared first on Unit 42.
https://unit42.paloaltonetworks.com/blitz-malware-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
Kaspersky GReAT experts describe the new features of a Mirai variant: the latest botnet infections target TBK DVR devices with CVE-2024-3721.
https://securelist.com/mirai-botnet-variant-targets-dvr-devices-with-cve-2024-3721/116742/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
India's Cyber Leaders Prepare for AI-Driven Threats
As India's economy rapidly digitizes, cybersecurity challenges are becoming increasingly complex. This May, Rapid7 launched our inaugural Global Security Day series across India, bringing together top security leaders to address the most pressing cyber threats facing organizations in 2025.
https://blog.rapid7.com/2025/06/06/indias-cyber-leaders-prepare-for-ai-driven-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SimpleHelp Path Traversal Vulnerability
What is the Vulnerability?FortiGuard Labs continues to observe ongoing attack attempts targeting SimpleHelp, a Remote Monitoring and Management (RMM) software, due to a critical unauthenticated path traversal vulnerability (CVE-2024-57727) affecting versions 5.5.7 and earlier. This flaw allows remote attackers to access and download arbitrary files from the server without authentication, simply by sending specially crafted HTTP requests. The exposed files may contain highly sensitive information, including server configuration data, hashed administrator passwords, API keys, and other credentials. The root cause is improper input validation, which lets attackers manipulate file paths to reach files outside the intended directories. Due to active exploitation, this vulnerability was added to...
https://fortiguard.fortinet.com/threat-signal-report/6107
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proxy Services Feast on Ukraine's IP Address Exodus
Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America's largest Internet service providers (ISPs).
https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Connect with us at the Gartner Security & Risk Management Summit
Microsoft will spotlight its AI-first, end-to-end security platform at the Gartner Security & Risk Management Summit. Read our blog post for details on how to connect with us there and a teaser of what to expect from our sessions.
The post Connect with us at the Gartner Security & Risk Management Summit appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/connect-with-us-at-the-gartner-security--risk-management-summit/4420744
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Detail Bitter APT's Evolving Tactics as Its Geographic Scope Expands
https://www.proofpoint.com/us/newsroom/news/researchers-detail-bitter-apts-evolving-tactics-its-geographic-scope-expands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open source policy management: How Sonatype supports security at scale
As organizations rely more heavily on open source components, software composition analysis (SCA) has become essential for identifying risks. But visibility alone is not enough. What turns insight into action is effective policy management: the ability to define and enforce rules that govern how software is built.
https://www.sonatype.com/blog/open-source-policy-management-how-sonatype-supports-security-at-scale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q1 2025. Non-mobile statistics
The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q1 2025.
https://securelist.com/malware-report-q1-2025-pc-iot-statistics/116686/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q1 2025. Mobile statistics
The number of attacks on mobile devices involving malware, adware, or unwanted apps saw a significant increase in the first quarter.
https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BladedFeline: Whispering in the dark
ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig
https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-5688 - Out of Bounds Write in FreeRTOS-Plus-TCP
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/06/04 10:00 AM PDT
Description
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR, mDNS, NBNS, RA, ND, ICMP, and ICMPv6. FreeRTOS-Plus-TCP offers two Buffer Allocation Schemes for buffer management:
Buffer Allocation Scheme 1 - Allocates buffers from a pre-defined pool of fixed-size buffers.
Buffer Allocation Scheme 2 - Allocates buffers of required size dynamically from the heap.
We identified CVE-2025-5688, that may allow out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This...
https://aws.amazon.com/security/security-bulletins/AWS-2025-012/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://www.hackmageddon.com/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automation you can trust: Cut backlogs without breaking builds
Engineering teams live in a paradox — under pressure to ship software faster than ever, yet every new open source component introduces hidden risk. Security backlogs pile up as developers scramble to fix vulnerabilities, balance new feature work, and try not to disrupt critical builds.
https://www.sonatype.com/blog/automation-you-can-trust-cut-backlogs-without-breaking-builds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Q1 2025 Incident Response Findings
Rapid7's 2025Q1 incident response data highlights several key IAV trends, shares salient examples of incidents investigated by the Rapid7 IR team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware.
https://blog.rapid7.com/2025/06/04/rapid7-q1-2025-incident-response-findings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
The lines between ideologically-driven hacktivism and financially motivated cybercriminals are blurring. Some hacktivist groups are evolving into ransomware operations – even becoming ransomware affiliates – merging the disruptive zeal of hacktivism with the ruthless efficiency of cybercrime.
https://blog.rapid7.com/2025/06/03/from-ideology-to-financial-gain-exploring-the-convergence-from-hacktivism-to-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack the model: Build AI security skills with the GitHub Secure Code Game
Dive into the novel security challenges AI introduces with the open source game that over 10,000 developers have used to sharpen their skills.
