L'Actu de la presse spécialisée

New DCOM Attack Exploits Windows Installer for Backdoor Access
SUMMARY Cybersecurity researchers at Deep Instinct have uncovered a novel and powerful Distributed Component Object Model (DCOM) based…
https://hackread.com/dcom-attack-exploits-windows-installer-backdoor-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access
 Ivanti has issued critical software updates to address several severe vulnerabilities in its Cloud Services Application (CSA). These vulnerabilities tracked as CVE-2024-11639, CVE-2024-11772, and CVE-2024-11773, affect CSA versions 5.0.2 and earlier. Without mitigation, these flaws could allow malicious attackers to bypass authentication, execute remote code, and manipulate databases, posing significant risks to organizations relying on […] The post Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/ivanti-csa-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese national charged for hacking thousands of Sophos firewalls
The U.S. has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. The U.S. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., faces charges for developing and testing a […]
https://securityaffairs.com/171870/security/chinese-national-charged-for-hacking-sophos-firewalls.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chrome Security Update, Patch For Multiple Vulnerabilities
Google has released a new update on the Stable channel for its Chrome browser, addressing a series of security vulnerabilities. The update has been rolled out as version 131.0.6778.139/.140 for Windows and Mac, and 131.0.6778.139 for Linux. Users can expect the patch to become available over the coming days and weeks. A comprehensive list of changes in this build […] The post Chrome Security Update, Patch For Multiple Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/chrome-security-update-5/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Governments, Telcos Ward Off China's Hacking Typhoons
Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.
https://www.darkreading.com/cyberattacks-data-breaches/governments-telcos-chinas-hacking-typhoons
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action
Resecurity uncovered a large-scale fraud campaign in the UAE where scammers impersonate law enforcement to target consumers. Resecurity has identified a wide-scale fraudulent campaign targeting consumers in the UAE by impersonating law enforcement. Victims are asked to pay non-existent fines online (traffic tickets, parking violations, driving license renewals) following multiple phone calls made on behalf […]
https://securityaffairs.com/171859/cyber-crime/smishing-triad-cybercriminals-impersonate-dubai-police.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WPForms Vulnerability Let Users Issues Subscription Payments
A critical security vulnerability, tracked as CVE-2024-11205, was recently discovered in the popular WordPress plugin, WPForms, which boasts over 6 million active installations globally. This flaw, identified by researcher villu164 through the Wordfence Bug Bounty Program, allows authenticated users with at least subscriber-level permissions to issue unauthorized refunds for Stripe payments and cancel Stripe subscriptions. The vulnerability, categorized […] The post WPForms Vulnerability Let Users Issues Subscription Payments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/wpforms-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday, December 2024 Edition
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common… Read More »
https://krebsonsecurity.com/2024/12/patch-tuesday-december-2024-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Common Log File System (CLFS) driver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Common Log File System (CLFS) driver flaw CVE-2024-49138  (CVSS score: 7.8) to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft December 2024 […]
https://securityaffairs.com/171851/hacking/u-s-cisa-adds-microsoft-windows-clfs-driver-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7149-1: Intel Microcode vulnerabilities
Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel(R) Xeon(R) processors did not properly restrict access to the memory controller when using Intel(R) SGX. This may allow a local privileged attacker to further escalate their privileges. (CVE-2024-21820, CVE-2024-23918) It was discovered that some 4th and 5th Generation Intel(R) Xeon(R) Processors did not properly implement finite state machines (FSMs) in hardware logic. THis may allow a local privileged attacker to cause a denial of service (system crash). (CVE-2024-21853) It was discovered that some Intel(R) Processors did not properly restrict access to the Running Average Power Limit (RAPL) interface. This may allow a local privileged attacker to obtain sensitive information. (CVE-2024-23984) It was discovered that some...
https://ubuntu.com/security/notices/USN-7149-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la presse

Lakeridge gains privacy & security certifications - Canadian Healthcare Technology
By implementing this standard and framework, Lakeridge Health not only strengthens its defences against a potential cyber-attack, but also it ...
https://www.canhealth.com/2024/12/11/lakeridge-gains-privacy-security-certifications/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Opening Statement Of CFTC Commissioner Christy Goldsmith Romero, Meeting ... - Mondo Visione
DAS Conklin is a member of TAC, has presented at TAC meetings on the ION Markets cyber attack and Treasury's response, and participated in TAC's ...
https://mondovisione.com/media-and-resources/news/opening-statement-of-cftc-commissioner-christy-goldsmith-romero-meeting-of-the/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US sanctions Chinese firm over potentially deadly ransomware attack | The Star
... Cyber Attack" in this illustration taken, February 19, 2024. REUTERS/Dado Ruvic/Illustration/File Photo. WASHINGTON (Reuters) -The United States ...
https://www.thestar.com.my/tech/tech-news/2024/12/11/us-sanctions-chinese-firm-over-potentially-deadly-ransomware-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

EU envoys to discuss first sanctions targeting Russian hybrid threats - Reuters
Illustration shows words "Cyber Attack\ · category · Avast antivirus owner Gen Digital acquires MoneyLion in bln deal. 1:00 PM PST. MoneyLion, a ...
https://www.reuters.com/world/europe/eu-envoys-discuss-first-sanctions-targeting-russian-hybrid-threats-2024-12-10/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Local expert weighs in on cyber attack threats to iPhone, Android users | News - WFXG
Local expert weighs in on cyber attack threats to iPhone, Android users ... Background. Semi-Transparent, Opaque, Transparent. Reset Save Settings.
https://www.wfxg.com/news/local-expert-weighs-in-on-cyber-attack-threats-to-iphone-android-users/article_03607382-b749-11ef-8a55-1b812d01bc22.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Arkansas City wraps up investigation into cyberattack of water plant - KWCH
The Arkansas City ...
https://www.kwch.com/2024/12/11/arkansas-city-wraps-up-investigation-into-cyberattack-water-plant/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1 in 5 organisations unable to recover data after cyber atack
... cyber attack in the last 12 to 18 months, with one fifth unable to bounce back and recover data. "The findings clearly highlight the urgency for ...
https://www.cyberdaily.au/culture/11477-1-in-5-organisations-unable-to-recover-data-after-cyber-atack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Soutenez No Hack Me sur Tipeee

L'Actu de la veille (Presse spécialisée)

How Profits and Labor Supply Shape Economic Growth
This section proves two key propositions about long-run profits and their relationship with labor supply. It also discusses the empirical debate on labor supply elasticity and its implications for economic growth, concluding that the labor supply curve is positively sloped in the context of balanced growth.
https://hackernoon.com/how-profits-and-labor-supply-shape-economic-growth?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pepeto ICO Hits Million Milestone, Showcasing Strong Community Support
Pepeto is a zero-fee exchange and staking program for memecoin projects. The project has passed rigorous audits and is committed to security and transparency. Pepeto is preparing to introduce PepetoSwap, a utility designed to facilitate token interoperability.
https://hackernoon.com/pepeto-ico-hits--million-milestone-showcasing-strong-community-support?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities including an actively exploited zero-day. Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. 16 vulnerabilities are rated Critical, 54 are rated Important, and […]
https://securityaffairs.com/171845/security/microsoft-december-2024-patch-tuesday.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday
The zero-day (CVE-2024-49138), plus a worryingly critical unauthenticated RCE security vulnerability (CVE-2024-49112), are unwanted gifts for security admins this season.
https://www.darkreading.com/application-security/microsoft-zero-day-critical-rces-patch-tuesday
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday - December 2024
1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.
https://blog.rapid7.com/2024/12/10/patch-tuesday-december-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stochastic Equilibrium and the Role of Economic Growth in Non-Stochastic Models
This section discusses non-stochastic equilibrium, the impact of economic growth, and the conditions needed for balanced growth, emphasizing the necessity of a specific parameter.
https://hackernoon.com/stochastic-equilibrium-and-the-role-of-economic-growth-in-non-stochastic-models?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Wyden proposes bill to secure US telecoms after Salt Typhoon hacks
U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers earlier this year. [...]
https://www.bleepingcomputer.com/news/security/wyden-proposes-bill-to-secure-us-telecoms-after-salt-typhoon-hacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why software composition analysis is essential for open source security
Open source software security and dependency management have never been more critical, as organizations strive to protect their software supply chains while navigating increasing complexity and risks.
https://www.sonatype.com/blog/why-software-composition-analysis-is-essential-for-open-source-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'Termite' Ransomware Likely Behind Cleo Zero-Day Attacks
The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.
https://www.darkreading.com/cyberattacks-data-breaches/termite-ransomware-behind-cleo-zero-day-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Inflation Only Responds Temporarily to Economic Changes
This subsection explores how the lack of persistence in economic models extends to various scenarios, including demand shocks and supply shocks, while showing that inflation responds only temporarily to these shocks.
https://hackernoon.com/why-inflation-only-responds-temporarily-to-economic-changes?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DWF Labs' First Meme Fund Investment Goes to Koma Inu Project
Koma Inu is the inaugural recipient of DWF Labs' million Meme Fund. The investment comes two weeks after the fund's launch on November 25, 2024. The fund aims to provide both financial resources and strategic guidance to selected projects.
https://hackernoon.com/dwf-labs-first-meme-fund-investment-goes-to-koma-inu-project?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

