L'Actu de la presse spécialisée
Pas d'actualité
L'Actu de la veille (Presse spécialisée)
How We Migrated to the Cloud... of Ashes (Wallarm OVH Recovery in 2021)
The OVH data center in Strasbourg, France, burned down on March 10, 2019. Wallarm, the company behind the Wallarm API and application firewall, was forced to migrate to the cloud. The company had three clouds; the one that burned was the oldest infrastructure-wise. The migration project is now complete.
https://hackernoon.com/how-we-migrated-to-the-cloud-of-ashes-wallarm-ovh-recovery-in-2021?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft pulls fix for Outlook bug behind ICS security alerts
Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-fix-for-outlook-bug-unexpected-ICS-warnings-after-December-security-updates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CoralRaider attacks use CDN cache to push info-stealer malware
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. [...]
https://www.bleepingcomputer.com/news/security/coralraider-attacks-use-cdn-cache-to-push-info-stealer-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Can You Integrate Cybersecurity Into Your Content Automation Process?
Automating content carries some cybersecurity risks you should know about. Review your tools and the data they access to see what type of risk you're dealing with. The more sensitive information you use in content automation, the more advanced security measures you'll need. Encrypt all your content automation data.
https://hackernoon.com/how-can-you-integrate-cybersecurity-into-your-content-automation-process?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google ad for Facebook redirects to scam
Beware of this malicious ad campaign currently making the rounds. Read our blog for more details and how to protect yourself.
https://www.malwarebytes.com/blog/scams/2024/04/google-ad-for-facebook-redirects-to-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills
https://www.darkreading.com/cybersecurity-operations/comptia-supports-department-of-defense-efforts-to-strengthen-cyber-knowledge-and-skills
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Hard Truths About the State of Cloud Security 2024
Dark Reading talks cloud security with John Kindervag, the godfather of zero trust.
https://www.darkreading.com/cloud-security/5-hard-truths-about-the-state-of-cloud-security-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Master the Art of Early-Stage Fundraising
The frustrations and trials of fundraising are well-known among entrepreneurs. While the repetitive nature of pitching, emailing, and responding to inquiries can be draining, the real challenge often lies in the strategic decisions about when and whom to raise funds from. As your experience reveals, an unenthusiastic VC who doesn't grasp the essence of your business or industry, focusing instead on external synergies, might not be the best partner despite a successful fundraising round.
https://hackernoon.com/how-to-master-the-art-of-early-stage-fundraising?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug
Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.
https://www.darkreading.com/ics-ot-security/siemens-working-on-fix-for-device-affected-by-palo-alto-firewall-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mastering SEO: The Ultimate Guide to Penalty-Free Performance
Keyword stuffing is the practice of overloading web pages with keywords or numbers to manipulate a site's ranking in search results. Duplicate content refers to identical or substantially similar content that appears on multiple URLs. Broken links and redirects disrupt the user experience and can prevent search engine crawlers from properly indexing your site.
https://hackernoon.com/mastering-seo-the-ultimate-guide-to-penalty-free-performance?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft releases Exchange hotfixes for security update issues
Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-exchange-hotfixes-for-security-update-issues/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments
An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.
https://www.darkreading.com/threat-intelligence/hackers-create-legit-phishing-links-with-ghost-github-gitlab-comments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
North Korea-linked APT groups target South Korean defense contractors
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus, Andariel, and Kimsuky hacked multiple defense companies in South […]
https://securityaffairs.com/162193/apt/north-korea-south-korean-defense-contractors.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zulu Network: Moving The Bitcoin Economy Forward With a Two-Tiered Bitcoin Layer 2 Architecture
Zulu Network is the first Bitcoin Layer 2 with a Dual-Layer architecture (L2+L3) ZuluPrime L2 is EVM compatible, for Bitcoin scaling and BitFi (Bitcoin DeFi). ZuluNexus L3 offers UTXO programmability to support Bitcoin native innovation. Zulu's other innovations also include the first trust-minimized Bitcoin bridge (with a working demo coming soon) and its unique hybrid PoS / PoW mining design.
https://hackernoon.com/zulu-network-moving-the-bitcoin-economy-forward-with-a-two-tiered-bitcoin-layer-2-architecture?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bitcoin Halving: Bearish Implications?
