L'Actu de la presse spécialisée

Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning
Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features (v1.0.1)- - Subdomain enumeration (2 engines + bruteforcing) - User-friendly output - Resolving A records (IPv4) Virtual hostname enumeration Reverse DNS lookup Detects wildcard subdomains (for bruteforcing) Basic TCP port scanning Subdomains are accepted as input Export results to JSON file A few features are work in progress. See Planned features for more details. The project is inspired by Sublist3r. The port scanner module is heavily based on NimScan. Installation You can build this repo from source- - Clone the repository git clone...
http://www.kitploit.com/2024/05/domainim-fast-and-comprehensive-tool.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fake AV websites used to distribute info-stealer malware MITRE December 2023 attack: Threat actors created rogue […]
https://securityaffairs.com/163707/breaking-news/security-affairs-newsletter-round-473-by-pierluigi-paganini-international-edition.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Debian LTS: DLA-3821-1: libreoffice Security Advisory Updates
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously
https://linuxsecurity.com/advisories/deblts/debian-lts-dla-3821-1-libreoffice-security-advisory-updates-21vsmwg43e9a
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack
Malicious actors compromised the JAVS Viewer installer to deliver the RustDoor malware in a supply chain attack. Rapid7 researchers warned that threat actors added a backdoor to the installer for the Justice AV Solutions JAVS Viewer software. The attackers were able to inject a backdoor in the JAVS Viewer v8.3.7 installer that is being distributed from […]
https://securityaffairs.com/163683/hacking/supplay-chain-attack-javs-viewer.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Want to Learn More About the Interactions Between Near-Inertial Waves and Mesoscale Eddies?
The study was written by Scott Conn, Joseph Fitzgerald, and Jorn Callies. The authors compared five surface mixed layer models with a year of observations in the north Atlantic. The results were published in the Journal of Physical Oceanography. The study was also published in Geophysical Research Letters.
https://hackernoon.com/want-to-learn-more-about-the-interactions-between-near-inertial-waves-and-mesoscale-eddies?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Our Oceanography Study's YBJ Upper Boundary Condition: How We Found It
This paper is available on arxiv.org/pdf/2308.00889.pdf under CC 4.0 license. The no-normal flow condition is imposed by requiring 𝑀 = 0 at 𝓉 = 0 (Young and Ben Jelloul 1997) We then horizontally average (denoted by ·) equation (B1)
https://hackernoon.com/our-oceanography-studys-ybj-upper-boundary-condition-how-we-found-it?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 40: rust-zram-generator 2024-ce2936b568 Security Advisory Updates
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority
https://linuxsecurity.com/advisories/fedora/fedora-40-rust-zram-generator-2024-ce2936b568-security-advisory-updates-2jabf42ajppc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 40: wildcard 2024-ce2936b568 Security Advisory Updates
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority
https://linuxsecurity.com/advisories/fedora/fedora-40-wildcard-2024-ce2936b568-security-advisory-updates-qgsoabg2fbxq
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 40: snapshot 2024-ce2936b568 Security Advisory Updates
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority
https://linuxsecurity.com/advisories/fedora/fedora-40-snapshot-2024-ce2936b568-security-advisory-updates-fq9qhtedqbdl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 40: system76-keyboard-configurator 2024-ce2936b568 Security Advisory Updates
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority
https://linuxsecurity.com/advisories/fedora/fedora-40-system76-keyboard-configurator-2024-ce2936b568-security-advisory-updates-mr886oprhcrx
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 40: sudo-rs 2024-ce2936b568 Security Advisory Updates
This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority
https://linuxsecurity.com/advisories/fedora/fedora-40-sudo-rs-2024-ce2936b568-security-advisory-updates-qyhvkrsjhzai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la presse

What to make of China's massive cyber-espionage campaign | Mint
New Zealand blamed state-linked hackers in China for a cyber-attack on the country's parliament. Both America and Britain placed sanctions on an ...
https://www.livemint.com/global/what-to-make-of-china-s-massive-cyber-espionage-campaign-11716692285443.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MediSecure: Australia grapples with surge in cyberattacks | news.com.au
The emails and personal files of more than 7000 university staff and students were exposed in a recent cyber attack. On Friday, Australia's Cyber ...
https://www.news.com.au/technology/online/security/everyones-a-target-australia-grapples-with-surge-in-cyberattacks/news-story/322a894f85c653ea4c20f0e840686ee6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Release from gasoline reserve raises doubts Biden will replenish the Strategic Petroleum ...
“Just three years ago, Colonial Pipeline suffered a cyber attack. That was down for two weeks, and you've got a gas shortage all over the region ...
https://justthenews.com/politics-policy/energy/release-gasoline-reserve-raises-doubts-biden-will-replenish-strategic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

'Everyone a target': New terror facing Aussies - Yahoo News
Hacker performing cyber attack on laptop ... The emails and personal files of more than 7000 university staff and students were exposed in a recent ...
https://au.news.yahoo.com/everyone-target-terror-facing-aussies-022159229.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Enterprise Backup Solution – AOMEI Cyber Backup for All Businesses - MSN
Especially for enterprises and organizations. Once encounter a server hardware failure, cyber-attack, or other data disasters, all critical data can ...
https://www.msn.com/en-gb/money/technology/new-enterprise-backup-solution-aomei-cyber-backup-for-all-businesses/ar-BB1lqZIu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille (Presse spécialisée)

pcTattletale - 138,751 breached accounts
In May 2024, the spyware service pcTattletale suffered a data breach that defaced the website and posted tens of gigabytes of data to the homepage, allegedly due to pcTattletale not responding to a previous security vulnerability report. The breach exposed data including membership records, infected PC names, captured messages and extensive logs of IP addresses and device information.
https://haveibeenpwned.com/PwnedWebsites#pcTattletale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake AV websites used to distribute info-stealer malware
Threat actors used fake AV websites masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes to distribute malware. In mid-April 2024, researchers at Trellix Advanced Research Center team spotted multiple fake AV sites used to distribute info-stealers. The malicious websites hosted sophisticated malicious files such as APK, EXE and Inno setup installer, including Spy […]
https://securityaffairs.com/163673/cyber-crime/fake-av-websites-distribute-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Marine Moguls ERC-404 Launch With .9 Million In Prizes For Token Holders
Marine Moguls has launched on the ERC-404 protocol, introducing a new approach to digital asset management. The project features .9 million in prizes linked to over 25% of the tokens, providing $MOGUL owners a potential chance to win prizes, including 100,000 USDT and 50,000USDT.
https://hackernoon.com/marine-moguls-erc-404-launch-with--million-in-prizes-for-token-holders?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

THM — Athena
Are you capable of mastering the entire system and exploiting all vulnerabilities?Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/thm-athena-afafaf479750?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploring the Central Role of Linux in Quantum Computing
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in developing and deploying quantum computing technologies. As quantum computing technology advances, there is a growing need for operating systems that can support quantum computing frameworks.
https://linuxsecurity.com/news/security-trends/linux-quantum-computing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Noonification: The Entrepreneurs Antifragile Arsenal (5/25/2024)
How are you, hacker? 🪐What's happening in tech this week: The Noonification by HackerNoon has got you covered with fresh content from our top 5 stories of the day, every day at noon your local time! Set email preference here. ## Workload Isolation in Apache Doris: Optimizing Resource Management and Performance By @frankzzz [ 10 Min read ] Apache Doris supports workload isolation based on Resource Tag and Workload Group and provides solutions for different tradeoffs. Read More. The Entrepreneurs Antifragile Arsenal By @scottdclary [ 8 Min read ] Entrepreneurs need an antifragile arsenal to survive and thrive in the unpredictable world of business. Read More. Bitcoin: is the Post-halving Correction Over? By @sergeigorshunov [ 3 Min read ] Bitcoin touched as low as ,000 during...
https://hackernoon.com/5-25-2024-noonification?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Arc browser's Windows launch targeted by Google ads malvertising
A new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads. [...]
https://www.bleepingcomputer.com/news/security/arc-browsers-windows-launch-targeted-by-google-ads-malvertising/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Workload Isolation in Apache Doris: Optimizing Resource Management and Performance
Apache Doris supports workload isolation based on Resource Tag and Workload Group. It provides solutions for different tradeoffs among the level of isolation, resource utilization, and stable performance.
https://hackernoon.com/workload-isolation-in-apache-doris-optimizing-resource-management-and-performance?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Entrepreneur's Antifragile Arsenal
Entrepreneurs need an "antifragile arsenal" to survive and thrive in the unpredictable world of business. Most entrepreneurial advice is a regurgitation of the same old tired tropes: "hustle harder," "fail fast," "never give up" Your network acts as a shock absorber, softening the blow and helping you bounce back faster.
https://hackernoon.com/the-entrepreneurs-antifragile-arsenal?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Empowering Linux and Open-Source Security with AI: Strategies, Tools and Best Practices
It's hard to think of a technology more impactful than Artificial Intelligence (AI) . While it's been around for a while, it's only recently broken into the mainstream. Now that it has, it's rewriting the playbook for much of the tech industry, especially open-source software (OSS).
https://linuxsecurity.com/features/features/linux-security-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Indian man stole million in crypto using fake Coinbase Pro site
An Indian national pleaded guilty to wire fraud conspiracy for stealing over million through a fake Coinbase website used to steal credentials. [...]
https://www.bleepingcomputer.com/news/security/indian-man-stole-37-million-in-crypto-using-fake-coinbase-pro-site/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Physical Properties of the Eclipsing Binary KIC 9851944: Observation
Stars that are both pulsating and eclipsing offer an important opportunity to better understand many of the physical phenomena that occur in stars.
https://hackernoon.com/physical-properties-of-the-eclipsing-binary-kic-9851944-observation?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Physical Properties of the Eclipsing Binary KIC 9851944: Spectral Analysis
Stars that are both pulsating and eclipsing offer an important opportunity to better understand many of the physical phenomena that occur in stars.
https://hackernoon.com/physical-properties-of-the-eclipsing-binary-kic-9851944-spectral-analysis?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Research Indicates All Linux Vendor Kernels Are Insecure - But There's a Fix!
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport fixes. It emphasizes the importance of using the most up-to-date kernel releases for enhanced security, challenging the traditional vendor-bound kernel model.
https://linuxsecurity.com/news/vendors-products/linux-vendors-kernel-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data Leak Exposes 500GB of Indian Police, Military Biometric Data
By Waqas The records belonged to two separate India-based firms, ThoughtGreen Technologies and Timing Technologies. Both provide application development, RFID technology, and biometric verification services. This is a post from HackRead.com Read the original post: Data Leak Exposes 500GB of Indian Police, Military Biometric Data
https://www.hackread.com/data-leak-indian-police-military-biometric-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Where Does Generative AI Fit Into Digital Investigations?
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the Cybercrime Magazine Podcast Episode Sausalito, Calif. – May 25, 2024 “Everyone is talking about AI so I’m often asked these days, where does AI, or Generative AI, fit into digital investigations, and The post Where Does Generative AI Fit Into Digital Investigations? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/where-does-generative-ai-fit-into-digital-investigations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

JA4+ - Suite Of Network Fingerprinting Standards
JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session hijacking prevention, compliance automation, location tracking, DDoS detection, grouping of threat actors, reverse shell detection, and many more. Please read our blogs for details on how JA4+ works, why it works, and examples of what can be detected/prevented with it: JA4+ Network Fingerprinting (JA4/S/H/L/X/SSH) JA4T: TCP Fingerprinting (JA4T/TS/TScan) To understand how to read JA4+ fingerprints, see Technical Details This repo includes JA4+ Python, Rust, Zeek and C, as a Wireshark plugin....
http://www.kitploit.com/2024/05/ja4-suite-of-network-fingerprinting.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How To Secure the Linux Kernel
With the support of the open-source community and a strict privilege system embedded in its architecture, Linux has security built into its design. That being said, gone are the days when Linux system administrators could get away with subpar security practices. Cybercriminals have come to view Linux as a viable attack target due to its growing popularity, the valuable devices it powers worldwide, and an array of dangerous new Linux malware variants that have emerged in recent years.
https://linuxsecurity.com/features/features/how-to-secure-the-linux-kernel
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MITRE December 2023 attack: Threat actors created rogue VMs to evade detection
The MITRE Corporation revealed that threat actors behind the December 2023 attacks created rogue virtual machines (VMs) within its environment. The MITRE Corporation has provided a new update about the December 2023 attack. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. The security team at the organization […]
https://securityaffairs.com/163658/apt/mitre-december-2023-attack-rogue-vms.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille (Presse)

Mandatory national service for 18-year-olds if Tories win, Sunak vows - AOL UK
Army personnel feel 'let down' after MoD cyber attack. The media could not be loaded, either because the server or network failed or because the ...
https://www.aol.co.uk/news/mandatory-national-18-olds-tories-231052423.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Is the nation's water supply safe from attack? - Audacy
... Cyber Attack · environmental protection agency. Featured Image Photo Credit: (Photo by Justin Sullivan/Getty Images). Featured Local Savings. Featured ...
https://www.audacy.com/us99/news/local/is-the-nations-water-supply-safe-from-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building Resilience Against Cyber-Attacks: 7 Essential Cybersecurity Measures
In case of a successful cyber-attack, having recent backups of your data is crucial. Make it a routine to back up your files and systems in secure ...
https://www.intelligentliving.co/cyber-attacks-7-cybersecurity-measures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tempur Sealy Resumes Operations After Cyber Attack - MSN
... cyber attack. The shutdown resulted in a temporary interruption of operations, said the company, which disclosed the incident in a July 31 ...
http://www.msn.com/en-us/money/companies/tempur-sealy-resumes-operations-after-cyber-attack/ar-AA1eO5zF%3Fapiversion%3Dv2%26noservercache%3D1%26domshim%3D1%26renderwebcomponents%3D1%26wcseo%3D1%26batchservertelemetry%3D1%26noservertelemetry%3D1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The modern CISO: Scapegoat or value creator? - VentureBeat
To top it up, 61% of CISOs feel unprepared for a cyber-attack and 68% feel that their organization is at risk of an attack, according to Proofpoint.
https://venturebeat.com/security/the-modern-ciso-scapegoat-or-value-creator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Artificial Intelligence: What are 4 major cyber threats for 2024? - BetaNews
Seven crucial dos and don'ts for cyber-attack survival · Move over Google, LLMs are taking over! Top priorities for digital transformation strategy ...
https://betanews.com/2024/05/25/artificial-intelligence-what-are-4-major-cyber-threats-for-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FBI warns healthcare firms they are targeted by hackers - Yahoo Life UK
The break-in was the first known large-scale cyber attack to exploit that vulnerability. ADVERTISEMENT. Advertisement. Kennedy, who is chief ...
https://uk.style.yahoo.com/news/fbi-warns-healthcare-companies-targeted-192500391.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

ICQ messenger shuts down after almost 28 years
The ICQ messaging app is shutting down on June 26th, marking the end of a much-beloved communication application. [...]
https://www.bleepingcomputer.com/news/software/icq-messenger-shuts-down-after-almost-28-years/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacker defaces spyware app's site, dumps database and source code
​​A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data. [...]
https://www.bleepingcomputer.com/news/security/hacker-defaces-spyware-apps-site-dumps-database-and-source-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