$OVER Pumped 6000% 4hrs After Launch - The First AI Agent That Wants To Be Your Exit Liquidity
AiSweat.Shop is the first-of-its-kind AI Agent Factory deployed on the Arbitrum Layer 2 blockchain. Powered by the OpenAgent framework from Open (collective include RSS3), A.S. is here to reshape DeFi and DeSci with AgentUI.
https://hackernoon.com/$over-pumped-6000percent-4hrs-after-launch-the-first-ai-agent-that-wants-to-be-your-exit-liquidity?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shiro Neko Achieves Billion Market Cap On Day One
Shiro Neko ($SHIRO) reached a billion market cap on its first day of trading. The team aims to make $SHIRO a standout memecoin, redefining expectations for new launches in the space.
https://hackernoon.com/shiro-neko-achieves--billion-market-cap-on-day-one-ymmbl94?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DeFi Investment Firm Seven Seas Capital Launches Ethereum Yield Fund
Seven Seas Capital launched its ETH DeFi Yield Fund on December 10. The fund aims to generate 10% returns relative to ETH through market making on decentralized exchanges and leveraged positions. Seven Seas has managed .8 billion in non-custodial investment vehicles over three years. The company plans to launch a Bitcoin DeFi Fund as its next product.
https://hackernoon.com/defi-investment-firm-seven-seas-capital-launches-ethereum-yield-fund?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Causes Long-Term Economic Fluctuations?
This section presents proofs on key dynamics in economic models, covering policy responses to demand shocks, welfare theorems, and the persistence of expectational fluctuations.
https://hackernoon.com/what-causes-long-term-economic-fluctuations?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WPForms bug allows Stripe refunds on millions of WordPress sites
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. [...]
https://www.bleepingcomputer.com/news/security/wpforms-bug-allows-stripe-refunds-on-millions-of-wordpress-sites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7148-1: Linux kernel vulnerabilities
Lyu Tao discovered that the NFS implementation in the Linux kernel did not properly handle requests to open a directory on a regular file. A local attacker could use this to expose sensitive information (kernel memory). Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - ATM drivers; - Device frequency scaling framework; - GPU drivers; - Hardware monitoring drivers; - VMware VMCI Driver; - MTD block device drivers; - Network drivers; - Device tree and open firmware driver; - SCSI subsystem; - USB Serial drivers; - BTRFS file system; - File systems infrastructure; - F2FS file system; - JFS file system; - NILFS2...
https://ubuntu.com/security/notices/USN-7148-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TryHackme's Advent of Cyber 2024 — Day 08 Writeup
Day 8: Shellcodes of the world, unite!Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/tryhackmes-advent-of-cyber-2024-day-08-writeup-630635dbf6a1?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zoho QEngine: Arbitrary File Read
Zoho QEngine is a test automation software to test your code on various devices & browsers before they get released.🚀 One of its handy functions is openURL(), which lets you load a test URL in a supported browser like Chrome. Sounds neat, right? But as a security researcher, I couldn't resist digging a bit deeper. 😏🛠️ First Stop: Common SSRF Attack VectorsInitially like all security researchers, My initial intinct was to test for good ol' SSRF test cases & check if, I am able to access their internal services or cloud metadata urls 169.254.169.254.💡 Fun fact: Zoho runs most of its services on its own cloud, no surprise — these URLs didn't fetch anything interesting.🔄 Switching Gears: Testing Non-HTTP ProtocolsWhat if we try something besides http://?...
https://infosecwriteups.com/zoho-qengine-arbitrary-file-read-08df3d1e167e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TryHackme's Advent of Cyber 2024 — Day 10Writeup
Day 10: He had a brain full of macros, and had shells in his soul.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/tryhackmes-advent-of-cyber-2024-day-10writeup-c834b4f2855e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When XML Turns Dangerous: Protecting Your Systems from Direct XXE Attacks
Understanding Direct XXE: What's Happening?Direct XXE attacks exploit the way XML parsers handle external entities. When an XML document includes an external entity declaration, the parser fetches the referenced resource — a file, a web address, or even another service. If the parser doesn't explicitly block this behaviour, attackers can access sensitive files, steal data, or perform unauthorized actions.How Direct XXE Works: A Step-by-Step BreakdownScenario: MegaBank's Screenshot FeatureMegaBank offers a feature allowing users to send a screenshot of their current account page to customer support. The feature involves the following steps:User Interaction:The user clicks the “Send Screenshot” button on the MegaBank web page.The browser fetches the visible HTML content of the page.Serialization:The...
https://infosecwriteups.com/when-xml-turns-dangerous-protecting-your-systems-from-direct-xxe-attacks-03e7336e34ff?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Steganographic Malware
Concealing Threats within Digital MediaIn the digital world, where cybersecurity measures are constantly evolving, attackers are always looking for new ways to bypass detection. One of the most ingenious methods is the use of steganography, a technique that hides information within innocuous-looking images, videos, or files.What is Steganographic Malware?Steganographic malware refers to malicious software that conceals itself within images, videos, or files to avoid detection by traditional security systems. Unlike conventional malware that might be identified through signature-based detection or behavioral analysis, steganographic malware hides in plain sight, embedding its payloads within seemingly harmless digital media.Key Characteristics:Concealment: The primary goal is to make the...
https://infosecwriteups.com/steganographic-malware-dcba3c5455e2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TryHackme's Advent of Cyber 2024 — Day 09 Writeup
Day 9: Nine o’clock, make GRC fun, tell no one.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/tryhackmes-advent-of-cyber-2024-day-09-writeup-53d29192f80a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OWASP Top 10 2025 Predictions
“Maybe wars aren’t meant to be won. Maybe they’re meant to be continuous…”Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/owasp-top-10-2025-predictions-56882fbf565e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Ways I Got RCE's In the Wild
For offensive security professionals, finding RCE vulnerabilities is usually a crown jewel for many black-box and white-box projects. These kind of vulnerabilities reside in many different ways, but there are some common functionalities to find them.In this article we will explore common methods to achieve RCE, including SQL injection, command injection, path traversal, Local File Inclusion (LFI), and file upload vulnerabilities. For each attack vector, we'll provide examples and real-world cases I had in my engagements to illustrate the impact.1 — SQL InjectionSQL injections are well known as maybe the most famous web attack, providing the attacker control over the target's database. But except for data exfiltration, SQL injection could be even more dangerous, allowing the attacker...
https://infosecwriteups.com/5-ways-i-got-rces-99a78901ba33?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How I Bypassed OTP Like a Devil, Leading to Full Account Takeover
Introduction:Hello, hackers! Zero is back with another thrilling tale from my bug bounty adventures. This time, I went head-to-head with a seemingly impenetrable OTP system, only to uncover a devilishly simple bypass that led to a full account takeover. Sound exciting? Buckle up, because this story is a rollercoaster of curiosity, creativity, and responsible disclosure.If you're new to hacking, don't worry — you'll find this breakdown easy to follow and, hopefully, inspiring! Let's dive in!How I Did ItThe target site, let's call it radicated.com, had a simple setup:OTP-based login.Email and password login.Google login.Now, when I saw the OTP login option, my inner hacker thought, Can I bypass this and take over an account? The challenge was on! Spoiler: I pulled it off....
https://infosecwriteups.com/how-i-bypassed-otp-like-a-devil-leading-to-full-account-takeover-7bb7a673f7a0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ivanti warns of maximum severity CSA auth bypass vulnerability
Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. [...]
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Azure PaaS Services with Network Security Perimeter: Enhancing Cloud Security and Efficiency
PAAS services are getting very popular and they have less operational overhead and simple to deploy. Companies are turning to cloud…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/azure-paas-services-with-network-security-perimeter-enhancing-cloud-security-and-efficiency-13732c2c3a2e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CryptoAutos Announces TGE For $AUTOS Token Following Sold-Out Public Sale
CryptoAutos, the world's first blockchain-powered luxury automotive marketplace, has announced the Token Generation Event (TGE) for its native utility token, $AUTOS. The TGE announcement follows a successful Community Launch on __Fjord Foundry, which raised .5 million in just 5.5 hours. $AUTos will launch at a fixed price of .04, representing a fully diluted valuation of million.
https://hackernoon.com/cryptoautos-announces-tge-for-$autos-token-following-sold-out-public-sale?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DWF Labs Launches Million AI Agent Fund To Accelerate Innovation In Autonomous AI Technologies
DwF Labs has launched a million fund dedicated to supporting the development of autonomous AI agents. The new fund aims to support Web3 projects building next-generation AI agent solutions that have the potential to transform industries and redefine the digital economy.
https://hackernoon.com/dwf-labs-launches--million-ai-agent-fund-to-accelerate-innovation-in-autonomous-ai-technologies?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is Crypto Just Another Misleading Strategy by The Re-Elected Trump?
Donald Trump has made promises to the crypto world. He wants the U.S. to be the hub of Bitcoin production. He also wants to lower national interest rates, which could urge more crypto buying.
https://hackernoon.com/is-crypto-just-another-misleading-strategy-by-the-re-elected-trump?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware
The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations.
https://hackread.com/black-basta-gang-ms-teams-email-bombing-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows 10 KB5048652 update fixes new motherboard activation bug
Microsoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device's motherboard. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5048652-update-fixes-new-motherboard-activation-bug/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2024-patch-tuesday-fixes-1-exploited-zero-day-71-flaws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day
In its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical vulnerabilities and 1 zero-day. This December update marks a crucial milestone in Microsoft’s ongoing efforts to enhance the security of its products and protect users from potential cyber threats. Critical Zero-Day Vulnerability […] The post Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/microsoft-patch-tuesday-december-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows 11 KB5048667 & KB5048685 cumulative updates released
Microsoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5048667-and-kb5048685-cumulative-updates-released/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Cloud expands vulnerability detection for Artifact Registry using OSV
Posted by Greg Mucci, Product Manager, Artifact Analysis, Oliver Chang, Senior Staff Engineering, OSV, and Charl de Nysschen, Product Manager OSVDevOps teams dedicated to securing their supply chain and predicting potential risks consistently face novel threats. Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage. A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis. This scanning service leverages the same infrastructure that Google depends on to monitor vulnerabilities within its internal systems and software supply chains.Artifact Analysis has recently expanded its scanning coverage to eight additional language packages,...
http://security.googleblog.com/2024/12/google-cloud-expands-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7147-1: Apache Shiro vulnerabilities
It was discovered that Apache Shiro incorrectly handled path traversal when used with other web frameworks or path rewriting. An attacker could possibly use this issue to obtain sensitive information or administrative privileges. This update provides the corresponding fix for Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2023-34478, CVE-2023-46749) It was discovered that Apache Shiro incorrectly handled web redirects when used together with the form authentication method. An attacker could possibly use this issue to perform phishing attacks. This update provides the corresponding fix for Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2023-46750) It was discovered that Apache Shiro incorrectly handled requests through servlet filtering. An attacker could possibly use this issue to obtain administrative...
https://ubuntu.com/security/notices/USN-7147-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scottish Parliament TV at Risk From Deepfakes
Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams.
https://www.darkreading.com/cyberattacks-data-breaches/scottish-parliament-tv-risk-deepfakes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dell Urges Immediate Update to Fix Critical Power Manager Vulnerability
A critical security flaw in Dell Power Manager has been discovered that could allow attackers to compromise your systems and execute arbitrary code.
https://hackread.com/dell-urges-update-critical-power-manager-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FTC distributes million in Fortnite refunds from Epic Games
The Federal Trade Commission (FTC) is distributing over million in Epic Game Fortnite refunds for the company's use of dark patterns to trick players into making unwanted purchases. [...]
https://www.bleepingcomputer.com/news/gaming/ftc-distributes-72-million-in-fortnite-refunds-from-epic-games/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US sanctions Chinese firm for hacking firewalls in ransomware attacks
The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. [...]
https://www.bleepingcomputer.com/news/security/us-sanctions-chinese-firm-for-hacking-firewalls-in-ragnarok-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercrime Gangs Abscond With Thousands of AWS Credentials
The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.
https://www.darkreading.com/endpoint-security/cybercrime-gangs-steal-thousands-aws-credentials
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Cyber Threats Are a Concern for Every Business Today
What's the cost of a single click? For too many businesses, it could mean locked systems, stolen funds, or customer data exposed to the highest bidder.
https://linuxsecurity.com/news/security-trends/cyber-threats-are-every-business-concern
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SAP fixed critical SSRF flaw in NetWeaver's Adobe Document Services
SAP has issued patches for 16 vulnerabilities, including a critical SSRF flaw in NetWeaver’s Adobe Document Services. SAP addressed 16 vulnerabilities as part of its December 2024 Security Patch Day. The company released nine new and four updated security notes. The most severe of these vulnerabilities is a critical issue, tracked as CVE-2024-47578 (CVSS score […]
https://securityaffairs.com/171839/security/sap-fixed-critical-ssrf-flaw-netweaver.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Cleo zero-day RCE flaw exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. [...]
https://www.bleepingcomputer.com/news/security/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inside the incident: Uncovering an advanced phishing attack
Recently, Varonis investigated a phishing campaign in which a malicious email enabled a threat actor to access the organization. This blog post will reveal the tactics used to avoid detection and share what was discovered during the investigation. [...]
https://www.bleepingcomputer.com/news/security/inside-the-incident-uncovering-an-advanced-phishing-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lessons From the Largest Software Supply Chain Incidents
The software supply chain is a growing target, and organizations need to take special care to safeguard it.
https://www.darkreading.com/vulnerabilities-threats/lessons-largest-software-supply-chain-incidents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weekly Detection Rule (YARA and Snort) Information – Week 2, December 2024
The following is the information on Yara and Snort rules (week 2, December 2024) collected and shared by the AhnLab TIP service. 8 YARA Rules Detection name Description Source VeeamHax exe – file VeeamHax.exe https://github.com/The-DFIR-Report/Yara-Rules PK_Elster_darknet Phishing Kit impersonating Elster tax office (DE) https://github.com/t4d/PhishingKit-Yara-Rules PK_Nickel_memoryerror Phishing Kit impersonating Nickel https://github.com/t4d/PhishingKit-Yara-Rules PK_Telegram_gambar Phishing Kit impersonating Telegram […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 2, December 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/85075/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Target Job Seekers with AppLite Trojan Using Fake Job Emails
SUMMARY Zimperium’s zLabs has shared its latest research with Hackread.com, ahead of its publishing on December 10. According…
https://hackread.com/hackers-job-seekers-banking-trojan-fake-job-emails/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New OpenWrt Flaws Fixed: Implications for Router Security & Mitigation Strategies
Recently discovered vulnerabilities in OpenWrt , an open-source firmware for routers and embedded devices, have cast light on new network security flaws that admins, businesses, and home router users must be aware of. OpenWrt recently addressed critical security issues that allowed attackers to inject malicious commands or exploit hash collisions in its Imagebuilder tool on Attendedsysupgrade Server (ASU), potentially serving compromised images to unwitting users, thereby undermining network security on these routers. With wide use across enterprises, small businesses, and tech-savvy households, this discovery has massive implications for all using OpenWrt.
https://linuxsecurity.com/news/iot-security/new-openwrt-flaws-fixed-implications-for-router-security-mitigation-strategies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RedLine Malware Weaponizing Pirated Corporate Softwares To Steal Logins
Attackers are distributing a malicious .NET-based HPDxLIB activator disguised as a new version, which is signed with a self-signed certificate, and targets entrepreneurs automating business processes and aims to compromise their systems. They are distributing malicious activators on forums targeting business owners and accountants, deceptively promoting them as legitimate license bypass tools with update functionality […] The post RedLine Malware Weaponizing Pirated Corporate Softwares To Steal Logins appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/redline-stealer-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Widespread exploitation of Cleo file transfer software (CVE-2024-50623)
On Monday, December 9, multiple security firms began privately circulating reports of in-the-wild exploitation targeting Cleo file transfer software. Late the evening of December 9, security firm Huntress published a blog on active exploitation of three different Cleo products (docs):Cleo VLTrader, a server-side solution for “mid-enterprise organizations”Cleo Harmony,
https://blog.rapid7.com/2024/12/10/etr-widespread-exploitation-of-cleo-file-transfer-software-cve-2024-50623/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Visual Studio Tunnels Abused For Stealthy Remote Access
In an attack campaign dubbed “Operation Digital Eye,” a suspected China-nexus threat actor has been observed targeting business-to-business IT service providers in Southern Europe.  The attack operation lasted roughly three weeks, from late June to mid-July 2024. The intrusions could have allowed the attackers to gain a strategic foothold and compromise downstream entities.  In particular, […] The post Visual Studio Tunnels Abused For Stealthy Remote Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/visual-studio-tunnels-abused/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne's Largest Bug Bounty Program Boasts 300 Hackers, M In Rewards
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in CSO Sausalito, Calif. – Dec. 10, 2024 According to Cybersecurity Ventures, cybercrime is expected to cost the world .5 trillion annually by 2025 – an astronomical increase from trillion in 2015. The post HackerOne’s Largest Bug Bounty Program Boasts 300 Hackers, M In Rewards appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/hackerones-largest-bug-bounty-program-boasts-300-hackers-2m-in-rewards/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Critical Role of Open-Source Encryption Apps in Combating Chinese Telecom Hacking
Linux admins and infosec professionals tasked with safeguarding sensitive communications face increasing risks with emerging privacy threats like China-sponsored telecom hacking on the rise. Chinese telecom hacking involves sophisticated cyberespionage activities aimed at critical infrastructure, intellectual property, and sensitive data that threaten national security and economic stability.
https://linuxsecurity.com/features/features/combating-chinese-telecom-hacking-encryption-open-source-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A CISO's Guide to Managing Risk as the World Embraces AI
As Generative AI becomes more deeply integrated into our digital landscape, organizations face a growing need to manage application, technology, and cybersecurity risks effectively. The rapid evolution of AI technology... The post A CISO's Guide to Managing Risk as the World Embraces AI appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/a-cisos-guide-to-managing-risk-as-the-world-embraces-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft 365 outage takes down Office web apps, admin center
Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-office-web-apps-admin-center/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Red Teaming Helps Meet DORA Requirements
The Digital Operational Resilience Act (DORA) sets strict EU rules for financial institutions and IT providers, emphasizing strong…
https://hackread.com/how-red-teaming-helps-meet-dora-requirements/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TikTok ban in US: Company seeks emergency injunction to prevent it
TikTok has requested an emergency injunction to stop or postpone the planned ban on the platform in the US.
https://www.malwarebytes.com/blog/news/2024/12/tiktok-ban-in-us-company-seeks-emergency-injunction-to-prevent-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical SAP Vulnerabilities Let Attackers Upload Malicious PDF Files
SAP has issued Security Note 3536965 to address multiple high-severity vulnerabilities in the Adobe Document Services of SAP NetWeaver AS for JAVA. These vulnerabilities, identified as CVE-2024-47578CVE-2024-47579, and CVE-2024-47580, allow attackers to manipulate or upload malicious PDF files, potentially compromising internal systems and exposing sensitive data. Details of the Vulnerabilities CVE-2024-47578: Server-Side Request Forgery (SSRF) This flaw allows attackers with administrative privileges to send specially crafted […] The post Critical SAP Vulnerabilities Let Attackers Upload Malicious PDF Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/critical-sap-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese hackers use Visual Studio Code tunnels for remote access
Chinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persistent access to compromised systems. [...]
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-visual-studio-code-tunnels-for-remote-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sprawling 'Operation Digital Eye' Attack Targets European IT Orgs
A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.
https://www.darkreading.com/cyberattacks-data-breaches/operation-digital-eye-attack-targets-european-it-orgs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dell Warns of Critical Code Execution Vulnerability in Power Manager
Dell Technologies has issued a security advisory, DSA-2024-439, to alert users of a critical vulnerability in its Dell Power Manager software. The vulnerability, identified as CVE-2024-49600, could allow malicious attackers to execute arbitrary code and gain elevated privileges on the affected systems. Users are urged to update immediately to mitigate potential risks. The vulnerability has been […] The post Dell Warns of Critical Code Execution Vulnerability in Power Manager appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/dell-warns-critical-code-execution-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers Uncovered Hackers Infrastructre Using Passive DNS Technique
Cybersecurity researchers have unveiled an advanced technique to uncover hackers’ operational infrastructure using passive DNS data. This groundbreaking method sheds light on how attackers establish and maintain their networks to perpetrate malicious activities while remaining resilient to detection. By leveraging passive DNS analysis, experts have made significant strides in identifying threats before they wreak havoc, […] The post Researchers Uncovered Hackers Infrastructre Using Passive DNS Technique appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/passive-dns-technique/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7146-1: Dogtag PKI vulnerabilities
Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-7537) It was discovered that Dogtag PKI did not properly sanitize user input. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2020-25715) It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. This issue only affected Ubuntu 16.04 LTS. (CVE-2022-2414)...
https://ubuntu.com/security/notices/USN-7146-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Let's Encrypt to End Support for Online Certificate Status Protocol (OCSP)
Let's Encrypt has officially announced its timeline to phase out support for the Online Certificate Status Protocol (OCSP). The nonprofit Certificate Authority (CA) plans to fully transition to Certificate Revocation Lists (CRLs) by mid-2025, citing privacy concerns and efficiency gains as primary reasons for the change. Phased Timeline for Transition Let's Encrypt rolled out a […] The post Let's Encrypt to End Support for Online Certificate Status Protocol (OCSP) appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/lets-encrypt-to-end-support/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ShinyHunters, Nemesis Linked to Hacks After Leaking Their AWS S3 Bucket
Summary Cybersecurity researchers have identified a large-scale hacking operation linked to notorious ShinyHunters and Nemesis hacking groups. In…
https://hackread.com/shinyhunters-nemesis-hacks-aws-s3-bucket-leak/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7145-1: Expat vulnerability
It was discovered that Expat did not properly handle its internal state when attempting to resume an unstarted parser. An attacker could use this issue to cause a denial of service (application crash).
https://ubuntu.com/security/notices/USN-7145-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Romanian energy supplier Electrica Group is facing a ransomware attack
Romanian energy supplier Electrica Group is investigating an ongoing ransomware attack impacting its operations. Romanian energy supplier Electrica Group suffered a cyber attack that is impacting its operations. The company assured investors that the attack hadn’t affected its critical systems, but temporary disruptions in customer services might occur due to enhanced security protocols. These measures […]
https://securityaffairs.com/171832/hacking/electrica-group-ransomware-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille (Presse)