Every four years, the Bitcoin network undergoes a significant change known as "halving", a process that reduces the rewards for mining new blocks by half. After the first halving on November 28th, 2012, Bitcoin's price skyrocketed from to ,075 within a year, a stunning 8,858% increase. Many believe that the price of Bitcoin will immediately increase following a halving.
https://hackernoon.com/bitcoin-halving-bearish-implications?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zircuit Staking Soars Past B TVL In Only Two Months
Zircuit's staking program is rapidly gaining momentum, attracting over B TVL in a short 2 months. Zircuit is currently in testnet with plans to launch its mainnet in Summer 2024. The Build to Earn program has already attracted over 1,000 submissions.
https://hackernoon.com/zircuit-staking-soars-past-b-tvl-in-only-two-months?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update
The company reports most systems are functioning again but that analysis of the data affected will take months to complete.
https://www.darkreading.com/cyber-risk/back-from-the-brink-unitedhealth-offers-sobering-post-attack-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US govt sanctions Iranians linked to government cyberattacks
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. [...]
https://www.bleepingcomputer.com/news/security/us-govt-sanctions-iranians-linked-to-government-cyberattacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6742-2: Linux kernel vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
https://ubuntu.com/security/notices/USN-6742-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tomcat Penetration Testing
Apache Tomcat, developed by the Apache Software Foundation, is a widely used web server and servlet container. Originally, it served as a demonstration platform for
The post Tomcat Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/tomcat-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USF College of Engineering Presents Rapid7 With 2024 Corporate Impact Award
This past Friday, April 19, the University of South Florida (USF) College of Engineering recognized individuals and organizations who have greatly impacted USF and beyond at its ninth annual Engineering Honors Awards at The Armature Works in Tampa.
https://blog.rapid7.com/2024/04/23/usf-college-of-engineering-presents-rapid7-with-2024-corporate-impact-award/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staking On Bitcoin, SatoshiDEX Staking For Presale Investors Is Now Live
SatoshiDEX, the pioneering Bitcoin DEX, announces the __[Staking system](https://satoshidex.ai/staking)__, enabling users to earn rewards in advance of the platform's official launch. Boasting a successful presale exceeding million, SatoshiDEX continues to gain momentum. The team has implemented a dynamic APY for their Staking System, allowing participants to access significantly higher rewards.
https://hackernoon.com/staking-on-bitcoin-satoshidex-staking-for-presale-investors-is-now-live?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hybrid Meta-Heuristic for Efficient Course Timetabling
The article introduces a hybrid meta-heuristic for course timetable generation, including instance decomposition and an increment procedure. It surpasses commercial software in real-world testing, showcasing significant time reductions. Future research aims to optimize clustering and incorporate machine learning for further improvements.
https://hackernoon.com/hybrid-meta-heuristic-for-efficient-course-timetabling?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Instance Decomposition with Fixed Curriculum Increments
The article delves into optimizing computational experiments through various approaches like stopping criteria testing, instance decomposition with fixed and violations-based curriculum increments, and experiments with larger subdivisions and real-world instances, showcasing enhanced algorithmic performance and efficiency.
https://hackernoon.com/instance-decomposition-with-fixed-curriculum-increments?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking Down the Timetable Puzzle: IST's Algorithmic Framework
Discover how Instituto Superior Técnico (IST) approaches timetabling challenges with a hybrid meta-heuristic algorithmic framework. Dive into instance decomposition, guided local search, adaptive large neighbourhood search, and variable neighbourhood search to unravel IST's innovative timetabling strategies.
https://hackernoon.com/breaking-down-the-timetable-puzzle-ists-algorithmic-framework?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IST's Timetabling Dilemma: Constraints, Variables, and Real-World Instances
This section defines the course timetabling problem at Instituto Superior Técnico (IST), detailing indices, parameters, variables, and constraints. It also presents real-world instances, showcasing the complexity of timetabling at IST, including multiple campi, trimesters, and distinct timetables for classes, professors, and rooms.
https://hackernoon.com/ists-timetabling-dilemma-constraints-variables-and-real-world-instances?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DPRK hacking groups breach South Korean defense contractors
The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. [...]