An XSS flaw in GitLab allows attackers to take over accounts
GitLab addressed a high-severity cross-site scripting (XSS) vulnerability that allows unauthenticated attackers to take over user accounts. GitLab fixed a high-severity XSS vulnerability, tracked as CVE-2024-4835, that allows attackers to take over user accounts. An attacker can exploit this issue by using a specially crafted page to exfiltrate sensitive user information. The vulnerability impacts versions 15.11 before […]
https://securityaffairs.com/163649/hacking/gitlab-xss-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top Cloud Services Used for Malicious Website Redirects in SMS Scams
By Deeba Ahmed Fake Cloud, Real Theft! This is a post from HackRead.com Read the original post: Top Cloud Services Used for Malicious Website Redirects in SMS Scams
https://www.hackread.com/cloud-services-malicious-sites-redirect-sms-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft: Windows 24H2 will remove Cortana and WordPad apps
Microsoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-24h2-will-remove-cortana-and-wordpad-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft's 'Recall' Feature Draws Criticism From Privacy Advocates
Despite Microsoft's reassurances, multiple security researchers describe the technology as problematic for users and their organizations.
https://www.darkreading.com/data-privacy/microsofts-recall-feature-draws-criticism-from-privacy-advocates
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Research From Claroty's Team82 Highlights Remote Access Risks Facing Mission-Critical OT Assets

https://www.darkreading.com/ics-ot-security/research-from-claroty-s-team82-highlights-remote-access-risks-facing-mission-critical-ot-assets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Copilot fixed worldwide after 24 hour outage
After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-copilot-fixed-worldwide-after-24-hour-outage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Voice Generator App Used to Drop Gipy Malware
Users get duped into downloading malicious files disguised to look like an application that uses artificial intelligence to alter voices.
https://www.darkreading.com/threat-intelligence/ai-voice-generator-used-to-drop-gipy-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

TCM Academy Walkthrough : A Hands-On Experience
TCM Academy Walkthrough :Linux Privilege Escalation#BankaiAcademy is a purposely vulnerable virtual machine (VM) that is used for testing and practicing penetration testing techniques. It is designed by TCM Security under the capstone of practical ethical hacking course.Academy.7zI got the IP address using: sudo arp-scan -l. Then, I checked if it is running a web service or not. As expected, it is running a web service.I checked out Wappalyzer for information about the web.I came prepared for it with my arsenal. I call out to nmap, then fired the IP using:nmap -A -T4 -p- 192.168.57.252Nmap resultI logged in as ftp on port 21 since it allows anonymous login(ftp/ftp):I downloaded the note.txt file to my machine, and I found some useful information in it.So there is a login portal. I tried...
https://infosecwriteups.com/tcm-academy-walkthrough-a-hands-on-experience-e891243c61a8?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

THM:A Comprehensive Guide to the Pickle Rick TryHackMe Challenge
In the realm of ethical hacking and penetration testing, the quest to uncover vulnerabilities and secure systems is a thrilling adventure. In this journey, we'll dive into my experience with the “Pickle Rick” TryHackMe challenge. I'll take you through the steps I followed, revealing the valuable lessons learned along the way.Step 1: Information GatheringEvery successful penetration test starts with information gathering. The goal is to collect as much data as possible about the target. I began by accessing the website and inspecting its source code for hints. On line 28–32, I stumbled upon a hidden clue within a comment:```<! — Note to self, remember username!Username: R1ckRul3s →```This crucial discovery hinted at a login page, implying that both a username and password...
https://infosecwriteups.com/thm-a-comprehensive-guide-to-the-pickle-rick-tryhackme-challenge-9a157238e628?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fingerprinting Databases: Error based SQLi (Oracle, MySQL, MS)
Fingerprinting Databases: SQLi (Oracle, MySQL, MS)In the Name of Allah, the Most Beneficent, the Most Merciful. All the praises and thanks be to Allah, the Lord of the ‘Alamin (mankind, jinns and all that exists).I will start with Lab 3 of PortSwigger Academy. Please note that I don't solve the labs at once; I keep trying and failing until I get it right. Sometimes I check the solution and then figure out a different way to solve it.Lab 1 : SQL injection attack, querying the database type and version on OracleThis lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.ObjectiveSolutionI selected the Pets category and tested its vulnerability by adding a single quote after “Pets,” resulting...
https://infosecwriteups.com/fingerprinting-databases-error-based-sqli-oracle-mysql-ms-08926f83124f?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2023–52424: The WiFi SSID Confusion Attack Explained
CVE-2023–52424, also known as the SSID Confusion Attack, has brought new challenges to wireless network security.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/cve-2023-52424-the-wifi-ssid-confusion-attack-explained-26e43f5cff40?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Ultimate Cyber Security Weapon: SharePoint Lists
OK, maybe ‘ultimate weapon' is a bit strong. But hear me out…What Do the Cool Kids Do?If you browse the Internet for ‘cyber security projects' you're likely to come across things like the installation of technical tools, such as Wazuh, Pi-hole, or OpenVAS. These tools are fantastic and such projects can be a lot of fun, but what will they be protecting? As the old adage goes, “A band is only as good as its drummer” [1]. I've come to believe that a cyber security setup is only as good as its lists.Five Cybersecurity Memes and What They Say About Cybersecurity Today (isaca.org)Take a look at this,“Please list the quantities and operating systems for your laptops, desktops and virtual desktops within the scope of this assessment”This is text taken from section A2.4 in...
https://infosecwriteups.com/the-ultimate-cyber-security-weapon-sharepoint-lists-6232b74903fb?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Biometric Authentication: Exploring Advancements, Vulnerabilities, and Ethical Considerations
Photo by Onur Binay on UnsplashIn an era where traditional passwords are increasingly vulnerable to cyber threats, biometric authentication emerges as a promising solution to enhance security and user convenience. Biometric authentication methods, such as facial recognition, fingerprint scanning, and iris recognition, leverage unique physical or behavioral characteristics to verify an individual's identity. While biometrics offer numerous benefits, including improved security and usability, they also pose certain challenges, ranging from technical vulnerabilities to ethical concerns. This article delves into the advancements, vulnerabilities, and ethical considerations surrounding biometric authentication.Advancements in Biometric AuthenticationBiometric authentication has witnessed significant...
https://infosecwriteups.com/biometric-authentication-exploring-advancements-vulnerabilities-and-ethical-considerations-72cf80084ab4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shhh…Don't Tell the Database Admin: SQLi Lab Exploits
In the Name of Allah, the Most Beneficent, the Most Merciful. All the praises and thanks be to Allah, the Lord of the ‘Alamin (mankind, jinns and all that exists).Let's just begin with what brings us here today (giggled amusingly).Portswigger SQLi labs con'td(Link to the First writeup)Lab3: SQL injection attack, listing the database contents on non-Oracle databasesThis lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response so you can use a UNION attack to retrieve data from other tables.The application has a login function, and the database contains a table that holds usernames and passwords. You need to determine the name of this table and the columns it contains, then retrieve the contents...
https://infosecwriteups.com/shhh-dont-tell-the-database-admin-sqli-lab-exploits-5472db4c76ce?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Dorking | THM
How Search Engines Operate and Utilize Hidden ContentContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/google-dorking-thm-a87dc849c4b8?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How I Got My First Bounty: The Exciting Story of My Bug Bounty Breakthrough
Long time no see! I've been a bit preoccupied with other tasks besides bug bounty hunting, so I haven't had the chance to post any blogs. But setting all that aside, today I want to share how I achieved every beginner bug hunter's dream: scoring that first bounty. Still gives me chills just thinking about it!So, without further ado, let's dive into the details of this exhilarating experience.Let's get StartedThe most important takeaway from this blog is simple:Keep learning about different vulnerabilities and, more importantly, put that newly gained knowledge into practice. There are hundreds and thousands of websites out there waiting to be hunted, with millions of vulnerabilities just waiting to be discovered by someone.Further DetailsHere's how it all went down. The bug...
https://infosecwriteups.com/how-i-got-my-first-bounty-the-exciting-story-of-my-bug-bounty-breakthrough-d8391973ed41?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cencora data breach exposes US patient info from 11 drug companies
Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. [...]
https://www.bleepingcomputer.com/news/security/cencora-data-breach-exposes-us-patient-info-from-11-drug-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How FHE Technology Is Making End-to-End Encryption a Reality
By Uzair Amir Is End-to-End Encryption (E2EE) a Myth? Traditional encryption has vulnerabilities. Fully Homomorphic Encryption (FHE) offers a new hope… This is a post from HackRead.com Read the original post: How FHE Technology Is Making End-to-End Encryption a Reality
https://www.hackread.com/fhe-technology-make-end-to-end-encryption-reality/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Discovers Fourth Zero-Day in Less Than a Month
The tech company has rolled out fixes for a type confusion vulnerability that has already been exploited by malicious actors.
https://www.darkreading.com/vulnerabilities-threats/google-discovers-fourth-zero-day-in-less-than-a-month
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Critical Role of Training and Phishing Testing in Safeguarding Financial Data
Empowering the Human Firewall: The Bedrock of Cyber Defense By Michael Cocanower, CEO, AdviserCyber The Evolving Cybersecurity Landscape for RIAs and Professionals For Registered Investment Advisers (RIAs) and cybersecurity professionals […] The post The Critical Role of Training and Phishing Testing in Safeguarding Financial Data appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-critical-role-of-training-and-phishing-testing-in-safeguarding-financial-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New ShrinkLocker ransomware uses BitLocker to encrypt your files
A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. [...]
https://www.bleepingcomputer.com/news/security/new-shrinklocker-ransomware-uses-bitlocker-to-encrypt-your-files/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When 'No' & 'Good Enough' Challenge Cybersecurity
As the digital landscape evolves, these words must become an impetus for innovation and dialogue, not insurmountable barriers.
https://www.darkreading.com/vulnerabilities-threats/when-no-and-good-enough-challenge-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The SEC's SolarWinds Case: What CISOs Should Do Now
The SEC's lawsuit may take years to resolve through litigation, but here are five things CISOs should do now to protect both themselves as individuals as well as their organizations.
https://www.darkreading.com/cyber-risk/the-sec-solarwinds-case-what-ciso-should-do-now
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month
Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year. The vulnerability is a high-severity […]
https://securityaffairs.com/163642/hacking/8th-chrome-zero-day-2024-html.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mandatory reporting for ransomware attacks? – Week in security with Tony Anscombe
As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?
https://www.welivesecurity.com/en/videos/mandatory-reporting-ransomware-attacks-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Transformative Landscape in Legal Technology: From the Past to AI-Powered Future
By Rob Scott, Chief Innovator – Monjur The modern digital era, ripe with unparalleled technological evolutions, is remolding our perceptions and expectations at a pace once thought inconceivable. Among all […] The post A Transformative Landscape in Legal Technology: From the Past to AI-Powered Future appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/a-transformative-landscape-in-legal-technology-from-the-past-to-ai-powered-future/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 Verizon Data Breach Investigation Report (DBIR) Findings
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the Cybercrime Magazine Podcast Interview Sausalito, Calif. – May 24, 2024 SDxCentral reports that the 2024 Verizon Data Breach Investigation Report (DBIR) paints a troubling picture of the current cybersecurity landscape, marked by the increasing The post 2024 Verizon Data Breach Investigation Report (DBIR) Findings appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/2024-verizon-data-breach-investigation-report-dbir-findings/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Future-Proof Your Cybersecurity AI Strategy
An effective, long-term XDR strategy will address the ongoing need for rapid analysis and continual vetting of the latest threat intelligence.
https://www.darkreading.com/cybersecurity-operations/future-proof-your-cybersecurity-ai-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

PoolParty - A Set Of Fully-Undetectable Process Injection Techniques Abusing Windows Thread Pools
A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title - injection-techniques-using-windows-thread-pools-35446">The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools PoolParty Variants Variant ID Varient Description 1 Overwrite the start routine of the target worker factory 2 Insert TP_WORK work item to the target process's thread pool 3 Insert TP_WAIT work item to the target process's thread pool 4 Insert TP_IO work item to the target process's thread pool 5 Insert TP_ALPC work item to the target process's thread pool 6 Insert TP_JOB work item to the target process's thread pool 7 Insert TP_DIRECT...
http://www.kitploit.com/2024/05/poolparty-set-of-fully-undetectable.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Backdoored Courtroom Video Recording Software With System Hijacking Malware
A vulnerability (CVE-2024-4978) has been identified in JAVS Viewer v8.3.7, a critical component for managing digital recordings in legal and government environments.  The installer for this version is backdoored, allowing attackers to remotely seize control of infected systems, which could grant access to sensitive data and potentially establish persistence on the network.  To mitigate the […] The post Hackers Backdoored Courtroom Video Recording Software With System Hijacking Malware appeared first on Cyber Security News.
https://cybersecuritynews.com/courtroom-software-hijack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Japan To Launch Active Cyber Defense System To Prevent Cyber Attacks
Japan is creating a consultative body to implement an active cyber defense system to improve its ability to counter cyberattacks on critical infrastructure. The government will tap railways, electricity, and telecommunications operators for their expertise.  This collaboration will likely involve information sharing on cyber risks and potential countermeasures, including an analysis of international cyberattacks. The […] The post Japan To Launch Active Cyber Defense System To Prevent Cyber Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/japan-launches-active-cyber-defense-system/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomhub Attacking Industrial Control Systems To Encrypt And Exfiltrate Data
Ransomhub, a new ransomware group, has targeted the SCADA system of a Spanish bioenergy plant, Matadero de Gijón, which highlights the critical security risks associated with Industrial Control Systems (ICS) across various industries.  Since 2022, numerous cyberattacks have exploited vulnerabilities in ICS, causing significant disruptions to operations and infrastructure. This highlights the need for robust […] The post Ransomhub Attacking Industrial Control Systems To Encrypt And Exfiltrate Data appeared first on Cyber Security News.
https://cybersecuritynews.com/ransomhub-ics-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chinese Hackers Using ORB Proxy Networks For Stealthy Cyber Attacks
Researchers found that cyber espionage groups with ties to China are increasingly using complicated proxy networks called Operational Relay Box (ORB) networks. These networks are made up of mesh networks made from hacked devices and commercially leased virtual private servers (VPS).  Unlike traditional botnets, ORBs can be a hybrid of both, offering threat actors a […] The post Chinese Hackers Using ORB Proxy Networks For Stealthy Cyber Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/chinese-orb-network-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian Hackers Shift Tactics, Target More Victims with Paid Malware
By Deeba Ahmed Russian hackers and APT groups are escalating cyberattacks, leveraging readily available malware and broadening their targets beyond governments.… This is a post from HackRead.com Read the original post: Russian Hackers Shift Tactics, Target More Victims with Paid Malware
https://www.hackread.com/russian-hackers-target-victims-with-paid-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sharp Dragon Hackers Attacking Government Entities Using Cobalt Strike & Custom Backdoors
The activities of the Chinese threat actor group known as Sharp Dragon (formerly Sharp Panda) have been meticulously documented. Since 2021, this group has been involved in highly targeted phishing campaigns, primarily focusing on Southeast Asia. However, recent developments indicate a significant shift in their operations, with the group now targeting governmental organizations in Africa […] The post Sharp Dragon Hackers Attacking Government Entities Using Cobalt Strike & Custom Backdoors appeared first on Cyber Security News.
https://cybersecuritynews.com/sharp-dragon-hackers-attacking/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Raising the cyber resilience of software 'at scale'
New ‘Code of Practice for Software Vendors' will ensure that security is fundamental to developing and distributing products and services.
https://www.ncsc.gov.uk/blog-post/raising-cyber-resilience-software-at-scale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog
CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2020-17519, is an improper access control vulnerability in Apache Flink. Apache Flink contains an improper access […]
https://securityaffairs.com/163635/security/cisa-apache-flink-flaw-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GenAI Bots Can Be Tricked by Anyone To Leak Company Secrets
The introduction and widespread use of generative AI technologies such as ChatGPT has shown a new era for the world but comes with some unexplored cybersecurity risks. Prompt injection attacks are one form of manipulation that can happen with LLMs, wherein threat actors can manipulate bots into giving away sensitive data, generating offensive content, or […] The post GenAI Bots Can Be Tricked by Anyone To Leak Company Secrets appeared first on Cyber Security News.
https://cybersecuritynews.com/genai-bots-leak-secrets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google fixes eighth actively exploited Chrome zero-day this year
Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. [...]
https://www.bleepingcomputer.com/news/security/google-fixes-eighth-actively-exploited-chrome-zero-day-this-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors
The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, carries cybersecurity implications. It increases the discoverability of customer devices by attackers. Advisory on security impacts related […]
https://securityaffairs.com/163617/hacking/ddns-services-leads-information-disclosure.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns
UK data watchdog is investigating Microsoft regarding the new Recall feature in Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. The UK data watchdog, the Information Commissioner’s Office (ICO), is investigating a new feature, called Recall, implemented by Microsoft” Copilot+ PCs that captures screenshots of the user’s laptop every few seconds. […]
https://securityaffairs.com/163609/security/microsoft-recall-feature-copilot-pcs.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New DoS Attack ‘DNSBomb' Exploiting DNS Queries & Responses
Cybersecurity researchers have unveiled a new and potent Denial of Service (DoS) attack, dubbed “DNSBomb.” This attack leverages the inherent mechanisms of the Domain Name System (DNS) to create a powerful pulsing DoS attack that poses a significant threat to internet infrastructure. Exploiting DNS Mechanisms DNSBomb capitalizes on several widely implemented DNS mechanisms, including timeout, […] The post New DoS Attack ‘DNSBomb' Exploiting DNS Queries & Responses appeared first on Cyber Security News.
https://cybersecuritynews.com/new-dos-attack-dnsbomb-exploiting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Attacks Targeting VMware ESXi Infrastructure Adopt New Pattern
Cybersecurity professionals at Sygnia have noted a notable change in the strategies used by ransomware groups that are aiming at virtualized environments, specifically VMware ESXi infrastructure, in relation to development. The incident response team has noted a steady increase in these attacks, with threat actors exploiting misconfigurations and vulnerabilities in virtualization platforms to maximize their […] The post Ransomware Attacks Targeting VMware ESXi Infrastructure Adopt New Pattern appeared first on Cyber Security News.
https://cybersecuritynews.com/ransomware-attacks-targeting-vmware-esxi-infrastructure-adopt-new-pattern/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft pushes emergency fix for Windows Server 2019 update errors
Microsoft has released an emergency out-of-band (OOB) update for Windows Server 2019 that fixes a bug causing 0x800f0982 errors when attempting to install the May 2024 Patch Tuesday security updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-emergency-fix-for-windows-server-2019-0x800f0982-update-errors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Stark Industries Solutions: An Iron Hammer in the Cloud
Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia.
https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CyberArk Goes All In on Machine Identity With Venafi Deal
CyberArk's .54 billion agreement to buy Venafi is a sign of how human and machine identities will converge with certificate life cycle management.
https://www.darkreading.com/identity-access-management-security/cyberark-goes-all-in-on-machine-identity-with-venafi-deal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Concentric AI to Unveil Data Security Remediation and Compliance Reporting Capabilities at Infosecurity Europe 2024