Chairman Green, Rep. Lee Applaud House Passage of Bill Combating CCP Cyber Threats
... cyber-attack at a time of their choosing,” Chairman Moolenaar said. “I'm proud to co-sponsor this legislation led by Rep. Laurel Lee (R-FL) that ...
https://homeland.house.gov/2024/12/10/chairman-green-rep-lee-applaud-house-passage-of-bill-combating-ccp-cyber-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Milwaukee officials worry Ascension Wisconsin cuts will slow heart attack responses - WPR
The move comes as the hospital system was the victim of a cyber attack earlier this year that impacted patient records. ... Ascension still working to ...
https://www.wpr.org/news/milwaukee-officials-worry-ascension-wisconsin-cuts-will-slow-heart-attack-responses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rumpke Waste & Recycling targeted in apparent cyber attack - WAVE 3
(WAVE) - Current and ...
https://www.wave3.com/2024/12/10/rumpke-waste-recycling-targeted-apparent-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US sanctions Chinese firm over potentially deadly ransomware attack - CNA
... Cyber Attack" in this illustration taken, February 19, 2024. REUTERS/Dado Ruvic/Illustration/File Photo. 11 Dec 2024 05:42AM. Bookmark Bookmark ...
https://www.channelnewsasia.com/world/us-sanctions-chinese-firm-over-potentially-deadly-ransomware-attack-4798741
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware group Termite strikes Blue Yonder SaaS provider - Digital Insurance
Termite, an emerging ransomware group, claimed credit for the Nov. 21 cyber attack on Blue Yonder, an AI- driven supply chain management company.
https://www.dig-in.com/news/ransomware-group-termite-strikes-blue-yonder-saas-provider
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

USN-7141-1: oFono vulnerabilities
It was discovered that oFono incorrectly handled decoding SMS messages leading to a stack overflow. A remote attacker could potentially use this issue to cause a denial of service. (CVE-2023-2794, CVE-2023-4233, CVE-2023-4234)
https://ubuntu.com/security/notices/USN-7141-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft NTLM Zero-Day to Remain Unpatched Until April
The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.
https://www.darkreading.com/application-security/microsoft-ntlm-zero-day-remain-unpatched-april
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Guidance for Federal AI Procurement Embraces Red Teaming and Other HackerOne Suggestions
The U.S. government has embraced HackerOne's recommendations for the new federal AI procurements guidance.
https://www.hackerone.com/public-policy/federal-ai-procurement-guidance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Windows Zero-Day Alert: No Patch Available Yet for Users
Protect your systems with automated patching and server hardening strategies to defend against vulnerabilities like the NTLM zero-day.…
https://hackread.com/windows-zero-day-alert-no-patch-available-for-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Millionaire Airbnb Phishing Ring Busted Up by Police
Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement.
https://www.darkreading.com/cyberattacks-data-breaches/millionaire-airbnb-phishing-ring-busted-police
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attackers Can Use QR Codes to Bypass Browser Isolation
Researchers demonstrate a proof-of-concept cyberattack vector that gets around remote, on-premises, and local versions of browser isolation security technology to send malicious communications from an attacker-controlled server.
https://www.darkreading.com/endpoint-security/attackers-qr-codes-bypass-browser-isolation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Configuring SELinux: An In-Depth Guide to Securing Your Linux System
Imagine a security system so exact it seems nearly surgical. Designed by the National Security Agency (NSA), Security-Enhanced Linux (SELinux) is precisely that''a program used to enforce rigorous access restrictions and maintain systems secure.
https://linuxsecurity.com/features/features/securing-linux-using-selinux
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deloitte denied its systems were hacked by Brain Cipher ransomware group
Deloitte has responded to claims by the Brain Cipher ransomware group, which alleges the theft of over 1 terabyte of the company’s data. Recently, the ransomware group Brain Cipher added Deloitte UK to its Tor leak site. The gang claimed to have stolen one terabyte of compressed data from the company. A Deloitte spokesperson addressed […]
https://securityaffairs.com/171827/uncategorized/deloitte-denied-its-systems-were-hacked-by-brain-cipher-ransomware-group.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Phishers Impersonating Police Arrested in Multi-Million Euro Scam
Summary: A massive phishing operation that targeted victims across Europe has been dismantled, thanks to a joint effort…
https://hackread.com/phishers-impersonate-police-arrest-million-euro-scam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Report from Cloud Security Alliance Highlights Key Aspects of Data Resiliency in the Financial Sector
Findings emphasize the importance of regulatory compliance, strategic cloud adoption, regional considerations, and the need for continuous improvement in security practices SEATTLE – Dec. 10, 2024 – Financial institutions (FIs) are cautiously but increasingly adopting cloud technologies, while simultaneously placing greater value on multi-cloud strategies in order to avoid vendor lock-in and enhance data sovereignty, according to a new survey from the Cloud Security Alliance (CSA), the world'...
https://cloudsecurityalliance.org/articles/csa-report-highlights-key-aspects-of-data-resiliency-in-financial-sector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption
More than 4% of US attempted e-commerce transactions between Thanksgiving and Cyber Monday suspected to be fraudulent.
https://www.darkreading.com/physical-security/genetec-physical-security-report-shows-accelerating-hybrid-cloud-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Art Appreciation Supplements Cybersecurity Skills
Using different parts of our brains gives us different perspectives on the world around us and new approaches to the problems we face in security.
https://www.darkreading.com/cybersecurity-operations/how-art-appreciation-supplements-cybersecurity-skills
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sacumen Advances to the Front Line of Thought Leadership: Accelerates Cybersecurity Integration with Innovative Program
Cyber Defense Magazine Thought Leadership Interview with Nitesh Sinha, Founder and CEO of Sacumen and Praneeth Kudithipudi EVP Sales of Sacumen By Yan Ross, CDM Editor-in-Chief Editor's Note: Cyber Defense... The post Sacumen Advances to the Front Line of Thought Leadership: Accelerates Cybersecurity Integration with Innovative Program appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/sacumen-advances-to-the-front-line-of-thought-leadership-accelerates-cybersecurity-integration-with-innovative-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How I got started: Incident responder
As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role? With our How I Got Started series, we learn from experts in their field and find out how they got started […] The post How I got started: Incident responder appeared first on Security Intelligence.
https://securityintelligence.com/articles/how-i-got-started-incident-responder/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7144-1: Linux kernel (Intel IoTG) vulnerabilities
Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service (guest crash) or possibly execute arbitrary code. (CVE-2024-25744) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Android drivers; - Serial ATA and Parallel ATA drivers; -...
https://ubuntu.com/security/notices/USN-7144-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital Assets Cybersecurity Essentials
Discover essential tips to secure your digital assets like crypto, NFTs, and tokens. Learn about wallet safety, avoiding…
https://hackread.com/digital-assets-cyber-security-essentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement
Authorities were able to intercept the Matrix messaging service's traffic and monitor criminal activity for three months.
https://www.malwarebytes.com/blog/news/2024/12/encrypted-messaging-service-intercepted-2-3-million-messages-read-by-law-enforcement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Steps To Protect Against Cybersecurity Threats During Mergers and Acquisitions
Transactions involving U.S. targets and acquirers continue to represent a substantial percentage of overall deal volume, with U.S. M&A exceeding .26 trillion in 2023, according to research from the Harvard Law... The post Steps To Protect Against Cybersecurity Threats During Mergers and Acquisitions appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/steps-to-protect-against-cybersecurity-threats-during-mergers-and-acquisitions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7143-1: RabbitMQ Server vulnerabilities
Christian Rellmann discovered that RabbitMQ Server did not properly sanitize user input when adding a new user via the management UI. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2021-32718) Fahimhusain Raydurg discovered that RabbitMQ Server did not properly sanitize user input when using the federation management plugin. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. (CVE-2021-32719)
https://ubuntu.com/security/notices/USN-7143-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Liability Policies: The Download on Ransomware
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Union Risk Advisors Sausalito, Calif. – Dec. 9, 2024 Nearly every organization has an exposure to Cyber Liability. The only differentiating factors are severity and where an organization falls from a The post Cyber Liability Policies: The Download on Ransomware appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cyber-liability-policies-the-download-on-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scanning For Credentials, and BotPoke Changes IPs Again
Nearly 50% of observed traffic is looking for accidentally exposed data.
https://www.f5.com/labs/articles/threat-intelligence/scanning-for-credentials-and-botpoke-changes-ips-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ultralytics AI Library with 60M Downloads Compromised for Cryptomining
Another day, another supply chain attack!
https://hackread.com/ultralytics-ai-library-compromised-for-cryptomining/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Senior Dating - 765,517 breached accounts
In 2024, the 40+ dating website Senior Dating suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 766k users of the service including email addresses, photos, genders, links to Facebook accounts, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down after the breach was acknowledged by the site operator in December, along with a breach of the "ladies.com" website run by the same organisation.
https://haveibeenpwned.com/PwnedWebsites#SeniorDating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7142-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
https://ubuntu.com/security/notices/USN-7142-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ladies.com - 118,809 breached accounts
In 2024, the lesbian dating website ladies.com suffered a data breach. Attributed to an exposed Firebase database, the breach included extensive personal information on 119k users of the service including email addresses, photos, sexual orientation, genders, dates of birth and precise latitude and longitude, among other personal attributes. The website was shut down in mid-2024 and the breach later acknowledged by the site operator in December, along with a breach of the "Senior Dating" website run by the same organisation.
https://haveibeenpwned.com/PwnedWebsites#Ladies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mandiant devised a technique to bypass browser isolation using QR codes
Mandiant revealed a technique to bypass browser isolation using QR codes, enabling command transmission from C2 servers. Browser isolation is a security measure that separates web browsing from the user’s device by running the browser in a secure environment (e.g., cloud or VM) and streaming visuals. Mandiant has identified a new technique for bypassing browser […]
https://securityaffairs.com/171809/hacking/bypass-browser-isolation-using-qr-codes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Story of the Year: global IT outages and supply chain attacks
While the CrowdStrike incident is still fresh in our minds, Kaspersky experts look back on similar IT outages that happened in 2024 and predict potential threats for 2025.
https://securelist.com/ksb-story-of-the-year-2024/114883/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (December 2 – December 8)
A list of topics we covered in the week of December 2 to December 8 of 2024
https://www.malwarebytes.com/blog/news/2024/12/a-week-in-security-december-2-december-8-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2023 Anna Jaques Hospital data breach impacted over 310,000 people
Anna Jaques Hospital revealed that the ransomware attack it suffered last year has exposed sensitive health data for over 316,000 patients. On December 25, 2023, a ransomware attack hit the Anna Jaques Hospital. The hospital revealed that the security breach exposed sensitive health data for over 316,000 patients. Anna Jaques Hospital is a not-for-profit community healthcare […]
https://securityaffairs.com/171801/data-breach/anna-jaques-hospital-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-7140-1: Tinyproxy vulnerability
It was discovered that Tinyproxy did not properly manage memory under certain circumstances. An attacker could possibly use this issue to leak left-over heap data if custom error page templates containing special non-standard variables are used.
https://ubuntu.com/security/notices/USN-7140-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Debian LTS: DLA-3987-1: renderdoc Security Advisory Updates
Multiple vulnerabilities have been fixed in the graphics debugger RenderDoc. CVE-2023-33863
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-3987-1-renderdoc-security-advisory-updates-trlzlz0s5hua
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