The post Hack the model: Build AI security skills with the GitHub Secure Code Game appeared first on The GitHub Blog.
https://github.blog/security/hack-the-model-build-ai-security-skills-with-the-github-secure-code-game/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Only Malware in the Building: The great CoGUI caper.
https://www.proofpoint.com/us/newsroom/news/only-malware-building-great-cogui-caper
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DNS rebinding attacks explained: The lookup is coming from inside the house!
DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.
The post DNS rebinding attacks explained: The lookup is coming from inside the house! appeared first on The GitHub Blog.
https://github.blog/security/application-security/dns-rebinding-attacks-explained-the-lookup-is-coming-from-inside-the-house/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing AI Attack Coverage in Exposure Command: Secure what traditional AppSec Tools miss
Introducing AI Attack Coverage in Exposure Command and InsightAppSec, bringing purpose built protection for AI driven applications into your existing AppSec workflows. Uncover vulnerabilities that legacy tools miss – and stop AI specific threats before they become business problems.
https://blog.rapid7.com/2025/06/03/introducing-ai-attack-coverage-in-exposure-command-secure-what-traditional-appsec-tools-miss/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top DSPM Challenges and How to Tackle Them
Data Security Posture Management is key as you move workloads to the cloud. It helps…
Top DSPM Challenges and How to Tackle Them on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/06/03/top-dspm-challenges-and-how-to-tackle-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/articles/threat-intelligence/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Host-based logs, container-based threats: How to tell where an attack began
Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization's logs lack container visibility.
https://securelist.com/host-based-logs-container-based-threats/116643/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lost in Resolution: Azure OpenAI's DNS Resolution Issue
We discovered an Azure OpenAI misconfiguration allowing shared domains, potentially leading to data leaks. Microsoft quickly resolved the issue.
The post Lost in Resolution: Azure OpenAI's DNS Resolution Issue appeared first on Unit 42.
https://unit42.paloaltonetworks.com/azure-openai-dns-resolution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ColoCrossing - 7,183 breached accounts
In May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product. ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses were exposed in the incident along with names and MD5-Crypt password hashes.
https://haveibeenpwned.com/Breach/ColoCrossing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Alert: .6 Billion in Cyber Losses Underscore Critical Need for Advanced Security Training
Cary, North Carolina, 2nd June 2025, CyberNewsWire
INE Security Alert: .6 Billion in Cyber Losses Underscore Critical Need for Advanced Security Training on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/06/02/ine-security-alert-16-6-billion-in-cyber-losses-underscore-critical-need-for-advanced-security-training/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management
Learn how security teams are evolving risk strategies with exposure management. Hear insights from Rapid7 and ESG. Watch the full session on demand.
https://blog.rapid7.com/2025/06/02/key-takeaways-from-the-take-command-summit-2025-risk-revolution-proactive-strategies-for-exposure-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't let dormant accounts become a doorway for cybercriminals
Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.
https://www.welivesecurity.com/en/cybersecurity/dont-let-dormant-accounts-become-doorway-cybercriminals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SAP Netweaver Zero-Day Attack
What is the Attack?A zero-day SAP vulnerability, CVE-2025-31324, with CVSS score of 10.0 is being actively exploited in the wild. This vulnerability affects SAP Visual Composer, allowing unauthenticated threat actors to upload arbitrary files, resulting in full compromise of the targeted system that could significantly affect the confidentiality, integrity, and availability of the targeted system.The vulnerability stems from the SAP NetWeaver Visual Composer Metadata Uploader lacking proper authorization protection, which allows unauthenticated agents to upload potentially malicious executable binaries.CISA has added the CVE to their Known Exploited Vulnerabilities Catalog on April 29, 2025.What is the recommended Mitigation?The vulnerability exists in the SAP Visual Composer component for...
https://fortiguard.fortinet.com/threat-signal-report/6089
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team
Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025.
The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don't go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.
Chrome's confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners included in the Chrome Root Store has diminished due to patterns...
http://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploits and vulnerabilities in Q1 2025
This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.
https://securelist.com/vulnerabilities-and-exploits-in-q1-2025/116624/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – May 2025 edition
From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-may-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. Sanctions Cloud Provider ‘Funnull' as Top Source of ‘Pig Butchering' Scams
The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering." In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.
https://krebsonsecurity.com/2025/05/u-s-sanctions-cloud-provider-funnull-as-top-source-of-pig-butchering-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Streamline SCA with Sonatype's build-safe automation
As open source adoption accelerates across the enterprise, so too does its complexity. Development teams are building software with hundreds of components, each carrying its own risks, release cycles, and dependencies.
https://www.sonatype.com/blog/streamline-sca-with-sonatype-build-safe-automation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pakistan Arrests 21 in ‘Heartsender' Malware Service
Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.