https://www.darkreading.com/application-security/concentric-ai-to-unveil-new-data-security-remediation-and-compliance-reporting-capabilities-at-infosecurity-europe-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Seizing Control of the Cloud Security Cockpit
Much like an airplane's dashboard, configurations are the way we control cloud applications and SaaS tools. It's also the entry point for too many security threats. Here are some ideas for making the configuration process more secure.
https://www.darkreading.com/cloud-security/seizing-control-cloud-security-configuration-cockpit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SOCRadar Secures .2M in Funding to Combat Multibillion-Dollar Cybersecurity Threats

https://www.darkreading.com/cybersecurity-operations/socradar-secures-25-2m-in-funding-to-combat-multibillion-dollar-cyber-security-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bugcrowd Acquires Informer to Enhance Attack Surface Management, Penetration Testing

https://www.darkreading.com/cyberattacks-data-breaches/bugcrowd-acquires-informer-to-enhance-attack-surface-management-penetration-testing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Efficient Document Merging Strategies for Professionals
By Uzair Amir Discover time-saving document merging strategies for professionals. Learn how to streamline workflows, enhance collaboration, and protect document integrity for increased productivity and peace of mind. This is a post from HackRead.com Read the original post: Efficient Document Merging Strategies for Professionals
https://www.hackread.com/efficient-document-merging-strategies-professionals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

JAVS courtroom recording software backdoored in supply chain attack
Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems. [...]
https://www.bleepingcomputer.com/news/security/javs-courtroom-recording-software-backdoored-in-supply-chain-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 05/23/2024
Infiltrate the Broadcast! A new module from Chocapikk allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo (12.4 - 14.2). The multi/http/avideo_wwbnindex_unauth_rce module leverages CVE-2024-31819, a vulnerability to PHP Filter Chaining, to gain unauthenticated and unprivileged access,
https://blog.rapid7.com/2024/05/23/metasploit-weekly-wrap-up-05-23-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft spots gift card thieves using cyber-espionage tactics
Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. [...]
https://www.bleepingcomputer.com/news/security/microsoft-spots-gift-card-thieves-using-cyber-espionage-tactics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WhatsApp Engineers Fear Encryption Flaw Exposes User Data, Memo
By Deeba Ahmed Is your WhatsApp privacy a myth? New reports reveal a vulnerability that could expose who you message to government agents. This is a post from HackRead.com Read the original post: WhatsApp Engineers Fear Encryption Flaw Exposes User Data, Memo
https://www.hackread.com/whatsapp-engineers-encryption-flaw-exposes-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6785-1: GNOME Remote Desktop vulnerability
Matthias Gerstner discovered that GNOME Remote Desktop incorrectly performed certain user validation checks. A local attacker could possibly use this issue to obtain sensitive information, or take control of remote desktop connections.
https://ubuntu.com/security/notices/USN-6785-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Developers' AMA: AI System Design and Development
During our recent webinar, four seasoned AI engineers discussed questions about applied AI/ML.
https://www.hackerone.com/ai/developers-system-design-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Bitcoin Token Protocol “Runes” Carries Potential Phishing Risk
By Owais Sultan Is the innovative Runes protocol on Bitcoin a cybersecurity concern waiting to happen? Cybersecurity experts at Resonance Security… This is a post from HackRead.com Read the original post: New Bitcoin Token Protocol “Runes” Carries Potential Phishing Risk
https://www.hackread.com/bitcoin-token-protocol-runes-phishing-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How I got started: AI security researcher
For the enterprise, there’s no escape from deploying AI in some form. Careers focused on AI are proliferating, but one you may not be familiar with is AI security researcher. These AI specialists are cybersecurity professionals who focus on the unique vulnerabilities and threats that arise from the use of AI and machine learning (ML) […] The post How I got started: AI security researcher appeared first on Security Intelligence.
https://securityintelligence.com/articles/ai-security-researcher-how-i-got-started/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024: The Year of Secure Design
By Stephen de Vries, CEO, IriusRisk In 2023, we saw governments and global cybersecurity agencies begin to put the building blocks in place for secure design and take cyber defense […] The post 2024: The Year of Secure Design appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/2024-the-year-of-secure-design/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guntech 2.5 to Launch in Upland's Gaming Ecosystem
By Uzair Amir Mathilda Studios Partners with Upland to Introduce Guntech 2.5 into Upland's Web3 Gaming Platform with +10 Locations and… This is a post from HackRead.com Read the original post: Guntech 2.5 to Launch in Upland's Gaming Ecosystem
https://www.hackread.com/guntech-2-5-launch-in-uplands-gaming-ecosystem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

70% of CISOs worry their org is at risk of a material cyber attack

https://www.proofpoint.com/us/newsroom/news/70-cisos-worry-their-org-risk-material-cyber-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analog Launches Testnet, Allocates 2% Token Supply for Participants
By Uzair Amir Analog's Testnet is open for developers, community and validators, participants can complete quests and climb the ATP leaderboard… This is a post from HackRead.com Read the original post: Analog Launches Testnet, Allocates 2% Token Supply for Participants
https://www.hackread.com/analog-launches-testnet-allocates-token-supply/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Take Command Summit: A Day of Resilience and Preparation
The Take Command Summit is officially in the books. It was a day-long virtual powerhouse of major voices and ultra-relevant topics from across the entire cybersecurity spectrum. We are super proud of the event and grateful for all who joined us for these important discussions. At Rapid7 we are eager
https://blog.rapid7.com/2024/05/23/the-take-command-summit-a-day-of-resilience-and-preparation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Women In Cloud On Cybersecurity, Sponsored By Microsoft – Live Video Conference
This week in cybersecurity from the editors at Cybercrime Magazine – Watch the Video Sausalito, Calif. – May 23, 2024 Presented by Women in Cloud in partnership with Microsoft, the “Closing The Gap in Cybersecurity” Live Panel originally aired on May 17, 2024. The discussion examines The post Women In Cloud On Cybersecurity, Sponsored By Microsoft – Live Video Conference appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/women-in-cloud-on-cybersecurity-sponsored-by-microsoft-live-video-conference/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

APT41: The threat of KeyPlug against Italian industries
Tinexta Cyber's Zlab Malware Team uncovered a backdoor known as KeyPlug employed in attacks against several Italian industries During an extensive investigation, Tinexta Cyber's Zlab Malware Team uncovered a backdoor known as KeyPlug, which hit for months a variety of Italian industries. This backdoor is attributed to the arsenal of APT41,a group whose origin is […]
https://securityaffairs.com/163598/apt/apt41-keyplug-targets-italian-industries.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6784-1: cJSON vulnerabilities
It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-50471, CVE-2023-50472) Luo Jin discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. (CVE-2024-31755)
https://ubuntu.com/security/notices/USN-6784-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

6 Factors to Consider When Choosing a SIEM Solution
Don’t Settle for Less | Make an Informed Decision By Krunal Mendapara, Chief Technology Officer, Sattrix Group In today’s world, cyber threats are more rampant than ever before. It’s no […] The post 6 Factors to Consider When Choosing a SIEM Solution appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/6-factors-to-consider-when-choosing-a-siem-solution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Signals: Inside the growing risk of gift card fraud
In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. The latest edition of Cyber Signals dives deep into the world of Storm-0539, also known as Atlas Lion, shedding light on their sophisticated methods of gift and payment card theft. The post Cyber Signals: Inside the growing risk of gift card fraud appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/05/23/cyber-signals-inside-the-growing-risk-of-gift-card-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording solutions for courtroom environments. Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk and should take immediate action.
https://blog.rapid7.com/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry
Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows Remote Registry to retrieve registry keys directly from memory. It was built as a learning experience and as a proof of concept that it should be possible to remotely retrieve the NT Hashes from the SAM hive and the LSA secrets as well as domain cached credentials without having to first save the registry hives to disk and then parse them locally. The main problem to overcome was that the SAM and SECURITY hives are only readable by NT AUTHORITY\SYSTEM. However, I noticed that the local group...
http://www.kitploit.com/2024/05/go-secdump-tool-to-remotely-dump.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6777-4: Linux kernel (HWE) vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Userspace I/O drivers; - Ceph distributed file system; - Ext4 file system; - JFS file system; - NILFS2 file system; - Bluetooth subsystem; - Networking core; - IPv4 networking; - IPv6 networking; - Logical Link layer; - MAC80211 subsystem; - Netlink; - NFC subsystem; -...
https://ubuntu.com/security/notices/USN-6777-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ShrinkLocker: Turning BitLocker into ransomware
The Kaspersky GERT has detected a VBS script that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom.
https://securelist.com/ransomware-abuses-bitlocker/112643/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How AI will change your credit card behind the scenes
Several credit card companies have revealed how they envision using artificial intelligence to "improve" their products.
https://www.malwarebytes.com/blog/news/2024/05/how-ai-will-change-your-credit-card-behind-the-scenes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
A Chinese APT group is targeting political entities across multiple continents. Named Operation Diplomatic Specter, this campaign uses rare techniques and a unique toolset. The post Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia appeared first on Unit 42.
https://unit42.paloaltonetworks.com/operation-diplomatic-specter/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

LastPass Rolls Out URL Encryption In Password Vaults
LastPass introduces URL encryption in its password vaults. With encrypted URLs, LastPass believes it can… LastPass Rolls Out URL Encryption In Password Vaults on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/23/lastpass-rolls-out-url-encryption-in-password-vaults/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries
Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings
https://www.welivesecurity.com/en/eset-research/introducing-nimfilt-reverse-engineering-tool-nim-compiled-binaries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6736-2: klibc vulnerabilities
USN-6736-1 fixed vulnerabilities in klibc. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was discovered that zlib, vendored in klibc, incorrectly handled pointer arithmetic. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2016-9840, CVE-2016-9841) Danilo Ramos discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain deflating operations. An attacker could use this issue to cause klibc to crash or to possibly execute arbitrary code. (CVE-2018-25032) Evgeny Legerov discovered that zlib, vendored in klibc, incorrectly handled memory when performing certain inflate operations. An attacker could use this issue to cause klibc to crash or to...
https://ubuntu.com/security/notices/USN-6736-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6663-3: OpenSSL update
USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. Original advisory details: As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS#1 v1.5 RSA to prevent its use in possible Bleichenbacher timing attacks.
https://ubuntu.com/security/notices/USN-6663-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Can Abuse Apple's Wi-Fi Positioning System to Track Users Globally
A recent study by security researchers has revealed a major privacy vulnerability in Apple’s Wi-Fi Positioning System (WPS) that allows hackers to track the locations of Wi-Fi access points and their owners globally. Researchers from the University of Maryland published their findings, which reveal that an unprivileged attacker can exploit Apple’s crowdsourced location tracking system […] The post Hackers Can Abuse Apple’s Wi-Fi Positioning System to Track Users Globally appeared first on Cyber Security News.
https://cybersecuritynews.com/apples-wi-fi-positioning-system/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A journey into forgotten Null Session and MS-RPC interfaces
This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration.
https://securelist.com/no-auth-domain-information-enumeration/112629/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Actor Claiming Access to AWS, Azure, MongoDB & Github API Keys
A threat actor has claimed to have gained unauthorized access to API keys for major cloud service providers, including Amazon Web Services (AWS), Microsoft Azure, MongoDB, and GitHub. The announcement was made via a post on the social media platform X by the account DarkWebInformer. The tweet has raised alarms within the cybersecurity community, prompting […] The post Threat Actor Claiming Access to AWS, Azure, MongoDB & Github API Keys appeared first on Cyber Security News.
https://cybersecuritynews.com/threat-actor-claiming-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dota2 - 1,907,205 breached accounts
In July 2016, the Dota2 official developers forum suffered a data breach that exposed almost 2 million users. The hack of the vBulletin forum led to the disclosure of email and IP addresses, usernames and passwords stored as salted MD5 hashes.
https://haveibeenpwned.com/PwnedWebsites#Dota2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Genesis Market Malware Attack
What is the attack?The FortiGuard Lab's EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023. The investigation traced some initial compromises to tools used for circumventing software licensing and counterfeit GPG MSI installers embedded with PowerShell scripts. Following the initial infection, the malware deploys a victim-specific DLL into the machine's memory. This malware targets Edge, Chrome, Brave, and Opera browsers by installing a "Save to Google Drive" extension, which it uses to steal login credentials and sensitive personal data.What is Genesis Market?Genesis Market is a black market that deals in stolen login credentials, browser cookies,...
https://fortiguard.fortinet.com/threat-signal-report/5461
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea
By Waqas Unfading Sea Haze's modus operandi spans over five years, with evidence dating back to 2018, reveals Bitdefender Labs' investigation. This is a post from HackRead.com Read the original post: New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea
https://www.hackread.com/unfading-sea-haze-military-target-south-china-sea/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6783-1: VLC vulnerabilities
It was discovered that VLC incorrectly handled certain media files. A remote attacker could possibly use this issue to cause VLC to crash, resulting in a denial of service, or potential arbitrary code execution.
https://ubuntu.com/security/notices/USN-6783-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What You Need to Know About the EU's Cyber Resilience Act
The EU is adopting the Cyber Resilience Act, which will bring pivotal changes to product cybersecurity in Europe, the United States, and globally.
https://www.hackerone.com/public-policy/eu-cyber-resilience-act
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Machine learning security principles updated
Revised principles will help people make the right security decisions when developing systems with AI/ML components.
https://www.ncsc.gov.uk/blog-post/machine-learning-security-principles-updated
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fortifying Digital Health Against Cyber Attacks
By Nissim Ben-Saadon, Director of Innovation, CYREBRO In today’s digital era, the healthcare industry stands at the forefront of technological adoption, heavily relying on digital systems such as Electronic Health […] The post Fortifying Digital Health Against Cyber Attacks appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/fortifying-digital-health-against-cyber-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Identity vulnerabilities a concern at Microsoft, outside researcher claims