November 2024 Deep Web and Dark Web Trend Report
Note   This trend report on the deep web and dark web of November 2024 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true.     Major Issues     1. Ransomware     1.1 […] 게시물 November 2024 Deep Web and Dark Web Trend Report이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/85072/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Debian LTS: DLA-3986-1: php7.4 Security Advisory Updates
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language, which could result in denial of service, authorization bypass, or information disclosure.
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-3986-1-php7-4-security-advisory-updates-ql1wml8wet1v
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BYTE BY BYTE
In an era where digital transformation is reshaping healthcare, dental practices find themselves caught in a perfect storm of cybersecurity vulnerabilities. As ransomware attacks surge across the healthcare sector, dental... The post BYTE BY BYTE appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/byte-by-byte/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 23
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. SmokeLoader Attack Targets Companies in Taiwan LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux       Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT   DroidBot: Insights from a new Turkish MaaS fraud operation   RedLine, A […]
https://securityaffairs.com/171794/malware/security-affairs-malware-newsletter-round-23.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gentoo: GLSA-202412-14: HashiCorp Consul: Security Advisory Updates
Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
https://linuxsecurity.com/advisories/gentoo/gentoo-glsa-202412-14-hashicorp-consul-security-advisory-updates-bbpeilfmlsbj
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gentoo: GLSA-202412-12: PostgreSQL: Security Advisory Updates
Multiple vulnerabilities have been discovered in PostgreSQL, the worst of which could lead to arbitrary code execution.
https://linuxsecurity.com/advisories/gentoo/gentoo-glsa-202412-12-postgresql-security-advisory-updates-1wk9onnqe5gj
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Manufacturing IT Leaders are Turning to AI-Powered Cybersecurity Training
In the rapidly evolving digital landscape, cybersecurity has emerged as a critical concern, particularly for the manufacturing sector. Recent data highlights a staggering 165% surge in cyber-attack attempts on manufacturing facilities, a... The post Why Manufacturing IT Leaders are Turning to AI-Powered Cybersecurity Training appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/why-manufacturing-it-leaders-are-turning-to-ai-powered-cybersecurity-training/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hack My Career: Saskia Braucher

https://www.hackerone.com/culture-and-talent/hack-my-career-saskia-braucher
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams
Unit 42 probes network abuses around events like the Olympics, featuring case studies of scams and phishing through domain registrations and more. The post Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams appeared first on Unit 42.
https://unit42.paloaltonetworks.com/suspicious-domain-registration-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Halting Hackers on the Holidays: Protecting Yourself from Seasonal Cyber Threats
by Gary S. Miliefsky, CISSP, fmDHS Ho-ho-hold on to your data! 🎅 The holiday season is here, bringing cheer, gifts, and…cybercriminals?! That's right! While you're decking the halls, hackers are... The post Halting Hackers on the Holidays: Protecting Yourself from Seasonal Cyber Threats appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/halting-hackers-on-the-holidays-protecting-yourself-from-seasonal-cyber-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 12/06/2024
This week's release adds 9 new modules. A big thank you to the community for this awesome release. Learn more about the post-Thanksgiving big release!
https://blog.rapid7.com/2024/12/06/metasploit-weekly-wrap-up-44/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Europol takes down criminal data hub Manson Market in busy month for law enforcement
Two operators and 50 servers that were behind an online marketplace where criminals could buy stolen data have been seized
https://www.malwarebytes.com/blog/news/2024/12/marketplace-serving-fraudsters-taken-down-by-european-law-enforcement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Preparing for EU AI Act from a Security Perspective
The world's first artificial intelligence law, the EU AI Act, finally came into effect on 1 Aug 2024, 4 years after it was initially proposed by the European Commission. After... The post Preparing for EU AI Act from a Security Perspective appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/preparing-for-eu-ai-act-from-a-security-perspective/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Malware & Security Issue 1st Week of December, 2024
ASEC Blog publishes “Android Malware & Security Issue 1st Week of December, 2024” 게시물 Android Malware & Security Issue 1st Week of December, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/85014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rapid7 Extends Cloud Security Capabilities with Updates to Exposure Command
With purpose-built harvesting technology providing real-time visibility into everything running across multi-cloud environments, Exposure Command from Rapid7 ensures teams have an up-to-date inventory, mapping their cloud attack surface and enriching asset data with risk and business context.
https://blog.rapid7.com/2024/12/06/rapid7-extends-cloud-security-capabilities-with-updates-to-exposure-command/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How TikTok is reframing cybersecurity efforts
You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its […] The post How TikTok is reframing cybersecurity efforts appeared first on Security Intelligence.
https://securityintelligence.com/articles/how-tiktok-is-reframing-cybersecurity-efforts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ProjectSend Improper Authentication Vulnerability (CVE-2024-11680)
What is the attack?ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload web shells, and embed malicious JavaScript. ProjectSend is a free, open-source software that lets you share files with your clients with privacy. CVE-2024-11680 has been added to CISA Known Exploited Catalog (KEV) on December 4, 2024.What is the recommended Mitigation?ProjectSend has released a patch for CVE-2024-11680. Organizations that have not implemented the latest patch are advised to do so immediately.According to VulnCheck, it found...
https://fortiguard.fortinet.com/threat-signal-report/5598
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploits and vulnerabilities in Q3 2024
The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q3 2024, such as regreSSHion
https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Harnessing the Working Genius for Team Success

https://www.hackerone.com/culture-and-talent/harnessing-working-genius-team-success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Demystifying VEX: Simplifying SBOMs with Sonatype SBOM Manager
Ever wondered what VEX really is and why it's crucial for your software supply chain? You're not alone.
https://www.sonatype.com/blog/demystifying-vex-simplifying-sboms-with-sonatype-sbom-manager
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Announcing the launch of Vanir: Open-source Security Patch Validation
Posted by Hyunkwook Baek, Duy Truong, Justin Dunlap and Lauren Stan from Android Security and Privacy, and Oliver Chang with the Google Open Source Security TeamToday, we are announcing the availability of Vanir, a new open-source security patch validation tool. Introduced at Android Bootcamp in April, Vanir gives Android platform developers the power to quickly and efficiently scan their custom platform code for missing security patches and identify applicable available patches. Vanir significantly accelerates patch validation by automating this process, allowing OEMs to ensure devices are protected with critical security updates much faster than traditional methods. This strengthens the security of the Android ecosystem, helping to keep Android users around the world safe. By open-sourcing...
http://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shifting The Focus: From Compliance to Secops In Supply Chain Security
There are two main reasons why supply chain attacks are on the increase. First, there is a general trend of companies outsourcing more critical business functions to external providers, and... The post Shifting The Focus: From Compliance to Secops In Supply Chain Security appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/shifting-the-focus-from-compliance-to-secops-in-supply-chain-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

November 2024 Threat Trend Report on APT Attacks (South Korea)
Overview AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report will cover the types and statistics of APT attacks in Korea during November 2024 as well as features of each type.   Figure 1. November 2024 statistics on APT attacks in Korea   […] 게시물 November 2024 Threat Trend Report on APT Attacks (South Korea)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/85024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

November 2024 Threat Trend Report on Ransomware
This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in November 2024, as well as major Korean and international ransomware issues worth noting. Below are the summarized details. The number of ransomware samples and number of damaged systems is based on the detection names assigned […] 게시물 November 2024 Threat Trend Report on Ransomware이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/85030/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Americans urged to use encrypted messaging after large, ongoing cyberattack
US telecom providers have been infiltrated to a worrying level by an APT group. The advice is to use encrypted messaging.
https://www.malwarebytes.com/blog/news/2024/12/americans-urged-to-use-encrypted-messaging-after-large-ongoing-cyberattack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Roundup: The top ransomware stories of 2024
The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate. Here […] The post Roundup: The top ransomware stories of 2024 appeared first on Security Intelligence.
https://securityintelligence.com/articles/roundup-the-top-ransomware-stories-of-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Generative AI Marks the End of Cybercrime Amateur Hour
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in Entrust Sausalito, Calif. – Dec. 5, 2024 From deepfakes and biometric fraud to nation-state attacks and cybercrime-as-a-service, the threat landscape continues to intensify. Technology, especially AI, is arming an increasingly The post Generative AI Marks the End of Cybercrime Amateur Hour appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/generative-ai-marks-the-end-of-cybercrime-amateur-hour/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 September 2024 Cyber Attacks Timeline
In the first timeline of September 2024 I collected 125 events (8.33 events/day) with a threat landscape still dominated by malware...
https://www.hackmageddon.com/2024/12/05/1-15-september-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Our secret ingredient for reverse engineering
Kaspersky researchers demonstrate capabilities of hrtng plugin for IDA Pro, share tips on working with IDA and reverse engineer FinSpy malware with these tools.
https://securelist.com/hrtng-ida-pro-plugin/114780/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: WriteDacl
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the WriteDacl permission in Active Directory environments. Attackers can abuse The post Abusing AD-DACL: WriteDacl appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-writedacl/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 Cybersecurity Person Of The Year: George Kurtz, CrowdStrike Founder & CEO
Industry leader gives us a lesson in grace and incident response – From the Editors at Cybercrime Magazine Northport, N.Y. – Dec. 4, 2024 The editors at Cybercrime Magazine named George Kurtz, CrowdStrike founder and CEO, “Cybersecurity Person of the Year” for his outstanding contributions The post 2024 Cybersecurity Person Of The Year: George Kurtz, CrowdStrike Founder & CEO appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/2024-cybersecurity-person-of-the-year-george-kurtz-crowdstrike-founder-ceo/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SQL Injection Prevention: 6 Strategies
SQL Injection (SQLi) attacks are critical and widespread threats that inject malicious code into backend databases. This gives bad actors unauthorized access to sensitive data. These breaches can lead to stolen data, compromised systems, and significant business disruption that affects customer trust.
https://www.legitsecurity.com/blog/how-to-prevent-sql-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CMMC Level 2 Requirements: A Guide to Achieving Compliance
If your organization handles sensitive information and aims to work with the Department of Defense (DoD), you must meet the Cybersecurity Maturity Model Certification (CMMC) requirements. These standards protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) from cyberthreats.
https://www.legitsecurity.com/blog/cmmc-level-2-requirements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Secrets Scanning: How It Works and Why It's Important
All software development environments have secrets—think API keys, passwords, and tokens—that can lead to significant security breaches if left vulnerable. Best practices like secrets scanning detect and protect sensitive information before it becomes a liability.
https://www.legitsecurity.com/blog/what-is-secret-scanning-and-how-it-works
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