https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zanubis in motion: Tracing the active evolution of the Android banking malware
A comprehensive historical breakdown of Zanubis' changes, including RC4 and AES encryption, credentials stealing and new targets in Peru, provided by Kaspersky GReAT experts.
https://securelist.com/evolution-of-zanubis-banking-trojan-for-android/116588/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security and RedTeam Hacker Academy Announce Partnership to Advance Cybersecurity Skills in the Middle East
Cary, North Carolina, 28th May 2025, CyberNewsWire
INE Security and RedTeam Hacker Academy Announce Partnership to Advance Cybersecurity Skills in the Middle East on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/28/ine-security-and-redteam-hacker-academy-announce-partnership-to-advance-cybersecurity-skills-in-the-middle-east/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-5279 - Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/05/27 11:30 AM PDT
Description
Amazon Redshift Python Connector is a pure Python connector to Redshift (i.e., driver) that implements the Python Database API Specification 2.0.
We identified CVE-2025-5279 an issue in the Amazon Redshift Python Connector, version 2.0.872 through 2.1.6. When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider (IdP). An insecure connection could allow an actor to intercept the token exchange process and retrieve an access token.
This issue has been addressed in driver version 2.1.7. Users should upgrade to address this issue and ensure...
https://aws.amazon.com/security/security-bulletins/AWS-2025-011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Evolving Role of the Modern CISO
https://www.proofpoint.com/us/newsroom/news/evolving-role-modern-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside GitHub: How we hardened our SAML implementation
Maintaining and developing complex and risky code is never easy. See how we addressed the challenges of securing our SAML implementation with this behind-the-scenes look at building trust in our systems.
The post Inside GitHub: How we hardened our SAML implementation appeared first on The GitHub Blog.
https://github.blog/security/web-application-security/inside-github-how-we-hardened-our-saml-implementation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May Patch Tuesday From Microsoft Fixed 5 Zero-Days
With May Patch Tuesday updates, Microsoft addressed dozens of security vulnerabilities important for customers' systems.…
May Patch Tuesday From Microsoft Fixed 5 Zero-Days on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/27/may-patch-tuesday-from-microsoft-fixed-5-zero-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Word to the wise: Beware of fake Docusign emails
Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data
https://www.welivesecurity.com/en/scams/personal-data-fraudsters-docusign-scam-emails/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to look for in USA-based dedicated server solutions
If your business is scaling up and shared hosting isn't cutting it anymore, there's a…
What to look for in USA-based dedicated server solutions on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/27/what-to-look-for-in-usa-based-dedicated-server-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free - 13,926,173 breached accounts
In October 2024, French ISP "Free" suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, IBAN bank account numbers. Free advised that the numbers were "not enough to make a direct debit from a bank".
https://haveibeenpwned.com/Breach/FreeMobile
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Renovate – Keeping Your Updates Secure?
Renovate is an OSS CLI/bot that updates your software dependencies automatically. It is usually integrated into the CI/CD process and runs on a schedule. It will create a Pull Request / Merge Request (PR/MR) to your repository with dependency updates. It can optionally auto-merge them. If you host it for several repositories or an organization, it […]
https://blog.compass-security.com/2025/05/renovate-keeping-your-updates-secure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trimble Cityworks Remote Code Execution Attack
What is the Attack?Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server, potentially resulting in downtime and potential loss of service. According to Trimble Cityworks website, it provides a Geographic Information System (GIS)-centric solution for local governments, utilities, airports, and public works agencies to manage and maintain infrastructure across the full lifecycle. Trimble has investigated customer reports of hackers exploiting the vulnerability to gain unauthorized access to networks, confirming that active exploitation is occurring. CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog on February...
https://fortiguard.fortinet.com/threat-signal-report/5997
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti EPMM Zero Day Vulnerabilities
What is the Vulnerability?On May 15, 2025, Ivanti disclosed two critical vulnerabilities, CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. When chained together, these vulnerabilities can allow unauthenticated remote code execution (RCE) on vulnerable systems.According to a report by EclecticIQ, attackers are actively exploiting the Ivanti EPMM vulnerability (CVE-2025-4428) in the wild. EclecticIQ attributes this activity with high confidence to UNC5221, a China-nexus espionage group. Read more at: [China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability]What is the recommended Mitigation?Ivanti has released updates for Endpoint Manager Mobile (EPMM). Customers should install one...
https://fortiguard.fortinet.com/threat-signal-report/6104
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Endgame 2.0 - 15,436,844 breached accounts
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
https://haveibeenpwned.com/Breach/OperationEndgame2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking the Cost of Quantum Factoring
Posted by Craig Gidney, Quantum Research Scientist, and Sophie Schmieg, Senior Staff Cryptography Engineer Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems. For decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able to break many of today's secure public key cryptography algorithms, such as Rivest–Shamir–Adleman (RSA). Google has long worked with the U.S. National Institute of Standards and Technology (NIST) and others in government, industry, and academia to develop and transition to post-quantum cryptography (PQC), which is expected to be resistant to quantum computing attacks. As quantum computing technology continues to advance, ongoing...