https://www.bleepingcomputer.com/news/security/dprk-hacking-groups-breach-south-korean-defense-contractors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 40: chromium 2024-8b50ca2e22 Security Advisory Updates
update to 124.0.6367.60 High CVE-2024-3832: Object corruption in V8 High CVE-2024-3833: Object corruption in WebAssembly High CVE-2024-3914: Use after free in V8 High CVE-2024-3834: Use after free in Downloads
https://linuxsecurity.com/advisories/fedora/fedora-40-chromium-2024-8b50ca2e22-security-advisory-updates-0wrt8tnvkpja
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 40: libfilezilla 2024-ff9a2fb31c Security Advisory Updates
Fix for CVE-2024-31497
https://linuxsecurity.com/advisories/fedora/fedora-40-libfilezilla-2024-ff9a2fb31c-security-advisory-updates-5szhoi4omcbz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 40: filezilla 2024-ff9a2fb31c Security Advisory Updates
Fix for CVE-2024-31497
https://linuxsecurity.com/advisories/fedora/fedora-40-filezilla-2024-ff9a2fb31c-security-advisory-updates-kxrbqwdycoll
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUSE: 2024:1402-1 moderate: opensc Security Advisory Updates
* bsc#1219386 Cross-References: * CVE-2023-5992
https://linuxsecurity.com/advisories/suse/suse-2024-1402-1-moderate-opensc-security-advisory-updates-5k2g0uzna3cl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUSE: 2024:1403-1 low: kubernetes1.24 Security Advisory Updates
* bsc#1222539 Cross-References: * CVE-2024-3177
https://linuxsecurity.com/advisories/suse/suse-2024-1403-1-low-kubernetes1-24-security-advisory-updates-g0txra8qfnkr
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUSE: 2024:1404-1 low: kubernetes1.23 Security Advisory Updates
* bsc#1222539 Cross-References: * CVE-2024-3177
https://linuxsecurity.com/advisories/suse/suse-2024-1404-1-low-kubernetes1-23-security-advisory-updates-us5l8gdqpqm7
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Human-Powered Security: The Value of Ethical Hackers & Bug Bounty
Who is an ethical hacker, what is a bug bounty program, and why is human-powered security the best method for strengthening your security posture?
https://www.hackerone.com/vulnerability-management/human-powered-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins
By Waqas
Coffee with Double Brew of Trouble!
This is a post from HackRead.com Read the original post: Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins
https://www.hackread.com/nespresso-domain-hijacked-microsoft-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0G and OnePiece Labs Collaborate to Create Crypto x AI Incubator
By Owais Sultan
0G Labs and One Piece Labs have announced the launch of the first incubator for startups working at…
This is a post from HackRead.com Read the original post: 0G and OnePiece Labs Collaborate to Create Crypto x AI Incubator
https://www.hackread.com/0g-onepiece-labs-collaborate-crypto-x-ai-incubator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US imposes visa bans on 13 spyware makers and their families
The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. [...]
https://www.bleepingcomputer.com/news/security/us-imposes-visa-bans-on-13-spyware-makers-and-their-families/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise
CVE-2024-4040 is an unauthenticated zero-day vulnerability in managed file transfer software CrushFTP. Successful exploitation allows for arbitrary file read as root, authentication bypass for administrator account access, and remote code execution.
https://blog.rapid7.com/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army
Cybersecurity is ‘inclusive' by nature: no one is exempt from the fallout of the expanding cyber threat landscape. The notion, therefore, that some groups of individuals are offered fewer opportunities to join the cyber industry than others is frankly absurd. ISC2's latest Cybersecurity Workforce Study gives us a snapshot into the supply and demand of […]
The post Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army first appeared on IT Security Guru.
The post Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/23/expert-insight-outdated-recruitment-methods-are-impeding-the-global-cyber-army/?utm_source=rss&utm_medium=rss&utm_campaign=expert-insight-outdated-recruitment-methods-are-impeding-the-global-cyber-army
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers hijack antivirus updates to drop GuptiMiner malware
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. [...]
https://www.bleepingcomputer.com/news/security/hackers-hijack-antivirus-updates-to-drop-guptiminer-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI is Revolutionizing Phishing for Both Sides. What will make the Difference?