API Key Security Best Practices: Secure Sensitive Data
Application programming interfaces (APIs) connect applications, allowing them to communicate and exchange data easily. But as web apps handle more sensitive data and integrate with an increasing number of services, the risk of unauthorized access and data breaches grows. 
https://www.legitsecurity.com/blog/api-key-security-best-practices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Secure your software supply chain with the Sonatype and GitHub integration
To prioritize software supply chain security, organizations can focus on seamless integrations that improve visibility and simplify workflows, ensuring more efficient development processes.
https://www.sonatype.com/blog/secure-your-software-supply-chain-with-the-sonatype-and-github-integration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crypto’s rising value likely to bring new wave of scams
The value of cryptocurrencies is going through the roof, so the scammers are even more interested in your funds
https://www.malwarebytes.com/blog/news/2024/12/cryptos-rising-value-likely-to-bring-new-wave-of-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators.
https://blog.rapid7.com/2024/12/04/black-basta-ransomware-campaign-drops-zbot-darkgate-and-custom-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransom & Dark Web Issues Week 1, December 2024
ASEC Blog publishes Ransom & Dark Web Issues Week 1, December 2024           Hacker Mikhail Pavlovich Matveev, involved with Lockbit and Conti, arrested in Russia  A new ransomware gang, The Argonauts Group A global audit, consulting, and financial services firm in the UK listed as a new victim of BrainCipher ransomware […] 게시물 Ransom & Dark Web Issues Week 1, December 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84991/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Initial Engagement Process for Contracting with a vCISO
Introduction In today's fast-paced digital world, organizations face a myriad of cybersecurity challenges that demand expert guidance and strategic oversight. Enter the Virtual Chief Information Security Officer (vCISO), a role... The post The Initial Engagement Process for Contracting with a vCISO appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-initial-engagement-process-for-contracting-with-a-vciso/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercrime Radio: Protecting Your Security Online
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Radio.co Story Sausalito, Calif. – Dec. 4, 2024 Nowadays, everyone needs to protect themselves in cyberspace. And that's where WCYB Digital Radio aka Cybercrime Radio comes in. The front page for cybersecurity news and facts, Cybersecurity The post Cybercrime Radio: Protecting Your Security Online appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-radio-protecting-your-security-online/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Offered M for Hacker Just Arrested by Russia
In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as "Wazawaka," a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.
https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud threat report: Possible trend in cloud credential “oversaturation”
For years now, the dark web has built and maintained its own evolving economy, supported by the acquisition and sales of stolen data, user login credentials and business IP. But much like any market today, the dark web economy is subject to supply and demand. A recent X-Force Cloud Threat Landscape Report has shed light […] The post Cloud threat report: Possible trend in cloud credential “oversaturation” appeared first on Security Intelligence.
https://securityintelligence.com/articles/cloud-threat-report-possible-trend-cloud-credential-oversaturation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Predictions 2025: The Future of Cybersecurity Unveiled
The digital world is evolving at breakneck speed. In 2025, we're set to witness transformative changes in cybersecurity that will redefine trust, security, and how we navigate our digital lives. Here's what we see coming: Read the full blog to explore the trends in depth. The future of cybersecurity will demand both solutions and vigilance. […] The post Predictions 2025: The Future of Cybersecurity Unveiled appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/predictions-2025-the-future-of-cybersecurity-unveiled/?utm_source=rss&utm_medium=rss&utm_campaign=predictions-2025-the-future-of-cybersecurity-unveiled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kaspersky Security Bulletin 2024. Statistics
The "Kaspersky Security Bulletin 2024. Statistics" report contains statistics on cyberthreats for the period from November 2023 through October 2024. It covers such threats as financial malware, ransomware, miners, malware for IoT and macOS, vulnerabilities and others.
https://securelist.com/ksb-2024-statistics/114795/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Dark Side of Viral Content: How Negative Reviews Can Snowball
The internet can be a double-edged sword. Positive reviews can skyrocket a business, but negative… The Dark Side of Viral Content: How Negative Reviews Can Snowball on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/12/04/the-dark-side-of-viral-content-how-negative-reviews-can-snowball/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The European Union Artificial Intelligence (AI) Act: Managing Security and Compliance Risk at the Technological Frontier
Originally published by Scrut Automation.Written by Amrita Agnihotri.A growing wave of AI-related legislation and regulation is building, with the most significant example being the European Union's (EU) Artificial Intelligence (AI) Act. In March 2024, European leaders passed this sweeping legislation into law.It will clearly have huge impacts on the way business is done, both in the EU and globally. In this post we'll go look at the implications for organizations deploying AI to drive busine...
https://cloudsecurityalliance.org/articles/the-european-union-artificial-intelligence-ai-act-managing-security-and-compliance-risk-at-the-technological-frontier
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From AI Agents to MultiAgent Systems: A Capability Framework
Written by Ken Huang, CEO of DistributedApps.ai and Co-Chair of AI Safety Working Groups at CSA.There is no clear and consensus definition of what an AI agent is in the literature. This article does not aim to define what an AI agent is. Rather, I focus on examining AI agents from a range of capabilities, spanning from basic data processing to complex autonomous decision-making. This framework allows us to explore the progression of AI agents through different levels of sophistication, highli...
https://cloudsecurityalliance.org/articles/from-ai-agents-to-multiagent-systems-a-capability-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CSA Community Spotlight: Filling the Training Gap with Dr. Lyron H. Andrews
Now celebrating 15 years of advancing cloud security, the Cloud Security Alliance (CSA) is proud to be the world's leading organization dedicated to defining best practices for a secure cloud computing environment. Since our incorporation in 2009 and the release of our inaugural Security Guidance, CSA has expanded our impact through a broad portfolio of initiatives, including industry-leading training programs and certificate offerings.These programs, including the foundational Certificate of...
https://cloudsecurityalliance.org/articles/csa-community-spotlight-filling-the-training-gap-with-dr-lyron-h-andrews
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Systems Analysis for Zero Trust: Understand How Your System Operates
If you're excited about building a Zero Trust architecture for your organization, we understand! Zero Trust is pretty much the ultimate security strategy. However, before diving headfirst into building out your architecture, you need to perform a comprehensive systems analysis.This analysis should cover the functions and interactions of all devices, assets, applications, and services (DAAS) in the system. You must understand how your system accesses, processes, transmits, and shares data acro...
https://cloudsecurityalliance.org/articles/systems-analysis-for-zero-trust-understand-how-your-system-operates
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hai's Latest Evolution: Intelligence, Context, and More Intuitive UX
Hai, HackerOne's AI copilot has 3 new capabilities: Hai analytics, contextual conversations, and an enhanced user experience.
https://www.hackerone.com/ai/hai-program-insights
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records
AI chatbot provider WotNot left a cloud storage bucket exposed that contained almost 350,000 files, including personally identifiable information.
https://www.malwarebytes.com/blog/news/2024/12/ai-chatbot-provider-exposes-346000-customer-files-including-id-documents-resumes-and-medical-records
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)
The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. As of December 3, 2024, we are disclosing these issues publicly in coordination with the vendor.
https://blog.rapid7.com/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

My Upcoming SANS Classes!
I will be teaching two SANS ICS515 classes at upcoming events. You can attend in person or virtually at: San Francisco (Live and Online) Jan 27: https://www.sans.org/cyber-security-courses/ics-visibility-detection-response/ Dallas, TX (Live and Online) Mar 24: https://www.sans.org/cyber-security-courses/ics-visibility-detection-response/
https://tisiphone.net/2024/12/03/my-upcoming-sans-classes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Some of my favorite podcast appearances in 2024
And, without further ado, here are some of the fun, smart people I have gotten to speak to on podcasts this year! Yes, blog aside, I’ve been busy! Cyber Uncut: Making your ICS/OT environments cyber secure, with Dragos' Lesley Carhart Cyber Security Weekly Podcast: Episode 413 – Operational Technology (OT) Cybersecurity – Episode 4 Breaking… Read More Some of my favorite podcast appearances in 2024
https://tisiphone.net/2024/12/03/some-of-my-favorite-podcast-appearances-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Some of my favorite talks in 2024
Hello, I understand I have been terribly delinquent in posting, so I wanted to share in the interim, some of my favorite talks of the past year. I hope you enjoy, and look forward to seeing you soon! I spoke to DomainTools about the current state of Industrial Cybersecurity and what I’m seeing in the… Read More Some of my favorite talks in 2024
https://tisiphone.net/2024/12/03/some-of-my-favorite-talks-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Repeat offenders drive bulk of tech support scams via Google Ads
Consumers are getting caught in a web of scams facilitated by online ads often originating from the same perpetrators.
https://www.malwarebytes.com/blog/scams/2024/12/repeat-offenders-drive-bulk-of-tech-support-scams-via-google-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Weekly Detection Rule (YARA and Snort) Information – Week 1, December 2024
The following is the information on Yara and Snort rules (week 1, December 2024) collected and shared by the AhnLab TIP service. 0 YARA Rules 3 Snort Rules Detection name Source ET EXPLOIT Linksys E1500/E2500 Remote Command Execution 3 https://rules.emergingthreatspro.com/open/ ET WEB_SPECIFIC_APPS SonicWall NetExtender for Windows EPC Client Update RCE Attempt (CVE-2024-29014) https://rules.emergingthreatspro.com/open/ ET CURRENT_EVENTS […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 1, December 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84947/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

November 2024: Security Issues in the Financial Industry
This report comprehensively covers actual cyber threats and security issues that have occurred in the financial industry in South Korea and abroad. The article includes an analysis of malware and phishing cases distributed to the financial sector, the Top 10 malware targeting the financial sector, and statistics on the industries of leaked South Korean accounts. […] 게시물 November 2024: Security Issues in the Financial Industry이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84996/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Expanded SOC Coverage Into AWS Environments with Rapid7 MXDR
With Rapid7's Managed Extended Detection and Response (MXDR) service, organizations can confidently scale their cloud investments without sacrificing the comprehensive coverage they're familiar with today.
https://blog.rapid7.com/2024/12/03/expanded-soc-coverage-into-aws-environments-with-rapid7-mxdr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Third-party access: The overlooked risk to your data protection plan
A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping […] The post Third-party access: The overlooked risk to your data protection plan appeared first on Security Intelligence.
https://securityintelligence.com/posts/third-party-access-the-overlooked-risk-to-data-protection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How AI Helps Security Teams at Samsara and Ekco Move Faster and Enhance Decision-Making
Despite the enormous potential of AI, its impact on security operations has often fallen short, with teams grappling with privacy concerns, misaligned priorities, and overhyped vendor promises. Yet, security teams at... The post How AI Helps Security Teams at Samsara and Ekco Move Faster and Enhance Decision-Making appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/how-ai-helps-security-teams-at-samsara-and-ekco-move-faster-and-enhance-decision-making/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1990s: Masters Of Deception (MOD) Member On The Great Hacker War
This week in cybersecurity from the editors at Cybercrime Magazine –Listen To Our Podcast Sausalito, Calif. – Dec. 3, 2024 John Lee, a.k.a. John Threat, used the name “Corrupt” as a member of Masters of Deception (MOD), a New York based hacker group in the early The post 1990s: Masters Of Deception (MOD) Member On The Great Hacker War appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/1990s-masters-of-deception-mod-member-on-the-great-hacker-war/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Phishers Love New TLDs Like .shop, .top and .xyz
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.
https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analyzing user behavior and content across all channels can help defend data

https://www.proofpoint.com/us/newsroom/news/analyzing-user-behavior-and-content-across-all-channels-can-help-defend-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NachoVPN Attack Risks Corporate VPN Clients
Researchers have identified a new attack strategy that allows malicious updates to be installed on… NachoVPN Attack Risks Corporate VPN Clients on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/12/03/nachovpn-attack-risks-corporate-vpn-clients/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Harvesting GitLab Pipeline Secrets
TLDR: Scan GitLab job logs for credentials using https://github.com/CompassSecurity/pipeleak Many organizations use (self-hosted) GitLab instances to manage their source code and a lot of infrastructure is managed in code (IaC), thus these configurations must be source-controlled as well, putting a lot of responsibility on the source code platform in use. Often deployments are automated using CI/CD […]
https://blog.compass-security.com/2024/12/harvesting-gitlab-pipeline-secrets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lifecycle Management in SaaS Security: Navigating the Challenges and Risks
Originally published by Valence Security.Written by Jason Silberman.The rapid rise of Software-as-a-Service (SaaS) has transformed business operations, offering unprecedented flexibility and scalability. However, this shift brings its own set of security challenges, particularly when it comes to managing the lifecycle of SaaS applications and their associated resources such as identities. Effective lifecycle management is crucial in safeguarding against threats and ensuring that security meas...
https://cloudsecurityalliance.org/articles/lifecycle-management-in-saas-security-navigating-the-challenges-and-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What 2024's SaaS Breaches Mean for 2025 Cybersecurity
Originally published by AppOmni.Written by Julia Benson, Technical Content Marketing Manager, AppOmni.In 2024, we witnessed a significant evolution in SaaS-based TTPs, which enabled bad actors to bypass traditional entry points, exploit SaaS misconfigurations and identity systems, and compromise sensitive data faster and more efficiently than ever before.In this post, we'll explore the most impactful SaaS security incidents of 2024, examine the expanding SaaS attack surface, and share insight...
https://cloudsecurityalliance.org/articles/what-2024-s-saas-breaches-mean-for-2025-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Nice Linear eMerge Command Injection Vulnerability (CVE-2019-7256)
What is the vulnerability?Cyber threat actors are actively targeting Linear eMerge E3-Series to exploit a 5-year-old critical vulnerability. The vulnerability tracked as CVE-2019-7256 is a command injection flaw that could allow an attacker to cause remote code execution and full access to the system. The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which underscores the importance of the potential widespread impact of this vulnerability.What is the recommended Mitigation?Nice has released a security bulletin that advises users to apply the latest firmware to mitigate the risk and recommends defensive measures to minimize the risk of exploitation. https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdfWhat...
https://fortiguard.fortinet.com/threat-signal-report/5405
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Assessment: Howling Scorpius (Akira Ransomware)
Howling Scorpius, active since 2023, uses Akira ransomware to target businesses globally, employing a double-extortion strategy and upgrading tools regularly. The post Threat Assessment: Howling Scorpius (Akira Ransomware) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-assessment-howling-scorpius-akira-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform
Tel Aviv, ISRAEL, 2nd December 2024, CyberNewsWire Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/12/02/sweet-security-introduces-evolutionary-leap-in-cloud-detection-and-response-releasing-first-unified-detection-response-platform/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Questions to Assess Your Organization's Bug Bounty Readiness
Is your organization ready for a bug bounty program? These 5 questions will help assess your security program's bug bounty readiness.
https://www.hackerone.com/vulnerability-management/bug-bounty-readiness-questions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition​​
AI transformation starts with security. This was a major theme across the majority of the big news and reveals from Microsoft Security at Microsoft Ignite 2024. The post ​​Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition​​ appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/12/02/follow-up-on-ignite-with-ask-microsoft-anything-microsoft-security-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Trend Report on Phishing Malware Impersonating the National Tax Service (NTS)
There is a noticeable increase in phishing emails impersonating the National Tax Service (NTS) whenever it is time to file value-added tax (VAT) and other taxes. AhnLab SEcurity intelligence Center (ASEC) has been alerting users to this threat by distributing relevant content.   Phishing cases impersonating the National Tax Service have been ongoing for several […] 게시물 Trend Report on Phishing Malware Impersonating the National Tax Service (NTS)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84968/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Will 2025 Be The Turning Point For Cybersecurity In Finance?
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full FinTech Futures Story Sausalito, Calif. – Dec. 2, 2024 Could 2025 be the year that reshapes cybersecurity in the financial services industry for good? With increasingly sophisticated cyber threats and emerging technologies The post Will 2025 Be The Turning Point For Cybersecurity In Finance? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/will-2025-be-the-turning-point-for-cybersecurity-in-finance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Cybercriminals Are Not Necessarily Embracing AI
The rapid advancement of AI has offered powerful tools for malware detection, but it has also introduced new avenues for adversarial attacks.
https://blog.rapid7.com/2024/12/02/why-cybercriminals-are-not-necessarily-embracing-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and... The post Zero Trust Architecture  appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites
Multiple critical vulnerabilities existed in the WordPress plugin Spam protection, Anti-Spam, FireWall. Exploiting these vulnerabilities… Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/12/02/anti-spam-wordpress-plugin-vulnerabilities-risked-200k-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RomCom Exploits Zero Days In Recent Backdoor Campaigns
The threat actor group RomCom have exploited two zero days in its recent backdoor campaigns.… RomCom Exploits Zero Days In Recent Backdoor Campaigns on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/12/02/romcom-exploits-zero-days-in-recent-backdoor-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
Attackers are sending malicious scripts that download the Remote Manipulator System (RMS) build, known as BurnsRAT, and NetSupport RAT
https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