http://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing MTE with CVE-2025-0072
In this post, I'll look at CVE-2025-0072, a vulnerability in the Arm Mali GPU, and show how it can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
The post Bypassing MTE with CVE-2025-0072 appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #7: Attack surface analysis
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fédération Francaise de Rugby - 281,977 breached accounts
In June 2023, the Fédération Francaise de Rugby (French Rugby Federation) suffered a data breach and attempted ransom. The breach exposed 282k unique email addresses along with names, dates of birth and phone numbers. The Federation subsequently published a disclosure notice and stated that the attack primarily affected email servers. The data was provided to HIBP by a source who requested it be attributed to "atix".
https://haveibeenpwned.com/Breach/FFR
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oops: DanaBot Malware Devs Infected Their Own PCs
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.
https://krebsonsecurity.com/2025/05/oops-danabot-malware-devs-infected-their-own-pcs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New ETSI standard protects AI systems from evolving cyber threats
The NCSC and DSIT work with ETSI to ‘set a benchmark for securing AI'.
https://www.ncsc.gov.uk/blog-post/new-etsi-standard-protects-ai-systems-from-evolving-cyber-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
Get details on the vulnerabilities the Legit research team unearthed in GitLab Duo.
https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia
Cary, North Carolina, 22nd May 2025, CyberNewsWire
INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/05/22/ine-security-partners-with-abadnet-institute-for-cybersecurity-training-programs-in-saudi-arabia/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Facing the cyber threat behind the headlines
NCSC CEO urges all businesses to face the stark reality of the cyber threat they face, whether in the spotlight or not.
https://www.ncsc.gov.uk/blog-post/cyber-threat-behind-the-headlines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.
https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Software Security Code of Practice - Assurance Principles and Claims (APCs)
Helps vendors measure how well they meet the Software Security Code of Practice, and suggests remedial actions should they fall short.
https://www.ncsc.gov.uk/guidance/software-security-code-of-practice-assurance-principles-claims
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decommissioning assets
How to retire digital assets (such as data, software, or hardware) from operation.
https://www.ncsc.gov.uk/guidance/decommissioning-assets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Impact of AI on cyber threat from now to 2027
An NCSC assessment highlighting the impacts on cyber threat from AI developments between now and 2027.
https://www.ncsc.gov.uk/report/impact-ai-cyber-threat-now-2027
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breachforums Boss to Pay 0k in Healthcare Breach
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly 0,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick, a.k.a. "Pompompurin," is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).
https://krebsonsecurity.com/2025/05/breachforums-boss-to-pay-700k-in-healthcare-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Android Security and Privacy in 2025
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Android's intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.Android is always developing new protections to keep you, your device, and your data safe. Today, we're announcing new features and enhancements that build on our industry-leading protections to help keep you safe from scams, fraud, and theft on Android.
Smarter protections against phone call scams
Our research shows that phone scammers often try to trick people into performing specific actions to initiate a scam, like changing...
http://security.googleblog.com/2025/05/whats-new-in-android-security-privacy-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Protection: Google's Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security
Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google's strongest protections against targeted attacks.To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users. Whether you're an at-risk individual – such as a journalist, elected official, or public figure – or you just prioritize security, Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're protected against the most sophisticated threats.
Simple to activate, powerful in protectionAdvanced...
http://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing BitLocker Encryption: Bitpixie PoC and WinPE Edition
Depending on the customer’s preference, possible initial access vectors in our red teaming exercises typically include deployment of dropboxes, (device code) phishing or a stolen portable device. The latter is usually a Windows laptop protected by BitLocker for full disk encryption without pre-boot authentication i.e. without a configured PIN or an additional key file. While […]
https://blog.compass-security.com/2025/05/bypassing-bitlocker-encryption-bitpixie-poc-and-winpe-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 2025 State of Application Risk Report: Understanding AI Risk in Software Development
Get details on the AI risks Legit unearthed in enterprises' software factories.
https://www.legitsecurity.com/blog/understanding-ai-risk-in-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero
Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes.
In this blog post, I’ll explore using Mach IPC messages as an attack vector to find and exploit sandbox escapes. I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. Along the way, I’ll discuss some of the difficulties and tradeoffs I encountered.
Transparently, this was my first venture into the world of MacOS security research and building...
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using AI to stop tech support scams in Chrome
Posted by Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security
Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. In a tech support scam, the goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infection, and then convince you to pay for unnecessary services, software, or grant them remote access to your device. Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts. We've also observed them to use full-screen takeovers and disable keyboard and mouse input to create a sense of crisis.