https://www.proofpoint.com/us/newsroom/news/identity-vulnerabilities-concern-microsoft-outside-researcher-claims
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Microsoft under attack from government and tech rivals after ‘preventable' hack ties executive pay to cyberthreats

https://www.proofpoint.com/us/newsroom/news/microsoft-under-attack-government-and-tech-rivals-after-preventable-hack-ties
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strengthening Cyber Defense with Threat Intelligence Operations
By Toby Bussa, VP of Product Marketing, ThreatConnect Introduction In an era where cyber threats loom larger and are more complex than ever, it is vitally important for organizations to […] The post Strengthening Cyber Defense with Threat Intelligence Operations appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/strengthening-cyber-defense-with-threat-intelligence-operations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Top 7 generative AI development companies
As generative AI is relentlessly permeating various business sectors and industries, Gen AI development companies… Top 7 generative AI development companies on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/22/top-7-generative-ai-development-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building DDoS Botnets with TP-Link and Netgear Routers
Threat actors double down with their botnet building efforts. Vulnerable Netgear routers join exploitable TP-Link and other IoT devices, expanding attacker DDoS capabilities.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-april-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Consolidated Approach to Fraud: Bringing Together Risk Insights, Organizations and Technology
By Kimberly Sutherland, vice president, fraud and identity strategy, LexisNexis® Risk Solutions Digital fraud has seen a substantial increase in recent years, mainly due to the sharp rise in digital […] The post A Consolidated Approach to Fraud: Bringing Together Risk Insights, Organizations and Technology appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/a-consolidated-approach-to-fraud-bringing-together-risk-insights-organizations-and-technology/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privacy Pandemic: How Cybercriminals Determine Targets, Attack Identities, And Violate Privacy
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the Cybercrime Magazine Podcast Interview Sausalito, Calif. – May 22, 2024 After mounting red flags caused Chris Smith to end a close relationship, he found his digital life under attack: accounts were compromised, The post Privacy Pandemic: How Cybercriminals Determine Targets, Attack Identities, And Violate Privacy appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/privacy-pandemic-how-cybercriminals-determine-targets-attack-identities-and-violate-privacy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zero-day vulnerabilities: A beginner's guide
Note: This article was originally published on The New Stack.
https://www.sonatype.com/blog/zero-day-vulnerabilities-a-beginners-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Above - Invisible Network Protocol Sniffer
Invisible protocol sniffer for finding vulnerabilities in the network. Designed for pentesters and security engineers. Above: Invisible network protocol snifferDesigned for pentesters and security engineersAuthor: Magama Bazarov, <caster@exploit.org>Pseudonym: CasterVersion: 2.6Codename: Introvert Disclaimer All information contained in this repository is provided for educational and research purposes only. The author is not responsible for any illegal use of this tool. It is a specialized network security tool that helps both pentesters and security professionals. Mechanics Above is a invisible network sniffer for finding vulnerabilities in network equipment. It is based entirely on network traffic analysis, so it does not make any noise on the air. He's invisible. Completely based...
http://www.kitploit.com/2024/05/above-invisible-network-protocol-sniffer.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Criminal record database of millions of Americans dumped online
A notorious cybercriminal involved in breaches has released a database containing 70 million US criminal records.
https://www.malwarebytes.com/blog/news/2024/05/criminal-record-database-of-millions-of-americans-dumped-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Stealers, stealers and more stealers
In this report, we discuss two new stealers: Acrid and ScarletStealer, and an evolution of the known Sys01 stealer, with the latter two dividing stealer functionality across several modules.
https://securelist.com/crimeware-report-stealers/112633/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What happens when AI goes rogue (and how to stop it)
As AI gets closer to the ability to cause physical harm and impact the real world, “it's complicated” is no longer a satisfying response
https://www.welivesecurity.com/en/cybersecurity/what-happens-ai-goes-rogue-how-stop-it/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft AI “Recall” feature records everything, secures far less
Microsoft unveiled an AI search tool on new laptops that will require regular screenshots of all device activity to be recorded and stored.
https://www.malwarebytes.com/blog/news/2024/05/microsoft-ai-recall-feature-records-everything-secures-far-less
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Choosing the Right Pricing Intelligence Solution for Your Business
In the current business environment, where competition is fierce, pricing is the key factor that… Choosing the Right Pricing Intelligence Solution for Your Business on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/22/choosing-the-right-pricing-intelligence-solution-for-your-business/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6782-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4777) Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367) Irvan Kurniawan discovered that Thunderbird did not properly handle certain font styles when saving a page to PDF. An attacker could potentially exploit this issue to cause a denial of service....
https://ubuntu.com/security/notices/USN-6782-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679). Mirth Connect is an open-source data integration platform widely used by healthcare companies. It enables the management of information using bi-directional sending of many types of messages. Attackers could exploit this vulnerability for initial access or to compromise sensitive healthcare data. CISA has recently added CVE-2023-43208 to its Known Exploited Vulnerabilities (KEV) catalog on May 20th, 2024. What is the recommended Mitigation?Users are advised to update to the latest version of NextGen Healthcare Mirth Connect as per the vendor's instructions. What FortiGuard Coverage...
https://fortiguard.fortinet.com/threat-signal-report/5460
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6775-2: Linux kernel vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - MAC80211 subsystem; - Tomoyo security module; (CVE-2024-26622, CVE-2023-52530)
https://ubuntu.com/security/notices/USN-6775-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6777-3: Linux kernel (GCP) vulnerabilities
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service (system crash). (CVE-2023-47233) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Userspace I/O drivers; - Ceph distributed file system; - Ext4 file system; - JFS file system; - NILFS2 file system; - Bluetooth subsystem; - Networking core; - IPv4 networking; - IPv6 networking; - Logical Link layer; - MAC80211 subsystem; - Netlink; - NFC subsystem; -...
https://ubuntu.com/security/notices/USN-6777-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing the Gateway: Why Protecting Build Systems Is Crucial in Modern Software Development
Understand why securing build systems is as important as securing production systems.
https://www.legitsecurity.com/blog/why-protecting-build-systems-is-crucial-in-modern-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity or Cyber Resilience: Which Matters More?
Planning Beyond an Enterprise Security Posture and Toward Reliable Business Continuity By Amanda Satterwhite, Managing Director of Cyber Growth & Strategy, Accenture Federal Services Cybercrimes in the United States have […] The post Cybersecurity or Cyber Resilience: Which Matters More? appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/cybersecurity-or-cyber-resilience-which-matters-more/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to remove a user from a shared Android device
This post explains how to remove additional users and accounts from your Android device
https://www.malwarebytes.com/blog/explained/2024/05/how-to-remove-a-user-from-a-shared-android-device
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to remove a user from a shared Mac
This post explains how to remove additional users and accounts from your Mac
https://www.malwarebytes.com/blog/explained/2024/05/how-to-remove-a-user-from-a-shared-mac
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to remove a user from a shared Windows device
This post explains how to remove additional users and accounts from your Windows device
https://www.malwarebytes.com/blog/explained/2024/05/how-to-remove-a-user-from-a-shared-windows-device
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Your Wi-Fi Router Doubles as an Apple AirTag
Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally -- including non-Apple devices like Starlink systems -- and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.
https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MSP Brite Reveals The Latest Cybersecurity Strategies
What tools and techniques should your organization use to manage risk? – Stephen Salinas, Head of Product Marketing, Stellar Cyber San Jose, Calif. – May 21, 2024 Cyberattacks are always evolving, and so are the tools and techniques organizations use to manage risk. To get The post MSP Brite Reveals The Latest Cybersecurity Strategies appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/msp-brite-reveals-the-latest-cybersecurity-strategies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6780-1: idna vulnerability
Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service.
https://ubuntu.com/security/notices/USN-6780-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity In The Age Of AI. Insights From Thought Leaders At RSA Conference 2024.
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the special RSA Conference episode Sausalito, Calif. – May 21, 2024 Cybercrime Magazine was a media sponsor at the 2024 RSA Conference in San Francisco where we spoke with thought leaders from The post Cybersecurity In The Age Of AI. Insights From Thought Leaders At RSA Conference 2024. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-in-the-age-of-ai-insights-from-thought-leaders-at-rsa-conference-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint's 2024 Voice of the CISO Report Reveals that More than Four in 5 Canadian CISOs Identify Human Error as Leading Cybersecurity Risk

https://www.proofpoint.com/us/newsroom/press-releases/proofpoints-2024-voice-ciso-report-reveals-more-four-5-canadian-cisos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guardz Launches Pioneering Cyber Insurance with Active Protection Exclusively for SMBs
The new offering uniquely qualifies small businesses to obtain cyber insurance and enables them to… Guardz Launches Pioneering Cyber Insurance with Active Protection Exclusively for SMBs on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/21/guardz-launches-pioneering-cyber-insurance-with-active-protection-exclusively-for-smbs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rapid7 Releases the 2024 Attack Intelligence Report
Today, during our Take Command Summit, we released our 2024 Attack Intelligence Report, which pulls in expertise from our researchers, our detection and response teams, and threat intelligence teams. The result is the clearest picture yet of the expanding attack surface and the threats security professionals face every day. Since
https://blog.rapid7.com/2024/05/21/rapid7-releases-the-2024-attack-intelligence-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Working in the security clearance world: How security clearances impact jobs
We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense. But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines. This brief explainer discusses the […] The post Working in the security clearance world: How security clearances impact jobs appeared first on Security Intelligence.
https://securityintelligence.com/articles/security-clearances-impact-jobs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vger - An Interactive CLI Application For Interacting With Authenticated Jupyter Instances
V'ger is an interactive command-line application for post-exploitation of authenticated Jupyter instances with a focus on AI/ML security operations. User Stories As a Red Teamer, you've found Jupyter credentials, but don't know what you can do with them. V'ger is organized in a format that should be intuitive for most offensive security professionals to help them understand the functionality of the target Jupyter server. As a Red Teamer, you know that some browser-based actions will be visibile to the legitimate Jupyter users. For example, modifying tabs will appear in their workspace and commands entered in cells will be recorded to the history. V'ger decreases the likelihood of detection. As an AI Red Teamer, you understand academic algorthmic attacks, but need a more practical execution...
http://www.kitploit.com/2024/05/vger-interactive-cli-application-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Untangling the hiring dilemma: How security solutions free up HR processes
The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators. How can businesses crack this conundrum?
https://www.welivesecurity.com/en/business-security/untangling-hiring-dilemma-how-security-solutions-free-up-hr-processes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hyperconverged Infrastructure: Your Complete Guide to HCI
Technology is advancing at an unprecedented rate. Traditional systems infrastructure must catch up as applications… Hyperconverged Infrastructure: Your Complete Guide to HCI on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/21/hyperconverged-infrastructure-your-complete-guide-to-hci/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint's 2024 Voice of the CISO Report Reveals that Three-Quarters of CISOs Identify Human Error as Leading Cybersecurity Risk