No company too small for Phobos ransomware gang, indictment reveals
The US indictment against an alleged Phobos ransomware kingpin reveals that no company was too small for the cybercriminal gang to hit.
https://www.malwarebytes.com/blog/news/2024/12/no-company-too-small-for-phobos-ransomware-gang-indictment-reveals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

These cars want to know about your sex life (re-air) (Lock and Code S05E25)
This week on the Lock and Code podcast, we re-air an episode from 2023 about why modern cars want to know about your sex life and a lot more.
https://www.malwarebytes.com/blog/podcast/2024/12/these-cars-want-to-know-about-your-sex-life-re-air-lock-and-code-s05e25
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (November 25 – December 1)
A list of topics we covered in the week of November 25 to December 1 of 2024
https://www.malwarebytes.com/blog/news/2024/12/a-week-in-security-november-25-december-1-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before... The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604)
AhnLab SEcurity intelligence Response Center (ASEC) has covered the attack cases targeting CVE-2023-46604 vulnerability in past blog posts. Systems without vulnerability patch are still being targeted, cases show that their intention is to mainly install CoinMiners. Recently, threat actors using Mauri ransomware have been found exploiting the Apache ActiveMQ vulnerability to attack Korean systems.   […] 게시물 Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604)이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/85000/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker can leverage this hash to impersonate that user with minimal interaction from the victim. This vulnerability (CVE-2024-43451) has been added to CISA's Known Exploited Vulnerabilities Catalog (KEV) list on November 12, 2024.What is the recommended Mitigation?Microsoft has released a security update to fix the vulnerability on November 12, 2024. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 What FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor as soon as possible.FortiGuard IPS protection is available, and...
https://fortiguard.fortinet.com/threat-signal-report/5593
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Printer problems? Beware the bogus help
Printer issues are very common, but searching Google for help may get you into more trouble than you'd expect.
https://www.malwarebytes.com/blog/scams/2024/11/printer-problems-beware-the-bogus-help
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 11/29/2024
Four new Metasploit modules released, including CUPS IPP Attributes LAN Remote Code Execution CVE-2024-47176
https://blog.rapid7.com/2024/11/29/metasploit-weekly-wrapup-11-29-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to... The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience
Let’s face it – monetization in games is a hot topic that often sparks heated… Testing Gaming Monetization: Walking the Line Between Profit and Player Experience on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/29/testing-gaming-monetization-walking-the-line-between-profit-and-player-experience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),... The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IT threat evolution in Q3 2024. Non-mobile statistics
The non-mobile threat report for Q3 2024 contains data on ransomware, miners, and macOS and IoT threats.
https://securelist.com/malware-report-q3-2024-non-mobile-statistics/114695/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IT threat evolution in Q3 2024. Mobile statistics
The Q3 2024 mobile threat statistics encompass data on cyberattacks against Android devices involving malware, adware and potentially unwanted apps.
https://securelist.com/malware-report-q3-2024-mobile-statistics/114692/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IT threat evolution Q3 2024
In this part of the malware report we discuss the most remarkable findings of Q3 2024, including APT and hacktivist attacks, ransomware, stealers, macOS malware and so on.
https://securelist.com/malware-report-q3-2024/114678/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Infrastructure Management: 10 Best Practices for Success
Managing cloud infrastructure effectively is essential for organizations aiming to optimize resources, enhance performance, and… Cloud Infrastructure Management: 10 Best Practices for Success on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/29/cloud-infrastructure-management-10-best-practices-for-success/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Service Accounts Guide Part 1: Origin, Types, Pitfalls and Fixes
Originally published by Astrix.Written by Tal Skverer.When you hear “Service Account” what comes to mind? Unrotated passwords? MSSQL Server 2008?Terminator-style robots? 🤖These “OGs of non-human identities” are the interconnection point between automated processes for accessing sensitive data, driving business intelligence, and running scripts. But with so many different ways to use these identities come abuse and vulnerabilities. In this three-part guide, we will explore the nuances of the e...
https://cloudsecurityalliance.org/articles/the-service-accounts-guide-part-1-origin-types-pitfalls-and-fixes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strengthening Cybersecurity with a Resilient Incident Response Plan
Written by Itzik Alvas, Entro.As ransomware and phishing threats rise, having a robust Cybersecurity Incident Response Plan (CSIRP) has become essential. Forbes notes that 2023 saw a 72% spike in data breaches compared to 2021, largely from compromised non-human identities as well as email-driven attacks, with the latter accounting for 35% of malware entries. Think of a CSIRP as your fire drill for digital threats: it's less about “if” and more about “when.” Beyond just containing threats, a ...
https://cloudsecurityalliance.org/articles/strengthening-cybersecurity-with-a-resilient-incident-response-plan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Power Pages: Data Exposure Reviewed
Originally published by AppOmni.Written by Aaron Costello, Chief of SaaS Security Research, AppOmni.This blog post explores a significant data exposure issue within Microsoft Power Pages, a low-code SaaS platform, due to misconfigured access controls. It highlights how sensitive PII can be inadvertently exposed to unauthorized users when organizations grant excessive permissions to the Anonymous role . The key points include understanding Power Pages' Role-Based Access Control (RBAC) model, m...
https://cloudsecurityalliance.org/articles/microsoft-power-pages-data-exposure-reviewed
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Evolutionary vs. Revolutionary Growth: Striking a Balance at Sunbelt Rentals
Originally published by CXO REvolutionaries.Written by JP Saini, CTO, Sunbelt Rentals, Inc.Every enterprise knows the importance of extending seamless connectivity to customers and employees without compromising security. The objectives seem – and sometimes are – at odds with one another. Best practices are elusive, and leading organizations must forge their own paths to do it successfully. Generally speaking, we can divide digital transformation strategies into two groups: revolutionary and ...
https://cloudsecurityalliance.org/articles/evolutionary-vs-revolutionary-growth-striking-a-balance-at-sunbelt-rentals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Phishing Attacks on State and Local Governments Surge 360%
Originally published by Abnormal Security.Written by Mike Britton.A successful email attack on a private organization can undoubtedly have costly consequences. But a single successful attack on a government agency can be absolutely devastating—putting public utilities, emergency services, and even individual citizens at risk.Unfortunately, the data indicates that malicious emails targeting public sector organizations are increasing at an alarming rate. In this article, we'll share what we unc...
https://cloudsecurityalliance.org/articles/phishing-attacks-on-state-and-local-governments-surge-360
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Android Malware & Security Issue 4st Week of November, 2024
ASEC Blog publishes “Android Malware & Security Issue 4st Week of November, 2024” 게시물 Android Malware & Security Issue 4st Week of November, 2024이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84845/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Infostealer Logs Analysis Report
Notice     The Infostealer Logs analysis report is a report that analyzes various Infostealer logs (RedLine, Raccoon, Vidar, Meta, etc.) collected from the deep and dark web including Telegram. Please note that the source and content of the report cannot be verified in part. Infostealer Logs Analysis Report   Introduction     The purpose […] 게시물 Infostealer Logs Analysis Report이 ASEC에 처음 등장했습니다.
https://asec.ahnlab.com/en/84967/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Veeam Backup and Replication Deserialization Vulnerability (CVE-2024-40711)
What is the Vulnerability?CVE-2024-40711 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in Veeam Backup & Replication software. Threat actors could execute arbitrary code on a vulnerable system without authentication, which poses a significant risk to organizations using Veeam for backup and data protection. The vulnerability has been added to Known Exploited Vulnerabilities Catalog (KEV) on October 17, 2024, and is known to be used in Ransomware Campaigns.What is the recommended Mitigation?Veeam has released security patches addressing CVE-2024-40711, along with 5 other lower severity vulnerabilities in Veeam Backup & Replication. https://www.veeam.com/kb4649What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch provided by the vendor...
https://fortiguard.fortinet.com/threat-signal-report/5559
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metabase Information Disclosure Vulnerability (CVE-2021-41277)
What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful exploitation could lead to information disclosure including expose server files and environment variables to unauthorized users. The vulnerability occurs due to the use of user-supplied input without proper validation.Metabase is an open-source data analytics platform. According to their website it is used by over 60,000 companies including, Capital One, OpenAI, and more. FortiGuard Recon Threat Intelligence team tracked this vulnerability being targeted by a hacktivist group called GhostSec back in May 2024.What is the recommended Mitigation?This issue is fixed in a new maintenance release (0.40.5 and 1.40.5),...
https://fortiguard.fortinet.com/threat-signal-report/5563
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco URWB Access Point Command Injection Vulnerability (CVE-2024-20418)
What is the Vulnerability?A maximum severity security (CVS Score 10.0) vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system.The FortiGuard Threat Research Team is actively monitoring the vulnerability and will update this report with any new developments.What is the recommended Mitigation?Cisco has released security...
https://fortiguard.fortinet.com/threat-signal-report/5574
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Palo Alto Expedition Missing Authentication Vulnerability (CVE-2024-5910)
What is the Vulnerability?CISA has added CVE-2024-5910, a missing authentication vulnerability in Palo Alto Networks Expedition to its known exploited vulnerability (KEV) list. Expedition is a migration tool aiding in configuration migration, tuning, and enrichment from one of the supported vendors to Palo Alto Networks. Successful exploitation of CVE-2024-5910 can lead to an admin account takeover. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.What is the recommended Mitigation?Palo Alto Networks has released security updates to address the vulnerability. This issue is fixed in Expedition 1.2.92 and all later versions. https://security.paloaltonetworks.com/CVE-2024-5910 What is FortiGuard Coverage?FortiGuard recommends users to apply...
https://fortiguard.fortinet.com/threat-signal-report/5575
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

APT trends report Q3 2024
The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.
https://securelist.com/apt-report-q3-2024/114623/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Security Toolkit for Boards: updated briefing pack released
New presentation includes voiceover and insights on ransomware attack on the British Library.
https://www.ncsc.gov.uk/blog-post/cyber-security-toolkit-for-boards-updated-briefing-pack-released
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Retail and E-commerce Organizations Trust Security Researchers During the Holiday Shopping Season
Security leaders at REI, AS Watson, and Mercado Libre explain why retail and e-commerce organizations trust security researchers.
https://www.hackerone.com/vulnerability-management/retail-ecommerce-trust-security-researchers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New “CleverSoar” Installer Targets Chinese and Vietnamese Users
In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims.
https://blog.rapid7.com/2024/11/27/new-cleversoar-installer-targets-chinese-and-vietnamese-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Contributes to Rise In Cybercrime Targeting Elderly Americans
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full story in Movieguide Sausalito, Calif. – Nov. 27, 2024 Movieguide reports that cybercrime is on the rise, thanks to AI technology that makes it harder and harder to figure out if you're being The post AI Contributes to Rise In Cybercrime Targeting Elderly Americans appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-contributes-to-rise-in-cybercrime-targeting-elderly-americans/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What makes a trailblazer? Inspired by John Mulaney's Dreamforce roast
When you bring a comedian to offer a keynote address, you need to expect the unexpected. But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all. “The fact […] The post What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast appeared first on Security Intelligence.
https://securityintelligence.com/articles/what-makes-a-trailblazer-inspired-by-john-mulaneys-dreamforce-roast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Consumer and privacy predictions for 2025
Kaspersky experts look back on their expectations about the 2024 privacy and consumer cyberthreats trends and try to predict what to expect in 2025.
https://securelist.com/ksb-consumer-and-privacy-predictions-2025/114620/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: GenericWrite
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the GenericWrite permission in Active Directory environments. This permission can The post Abusing AD-DACL: GenericWrite appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-genericwrite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker in Snowflake Extortions May Be a U.S. Soldier
Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.
https://krebsonsecurity.com/2024/11/hacker-in-snowflake-extortions-may-be-a-u-s-soldier/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Key takeaways from the latest DoD Enterprise DevSecOps Fundamentals update
As the cybersecurity landscape changes and threats evolve, the Department of Defense (DoD) has updated its Enterprise DevSecOps Fundamentals to align development practices with security imperatives further. This is part of a long-term effort by the DoD to improve how software is developed, deployed, and managed across its network, including its business systems, weapons systems, embedded software, and essential command, control, and combat support systems.
https://www.sonatype.com/blog/key-takeaways-from-the-latest-dod-enterprise-devsecops-fundamentals-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Network and Information Systems Directive (NIS2) Compliance: What You Need to Know
Learn about the new NIS2 Directive requirements and how to achieve compliance through pentesting, VDP, and bug bounty.
https://www.hackerone.com/penetration-testing/nis2-directive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's up India? PixPirate is back and spreading via WhatsApp
This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by […] The post What's up India? PixPirate is back and spreading via WhatsApp appeared first on Security Intelligence.
https://securityintelligence.com/posts/pixpirate-back-spreading-via-whatsapp/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft To Add Passkey Support With Windows 11
As Microsoft manoeuvres to a safer, passwordless operational environment, Microsoft tests passkey support with Windows… Microsoft To Add Passkey Support With Windows 11 on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/26/microsoft-to-add-passkey-support-with-windows-11/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

August 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for August 2024 where I collected and analyzed 233 events. During August 2024 Cyber Crime...
https://www.hackmageddon.com/2024/11/26/august-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