Chrome has always worked with Google Safe Browsing to help...
http://security.googleblog.com/2025/05/using-ai-to-stop-tech-support-scams-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OnRPG - 1,047,640 breached accounts
In July 2016, the now defunct free online games list website OnRPG suffered a data breach that was later redistributed as part of a larger corpus of data. The incident exposed just over 1M email and IP addresses alongside usernames and passwords stored as salted MD5 hashes.
https://haveibeenpwned.com/Breach/OnRPG
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti Connect Buffer Overflow Vulnerability
What is the Vulnerability?CVE-2025-22457 is identified as a buffer overflow vulnerability affecting Ivanti Connect Secure, Policy Secure and ZTA Gateways. If successfully exploited, can result in remote code execution. This exploitation poses significant risks, potentially allowing unauthorized remote access to systems.The Google Threat Intelligence Group (GTIG) has linked the exploitation of CVE-2025-22457 and the subsequent malware deployment to the suspected espionage group known as UNC5221, which is believed to have connections to China.What is the recommended Mitigation?Ivanti customers are strongly encouraged to implement the recommended actions outlined in the Security Advisory to ensure their systems are secured promptly. Ivanti AdvisoryA patch addressing CVE-2025-22457 was made available...
https://fortiguard.fortinet.com/threat-signal-report/6086
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Commvault Command Center Path Traversal Vulnerability
What is the Vulnerability?A critical path traversal vulnerability has been identified in Commvault's Command Center Innovation Release. The vulnerability, tracked as CVE-2025-34028, has been assigned a CVSS score of 10.0. This flaw allows unauthenticated remote attackers to upload specially crafted ZIP files. When these files are expanded by the server, they can lead to arbitrary code execution, potentially resulting in a complete system compromise.Commvault serves a diverse range of industries, including Healthcare, Financial Services, Manufacturing, and more. for securing data management and compliance, protecting financial data and efficiently backing up data.What is the recommended Mitigation?Commvault has addressed this vulnerability in the following patched versions: 11.38 and 11.38.25....
https://fortiguard.fortinet.com/threat-signal-report/6081
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-4318 - Input validation issue in AWS Amplify Studio UI component properties
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/05/05 11:00 AM PDT
Description
The AWS Amplify Studio amplify-codegen-ui is an AWS package that generates front-end code from UI Builder entities (components, forms, views, and themes), primarily used in Amplify Studio for component previews and in AWS Command Line Interface (AWS CLI) for generating component files in customers' local applications
We identified CVE-2025-4318, an input validation issue in Amplify Studio UI component properties. When importing a component schema using the create-component command, Amplify Studio will import and generate the component on the users' behalf. The expression-binding function does not validate the component schema properties before converting them to expressions....
https://aws.amazon.com/security/security-bulletins/AWS-2025-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge
This May marks the fifth annual Maintainer Month, and there are lots of treats in store: new badges, special discounts, events with experts, and more.
The post Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge appeared first on The GitHub Blog.
https://github.blog/open-source/maintainers/welcome-to-maintainer-month-events-exclusive-discounts-and-a-new-security-challenge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening Software Security Under the EU Cyber Resilience Act: A High-Level Guide for Security Leaders and CISOs
Get guidance on key tenets of the EU CRA and how Legit can help address them.
https://www.legitsecurity.com/blog/strengthening-software-security-under-eu-cra
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/articles/threat-intelligence/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TehetségKapu - 54,357 breached accounts
In March 2025, almost 55k records were breached from the Hungarian education office website TehetségKapu. The data was subsequently published to a popular hacking forum and included email addresses, names and usernames.
https://haveibeenpwned.com/Breach/TehetsegKapu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cutting through the noise: How to prioritize Dependabot alerts
Learn how to effectively prioritize alerts using severity (CVSS), exploitation likelihood (EPSS), and repository properties, so you can focus on the most critical vulnerabilities first.
The post Cutting through the noise: How to prioritize Dependabot alerts appeared first on The GitHub Blog.
https://github.blog/security/application-security/cutting-through-the-noise-how-to-prioritize-dependabot-alerts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments
TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations. https://github.com/CompassSecurity/EntraFalcon Entra ID environments can contain thousands of objects – users, groups, service principals, and more – each with unique properties and complex relationships. While manual reviews through the Entra portal might be feasible in smaller environments, they […]
https://blog.compass-security.com/2025/04/introducing-entrafalcon-a-tool-to-enumerate-entra-id-objects-and-assignments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing New Legit ASPM AI Capabilities
Get details on Legit's new AI capabilities.
https://www.legitsecurity.com/blog/announcing-new-legit-aspm-ai-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphone.net/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-3857 - Infinite loop condition in Amazon.IonDotnet
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/04/21 08:00 AM PDT
Description
Amazon.IonDotnet (ion-dotnet) is a .NET library with an implementation of the Ion data serialization format.