https://www.proofpoint.com/us/newsroom/press-releases/proofpoints-2024-voice-ciso-report-reveals-three-quarters-cisos-identify
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to become a Hacker
Introduction Last year, I attended a job fair organized by the Association of Computer Science Students at ETH Zürich. It was a rewarding experience to be able to share my day-to-day work in a field I am so passionate about. We got to talk to numerous students at different stages of their studies, as well […]
https://blog.compass-security.com/2024/05/how-to-become-a-hacker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mastering Secure DevOps with Six Key Strategies
Written by the CSA DevSecOps Working Group.Cloud computing has heightened security challenges, with frequent breaches stemming from insecure applications and poor infrastructure. Similarly, as software development speeds up, the complexity and number of attacks and data breaches also rise.Secure DevOps (or DevSecOps) addresses these challenges by embedding security into the development and operational processes. Secure DevOps simplifies development, ensures trusted components, empowers teams ...
https://cloudsecurityalliance.org/articles/mastering-secure-devops-with-six-key-strategies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 Report Reveals Hundreds of Security Events Per Week, Highlighting the Criticality of Continuous Validation
Originally published by Pentera.Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half. And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain. Alarming? Absolutely.A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, rev...
https://cloudsecurityalliance.org/articles/2024-report-reveals-hundreds-of-security-events-per-week-highlighting-the-criticality-of-continuous-validation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Women Know Cyber: 150 Fascinating Females Fighting Cybercrime
Role models for students, parents, educators, and the cybersecurity community Sponsored by Secureworks Sausalito, Calif. – May 20, 2024 / WomenKnowCyber.com Cybersecurity Ventures published a book in 2019 — “Women Know Cyber: 100 Fascinating Females Fighting Cybercrime” — which is available on Amazon. The book The post Women Know Cyber: 150 Fascinating Females Fighting Cybercrime appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/women-in-cybersecurity-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Windows 11 features strengthen security to address evolving cyberthreat landscape
Today, ahead of the Microsoft Build 2024 conference, we announced a new class of Windows computers, Copilot+ PC. Alongside this exciting new class of computers, we are introducing important security features and updates that make Windows 11 more secure for users and organizations, and give developers the tools to prioritize security. The post New Windows 11 features strengthen security to address evolving cyberthreat landscape appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/05/20/new-windows-11-features-strengthen-security-to-address-evolving-cyberthreat-landscape/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security@: The Top 3 Bug Bounty Lessons From Security Leaders
See the top security lessons from security leaders at Booking.com, Polygon Labs, Delivery Hero, and Headspace.
https://www.hackerone.com/customer-stories/security-lessons
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your vacation, reservations, and online dates, now chosen by AI: Lock and Code S05E11
This week on Lock and Code, we talk about what people lose when they let AI services make choices for dinners, reservations, and even dating.
https://www.malwarebytes.com/blog/podcast/2024/05/your-vacation-reservations-and-online-dates-now-chosen-by-ai-lock-and-code-s05e11
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking the Power of Governance in Cybersecurity: NIST CSF 2.0 Introduces ‘Govern' to Redefine CISO Leadership in 2024
By Shirley Salzman, CEO and Co-Founder, SeeMetrics As all eyes are towards the updated NIST CSF 2.0 publication, some of the spoilers have already been published – now security leaders […] The post Unlocking the Power of Governance in Cybersecurity: NIST CSF 2.0 Introduces ‘Govern’ to Redefine CISO Leadership in 2024 appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/unlocking-the-power-of-governance-in-cybersecurity-nist-csf-2-0-introduces-govern-to-redefine-ciso-leadership-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dogs Stole The Show At RSA Conference 2024 In San Francisco
This week in cybersecurity from the editors at Cybercrime Magazine – Watch the Cybercrime Magazine Video Sausalito, Calif. – May 20, 2024 The Cybercrime Magazine media crew spotted very cute dogs at the Kiteworks booth in the expo hall at the recent RSA Conference 2024 in San Francisco. For The post Dogs Stole The Show At RSA Conference 2024 In San Francisco appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/dogs-stole-the-show-at-rsa-conference-2024-in-san-francisco/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Patch Tuesday May 2024 Fixed 3 Zero-Days
Microsoft rolled out its scheduled Patch Tuesday update for May 2024 this week. Unlike the… Microsoft Patch Tuesday May 2024 Fixed 3 Zero-Days on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/20/microsoft-patch-tuesday-may-2024-fixed-3-zero-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What is real-time protection and why do you need it?
Having real-time protection is like having guards stationed all around your castle, ready to defend. Here's how it works.
https://www.malwarebytes.com/blog/personal/2024/05/what-is-real-time-protection-and-why-do-you-need-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Drs-Malware-Scan - Perform File-Based Malware Scan On Your On-Prem Servers With AWS
Perform malware scan analysis of on-prem servers using AWS services Challenges with on-premises malware detection It can be difficult for security teams to continuously monitor all on-premises servers due to budget and resource constraints. Signature-based antivirus alone is insufficient as modern malware uses various obfuscation techniques. Server admins may lack visibility into security events across all servers historically. Determining compromised systems and safe backups to restore from during incidents is challenging without centralized monitoring and alerting. It is onerous for server admins to setup and maintain additional security tools for advanced threat detection. The rapid mean time to detect and remediate infections is critical but difficult to achieve without the right automated...
http://www.kitploit.com/2024/05/drs-malware-scan-perform-file-based.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Financial institutions ordered to notify customers after a breach, have an incident response plan
The Securities and Exchange Commission has announced rules around breaches for certain financial institutions.
https://www.malwarebytes.com/blog/news/2024/05/financial-institutions-ordered-to-notify-customers-after-a-breach-have-an-incident-response-plan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (May 13 – May 19)
Last week on Malwarebytes Labs: Last week on ThreatDown: Stay safe!
https://www.malwarebytes.com/blog/news/2024/05/a-week-in-security-may-13-may-19
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Business email compromise: new guidance to protect your organisation
How to disrupt targeted phishing attacks aimed at senior executives or budget holders.
https://www.ncsc.gov.uk/blog-post/business-email-compromise-guidance-protect-organisation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Online Scams: Anyone Can Fall for Scams
No one is safe from scams. In fact, scams targeting corporations and organizations employ meticulously social-engineered attack scenarios. Unlike smishing targeting individuals or online shopping scams, such attacks design tailored phishing scenarios based on previously collected information about the target. As such, it is not easy for the victim organization to recognize the scam. This post will explore the business email compromise (BEC) and spear phishing emails, both of which are primary scam examples targeting corporations and organizations, with specific... The post Online Scams: Anyone Can Fall for Scams appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65537/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

JAW - A Graph-based Security Analysis Framework For Client-side JavaScript
An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC LICENSE V3.0. See here for more information. JAW has a Github pages website available at https://soheilkhodayari.github.io/JAW/. Release Notes: Oct 2023, JAW-v3 (Sheriff): JAW updated to detect client-side request hijacking vulnerabilities. July 2022, JAW-v2 (TheThing): JAW updated to its next major release with the ability to detect DOM Clobbering vulnerabilities. See JAW-V2 branch. Dec 2020, JAW-v1 : first prototype version. See JAW-V1 branch. Overview of JAW The architecture of the JAW...
http://www.kitploit.com/2024/05/jaw-graph-based-security-analysis.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
First, a couple of useful oneliners ;) wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700 lse.sh Note that since version 2.10 you can serve the script to other hosts with the -S flag! linux-smart-enumeration Linux enumeration tools for pentesting and CTFs This project was inspired by https://github.com/rebootuser/LinEnum and uses many of its tests. Unlike LinEnum, lse tries to gradualy expose the information depending on its importance from a privesc point of view. What is it? This shell script will show relevant information about the security of the local Linux system, helping to escalate privileges. From...
http://www.kitploit.com/2024/05/linux-smart-enumeration-linux.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

91 Percent Of CEOs Treat Cybersecurity As A Technical, Compliance Issue And Leave It To CIOs, CISOs
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Certainty News Sausalito, Calif. – May 18, 2024 With cybercrime expected to cost the world .5 trillion annually by 2025, according to Cybersecurity Ventures, every business needs to be prepared The post 91 Percent Of CEOs Treat Cybersecurity As A Technical, Compliance Issue And Leave It To CIOs, CISOs appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/91-percent-of-ceos-treat-cybersecurity-as-a-technical-compliance-issue-and-leave-it-to-cios-cisos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Wrap-Up 05/17/2024
Metasploit adds improved LDAP capabilities along with two new modules.
https://blog.rapid7.com/2024/05/17/metasploit-wrap-up-05-17-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why the EU AI Act Poses Greater Challenges Than Privacy Laws
Originally published by Truyo.In an age bursting with technological advances, the European Union has taken a pioneering step toward shaping the future of Artificial Intelligence (AI) governance. Enter the landmark Artificial Intelligence Act—a comprehensive regulatory framework penned to strike a delicate balance between fostering innovation, protecting fundamental rights, and ensuring ethical AI deployment. As we begin to see a global onslaught of proposed regulations, they all boil down to ...
https://cloudsecurityalliance.org/articles/why-the-eu-ai-act-poses-greater-challenges-than-privacy-laws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Priorities Beyond Email: How SOC Analysts Spend Their Time
Originally published by Abnormal Security.Written by Mick Leach.In the cybersecurity world, Security Operations Center (SOC) analysts serve as watchful defenders, tasked with the critical mission of fortifying systems against malicious intrusions and swiftly responding to emerging threats. Central to their effectiveness is the mastery of time management, as the fast-paced nature of cybersecurity demands rapid decision-making and efficient allocation of resources. Beyond the routine task of em...
https://cloudsecurityalliance.org/articles/priorities-beyond-email-how-soc-analysts-spend-their-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ignoring the Change Healthcare Attack Invites a Cycle of Disaster
Originally published by CXO REvolutionaries.Written by Tamer Baker, CTO in Residence, Zscaler.You may recall, in February, Change Healthcare announced that threat actors affiliated with BlackCat/ALPHV had breached their organization. The adversaries executed a ransomware attack affecting critical operations in its care authorization and billing portals. Change has not released details on how the threat actors compromised their organization. However, it is not unusual for attackers to breach m...
https://cloudsecurityalliance.org/articles/ignoring-the-change-healthcare-attack-invites-a-cycle-of-disaster
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The who, where, and how of APT attacks – Week in security with Tony Anscombe
This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape
https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Artificial intelligence experts are under cyberattack

https://www.proofpoint.com/us/newsroom/news/artificial-intelligence-experts-are-under-cyberattack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Survey Finds a Paradox of Confidence in Software Supply Chain Security
Get results of and analysis on ESG's new survey on supply chain security. 
https://www.legitsecurity.com/blog/new-survey-finds-a-paradox-of-confidence-in-software-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How a new wave of deepfake-driven cyber crime targets businesses
As deepfake attacks on businesses dominate news headlines, detection experts are gathering valuable insights into how these attacks came into being and the vulnerabilities they exploit. Between 2023 and 2024, frequent phishing and social engineering campaigns led to account hijacking and theft of assets and data, identity theft, and reputational damage to businesses across industries. […] The post How a new wave of deepfake-driven cyber crime targets businesses appeared first on Security Intelligence.
https://securityintelligence.com/posts/new-wave-deepfake-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity Tips For Small Businesses: 7 Ways To Protect Your Company
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in allBusiness Sausalito, Calif. – May 17, 2024 According to Cybercrime Magazine, global cybercrime costs have been growing by 15 percent per year, and will reach .5 trillion annually by 2025. The post Cybersecurity Tips For Small Businesses: 7 Ways To Protect Your Company appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-tips-for-small-businesses-7-ways-to-protect-your-company/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ShellSweep - PowerShell/Python/Lua Tool Designed To Detect Potential Webshell Files In A Specified Directory
Tags: Aspx, Encryption, Entropy, Hashes, Malware, Obfuscation, PowerShell, Processes, Scan, Scanning, Scripts, Toolbox, ShellSweepShellSweep - ShellSweeping the evil.Shellsweep - Shellsweeping The Evil.ShellSweep - ShellSweeping The Evil. ShellSweep ShellSweeping the evil Why ShellSweep "ShellSweep" is a PowerShell/Python/Lua tool designed to detect potential webshell files in a specified directory. ShellSheep and it's suite of tools calculate the entropy of file contents to estimate the likelihood of a file being a webshell. High entropy indicates more randomness, which is a characteristic of encrypted or obfuscated codes often found in webshells. - It only processes files with certain extensions (.asp, .aspx, .asph, .php, .jsp), which are commonly used in webshells. - Certain directories...
http://www.kitploit.com/2024/05/shellsweep-powershellpythonlua-tool.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It's Time to Throw Away the Manual with Evidence Collection
Originally published by RegScale.Written by Larry Whiteside Jr.In today's complex and ever-changing regulatory environment, it is more important than ever for organizations to have a strong compliance program in place. However, manually gathering compliance data can be a time-consuming and inefficient process. This can lead to compliance gaps, which can expose organizations to risk. Manual compliance data gathering can significantly impact organizations in several negative ways, reflecting bo...
https://cloudsecurityalliance.org/articles/it-s-time-to-throw-away-the-manual-with-evidence-collection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Risk and Impact of Unauthorized Access to Enterprise Environments
Originally published by StrongDM.Unauthorized access poses serious threats to businesses, compromising sensitive information and disrupting operations. Cybercriminals leverage vulnerabilities through advanced phishing attacks and API security breaches, underscoring the necessity for companies to implement strong security measures. This blog post underscores the importance of protecting against unauthorized access and outlines both established and innovative strategies to prevent it.The Risk a...
https://cloudsecurityalliance.org/articles/the-risk-and-impact-of-unauthorized-access-to-enterprise-environments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automated Cloud Remediation – Empty Hype, Viable Strategy, or Something in Between?
Originally published by Tamnoon.Written by Idan Perez, CTO, Tamnoon.What role does automation play in cloud remediation? Will it replace or simply augment the role of security and R&D teams?Over 60% of the world's corporate data now resides in the cloud, and securing this environment has become a daunting task. The vast attack surface and countless potential misconfigurations pose significant challenges for security and operations teams. Amidst this complexity, automation has emerged as a...
https://cloudsecurityalliance.org/articles/automated-cloud-remediation-empty-hype-viable-strategy-or-something-in-between
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The new Sonatype Learn: Self-service educational materials where and when you need them
Sonatype Learn — your trusted DevOps and Sonatype product training resource — is all new. We've launched an industry-leading Learning Management System (LMS) with updated courses, fresh videos, and a whole new learning vibe!
https://www.sonatype.com/blog/the-new-sonatype-learn-self-service-educational-materials-where-and-when-you-need-them
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

See a Sneak Peek of Tuesday's Take Command Summit
Soon, some of the best minds in cybersecurity will come together at Take Command to discuss pressing challenges and opportunities we face as an industry.
https://blog.rapid7.com/2024/05/16/see-a-sneak-peak-of-tuesdays-take-command-summit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How a Business Logic Vulnerability Led to Unlimited Discount Redemption
Learn about the impact, severity, and a real-world example of business logic vulnerabilities.
https://www.hackerone.com/vulnerability-management/stripe-business-logic-error-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US AI Experts Targeted in SugarGh0st RAT Campaign

https://www.proofpoint.com/us/newsroom/news/us-ai-experts-targeted-sugargh0st-rat-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Human-Centric Security Approach, Supported by AI

https://www.proofpoint.com/us/newsroom/news/human-centric-security-approach-supported-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proofpoint Among First in Enterprise Archiving Industry to Achieve PCI Compliance Attestation

https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-archive-achieves-pci-compliance-attestation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

[updated] Deleted iPhone photos show up again after iOS update
iOS users are reporting that photos they had deleted long ago suddenly showed up again after this week's 17.5 update.
https://www.malwarebytes.com/blog/news/2024/05/deleted-iphone-photos-show-up-again-after-ios-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Will We Ever See Federal Data Breaches End Entirely?
Government cybersecurity may get worse before it gets better. By April Miller, Managing Editor, ReHack Magazine Data breaches are a problem in virtually every industry. However, they carry extra weight […] The post Will We Ever See Federal Data Breaches End Entirely? appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/will-we-ever-see-federal-data-breaches-end-entirely/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Immutable Backups: Enhancing Data Resilience Through 5 Key Strategies
Your essential company data is vulnerable to various risks, including cyberattacks like ransomware and human… Immutable Backups: Enhancing Data Resilience Through 5 Key Strategies on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/16/immutable-backups-enhancing-data-resilience-through-5-key-strategies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Invoke-SessionHunter - Retrieve And Display Information About Active User Sessions On Remote Computers (No Admin Privileges Required)
Retrieve and display information about active user sessions on remote computers. No admin privileges required. The tool leverages the remote registry service to query the HKEY_USERS registry hive on the remote computers. It identifies and extracts Security Identifiers (SIDs) associated with active user sessions, and translates these into corresponding usernames, offering insights into who is currently logged in. If the -CheckAdminAccess switch is provided, it will gather sessions by authenticating to targets where you have local admin access using Invoke-WMIRemoting (which most likely will retrieve more results) It's important to note that the remote registry service needs to be running on the remote computer for the tool to work effectively. In my tests, if the service is stopped but...
http://www.kitploit.com/2024/05/invoke-sessionhunter-retrieve-and.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration
We are excited to announce an innovative partnership that integrates Sonatype's open source software (OSS) security intelligence directly into ServiceNow workstreams. For this partnership, we've launched a new Sonatype and ServiceNow integration.
https://www.sonatype.com/blog/enhance-security-with-sonatype-lifecycle-and-servicenow-application-vulnerability-response-avr-integration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it
Phishers are using new authentication-in-the-middle techniques to dupe victims into providing their login and MFA credentials.
https://www.malwarebytes.com/blog/news/2024/05/scammers-can-easily-phish-your-multi-factor-authentication-codes-heres-how-to-avoid-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Payload Trends in Malicious OneNote Samples
This article examines the distribution of malicious payloads embedded in Microsoft OneNote files by type, a first in our research to do so at such a scale. The post Payload Trends in Malicious OneNote Samples appeared first on Unit 42.
https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerabilities In Cinterion Cellular Modems Threatened IoT And Industrial Devices
Researchers caught numerous security vulnerabilities riddling Cinterion cellular modems, exploiting which would threaten millions of… Vulnerabilities In Cinterion Cellular Modems Threatened IoT And Industrial Devices on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/16/vulnerabilities-in-cinterion-cellular-modems-threatened-iot-and-industrial-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