83% of organizations reported insider attacks in 2024
According to Cybersecurity Insiders’ recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% […] The post 83% of organizations reported insider attacks in 2024 appeared first on Security Intelligence.
https://securityintelligence.com/articles/83-percent-organizations-reported-insider-threats-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Ransomware Economy And How RaaS Groups Operate
This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full eBook Sausalito, Calif. – Nov. 26, 2024 In an O’Reilly eBook “Ransomware and Data Extortion“, Halcyon examines the makeup of the ransomware economy, how ransomware-as-a-service (RaaS) groups operate, the advent of specialists The post The Ransomware Economy And How RaaS Groups Operate appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-ransomware-economy-and-how-raas-groups-operate/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go... The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 Insights Attendees Gained from the Security@ World Tour
Read the top 5 learnings attendees gained by joining one of our Security@ 2024 World Tour events.
https://www.hackerone.com/security-at/world-tour-insights
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding the NYDFS Cybersecurity Regulation
Whether you're a small financial service provider or a major institution, if you're doing business in the state of New York, you need to meet New York Department of Financial Services (NYDFS) regulations. Formerly known as 23 NYCRR 500, these standards ensure the security and resilience of technology-driven financial systems. Understanding them is crucial for safeguarding your operations and, most importantly, your customers.
https://www.legitsecurity.com/blog/understanding-nydfs-cybersecurity-regulation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CMMC Compliance Requirements: A Complete Guide
Department of Defense (DoD) data is some of the most sensitive out there. That's why the DoD designed the Cybersecurity Maturity Model Certification (CMMC) framework. It helps software providers implement cybersecurity measures to protect controlled information. 
https://www.legitsecurity.com/blog/cmmc-compliance-requirements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is CI/CD Security? Risks and Best Practices
Continuous integration and continuous delivery (CI/CD) pipelines are invaluable in software development. They expedite the deployment process and maintain teams at the forefront of innovation. But with these benefits come unique security challenges that can leave critical systems vulnerable.
https://www.legitsecurity.com/blog/what-is-cicd-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Reduce Risk From Exposed Secrets
Understand how secrets end up exposed, and how to prevent this risk. 
https://www.legitsecurity.com/blog/reduce-risk-exposed-secrets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DevilsGame: Inside A New Interactive Cyber Novel
This week in cybersecurity from the editors at Cybercrime Magazine –Listen To Our Podcast Sausalito, Calif. – Nov. 25, 2024 DevilsGame is a new, interactive cyber novel by Michael Wolk released from Try.DevilsGame.com on Nov. 19. A story set in the recent past and formatted for The post DevilsGame: Inside A New Interactive Cyber Novel appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/devilsgame-inside-a-new-interactive-cyber-novel/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BotPoke Scanner Switches IP
Our top talker changes up their infrastructure, and CVE-2023-1389 continues to hold the top spot.
https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How women innovators are shaping the cybersecurity landscape

https://www.proofpoint.com/us/newsroom/news/how-women-innovators-are-shaping-cybersecurity-landscape
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Real World - 324,382 breached accounts
In November 2024, the online course founded by Andrew Tate known as "The Real World" (previously "Hustler's University" suffered a data breach that exposed almost 325k users of the platform. The impacted data was limited to usernames, email addresses and chat logs.
https://haveibeenpwned.com/PwnedWebsites#TheRealWorld
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 11/22/2024
Metasploit added a login scanner for the TeamCity application to enable users to check for weak credentials. Learn more about this week's wrap up!
https://blog.rapid7.com/2024/11/22/metasploit-weekly-wrap-up-11-22-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What does resilience in the cyber world look like in 2025 and beyond?
  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term “resilience” can be difficult to define, and when we define it, we […] The post What does resilience in the cyber world look like in 2025 and beyond? appeared first on Security Intelligence.
https://securityintelligence.com/articles/what-does-cyber-resilience-looks-like-in-2025-and-beyond/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)
We detail the observed limited activity regarding authentication bypass vulnerability CVE-2024-0012 affecting specific versions of PAN-OS software, and include protections and mitigations. The post Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples
We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. The post Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unique-popular-techniques-lateral-movement-macos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON
At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack tooling. The post Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is FedRAMP ATO? Designations, Terms, and Updates
As a cloud service provider (CSP), working with federal agencies may be one of your goals. But to do so, you need to meet rigorous security standards from the Federal Risk and Authorization Management Program (FedRAMP).
https://www.legitsecurity.com/blog/what-is-fedramp-ato
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

7 Best AI Cybersecurity Tools for Your Company
With advanced AI cybersecurity tools, you bring powerful capabilities to your security strategy. AI enhances threat detection, automates key security tasks, and strengthens your overall security posture, completing tasks with speed and accuracy that humans can't match.
https://www.legitsecurity.com/blog/best-ai-cybersecurity-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Feds Charge Five Men in ‘Scattered Spider' Roundup
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.
https://krebsonsecurity.com/2024/11/feds-charge-five-men-in-scattered-spider-roundup/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breaking Down the OWASP Top 10: Injection
Gain insights into injection vulnerabilities, the different classifications, and potential security bypass techniques.
https://www.hackerone.com/community/owasp-top-10-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Wrapping up a decade of insights from the State of the Software Supply Chain
Sonatype's 10th annual State of the Software Supply Chain report marks a transformative decade for open source software.
https://www.sonatype.com/blog/wrapping-up-a-decade-of-insights-from-the-state-of-the-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Posted by Ivan Fratric, Google Project Zero Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware. However, despite this, during decoding, a large part of the AV1 format parsing happens in software, inside the kernel, more specifically inside the AppleAVD kernel extension (or at least, that used to be the case in macOS 14/ iOS 17). As fuzzing is one of the techniques we employ regularly, the question of how to effectively fuzz this code inevitably came up. It should be noted that I wasn’t the first person to look into the problem of Apple kernel extension fuzzing, so before going...
https://googleprojectzero.blogspot.com/2024/11/simple-macos-kernel-extension-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Bag of RATs: VenomRAT vs. AsyncRAT
Remote access tools (RATs) have long been a favorite tool for cyber attackers, since they enable remote control over compromised systems and facilitate data theft, espionage, and continuous monitoring of victims. Among the well-known RATs are VenomRAT and AsyncRAT.
https://blog.rapid7.com/2024/11/21/a-bag-of-rats-venomrat-vs-asyncrat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gain visibility and traceability of your software supply chain with SBOMs with new Gartner® report
When you better understand the complexities of your software, you take a foundational step toward enhancing security and managing risks in your software supply chain.
https://www.sonatype.com/blog/gain-visibility-and-traceability-of-your-software-supply-chain-with-sboms-with-new-gartner-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Apple Addressed Two Zero-Day Flaws In Intel-based Macs
Apple recently addressed two zero-day vulnerabilities affecting its Intel-based Macs. Alongside releasing the fixes, the… Apple Addressed Two Zero-Day Flaws In Intel-based Macs on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/21/apple-addressed-two-zero-day-flaws-in-intel-based-macs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Look Back: Insights from Our Managed Bug Bounty Program
At Compass Security, we are proud to offer a fully managed bug bounty program tailored to the needs of both SMEs and larger enterprises. From scoping to payout, we manage every aspect of the process to ensure a seamless experience for our customers and valued hunters. In this blog post, we'll take a look at our journey since the launch of our service in October 2023, highlighting key milestones, metrics and learnings gathered along the way.
https://blog.compass-security.com/2024/11/a-look-back-insights-from-our-managed-bug-bounty-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Airplane cybersecurity: Past, present, future
With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted. To improve security […] The post Airplane cybersecurity: Past, present, future appeared first on Security Intelligence.
https://securityintelligence.com/articles/airplane-cybersecurity-past-present-future/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Black Friday Versus The Bots
What can last year’s Black Friday shopping trends teach us about expected attacker behavior during the 2024 holiday shopping season?
https://www.f5.com/labs/articles/threat-intelligence/black-friday-versus-the-bots
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 August 2024 Cyber Attacks Timeline
In the second timeline of August 2024 I collected 108 events (6.75 events/day) with a threat landscape that...
https://www.hackmageddon.com/2024/11/21/16-31-august-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rising ClickFix malware distribution trick puts PowerShell IT policies on notice

https://www.proofpoint.com/us/newsroom/news/rising-clickfix-malware-distribution-trick-puts-powershell-it-policies-notice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

American Retailers Leave Consumers Exposed to Email Fraud Amid Holiday Shopping Season

https://www.proofpoint.com/us/newsroom/press-releases/american-retailers-expose-consumers-holiday-shopping-email-fraud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FlipaClip - 892,854 breached accounts
In November 2024, the animation app FlipaClip suffered a data breach that exposed almost 900k records due to an exposed Firebase server. The impacted data included name, email address, country and date of birth. FlipaClip advised the issue has since been rectified.
https://haveibeenpwned.com/PwnedWebsites#FlipaClip
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Inadequate Authentication Logic Led to an MFA Bypass and Account Takeover
Learn how inadequate authentication logic led to an MFA bypass, plus 11 authentication best practices to prevent vulnerabilities like these.
https://www.hackerone.com/how-inadequate-authentication-logic-led-mfa-bypass-and-account-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leveling Up Fuzzing: Finding more vulnerabilities with AI
Posted by Oliver Chang, Dongge Liu and Jonathan Metzman, Google Open Source Security TeamRecently, OSS-Fuzz reported 26 new vulnerabilities to open source project maintainers, including one vulnerability in the critical OpenSSL library (CVE-2024-9143) that underpins much of internet infrastructure. The reports themselves aren't unusual—we've reported and helped maintainers fix over 11,000 vulnerabilities in the 8 years of the project. But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets. The OpenSSL CVE is one of the first vulnerabilities in a critical piece of software that was discovered by LLMs, adding another real-world example to a recent Google discovery of an exploitable...
http://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites
Heads up, WordPress admins! The WordPress plugin Really Simple Security had a serious security flaw.… Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/11/20/really-simple-security-plugin-flaw-risks-4-million-wordpress-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
Explore this assessment on cybercrime group Ignoble Scorpius, distributors of BlackSuit ransomware. Since May 2023, operations have increased —affecting critical sectors. The post Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-assessment-blacksuit-ransomware-ignoble-scorpius/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Employees Stay Connected and Have Fun

https://www.hackerone.com/culture-and-talent/how-hackerone-employees-stay-connected-and-have-fun
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fintech Giant Finastra Investigating Data Breach
The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company.
https://krebsonsecurity.com/2024/11/fintech-giant-finastra-investigating-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gen Q3/2024 Threat Report
The third quarter threat report is here—and it's packed with answers. Our Threat Labs team had uncovered some heavy stories behind the stats, exposing the relentless tactics shaping today's threat landscape. Here's what you need to know: This is just the surface. Read the full report and see how our Threat Labs team is relentlessly […] The post Gen Q3/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/gen-q3-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=gen-q3-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI innovations for a more secure future unveiled at Microsoft Ignite
Company delivers advances in AI and posture management, unprecedented bug bounty program, and updates on its Secure Future Initiative. The post AI innovations for a more secure future unveiled at Microsoft Ignite appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/19/ai-innovations-for-a-more-secure-future-unveiled-at-microsoft-ignite/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FrostyGoop's Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
We analyze FrostyGoop malware, which targets OT systems. This article walks through newly discovered samples, indicators, and also examines configurations and network communications. The post FrostyGoop's Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications appeared first on Unit 42.
https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Finsure - 296,124 breached accounts
In October 2024, almost 300k unique email addresses from Australian mortgage broking group Finsure were obtained from the ActivePipe real estate marketing platform. The impacted data also included names, phone numbers and physical addresses. The incident did not directly affect any of Finsure's systems or expose any passwords or financial data.
https://haveibeenpwned.com/PwnedWebsites#Finsure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How REI Strengthens Security with HackerOne's Global Security Researcher Community
REI's senior application security engineer discusses their program success, evolving goals, and the value of the security researcher community.
https://www.hackerone.com/customer-story/rei-strengthens-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates. One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking Cybersecurity Talent: The Power of Apprenticeships
Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there's no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let's commit to supporting this important talent development approach
https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Retrofitting spatial safety to hundreds of millions of lines of C++
Posted by Alex Rebert and Max Shavrick, Security Foundations, and Kinuko Yasuda, Core Developer Attackers regularly exploit spatial memory safety vulnerabilities, which occur when code accesses a memory allocation outside of its intended bounds, to compromise systems and sensitive data. These vulnerabilities represent a major security risk to users.  Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade: Breakdown of memory safety CVEs exploited in the wild by vulnerability class.1 Google is taking a comprehensive approach to memory safety. A key element of our strategy focuses on Safe Coding and using memory-safe languages in new code. This leads...
http://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A decade of Cyber Essentials: the journey towards a safer digital future
The 10-year anniversary of Cyber Essentials is not just a celebration of past achievements but a call to action for the future.
https://www.ncsc.gov.uk/blog-post/cyber-essentials-decade
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An Interview With the Target & Home Depot Hacker
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes.
https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot-hacker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities. The post Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fake-north-korean-it-worker-activity-cluster/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why that Google Meet error might be a sneaky hacker trick