We identified CVE-2025-3857, an infinite loop condition in Amazon.IonDotnet. When reading binary Ion data through this library using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service.
We released a fix in version 1.3.1 and recommend users upgrade to address this issue. Additionally, ensure any forked or derivative code is patched...
https://aws.amazon.com/security/security-bulletins/AWS-2025-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://www.safetydetectives.com/blog/lesley-carhart-dragos/
https://tisiphone.net/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 December 2024 Cyber Attacks Timeline
In the second timeline of December 2024, I collected 94 events with a threat landscape dominated by malware with...
https://www.hackmageddon.com/2025/04/18/16-31-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Legit Is Using Classic Economic Tools to Prevent Application Vulnerabilities
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/how-legit-is-using-classic-economic-models-to-prevent-application-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to Look for in Application Security Posture Management (ASPM)
Get details on the key capabilities for an ASPM platform.
https://www.legitsecurity.com/blog/what-to-look-for-in-application-security-posture-management-aspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)
As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you were given a customer laptop and the aim was to “find something interesting”, perhaps a misconfiguration on the customer side. The problem was that the laptop […]
https://blog.compass-security.com/2025/04/3-milliseconds-to-admin-mastering-dll-hijacking-and-hooking-to-win-the-race-cve-2025-24076-and-cve-2025-24994/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we're making security easier for the average developer
Security should be native to your workflow, not a painful separate process.
The post How we're making security easier for the average developer appeared first on The GitHub Blog.
https://github.blog/security/application-security/how-were-making-security-easier-for-the-average-developer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Scans for Secrets in SharePoint
Get details on Legit's new ability to scan for secrets in SharePoint.
https://www.legitsecurity.com/blog/legit-scans-for-secrets-in-sharepoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Campaign Targets Amazon EC2 Instance Metadata via SSRF
Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS.
https://www.f5.com/labs/articles/threat-intelligence/campaign-targets-amazon-ec2-instance-metadata-via-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit and Traceable: Better Together
Get details on Legit's new partnership with Traceable.
https://www.legitsecurity.com/blog/legit-and-traceable-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google announces Sec-Gemini v1, a new experimental cybersecurity model
Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini teamToday, we're announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before. Effectively powering SecOps workflows requires state-of-the-art reasoning capabilities and extensive current cybersecurity knowledge. Sec-Gemini v1 achieves...
http://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming the Wild West of ML: Practical Model Signing with Sigstore
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers. In this blog post we will illustrate why this release is important from Google's point of view.With the advent of LLMs, the ML field has entered an era of rapid evolution. We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical...
http://security.googleblog.com/2025/04/taming-wild-west-of-ml-practical-model.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Power of Identifying Continuously Vulnerable Repositories (CVRs)
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/identifying-continuously-vulnerable-repositories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 December 2024 Cyber Attacks Timeline
In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated...
https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I wannabe Red Team Operator
Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often. “Hey there, how can I become a Red Team Operator? Yours sincerely, a recent graduate.” To us, this is like asking how to become a regular starter on a Premier League football team. There's nothing wrong with […]
https://blog.compass-security.com/2025/04/i-wannabe-red-team-operator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's My Daily Life Like (in OT DFIR)?
One of the most common questions I get asked by aspiring (and current) cybersecurity professionals is what my odd niche of the universe in critical infrastructure incident response is really like, day to day. So let me give a brief overview of what my work life is like. The first thing one needs to understand […]
https://tisiphone.net/2025/03/31/whats-my-daily-life-like-in-ot-dfir/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
http://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/31 08:10 AM PDT
Description
The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker.
We have identified the following issues within the AWS SAM CLI. A fix has been released and we recommend users upgrade to the latest version to address these issues. Additionally, users should ensure any forked or derivative code is patched to incorporate the new fixes.
CVE-2025-3047: When running the AWS SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the...
https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive
How much do scraper bots affect your industry?
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bot-report-scraper-bots-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prevent Web Scraping by Applying the Pyramid of Pain
The Bots Pyramid of Pain: a framework for effective bot defense.
https://www.f5.com/labs/articles/threat-intelligence/prevent-web-scraping-by-applying-the-pyramid-of-pain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with tough, versions prior to 0.20.0 (Multiple CVEs)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/27 02:30PM PDT
Description
The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software. tough is a Rust client library for TUF repositories.
AWS is aware of the following issues within tough, versions prior to 0.20.0. On March 27, 2025, we released a fix in tough 0.20.0 and recommend customers upgrade to address these issues and ensure any forked or derivative code is patched to incorporate the new fixes.