4 Cybersecurity Threats to Business
Successful cyber attacks can cause significant harm to your business. They often lead to major… 4 Cybersecurity Threats to Business on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/16/4-cybersecurity-threats-to-business/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Analyze Malicious Scripts in a Sandbox
Scripting languages are a common tool for automating tasks in Windows environments. The widespread use,… How to Analyze Malicious Scripts in a Sandbox on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/05/16/how-to-analyze-malicious-scripts-in-a-sandbox/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information
AhnLab SEcurity intelligence Center (ASEC) has recently discovered ViperSoftX attackers using Tesseract to exfiltrate users’ image files. ViperSoftX is a malware strain responsible for residing on infected systems and executing the attackers’ commands or stealing cryptocurrency-related information. The malware newly discovered this time utilizes the open-source OCR engine Tesseract. Tesseract extracts texts from images using deep learning techniques. The malware used in the attack reads images stored on the infected systems and extracts strings using the Tesseract tool. If the... The post ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65426/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Internal Azure Container Registry writable via exposed secret
A Microsoft employee accidentally published credentials via a git commit to a public repository. These credentials granted privileged access to an internal Azure Container Registry (ACR) used by Azure, which reportedly held container images utilized by multiple Azure projects, including Azure IoT Edge, Akri, and Apollo. The privileged access could have allowed an attacker to download private images as well as upload new images and (most importantly) overwrite existing ones. In theory, an attacker could have leveraged the latter to implement a supply chain attack against these Azure projects and their users. However, it is currently unknown precisely which images this ACR contained or how they were used, so the effective impact of this issue remains undetermined.
https://www.cloudvulndb.org/azure-internal-acr-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Hackers Help Jedox Secure Cloud Assets and Stay One Step Ahead
Hear from Vladislav Maličević, Chief Technology Officer at Jedox, about the value of ethical hackers for their bug bounty program.
https://www.hackerone.com/customer-stories/how-hackers-help-jedox-secure-cloud-assets-and-stay-one-step-ahead
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Winning Together Through Synergy and Vulnerabilities
HackerOne holds an annual program recognizing five employees whose achievements embody the company's values.
https://www.hackerone.com/engineering/winning-together-synergy-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I/O 2024: What's new in Android security and privacy
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Our commitment to user safety is a top priority for Android. We've been consistently working to stay ahead of the world's scammers, fraudsters and bad actors. And as their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe. In addition to our new suite of advanced theft protection features to help keep your device and data safe in the case of theft, we're also focusing increasingly on providing additional protections against mobile financial fraud and scams. Today, we're announcing more new fraud and scam protection features coming in Android 15 and Google Play services updates later this...
http://security.googleblog.com/2024/05/io-2024-whats-new-in-android-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Community-driven PTaaS vs. Automated Pentesting
An in-depth breakdown of the pros and cons of community-driven PTaaS vs. automated pentesting.
https://www.hackerone.com/penetration-testing/ptaas-vs-automated-pentesting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that lead to malware like Qakbot followed by Black Basta ransomware deployment. The post Threat actors misusing Quick Assist in social engineering attacks leading to ransomware appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors. In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Trust Risk and Security Management: Why Tackle Them Now?
In the evolving world of artificial intelligence (AI), keeping our customers secure and maintaining their trust is our top priority.
https://blog.rapid7.com/2024/05/15/ai-trust-risk-and-security-management-why-tackle-them-now/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New cybersecurity sheets from CISA and NSA: An overview
The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments. This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat […] The post New cybersecurity sheets from CISA and NSA: An overview appeared first on Security Intelligence.
https://securityintelligence.com/articles/cisa-nsa-cybersecurity-information-sheets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Subhunter - A Fast Subdomain Takeover Tool
Subdomain takeover is a common vulnerability that allows an attacker to gain control over a subdomain of a target domain and redirect users intended for an organization's domain to a website that performs malicious activities, such as phishing campaigns, stealing user cookies, etc. It occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a CNAME in the DNS, but no host is providing content for it. Subhunter takes a given list of Subdomains" title="Subdomains">subdomains and scans them to check this vulnerability. Features: Auto update Uses random user agents Built in Go Uses a fork of fingerprint data from well known sources (can-i-take-over-xyz) Installation: Option 1: Download from releases Option 2:...
http://www.kitploit.com/2024/05/subhunter-fast-subdomain-takeover-tool.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

To the Moon and back(doors): Lunar landing in diplomatic missions
ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs
https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Do Most Cybersecurity Attacks Occur in Q4?
Written by Ashwin Chaudhary, CEO, Accedere.Cybersecurity attacks exhibit intriguing patterns throughout the year. While it's not universally true that most attacks occur in the last quarter, there are several reasons and notable trends, why cybersecurity attacks tend to increase in the fourth quarter (Q4) of the year: With reference to my knowledge and research, the above are the top 5 impacted sectors which needs to proactively upgrade and implement security measures to reduce the impact of ...
https://cloudsecurityalliance.org/articles/why-do-most-cybersecurity-attacks-occur-in-q4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Transformative Power of Continuous Threat Exposure Management (Myth or Reality?)
Written by Alex Vakulov.The growing dynamics of cyber risks are forcing companies to shift their approach to information security from reactive to proactive. Gartner has introduced a new concept called Continuous Threat Exposure Management (CTEM) to address this. In 2022, Gartner first introduced CTEM, highlighting that it is not a specific product or solution but rather a program, a concept, and a strategic approach designed to form the foundation for companies aiming to minimize risks and ...
https://cloudsecurityalliance.org/articles/the-transformative-power-of-continuous-threat-exposure-management-myth-or-reality
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing AI-Native Application Workloads with Zero Trust: Preventing LLM Attacks and Poisoning
Written by Vaibhav Malik, Global Partner Solutions Architect, Cloudflare. AI-native application workloads are rapidly emerging as the next frontier in artificial intelligence. These workloads leverage advanced AI technologies, such as large language models (LLMs), to enable intelligent and interactive applications. From chatbots and virtual assistants to content generation and sentiment analysis, AI-native application workloads transform how businesses interact with customers and process info...
https://cloudsecurityalliance.org/articles/securing-ai-native-application-workloads-with-zero-trust-preventing-llm-attacks-and-poisoning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Five Considerations to Keep Your Cloud Secure
Originally published by Bell.Written by Jack Mann, Senior Technical Product Manager, Cyber Security, Bell.When you make the shift to the cloud, it's easy to assume that your cloud service provider – whether that's AWS®, Microsoft Azure®, Google® Cloud or any another vendor – will keep your data and workloads protected and secure. However, that's not always the case. Cloud security is actually a shared responsibility. While your provider is responsible for securing the underlying cloud...
https://cloudsecurityalliance.org/articles/five-considerations-to-keep-your-cloud-secure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday - May 2024
Zero-days in DWM, MSHTML, and Visual Studio. SharePoint critical post-auth RCE. Remote Access repatch. Mobile Broadband USB vulns.
https://blog.rapid7.com/2024/05/14/patch-tuesday-may-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday, May 2024 Edition
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.
https://krebsonsecurity.com/2024/05/patch-tuesday-may-2024-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 key MDR differentiators to look for to build stronger security resilience
Organizations looking to address the skills gap and bring greater efficiency as their business grows and their attack surface sprawls are turning to MDR providers at an accelerated pace. We've seen predictions from top analyst firms signaling the rapid rate of adoption of an MDR provider by 2025.
https://blog.rapid7.com/2024/05/14/5-key-mdr-differentiators-to-look-for-to-build-stronger-security-resilience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat intelligence to protect vulnerable communities
Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint […] The post Threat intelligence to protect vulnerable communities appeared first on Security Intelligence.
https://securityintelligence.com/posts/threat-intelligence-protect-vulnerable-communities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

QakBot attacks with Windows zero-day (CVE-2024-30051)
In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft's patch Tuesday. We have seen it exploited by QakBot and other malware.
https://securelist.com/cve-2024-30051/112618/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Take control of your InnerSource components with InnerSource Insight
Today, Sonatype announced "InnerSource Insight," an industry-first capability within Sonatype Lifecycle that makes it easier and safer for developers to use components developed by others within their organization.
https://www.sonatype.com/blog/take-control-of-your-innersource-components-with-innersource-insight
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Ethical Hackers Are Securing Elections
Election technology manufacturers teamed up with ethical hackers to secure elections.
https://www.hackerone.com/ethical-hacker/election-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about
At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about […] The post Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about appeared first on Security Intelligence.
https://securityintelligence.com/articles/overheard-at-rsa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Incident response analyst report 2023
The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.
https://securelist.com/kaspersky-incident-response-report-2023/112504/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain
One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft
https://www.welivesecurity.com/en/eset-research/ebury-alive-unseen-400k-linux-servers-compromised-cryptotheft-financial-gain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ESET APT Activity Report Q4 2023–Q1 2024
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q4-2023-q1-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 recommendations for adopting generative AI for cyber defense
In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The […] The post 3 recommendations for adopting generative AI for cyber defense appeared first on Security Intelligence.
https://securityintelligence.com/posts/3-recommendations-generative-ai-cyber-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Buffer overflow in administrative interface
A stack-based buffer overflow [CWE-121] vulnerability in FortiOS administrative interface may allow a privileged attacker to execute arbitrary code or commands via crafted HTTP or HTTPs requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-415
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Client IP relies on X-Forwarded-For and other headers
A Use Of Less Trusted Source [CWE-348] vulnerability in FortiPortal may allow an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets.
https://fortiguard.fortinet.com/psirt/FG-IR-24-021
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Client-side enforcement of server-side security related to customer reports features
Client-side enforcement of server-side security vulnerability [CWE-602] in FortiPortal may allow an authenticated attacker with a customer account to access other customers information via crafted HTTP requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-406
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Code injection in playbook code snippet step
An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet.
https://fortiguard.fortinet.com/psirt/FG-IR-23-420
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Double free with double usage of json_object_put
A double free vulnerability [CWE-415] in FortiOS may allow a privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-195
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exposure of password hashes to read-only admin
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC may allow a read-only admin to view data pertaining to other admins.
https://fortiguard.fortinet.com/psirt/FG-IR-23-433
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Format String Bug in cli command
Multiple format string bug vulnerabilitues [CWE-134] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager command line interpreter and httpd may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands and http requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-137
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiAuthenticator - Open Redirect on /portal/disclaimer
A URL redirection to untrusted site ('Open Redirect') (CWE-601) vulnerability in FortiAuthenticator may allow an attacker to redirect users to an arbitrary website via a crafted URL.
https://fortiguard.fortinet.com/psirt/FG-IR-23-465
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HTTP/2 CONTINUATION Frames Vulnerability
HTTP CONTINUATION Flood can be used to launch a serious DoS attack that can cause the crash of the target server with just one attacking machine (or even one TCP connection to the target).It works by:- initiating an HTTP stream against the target- then sending headers and CONTINUATION frames with no END_HEADERS flag set - that creates a never ending stream that could even cause an instant crashThis works because there's many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream.CVE-2024-27316 for Apache HTTP Server (httpd):HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.CVE-2024-24549...
https://fortiguard.fortinet.com/psirt/FG-IR-24-120
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

IDOR over SIP configuration file
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise may allow an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-282
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Information disclosure in content hub
An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.
https://fortiguard.fortinet.com/psirt/FG-IR-24-052
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple improper input validation and authorization vulnerabilities
Several improper input validation [CWE-20] and improper authorization vulnerabilities [CWE-285] affecting FortiWebManager may allow an authenticated attacker with at least read-only permission to execute unauthorized actions via HTTP requests or CLI.
https://fortiguard.fortinet.com/psirt/FG-IR-23-222
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible for rendering and displaying web content. This “use after free” vulnerability tagged as CVE-2024-4671 can cause a browser to crash, execute code, and leak data. According to Google, the vulnerability is being actively exploited and CISA has already added this vulnerability to its known exploited catalog. What is the vendor mitigation?Google released security updates on May 9, 2024 for Windows, MacOS, and Linux affecting the Google Chrome browser. The vendor advises users to ensure that they are running the latest version of their browsers. Also, users of Chromium-based browsers such as Microsoft Edge and Opera are also advised to apply the fixes as...
https://fortiguard.fortinet.com/threat-signal-report/5437
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR
There are two types of malicious documents that are distributed via email recently: those exploiting equation editor and those including external link URLs. This post will describe the infection flow of the DanaBot malware that is distributed through documents containing external links, the latter method, as well as the evidence and detection process with the AhnLab EDR product’s diagram.  Figure 1 shows the content of a spam email with a Word document attached that contains an external link. As you can... The post Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65399/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Initial Access to IIS Web Servers Detected by AhnLab EDR
In the modern Internet society, one can easily obtain information on devices all over the world connected to the Internet using network and device search engines such as Shodan. Threat actors can use these search engines to engage in malicious behaviors such as collecting information on attack targets or performing port scanning attacks against any devices. The threat actor utilizes the information collected to find weaknesses in the target system and attempt initial access. Ultimately, they are able to attain... The post Initial Access to IIS Web Servers Detected by AhnLab EDR appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65390/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HackerOne Company Values Matter: Win as a Team

https://www.hackerone.com/culture-and-talent/hackerone-company-values-matter-win-team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Verizon 2024 DBIR: Key Takeaways
Get key data points and takeaways from the 2024 Verizon Data Breach Investigations Report.
https://www.legitsecurity.com/blog/verizon-2024-dbir-key-takeaways
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ongoing Malvertising Campaign leads to Ransomware
Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains.
https://blog.rapid7.com/2024/05/13/ongoing-malvertising-campaign-leads-to-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google and Apple deliver support for unwanted tracking alerts in Android and iOS
Google and Apple have worked together to create an industry specification – Detecting Unwanted Location Trackers – for Bluetooth tracking devices that makes it possible to alert users across both Android and iOS if such a device is unknowingly being used to track them. This will help mitigate the misuse of devices designed to help keep track of belongings. Google is now launching this capability on Android 6.0+ devices, and today Apple is implementing this capability in iOS 17.5. With this new capability, Android users will now get a “Tracker traveling with you” alert on their device if an unknown Bluetooth tracking device is seen moving with them over time, regardless of the platform the device is paired with. If a user gets such an alert on their Android device, it means...
http://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Here's What 20 Top Cybersecurity CEOs And CTOs Were Saying At RSA Conference 2024

https://www.proofpoint.com/us/newsroom/news/heres-what-20-top-cybersecurity-ceos-and-ctos-were-saying-rsa-conference-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​
Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management and positioned based on our Ability to Execute Completeness of vision. The post Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/05/13/microsoft-is-again-named-a-leader-in-the-2024-gartner-magic-quadrant-for-security-information-and-event-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM
Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM.
https://blog.rapid7.com/2024/05/13/rapid7-recognized-in-the-2024-gartner-r-magic-quadrant-for-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how they connected him to Khoroshev. This post examines the activities of Khoroshev's many alter egos on the cybercrime forums, and tracks the career of a gifted malware author who has written and sold malicious code for the past 14 years.
https://krebsonsecurity.com/2024/05/how-did-authorities-identify-the-alleged-lockbit-boss/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Leveraging DNS Tunneling for Tracking and Scanning
We provide a walkthrough of how attackers leverage DNS tunneling for tracking and scanning, an expansion of the way this technique is usually exploited. The post Leveraging DNS Tunneling for Tracking and Scanning appeared first on Unit 42.
https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing the NCSC's ‘Share and Defend' capability
Join the community of service providers helping to protect the UK from cyber attacks.
https://www.ncsc.gov.uk/blog-post/introducing-share-defend-acd
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Romance Scams Urging Coin Investment
AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments. A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. While previous romance scams mostly involved direct requests for money after gaining affection, current scams have expanded their scope to include fake cryptocurrency exchanges, banks, and online shopping... The post Romance Scams Urging Coin Investment appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65370/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Malware Distributed as Copyright Violation-Related Materials (Beast Ransomware, Vidar Infostealer)
AhnLab SEcurity Intelligence Center (ASEC) has been continuously covering malware disguised as copyright violation warnings and resumes as a means of distributing ransomware and Infostealers. The distribution of a new malware strain has been identified based on a recent copyright infringement warning, and it will be covered here. 1. Overview The content of the email remains largely unchanged, but a change in the method of delivering malware has been confirmed. Previously, compressed files with passwords set were attached to emails,... The post Malware Distributed as Copyright Violation-Related Materials (Beast Ransomware, Vidar Infostealer) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65364/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GitLab Password Reset Vulnerability (CVE-2023-7028)
What is the vulnerability?A critical vulnerability has been discovered in GitLab, a DevOps platform for managing software development lifecycle. A successful exploitation of the vulnerability may allow an attacker to take control of the GitLab administrator account without user interaction. CVE-2023-7028 has been given a maximum CVSS score of 10. CISA added the vulnerability on May 1st to its Known Exploited Vulnerabilities (KEV) Catalog.What is the recommended Mitigation?GitLab users are advised to update their instances to a patched version and enable two factor authentication (2FA) which will deny malicious actors access to compromised accounts.What FortiGuard Coverage is available?FortiGuard Labs has an existing Web Application Security signature "GitLab.Password.Reset.Account.Takeover"...
https://fortiguard.fortinet.com/threat-signal-report/5433
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Wrap-Up 05/10/2024
This week's Metaploit wrap-up includes; multiple bruteforce/login scanner modules that have been updated, new module content, and bug fixes. Learn more.
https://blog.rapid7.com/2024/05/10/metasploit-wrap-up-05-10-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe
We spoke to climate scientist Katharine Hayhoe about climate change, faith and psychology – and how to channel anxiety about the state of our planet into meaningful action
https://www.welivesecurity.com/en/we-live-science/talk-climate-change-people-action-interview-katharine-hayhoe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