https://www.proofpoint.com/us/newsroom/news/why-google-meet-error-might-be-sneaky-hacker-trick
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From risks to resilience: Best practices for software supply chain security
As software supply chains evolve in complexity, managing security risks has become an ever-changing challenge. New threats emerge daily, driven by rapid innovation and the heavy reliance on open source components.
https://www.sonatype.com/blog/from-risks-to-resilience-best-practices-for-software-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake IP checker utilities on npm are crypto stealers
Recently identified npm packages called "node-request-ip", "request-ip-check" and "request-ip-validator" impersonate handy open source utilities relied upon by developers to retrieve an external IP address but instead target Windows, Linux and macOS users with malicious executables which are trojans and cryptocurrency stealers.
https://www.sonatype.com/blog/fake-ip-checker-utilities-on-npm-are-crypto-stealers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: AllExtendedRights
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the AllExtendedRights permission in Active Directory environments. With this permission, The post Abusing AD-DACL: AllExtendedRights appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-allextendedrights/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Abusing AD-DACL: ForceChangePassword
In this post, we explore the exploitation of Discretionary Access Control Lists (DACL) using the ForcePasswordChange permission in Active Directory environments. This permission is especially The post Abusing AD-DACL: ForceChangePassword appeared first on Hacking Articles.
https://www.hackingarticles.in/abusing-ad-dacl-forcechangepassword/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sonatype recognized as a leader in SCA software in Forrester Wave
We are thrilled to announce that The Forrester Wave™: Software Composition Analysis Software, Q4 2024 recently named Sonatype a leader in software composition analysis (SCA) software. Sonatype received the highest scores in the current offering and strategy categories among evaluated SCA software vendors.
https://www.sonatype.com/blog/sonatype-recognized-as-a-leader-in-sca-software-in-forrester-wave
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Safer with Google: New intelligent, real-time protections on Android to keep you safe
Posted by Lyubov Farafonova, Product Manager and Steve Kafka, Group Product Manager, Android User safety is at the heart of everything we do at Google. Our mission to make technology helpful for everyone means building features that protect you while keeping your privacy top of mind. From Gmail's defenses that stop more than 99.9% of spam, phishing and malware, to Google Messages' advanced security that protects users from 2 billion suspicious messages a month and beyond, we're constantly developing and expanding protection features that help keep you safe. We're introducing two new real-time protection features that enhance your safety, all while safeguarding your privacy: Scam Detection in Phone by Google to protect you from scams and fraud, and Google Play Protect live threat detection...
http://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Data Security Index annual report highlights evolving generative AI security needs
84% of surveyed organizations want to feel more confident about managing and discovering data input into AI apps and tools. The post Microsoft Data Security Index annual report highlights evolving generative AI security needs appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/13/microsoft-data-security-index-annual-report-highlights-evolving-generative-ai-security-needs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Helping banish malicious adverts – and drive a secure advertising ecosystem
If your brand uses digital advertising, the NCSC has new guidance to help you choose a security-minded partner.
https://www.ncsc.gov.uk/blog-post/helping-banish-malicious-adverts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver's license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver's license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 August 2024 Cyber Attacks Timeline
In the first timeline of August 2024 I collected 123 events (8.13 events/day) with a threat landscape that was one of those exceptions...
https://www.hackmageddon.com/2024/11/13/1-15-august-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global Companies Are Unknowingly Paying North Koreans: Here's How to Catch Them
We discuss North Korea's use of IT workers to infiltrate companies, detailing detection strategies like IT asset management and IP analysis to counter this. The post Global Companies Are Unknowingly Paying North Koreans: Here's How to Catch Them appeared first on Unit 42.
https://unit42.paloaltonetworks.com/north-korean-it-workers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DemandScience by Pure Incubation - 121,796,165 breached accounts
In early 2024, a large corpus of data from DemandScience (a company owned by Pure Incubation), appeared for sale on a popular hacking forum. Later attributed to a leak from a decommissioned legacy system, the breach contained extensive data that was largely business contact information aggregated from public sources. Specifically, the data included 122M unique corporate email addresses, physical addresses, phone numbers, employers and job titles. It also included names and for many individuals, a link to their LinkedIn profile.
https://haveibeenpwned.com/PwnedWebsites#DemandScience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.
https://krebsonsecurity.com/2024/11/microsoft-patch-tuesday-november-2024-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI
New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models. The post ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI appeared first on Unit 42.
https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiOS - Improper authentication in fgfmd
An improper authentication vulnerability [CWE-287] in FortiManager, FortiOS, FortiPAM, FortiPortal, FortiProxy and FortiSwitchManager fgfmd daemon may allow an unauthenticated attacker to inject (but not receive) packets in tunnels established between a FortiManager and the targeted device. Revised on 2024-11-15 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-032
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Heap buffer overflow in httpd
A heap-based buffer overflow vulnerability [CWE-122] in FortiManager and FortiAnalyzer httpd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands as a low priivileged user via specifically crafted requests. Revised on 2024-11-15 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-125
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lack of capacity to filter logs by administrator access
An Exposure of personal information to an unauthorized actor [CWE-359] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests. Revised on 2024-11-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-267
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Online Installer DLL Hijacking
An untrusted search path vulnerability [CWE-426] in FortiClient Windows may allow an attacker to run arbitrary code via DLL hijacking and social engineering. Revised on 2024-11-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-205
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Arbitrary file read in administrative interface
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData may allow a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests. Revised on 2024-11-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-115
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exposure of password hashes to read-only admin
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page. Revised on 2024-11-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-180
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiClientMacOS - Missing signature verification
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process. Revised on 2024-11-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-022
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gartner report: How SBOMs improve security and compliance in the software supply chain
As software supply chain risks rise, regulatory authorities are increasingly requiring organizations to adopt software bills of materials (SBOMs) for security and compliance.
https://www.sonatype.com/blog/gartner-report-how-sboms-improve-security-and-compliance-in-the-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration
The Navy implementation scored a 100 percent success rate, meeting DoD requirements on all 91 Target-Level activities tested.​ The post DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/11/dod-zero-trust-strategy-proves-security-benchmark-years-ahead-of-schedule-with-microsoft-collaboration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hot Topic - 56,904,909 breached accounts
In October 2024, retailer Hot Topic suffered a data breach that exposed 57 million unique email addresses. The impacted data also included physical addresses, phone numbers, purchases, genders, dates of birth and partial credit data containing card type, expiry and last 4 digits.
https://haveibeenpwned.com/PwnedWebsites#HotTopic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.
https://krebsonsecurity.com/2024/11/fbi-spike-in-hacked-police-emails-fake-subpoenas/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with data.all (Multiple CVEs)
Publication Date: 2024/11/8 4:00 PM PDT Data.all is an open source development framework to help customers build a data marketplace on AWS. We have identified the following issues within data.all version 1.0.0 through 2.6.0. On November 8, 2024, we released a fix and recommend customers upgrade to version 2.6.1 or later and ensure any forked or derivative code are patched to incorporate the new fixes. CVE-2024-52311 relates to an issue where data.all does not invalidate authentication token upon user logout. CVE-2024-52312 relates to an issue where data.all authenticated users can perform restricted operations against DataSets and Environments. CVE-2024-52313 relates to an issue where data.all authenticated users can obtain incorrect object level authorizations. CVE-2024-52314...
https://aws.amazon.com/security/security-bulletins/AWS-2024-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Multiple Actively Exploited Vulnerabilities
What are the Vulnerabilities?Threat actors are exploiting multiple zero-day vulnerabilities that were recently disclosed on the Microsoft Security Updates- August 2024. The six actively exploited zero-day vulnerabilities were also added to CISA's Known Exploited Vulnerabilities catalog (KEV) after the disclosure. [August 2024 Security Updates- Release Notes- Microsoft]CVE-2024-38189: Microsoft Project Remote Code Execution VulnerabilityCVE-2024-38178: Microsoft Windows Scripting Engine Memory Corruption VulnerabilityCVE-2024-38213: Microsoft Windows SmartScreen Security Feature Bypass VulnerabilityCVE-2024-38193: Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation VulnerabilityCVE-2024-38106: Microsoft Windows Kernel Privilege Escalation VulnerabilityCVE-2024-38107:...
https://fortiguard.fortinet.com/threat-signal-report/5507
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital Danger: How Cyberattacks Put Patients at Risk

https://www.proofpoint.com/us/newsroom/news/digital-danger-how-cyberattacks-put-patients-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

More value, less risk: How to implement generative AI across the organization securely and responsibly
The technology landscape is undergoing a massive transformation, and AI is at the center of this change. The post More value, less risk: How to implement generative AI across the organization securely and responsibly appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/microsoft-cloud/blog/2024/11/04/more-value-less-risk-how-to-implement-generative-ai-across-the-organization-securely-and-responsibly/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Silent Skimmer Gets Loud (Again)
We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader. The post Silent Skimmer Gets Loud (Again) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Earth 2 - 420,961 breached accounts
In October 2024, 421k unique email addresses from the virtual earth game Earth 2 were derived from embedded Gravatar images. Appearing alongside player usernames, the root cause was related to how Gravatar presents links to avatars as MD5 hashes within consuming services, a feature Earth 2 advised has now been disabled on their platform. This incident did not expose any further personal information, passwords or financial data.
https://haveibeenpwned.com/PwnedWebsites#Earth2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​Zero Trust Workshop: Advance your knowledge with an online resource
​As part of Microsoft's ongoing efforts to support security modernization and the Zero Trust principles, we've launched Zero Trust Workshop, an online self-service resource. Read our latest blog post for details. ​ The post ​​Zero Trust Workshop: Advance your knowledge with an online resource appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/06/zero-trust-workshop-advance-your-knowledge-with-an-online-resource/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guidance for brands to help advertising partners counter malvertising
Advice to make it harder for cyber criminals to deliver malicious advertising, and reduce the risk of cyber-facilitated fraud.
https://www.ncsc.gov.uk/guidance/guidance-brands-advertising-partners-counter-malvertising
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dennis Kirk - 1,356,026 breached accounts
In October 2024, almost 20GB of data containing 1.3M unique email addresses from motorcycle supplies store Dennis Kirk was circulated. Dating back to September 2021, the data also contained purchases from the online store along with customer names, phone numbers and postcodes. Dennis Kirk did not respond to multiple attempts to make contact about the breach. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker, almighty444 & EnergyWeaponUser".
https://haveibeenpwned.com/PwnedWebsites#DennisKirk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Canadian Man Arrested in Snowflake Data Extortions
A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka's alleged ties to the Snowflake hacks on Monday. At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories...
https://krebsonsecurity.com/2024/11/canadian-man-arrested-in-snowflake-data-extortions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Altenen - 1,267,701 breached accounts
In June 2022, the malicious "carding" (referring to credit card fraud) website Altenen suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 1.3M unique email addresses, usernames, bcrypt password hashes and cryptocurrency wallet addresses.
https://haveibeenpwned.com/PwnedWebsites#Altenen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automatically Detecting DNS Hijacking in Passive DNS
Explore how we detect DNS hijacking by analyzing millions of DNS records daily, using machine learning to identify redirect attempts to malicious servers. The post Automatically Detecting DNS Hijacking in Passive DNS appeared first on Unit 42.
https://unit42.paloaltonetworks.com/detect-dns-hijacking-passive-dns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Microsoft Defender for Office 365 innovated to address QR code phishing attacks
This blog examines the impact of QR code phishing campaigns and the innovative features of Microsoft Defender for Office 365 that help combat evolving cyberthreats. The post How Microsoft Defender for Office 365 innovated to address QR code phishing attacks appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/11/04/how-microsoft-defender-for-office-365-innovated-to-address-qr-code-phishing-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Z-lib - 9,737,374 breached accounts
In June 2024, almost 10M user records from Z-lib were discovered exposed online. Now defunct, Z-lib was a malicious clone of Z-Library, a well-known shadow online platform for pirating books and academic papers. The exposed data included usernames, email addresses, countries of residence, Bitcoin and Monero cryptocurrency wallet addresses, purchases and bcrypt password hashes.
https://haveibeenpwned.com/PwnedWebsites#ZLib
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TA Phone Home: EDR Evasion Testing Reveals Extortion Actor's Toolkit
A threat actor attempted to use an AV/EDR bypass tool in an extortion attempt. Instead, the tool provided Unit 42 insight into the threat actor. The post TA Phone Home: EDR Evasion Testing Reveals Extortion Actor's Toolkit appeared first on Unit 42.
https://unit42.paloaltonetworks.com/edr-bypass-extortion-attempt-thwarted/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind. Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered the vulnerability and reported it to the developers in early October, who fixed it on the same day. Fortunately, we found...
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stalker Online - 1,385,472 breached accounts
In May 2020, over 1.3M records from the MMO game Stalker Online were breached. The data included email and IP addresses, usernames and hashed passwords.
https://haveibeenpwned.com/PwnedWebsites#StalkerOnline
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is […] The post Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

​​Microsoft now a Leader in three major analyst reports for SIEM
Microsoft is positioned in the Leaders Category in the 2024 IDC MarketScape for worldwide SIEM for Enterprise—making it the third major analyst report in SIEM to name Microsoft as a Leader. The post ​​Microsoft now a Leader in three major analyst reports for SIEM appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-now-a-leader-in-three-major-analyst-reports-for-siem/ba-p/4278853
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet. While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse. While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Normalyze to be purchased by Proofpoint

https://www.proofpoint.com/us/newsroom/news/normalyze-be-purchased-proofpoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Products Of The Year 2024: The Finalists

https://www.proofpoint.com/us/newsroom/news/products-year-2024-finalists
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Resilience Audit (CRA) scheme launches for assured CAF-based audits
NCSC-assured CRA service now offering Cyber Assessment Framework based audits and more applications invited from potential service providers.
https://www.ncsc.gov.uk/blog-post/cra-scheme-launches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

July 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for July 2024 where I collected and analyzed 219 events. During July 2024...
https://www.hackmageddon.com/2024/10/29/july-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The threat from commercial cyber proliferation
Report informing readers about the threat to UK industry and society from commercial cyber tools and services.
https://www.ncsc.gov.uk/report/commercial-cyber-proliferation-assessment
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Essentials: are there any alternative standards?
Can an equivalent cyber security standard deliver the same outcomes as the NCSC's Cyber Essentials scheme?
https://www.ncsc.gov.uk/blog-post/cyber-essentials-are-there-any-alternative-standards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Email, Email on the Wall, Who Sent You, After All?
During Business Email Comproise (BEC) engagements we often have to analyze the provenance of emails. According to the FBI's Internet Crime Report, BEC is one of the most financially damaging attacks, even surpassing ransomware in terms of losses. But how can we know all of this? Through email headers! This blog post tries to shed some light on the information contained within emails, what it means, and what can be done to prevent this type of attack.
https://blog.compass-security.com/2024/10/email-email-on-the-wall-who-sent-you-after-all/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)