CVE-2025-2885 relates to an issue with missing validation of the root metadata version number which could allow an actor to supply an unexpected version number to the client instead of the intended version in...
https://aws.amazon.com/security/security-bulletins/AWS-2025-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issues with Kubernetes ingress-nginx controller (Multiple CVEs)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/24 09:00AM PDT
Description
Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function.
AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller. Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version.
We have proactively notified customers who were identified as having this controller installed.
References:
CVE-2025-1098 - GitHub Issue
CVE-2025-1974 - GitHub Issue
CVE-2025-1097...
https://aws.amazon.com/security/security-bulletins/AWS-2025-006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New security requirements adopted by HTTPS certificate industry
Posted by Chrome Root Program, Chrome Security Team
The Chrome Root Program launched in 2022 as part of Google's ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying security assurances provided by Transport Layer Security (TLS). Many of these initiatives are described on our forward looking, public roadmap named “Moving Forward, Together.”
At a high-level, “Moving Forward, Together” is our vision of the future. It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy. It's focused on themes that we feel are essential...
http://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
http://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit
Posted by Ian Beer, Google Project Zero
On September 7, 2023 Apple issued an out-of-band security update for iOS:
Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild":
"[The target was] an individual employed by a Washington DC-based civil society organization with international offices...
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
The day before,...
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Titan Security Keys now available in more countries
Posted by Christiaan Brand, Group Product ManagerWe're excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.What is a Titan Security Key?A Titan Security Key is a small, physical device that you can use to verify your identity when you sign in to your Google Account. It's like a second password that's much harder for cybercriminals to steal.Titan Security Keys allow you to store your passkeys on a strong, purpose-built...
http://security.googleblog.com/2025/03/titan-security-keys-now-available-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQLEAKED - CodeQL Supply Chain Attack via Exposed Secret
A publicly exposed GitHub token in CodeQL workflow artifacts could allow attackers to execute malicious code
in repositories using CodeQL, potentially leading to source code exfiltration, secrets compromise, and supply
chain attacks. The vulnerability stemmed from a debug artifact containing environment variables, which could be
downloaded and exploited within a 1-2 second window.
https://www.cloudvulndb.org/codeql-supply-chain-attack-exposed-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlueSky InfoSec News List
Hello all, happy Tuesday. I’ve migrated my cybersecurity news feed list to BlueSky and it can now be found here: https://web-cdn.bsky.app/profile/hacks4pancakes.com/lists/3ll6ownhbuz2o I hope you find this useful. If you’re using Mastodon, the import process is a bit more manual: @Updated InfoSec Mastodon Lists!
https://tisiphone.net/2025/03/25/bluesky-infosec-news-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID Bug Creates Immutable Users
A bug in Entra ID restricted management administrative units allowed creating immutable users that couldn't be modified or disabled, even by Global Administrators. This could enable an attacker to protect a compromised account from containment. The issue was caused by a timing vulnerability when removing users from restricted AUs and required specific steps to remediate affected accounts.
https://www.cloudvulndb.org/entra-id-immutable-users-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with the AWS CDK CLI and custom credential plugins (CVE-2025-2598)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/21 07:00 AM PDT
Description
AWS identified CVE-2025-2598, an issue in the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI), versions 2.172.0 through 2.178.1. The AWS CDK CLI is a command line tool that deploys AWS CDK applications onto AWS accounts.
When customers run AWS CDK CLI commands with credential plugins and configure those plugins to return temporary credentials by including an expiration property, this issue can potentially result in the AWS credentials retrieved by the plugin to be printed to the console output. Any user with access to where the CDK CLI was ran would have access to this output. We have released a fix for this issue and recommend customers...
https://aws.amazon.com/security/security-bulletins/AWS-2025-005/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/articles/threat-intelligence/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS CDK CLI Issue with Custom Credential Plugins
AWS identified a security issue in the AWS CDK CLI versions 2.172.0-2.178.1 where temporary credentials from custom credential plugins could be printed to console output. This potentially exposes sensitive information to users with access to the console. The issue affects plugins that include an expiration property when returning temporary credentials.
https://www.cloudvulndb.org/aws-cdk-cli-credential-plugin-issue
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with Temporary elevated access management (TEAM) - CVE-2025-1969
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/04 10:30 AM PST
Description
Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. We recommend customers upgrade TEAM to the latest release, version 1.2.2.
Affected versions: <1.2.2
Resolution
A fix has been released in version 1.2.2.
Please refer to the "Update TEAM solution" documentation for instructions on upgrading.
References
GHSA-x9xv-r58p-qh86
CVE-2025-1969
Acknowledgement
We would like to thank Redshift Cyber Security for collaborating on this issue through the coordinated vulnerability disclosure process.