In it to win it! WeLiveSecurity shortlisted for European Cybersecurity Blogger Awards
We're thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Cybersecurity Blogger Awards 2024
https://www.welivesecurity.com/en/cybersecurity/welivesecurity-shortlisted-european-security-blogger-awards/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why I Keep a Brag Document — and How It Can Help You
Charlie Kroon breaks down the importance of keeping a "brag document" to defeat Imposter Syndrome and track your wins.
https://www.hackerone.com/engineering/brag-document
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

On Listening
Charlie Kroon explores the benefits of being a great listener to make you a better engineer — and a happier person.
https://www.hackerone.com/engineering/on-listening
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Building Bridges: The Art of Effective Communication Across Teams
How do you run prime communication on a project that spans multiple teams? The 3 Ps: Purpose, People, Process.
https://www.hackerone.com/engineering/cross-team-communication
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A guide for open source software (OSS) security
When you search for a dependable open source software (OSS) component to integrate into your software supply chain, evaluation of the component's security emerges as a critical task. This involves not only examining the immediate functionalities of the component but also the overall state of the software project itself, including the maintainers and contributors that stand behind it and drive its development.
https://www.sonatype.com/blog/a-guide-for-open-source-software-oss-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe
More than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET.
https://www.welivesecurity.com/en/videos/rsac-2024-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Post Millennial - 56,973,345 breached accounts
In May 2024, the conservative news website The Post Millennial suffered a data breach. The breach resulted in the defacement of the website and links posted to 3 different corpuses of data including hundreds of writers and editors (IP, physical address and email exposed), tens of thousands of subscribers to the site (name, email, username, phone and plain text password exposed), and tens of millions of email addresses from thousands of mailing lists alleged to have been used by The Post Millennial (this has not been independently verified). The mailing lists appear to be sourced from various campaigns not necessarily run by The Post Millennial and contain a variety of different personal attributes including name, phone and physical address (depending on the campaign). The data was subsequently...
https://haveibeenpwned.com/PwnedWebsites#ThePostMillennial
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RSA Conference 2024: AI hype overload
Can AI effortlessly thwart all sorts of cyberattacks? Let's cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.
https://www.welivesecurity.com/en/cybersecurity/rsac-2024-ai-hype-overload/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How AI enhances static application security testing (SAST)
Here's how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code. The post How AI enhances static application security testing (SAST) appeared first on The GitHub Blog.
https://github.blog/2024-05-09-how-ai-enhances-static-application-security-testing-sast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Social engineering in the era of generative AI: Predictions for 2024
Breakthroughs in large language models (LLMs) are driving an arms race between cybersecurity and social engineering scammers. Here’s how it’s set to play out in 2024. For businesses, generative AI is both a curse and an opportunity. As enterprises race to adopt the technology, they also take on a whole new layer of cyber risk. […] The post Social engineering in the era of generative AI: Predictions for 2024 appeared first on Security Intelligence.
https://securityintelligence.com/articles/social-engineering-generative-ai-2024-predictions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Asset management for cyber security
Help understanding what good asset management looks like from a cyber security perspective and some of the challenges it presents.
https://www.ncsc.gov.uk/blog-post/asset-management-for-cyber-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ACD the 5th Year: report now available to download
Active Cyber Defence extends its services to organisations beyond the public sector.
https://www.ncsc.gov.uk/blog-post/acd-5th-year-report-now-available-to-download
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Accessibility as a cyber security priority
Want security that works better for people? Make it accessible.
https://www.ncsc.gov.uk/blog-post/accessibility-as-a-cyber-security-priority
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Are you hungry? A two-part blog about risk appetites
Risk appetites; what are they, what's their purpose, how do organisations go about defining them?
https://www.ncsc.gov.uk/blog-post/a-two-part-blog-about-risk-appetites
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Reel HackTheBox Walkthrough
Summary Reel is a windows Active Directory machine and is considered as a hard box in HTB. This box stands out for its uniqueness, featuring The post Reel HackTheBox Walkthrough appeared first on Hacking Articles.
https://www.hackingarticles.in/reel-hackthebox-walkthrough/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypting diversity: Diversity and inclusion in cyber security report 2020
Joint report between the NCSC and KPMG UK is the first in a series to benchmark and track levels of diversity and inclusion in the cyber security industry.
https://www.ncsc.gov.uk/report/diversity-and-inclusion-in-cyber-security-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypting diversity: Diversity and inclusion in cyber security report 2021
The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has been made.
https://www.ncsc.gov.uk/report/decrypting-diversity-2021-diversity-and-inclusion-in-cyber-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advanced Mobile Solutions (AMS) guidance trailer
Chris P explains how AMS will enable high-threat organisations to stay connected ‘on the go'.
https://www.ncsc.gov.uk/blog-post/advanced-mobile-solutions-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Latest NICE Framework Update Offers Improvements for the Cybersecurity Workforce
I joined NIST as the first full-time manager of the NICE Framework in October 2020, just one short month before NICE published the first revision NIST Special Publication 800-181, the NICE Workforce Framework for Cybersecurity (NICE Framework). That revision – far from finalizing work – was the starting point that led us to a complete refresh of the NICE Framework components, which includes: Revised Work Role Categories and Work Roles – including one new Work Role. Eleven new Competency Areas that extend the Framework's cybersecurity knowledge and skills. Updated Task, Knowledge, and Skill
https://www.nist.gov/blogs/cybersecurity-insights/latest-nice-framework-update-offers-improvements-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploiting Race Condition using Turbo Intruder
In web security, a race condition refers to a scenario where the behaviour of a web application is influenced by the sequence or timing of The post Exploiting Race Condition using Turbo Intruder appeared first on Hacking Articles.
https://www.hackingarticles.in/exploiting-race-condition-using-turbo-intruder/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

APT trends report Q1 2024
The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.
https://securelist.com/apt-trends-report-q1-2024/112473/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May 3, 2024, Censys observed over 90,000 hosts running Tinyproxy service exposed on the internet where 57% of which are potentially vulnerable to this CVE-2023-49606.What is the recommended Mitigation?FortiGuard Labs is not aware of any patches released by the vendor as of this report. To mitigate the risk, users are advised to make sure that Tinyproxy service is not exposed to the internet.What FortiGuard Coverage is available?FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5434
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tappware - 94,734 breached accounts
In April 2024, a substantial volume of data was taken from the Bangladeshi IT services provider Tappware and published to a popular hacking forum. Comprising of 95k unique email addresses, the data also included extensive labour information on local citizens including names, physical addresses, job titles, dates of birth, genders and scans of government issued national identity (NID) cards.
https://haveibeenpwned.com/PwnedWebsites#Tappware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How implementing a trust fabric strengthens identity and network
The new era of cybersecurity demands a comprehensive, adaptive, real-time approach to securing access. At Microsoft, we call this approach the trust fabric. The post How implementing a trust fabric strengthens identity and network appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/05/08/how-implementing-a-trust-fabric-strengthens-identity-and-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Video conferencing services: security guidance for organisations
Guidance to help you to choose, configure and deploy video conferencing services such as Zoom and Skype within your organisation
https://www.ncsc.gov.uk/guidance/video-conferencing-services-security-guidance-organisations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

1-15 February 2024 Cyber Attacks Timeline
In the cyber attacks timeline of February H1 2024, I collected 139 events dominated by malware attacks. Ransomware and vulnerabilities also played an important role in the threat landscape.
https://www.hackmageddon.com/2024/05/08/1-15-february-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

State of ransomware in 2024
As Anti-Ransomware Day approaches, Kaspersky shares insights into the ransomware threat landscape and trends in 2023, and recent anti-ransomware activities by governments and law enforcement.
https://securelist.com/state-of-ransomware-2023/112590/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CHM Malware Stealing User Information Being Distributed in Korea
AhnLab SEcurity intelligence Center (ASEC) has recently discovered circumstances of a CHM malware strain that steals user information being distributed to Korean users. The distributed CHM is a type that has been constantly distributed in various formats such as LNK, DOC, and OneNote from the past. A slight change to the operation process was observed in the recent samples. The overall execution flow is shown in Figure 1. The malware is a type that uses multiple scripts to ultimately send... The post CHM Malware Stealing User Information Being Distributed in Korea appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65245/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server
AhnLab SEcurity intelligence Center (ASEC) has discovered evidence of a malware strain being distributed to web servers in South Korea, leading users to an illegal gambling site. After initially infiltrating a poorly managed Windows Internet Information Services (IIS) web server in Korea, the threat actor installed the Meterpreter backdoor, a port forwarding tool, and an IIS module malware tool. They then used ProcDump to exfiltrate account credentials from the server. IIS modules support expansion features of web servers such as... The post Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65131/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RemcosRAT Distributed Using Steganography
AhnLab SEcurity intelligence Center (ASEC) has recently identified RemcosRAT being distributed using the steganography technique. Attacks begin with a Word document using the template injection technique, after which an RTF that exploits a vulnerability in the equation editor (EQNEDT32.EXE) is downloaded and executed. The RTF file downloads a VBScript with the “.jpg” file extension from the C2 and another VBScript from “paste.ee”, a service similar to “Pastebin” where one can upload text for free. The downloaded VBScript is obfuscated with... The post RemcosRAT Distributed Using Steganography appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65111/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package.  But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

U.S. Charges Russian Man as Boss of LockBit Ransomware Group
The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit. The U.S. Department of Justice also indicted Khoroshev as the gang's leader "LockbitSupp," and charged him with using Lockbit to attack more than 2,000 victims and extort at least 0 million in ransomware payments.
https://krebsonsecurity.com/2024/05/u-s-charges-russian-man-as-boss-of-lockbit-ransomware-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sonatype Lifecycle best practices: Reference policies, backup and restore
Fortifying your software development processes against security threats and compliance issues is not just necessary — it's imperative to maintain resilience in today's unpredictable cyber environment. Managing software dependencies effectively is crucial in this context, as they can be a significant source of vulnerabilities.
https://www.sonatype.com/blog/sonatype-lifecycle-best-practices-reference-policies-backup-and-restore
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft announces the 2024 Microsoft Security Excellence Awards winners
At this year's Microsoft Security Excellence Awards, we took a journey through the evolution of cybersecurity from the 1950s to today. While this event theme celebrated the significant technological advancements that have shaped each decade, the main focus was on the Microsoft Intelligent Security Association (MISA) member finalists and winners whose innovations in cybersecurity have earned them well-deserved recognition. The post Microsoft announces the 2024 Microsoft Security Excellence Awards winners appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/05/07/microsoft-announces-the-2024-microsoft-security-excellence-awards-winners/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709
On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code. While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been […] The post Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709 appeared first on Security Intelligence.
https://securityintelligence.com/articles/remote-access-risks-cve20241708-cve20241709/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing the Vault: ASPM's Role in Financial Software Protection
Safeguarding software integrity is crucial, especially in vital industries such as finance. According to a report by Carbon Black, the financial sector experiences an average of 10,000 security alerts per day, outstripping most other industries. As the technology landscape evolves and expands, it's imperative that your defenses strengthen alongside it. So, how do leading financial institutions shore up their cyber defenses and protect their software assets? The answer is Application Security Posture Management (ASPM). Join us as we explore ASPM's transformative impact on security practices in the U.S. financial services sector.
https://www.legitsecurity.com/blog/securing-the-vault-aspms-role-in-financial-software-protection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploits and vulnerabilities in Q1 2024
The report provides vulnerability and exploit statistics, key trends, and analysis of interesting vulnerabilities discovered in Q1 2024.
https://securelist.com/vulnerability-report-q1-2024/112554/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Bug Bounty: Insights from Our First-hand Experience
At Compass Security, we recently launched our managed bug bounty service. We openly invite hunters to probe our publicly exposed services for vulnerabilities. In return for their valuable feedback, we offer monetary bounties up to CHF 5000. This blog posts presents an interesting vulnerability found by a hunter on the bug bounty program of our subsidiary, Hacking-Lab.
https://blog.compass-security.com/2024/05/bug-bounty-insights-from-our-first-hand-experience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
What is the Vulnerability? On February 19, 2024, ConnectWise published a security advisory for their remote desktop application software called ScreenConnect. One of the flaws, CVE-2024-1709 is an authentication bypass vulnerability that could let attackers gain administrative access to a ScreenConnect instance. That vulnerability has a public proof-of-concept (PoC) available and recently been added to CISA's known exploited catalog. The second flaw tracked as CVE-2024-1708 is a path traversal vulnerability that may allow an attacker to execute remote code. What is the Vendor Solution? ConnectWise has released a patch covering both vulnerabilities. [ Link ] What FortiGuard Coverage is available? FortiGuard Labs has released endpoint vulnerability signatures to detect vulnerable systems...
https://fortiguard.fortinet.com/threat-signal-report/5389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Online Scams: Are These All Scams? Distinguishing the Legit from the Scam
With the advancement of scamming technology, determining the authenticity of a site solely based on appearance has become exceedingly difficult. In the past, it was possible to identify fakes by carefully observing discrepancies such as logo size, layout, wording, domain, etc., which scammers often overlooked when creating spoofed websites or emails. However, modern scammers now produce designs and content of such sophistication that they closely resemble genuine websites and emails. Website copying technology has advanced to the point where it is... The post Online Scams: Are These All Scams? Distinguishing the Legit from the Scam appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/65091/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Lethal Injection
Multiple vulnerabilities were uncovered in Azure Health Bot service, Microsoft's health chatbot platform. These could have potentially exposed sensitive user data and granted attackers extensive control, allowing unrestricted code execution as root on the bot backend, unrestricted access to authentication secrets & integration auth providers, unrestricted memory read in the bot backend, exposing sensitive secrets, allowing cross-tenant data access and unrestricted deletion of other tenants' public resources. These issues stemmed from various bugs related to URL sanitization, shared compute, and sandboxing. Following disclosure, Microsoft changed the service architecture to run a completely separate ACI instance per customer, thereby mitigating future sandbox escapes, and changed the sandboxing...
https://www.cloudvulndb.org/lethal-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New capabilities to help you secure your AI transformation
Today, we're thrilled to introduce new features for securing and governing in the age of AI. We are announcing new capabilities in Microsoft Defender and Microsoft Purview that will make it easier for teams to manage, protect ,and govern AI applications at work. The post New capabilities to help you secure your AI transformation appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/05/06/new-capabilities-to-help-you-secure-your-ai-transformation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Why Your VPN May Not Be As Secure As It Claims
Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target's traffic off of the protection provided by their VPN without triggering any alerts to the user.
https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Financial cyberthreats in 2023
In this report, we share our insights into the 2023 trends and statistics on financial threats, such as phishing, PC and mobile banking malware.
https://securelist.com/financial-threat-report-2023/112526/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The impact of automating open source dependency management
Recently, I chatted with developers from a customer in a heavily regulated industry. They were manually updating their open source dependencies and wanted to find a better solution to save time. Keeping their dependencies up-to-date was very time-consuming but something they identified as crucial for their business.
https://www.sonatype.com/blog/the-impact-of-automating-open-source-dependency-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security above all else—expanding Microsoft's Secure Future Initiative
Microsoft is expanding the scope of the Secure Future Initiative to adapt to the evolving cyberthreat landscape. Read about the principles and pillars driving this initiative. The post Security above all else—expanding Microsoft's Secure Future Initiative appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/05/03/security-above-all-else-expanding-microsofts-secure-future-initiative/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What we can learn from the best collegiate cyber defenders
This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams […] The post What we can learn from the best collegiate cyber defenders appeared first on Security Intelligence.
https://securityintelligence.com/posts/what-we-can-learn-best-collegiate-cyber-defenders/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Artifact Attestations–now in public beta
Generate and verify signed attestations for anything you make with GitHub Actions. The post Introducing Artifact Attestations–now in public beta appeared first on The GitHub Blog.
https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft introduces passkeys for consumer accounts
The best part about passkeys is that you'll never need to worry about creating, forgetting, or resetting passwords ever again. Read about Microsoft's new passkey support for consumer accounts. The post Microsoft introduces passkeys for consumer accounts appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/05/02/microsoft-introduces-passkeys-for-consumer-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting Model Updates in Privacy-Preserving Federated Learning: Part Two
The problem The previous post in our series discussed techniques for providing input privacy in PPFL systems where data is horizontally partitioned. This blog will focus on techniques for providing input privacy when data is vertically partitioned . As described in our third post , vertical partitioning is where the training data is divided across parties such that each party holds different columns of the data. In contrast to horizontally partitioned data, training a model on vertically partitioned data is more challenging as it is generally not possible to train separate models on different
https://www.nist.gov/blogs/cybersecurity-insights/protecting-model-updates-privacy-preserving-federated-learning-part-two
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Your Google Account allows you to create passkeys on your phone, computer and security keys
Sriram Karra and Christiaan Brand, Google product managersLast year, Google launched passkey support for Google Accounts. Passkeys are a new industry standard that give users an easy, highly secure way to sign-in to apps and websites. Today, we announced that passkeys have been used to authenticate users more than 1 billion times across over 400 million Google Accounts.As more users encounter passkeys, we're often asked questions about how they relate to security keys, how Google Workspace administrators can configure passkeys for the user accounts that they manage, and how they relate to the Advanced Protection Program (APP). This post will seek to clarify these topics.Passkeys and security keysPasskeys are an evolution of security keys, meaning users get the same security benefits, but...
http://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315)
What is the vulnerability?The CVE-2023-32315 is a path traversal vulnerability that affects all Openfire versions since version 3.1.0. Successful exploitation of this vulnerability can allow attackers to bypass authentication and gain access to sections of the restricted Openfire Admin Console. CISA recently added CVE-2023-32315 to the Known Exploited Vulnerabilities catalog, which means that the vulnerability has been observed to be exploited in the wild. What is the recommended Mitigation?The vendor released Openfire version 4.6.8 and 4.7.5 that contains a fix in mid 2023. More information could be found here: https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvmWhat FortiGuard Coverage is available?FortiGuard Labs has an existing "Openfire.setup.CVE-2023-32315.Authentication.Bypass"...
https://fortiguard.fortinet.com/threat-signal-report/5432
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application's internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google's Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We're sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases. The post “Dirty stream” attack: Discovering and mitigating a common...
https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide
The U.S. Small Business Administration is celebrating National Small Business Week from April 28 - May 4, 2024. This week recognizes and celebrates the small business community's significant contributions to the nation. Organizations across the country participate by hosting in-person and virtual events, recognizing small business leaders and change-makers, and highlighting resources that help the small business community more easily and efficiently start and scale their businesses. To add to the festivities, this NIST Cybersecurity Insights blog showcases the NIST Cybersecurity Framework 2.0
https://www.nist.gov/blogs/cybersecurity-insights/take-tour-nist-cybersecurity-framework-20-small-business-quick-start
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
What is the Vulnerability ? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being exploited in targeted attacks and has also been added to the CISA Known Exploited Vulnerabilities (KEV) list. The vulnerability allows unauthenticated remote attackers to read files from the file system outside of the VFS Sandbox, gain administrative access, and perform remote code execution on the server. What is the recommended Mitigation? According to the vendor advisory, CrushFTP versions prior to 10.7.1 and 11.1.0 are vulnerable to CVE-2024-4040 and being advised to immediately apply the patch. What FortiGuard Coverage is available? Endpoint vulnerability service is available to help...
https://fortiguard.fortinet.com/threat-signal-report/5431
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Where does your software (really) come from?
GitHub is working with the OSS community to bring new supply chain security capabilities to the platform. The post Where does your software (really) come from? appeared first on The GitHub Blog.
https://github.blog/2024-04-30-where-does-your-software-really-come-from/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Detecting browser data theft using Windows Event Logs
Posted by Will Harris, Chrome Security Team .code { font-family: "Courier New", Courier, monospace; font-size: 11.8px; font-weight: bold; background-color: #f4f4f4; padding: 2px; border: 1px solid #ccc; border-radius: 2px; white-space: pre-wrap; display: inline-block; line-height: 12px; } .highlight { color: red; } Chromium's sandboxed process model defends well from malicious web content, but there are limits to how well the application can protect itself from malware already on the computer. Cookies and other credentials remain a high value target for attackers, and we are trying to tackle this ongoing threat in multiple ways, including working on web standards like DBSC that will help disrupt the cookie theft industry...
http://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Man Who Mass-Extorted Psychotherapy Patients Gets Six Years
A 26-year-old Finnish man was sentenced to more than six years in prison today after being convicted of hacking into an online psychotherapy clinic, leaking tens of thousands of patient therapy records, and attempting to extort the clinic and patients.
https://krebsonsecurity.com/2024/04/man-who-mass-extorted-psychotherapy-patients-gets-six-years/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sensor Intel Series: Top CVEs in March 2024
TP-Link Archer AX21 Wifi Router targeting, plus a handful of new CVEs! See what mass scanning looks like in March 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-march-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Managed Detection and Response in 2023
The report covers the tactics, techniques and tools most commonly deployed by threat actors, the nature of incidents detected and their distribution among MDR customers.
https://securelist.com/kaspersky-mdr-report-2023/112411/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MovieBoxPro - 6,009,014 breached accounts
In April 2024, over 6M records from the streaming service MovieBoxPro were scraped from a vulnerable API. Of questionable legality, the service provided no contact information to disclose the incident, although reportedly the vulnerability was rectified after being mass enumerated.
https://haveibeenpwned.com/PwnedWebsites#MovieBoxPro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data
The U.S. Federal Communications Commission (FCC) today levied fines totaling nearly 0 million against the four major carriers -- including AT&T, Sprint, T-Mobile and Verizon -- for illegally sharing access to customers' location information without consent.
https://krebsonsecurity.com/2024/04/fcc-fines-major-u-s-wireless-carriers-for-selling-customer-location-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How we fought bad apps and bad actors in 2023
Posted by Steve Kafka and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Play Trust and Safety) A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide the framework to create that experience for both users and developers. Here's what these principles mean in practice: (S)afeguard our Users. Help them discover quality apps that they can trust. (A)dvocate for Developer Protection. Build platform safeguards to enable developers to focus on growth. (F)oster Responsible Innovation. Thoughtfully unlock value for all without compromising on user safety. (E)volve Platform Defenses. Stay ahead of emerging threats by evolving our policies, tools and technology. With those principles in mind, we've made...
http://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CodeQL zero to hero part 3: Security research with CodeQL
Learn how to use CodeQL for security research and improve your security research workflow. The post CodeQL zero to hero part 3: Security research with CodeQL appeared first on The GitHub Blog.
https://github.blog/2024-04-29-codeql-zero-to-hero-part-3-security-research-with-codeql/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GraphNinja
A vulnerability in Microsoft Graph allowed attackers to conduct password-spray attacks without detection. The issue involved switching the 'common' authentication endpoint with that of an unrelated tenant, thereby avoiding the appearance of logon attempts in the victim's logs. This technique could allow attackers to validate user credentials through verbose error messages, but actual successful logons using these credentials would still be recorded in the victims' logs (regardless of endpoint).
https://www.cloudvulndb.org/graph-ninja
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Disk Group Privilege Escalation
Disk Group Privilege Escalation is a complex attack method targeting vulnerabilities or misconfigurations within the disk group management system of Linux environments. Attackers might focus The post Disk Group Privilege Escalation appeared first on Hacking Articles.
https://www.hackingarticles.in/disk-group-privilege-escalation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Accelerating incident response using generative AI
Lambert Rosique and Jan Keller, Security Workflow Automation, and Diana Kramer, Alexandra Bowen and Andrew Cho, Privacy and Security Incident ResponseIntroductionAs security professionals, we're constantly looking for ways to reduce risk and improve our workflow's efficiency. We've made great strides in using AI to identify malicious content, block threats, and discover and fix vulnerabilities. We also published the Secure AI Framework (SAIF), a conceptual framework for secure AI systems to ensure we are deploying AI in a responsible manner. Today we are highlighting another way we use generative AI to help the defenders gain the advantage: Leveraging LLMs (Large Language Model) to speed-up our security and privacy incidents workflows.Incident management is a team sport. We have to summarize...
http://security.googleblog.com/2024/04/accelerating-incident-response-using.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Jenkins Penetration Testing
Jenkins is an open-source automation server used for continuous integration (CI) and continuous delivery (CD). It’s built on Java and utilizes a scripting platform for The post Jenkins Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/jenkins-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Piping Rock - 2,103,100 breached accounts
In April 2024, 2.1M email addresses from the online health products store Piping Rock were publicly posted to a popular hacking forum. The data also included names, phone numbers and physical addresses. The account posting the data had previously posted multiple other data breaches which all appear to have been obtained from the Shopify service used by the respective websites.
https://haveibeenpwned.com/PwnedWebsites#PipingRock
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sonatype Lifecycle best practices: Getting started and managing SBOMs
Effective management of software dependencies is critical for ensuring both security and operational efficiency of applications.
https://www.sonatype.com/blog/sonatype-lifecycle-best-practices-getting-started-and-managing-sboms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359)
What is the Attack? Cisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It reported that these appliances had become the focus of state-sponsored espionage, with attackers exploiting two previously unknown vulnerabilities to infiltrate government entities worldwide. In this campaign, two backdoors were deployed: "Line Runner" and "Line Dancer." These backdoors operated in tandem to execute various malicious activities on the target systems, encompassing configuration alterations, reconnaissance, capturing/exfiltrating network traffic, and potentially facilitating lateral movement. What is the recommended Mitigation? According to Cisco's advisory, the initial attack vector...
https://fortiguard.fortinet.com/threat-signal-report/5429
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259)
What is the Akira Ransomware Attack? The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250 organizations and claimed approximately million (USD) in ransomware proceeds. The ransomware group gains initial access via either less-secured VPN or Cisco vulnerabilities. Once the network is compromised, the threat actor is able to target a system and encrypt files with .akira extension. What is the recommended Mitigation? Review attack surfaces and ensure that all systems are kept up-to-date with the latest patches. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. What FortiGuard Coverage is available? FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5426
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing millions of developers through 2FA
We've dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we're urging more organizations to join us in these efforts. The post Securing millions of developers through 2FA appeared first on The GitHub Blog.
https://github.blog/2024-04-24-securing-millions-of-developers-through-2fa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

January 2024 Cyber Attacks Statistics
In January 2024 I collected 288 events, with Cyber Crime continuing to lead the motivations, and ransomware leading the known attack techniques, ahead of Malware.
https://www.hackmageddon.com/2024/04/24/january-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Tomcat Penetration Testing
Apache Tomcat, developed by the Apache Software Foundation, is a widely used web server and servlet container. Originally, it served as a demonstration platform for The post Tomcat Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/tomcat-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Uncovering potential threats to your web application by leveraging security reports
Posted by Yoshi Yamaguchi, Santiago Díaz, Maud Nalpas, Eiji Kitamura, DevRel team The Reporting API is an emerging web standard that provides a generic reporting mechanism for issues occurring on the browsers visiting your production website. The reports you receive detail issues such as security violations or soon-to-be-deprecated APIs, from users' browsers from all over the world. Collecting reports is often as simple as specifying an endpoint URL in the HTTP header; the browser will automatically start forwarding reports covering the issues you are interested in to those endpoints. However, processing and analyzing these reports is not that simple. For example, you may receive a massive number of reports on your endpoint, and it is possible that not all of them will be helpful in...
http://security.googleblog.com/2024/04/uncovering-potential-threats-to-your.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Burp Extension: JWT-scanner
Authentication and authorization are critical components of any application. Various standards and frameworks have been developed to facilitate the development of such components and make applications more secure. Among them, JSON Web Tokens (JWTs) have become popular choice over the years. In this article, we discuss commons flaws in JWT-based authentication and present our extension to automatically check for these issues in Burp: JWT-scanner.
https://blog.compass-security.com/2024/04/new-burp-extension-jwt-scanner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD .7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps.
https://krebsonsecurity.com/2024/04/russian-fsb-counterintelligence-chief-gets-9-years-in-cybercrime-bribery-scheme/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CVEs Targeting Remote Access Technologies
In this first quarter of 2024, threat actors have been particularly busy in exploiting vulnerabilities (0-days but also old unpatched flaws) targeting traditional remote access technologies. In this blog post I summarized the main CVEs exploited so far in 2024.
https://www.hackmageddon.com/2024/04/22/cves-targeting-remote-access-technologies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dependency Confusion Vulnerability Found in an Archived Apache Project
Get details on the Legit research team's discovery of a dependency confusion vulnerability in an archived Apache project. 
https://www.legitsecurity.com/blog/dependency-confusion-vulnerability-found-in-an-archived-apache-project
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Giving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable Authenticators
We all need supplements sometimes. Whether it's a little extra vitamin C during flu season or some vitamin D during the dark days of Winter. When used correctly, supplements help our body adjust to the changing conditions around us. Similarly, we are applying this same concept for the first time to our NIST SP 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. Today, we published a supplement that provides interim guidance for agencies seeking to make use of ‘syncable authenticators' ( for example, passkeys) in both enterprise-facing and public-facing use cases
https://www.nist.gov/blogs/cybersecurity-insights/giving-nist-digital-identity-guidelines-boost-supplement-incorporating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)