Please email aws-security@amazon.com...
https://aws.amazon.com/security/security-bulletins/AWS-2025-004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses
In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve learned, these techniques can be detected by proxies employing TLS inspection, by checking whether the hostname in the SNI matches the one in the HTTP Host header. If they […]
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Yes, That's Me on Your Radio!
I had the honor of another short segment on NPR’s Marketplace this morning. I spoke about the state of cyber crime, and the impact of US government changes on cyber defense.
https://tisiphone.net/2025/03/19/yes-thats-me-on-your-radio/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff.
https://tisiphone.net/2025/03/18/updated-infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 3: Domain Fronting
The last two blog posts in this series were about SNI spoofing and Host header spoofing. We also learned that the latter is addressed by some vendors with a technique called "Domain Fronting Detection". But what exactly is domain fronting? This will be explained in this blog post.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing OSV-Scanner V2: Vulnerability scanner and remediation tool for open source
Posted by Rex Pan and Xueqin Cui, Google Open Source Security TeamIn December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities. Our goal is to simplify and streamline vulnerability management for developers and security teams alike.Today, we're thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with...
http://security.googleblog.com/2025/03/announcing-osv-scanner-v2-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/threat-intelligence/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Reward Program: 2024 in Review
Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who's reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who've recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and related initiatives:The Google VRP revamped its reward structure, bumping rewards up to a maximum...
http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprises Should Consider Replacing Employees' Home TP-Link Routers
An examination of CVE trends from February 2025 scanning data.
https://www.f5.com/labs/articles/threat-intelligence/enterprises-should-consider-replacing-employees-home-tp-link-routers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
November 2024 Cyber Attacks Statistics
In November 2024, Cyber Crime continued to lead the Motivations chart with 72%, up from 68% of October. Operations driven...
https://www.hackmageddon.com/2025/03/05/november-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-30 November 2024 Cyber Attacks Timeline
In the second timeline of November 2024 I collected 117 events (7.8 events/day) with a threat landscape dominated by malware
https://www.hackmageddon.com/2025/02/27/16-30-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Out with the Old, In with the Bold: Gen Threat Labs
For years, Avast Decoded has been your go-to for the latest in cybersecurity insights and research. But as cybercriminals evolve, so do we. Starting now, our groundbreaking research, expert analysis and the stories that keep the digital world safe are moving to one place: the Gen Insights Blog. By uniting our expertise under the Gen […]
The post Out with the Old, In with the Bold: Gen Threat Labs appeared first on Avast Threat Labs.
https://decoded.avast.io/salat/out-with-the-old-in-with-the-bold-gen-threat-labs/?utm_source=rss&utm_medium=rss&utm_campaign=out-with-the-old-in-with-the-bold-gen-threat-labs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 November 2024 Cyber Attacks Timeline
In the first timeline of November 2024 I collected 128 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/02/06/1-15-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not just those implemented in the service, but any other object compatible with being remoted. For example, if you wanted to expose an XML document across the client-server boundary, you could use a pre-existing COM or .NET library and return that object back to the client. By default when the object is returned it's marshaled by reference, which results in the object staying in the out-of-process server.
This flexibility has a number of downsides, one of which is the topic of this...
https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel.
The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn't going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities...
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
http://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
http://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero
As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as...
https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Predictions 2025: The Future of Cybersecurity Unveiled
The digital world is evolving at breakneck speed. In 2025, we're set to witness transformative changes in cybersecurity that will redefine trust, security, and how we navigate our digital lives. Here's what we see coming: Read the full blog to explore the trends in depth. The future of cybersecurity will demand both solutions and vigilance. […]
The post Predictions 2025: The Future of Cybersecurity Unveiled appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/predictions-2025-the-future-of-cybersecurity-unveiled/?utm_source=rss&utm_medium=rss&utm_campaign=predictions-2025-the-future-of-cybersecurity-unveiled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gen Q3/2024 Threat Report
The third quarter threat report is here—and it's packed with answers. Our Threat Labs team had uncovered some heavy stories behind the stats, exposing the relentless tactics shaping today's threat landscape. Here's what you need to know: This is just the surface. Read the full report and see how our Threat Labs team is relentlessly […]
The post Gen Q3/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/gen-q3-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=gen-q3-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unlocking Cybersecurity Talent: The Power of Apprenticeships
Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there's no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let's commit to supporting this important talent development approach
https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver's license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver's license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? This theme resonates strongly with me. I am very fortunate to have the role of leading and
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to...
The post Protecting Your Website From DDoS Attack appeared first on Hacker Combat.
https://www.hackercombat.com/ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars.
The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]
The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild. Diamorphine is a well-known […]
The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors.
In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign
The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.
The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […]
The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first.
As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon.
Update (2025-01-12): Added Lemmy endpoint which has been fixed by now. Also mentioned...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OS command injection
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command Revised on 2025-06-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-167
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)
https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...]
The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)