Thanks to AI, phishing attacks are better than ever. So is our ability to stop them. By Antonio Sanchez, Principal Cybersecurity Evangelist at Fortra AI has always been a lurking […]
The post AI is Revolutionizing Phishing for Both Sides. What will make the Difference? appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/ai-is-revolutionizing-phishing-for-both-sides-what-will-make-the-difference/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UnitedHealth confirms it paid ransomware gang to stop data leak
The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. [...]
https://www.bleepingcomputer.com/news/security/unitedhealth-confirms-it-paid-ransomware-gang-to-stop-data-leak/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach
UnitedHealth has made an announcement about the stolen data in the ransomware attack on subsidiary Change Healthcare.
https://www.malwarebytes.com/blog/news/2024/04/substantial-proportion-of-americans-may-have-had-health-and-personal-data-stolen-in-change-healthcare-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons for CISOs From OWASP's LLM Top 10
It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line.
https://www.darkreading.com/vulnerabilities-threats/top-lessons-cisos-owasp-llm-top-10
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations
Mandiant, part of Google Cloud, today released the findings of its M-Trends 2024 report. Now in its 15th year, this annual report provides expert trend analysis based on Mandiant frontline cyber attack investigations and remediations conducted in 2023. The 2024 report reveals evidence that organizations globally have made meaningful improvements in their defensive capabilities, identifying […]
The post Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations first appeared on IT Security Guru.
The post Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/23/mandiants-m-trends-report-reveals-new-insights-from-frontline-cyber-investigations/?utm_source=rss&utm_medium=rss&utm_campaign=mandiants-m-trends-report-reveals-new-insights-from-frontline-cyber-investigations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smart devices: using them safely in your home
Many everyday items are now connected to the internet: we explain how to use them safely.
https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking The True Cost Of Cyberattacks: Beyond Ransom And Recovery
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in the Hacker News Sausalito, Calif. – Apr. 23, 2024 While many people tend to focus on understanding how and why they were targeted by security breaches, there’s a larger,
The post Unmasking The True Cost Of Cyberattacks: Beyond Ransom And Recovery appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/unmasking-the-true-cost-of-cyberattacks-beyond-ransom-and-recovery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Gov Slaps Visa Restrictions on Spyware Honchos
The State Department can now deny entrance to the US for individuals accused of profiting from spyware-related human rights abuses, and their immediate family members.
https://www.darkreading.com/cybersecurity-operations/us-gov-visa-restrictions-spyware-honchos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories
By Deeba Ahmed
Hackers are exploiting GitHub comments to spread malware disguised as Microsoft software downloads tricking users into downloading malware.
This is a post from HackRead.com Read the original post: GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories
https://www.hackread.com/github-comment-malware-fake-microsoft-repositories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russia's Fancy Bear Pummels Windows Print Spooler Bug
The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.
https://www.darkreading.com/endpoint-security/russia-fancy-bear-pummels-windows-print-spooler-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leicester City Cyber Attack Leads to Street Light Burning All Day & Night
Residents of Leicester have been facing an unusual urban phenomenon: street lights that stay lit day and night. This issue stems from a severe cyber attack that targeted Leicester City Council’s IT systems, leading to a series of disruptions in city services, including street lighting management. The persistent glow of street lights has become a […]
The post Leicester City Cyber Attack Leads to Street Light Burning All Day & Night appeared first on Cyber Security News.
https://cybersecuritynews.com/leicester-city-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk
Researchers have uncovered critical security vulnerabilities in several widely used keyboard apps, including those from major tech giants Samsung, OPPO, Vivo, and Xiaomi. These flaws could allow network eavesdroppers to intercept and decipher every keystroke a user makes, exposing sensitive personal and financial information. The Citizen Lab’s comprehensive study focused on the security of cloud-based […]
The post Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk appeared first on Cyber Security News.
https://cybersecuritynews.com/popular-keyboard-apps-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passwords, passkeys and familiarity bias
As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity. Most of us could be forgiven for not realizing passwordless authentication […]
The post Passwords, passkeys and familiarity bias appeared first on Security Intelligence.
https://securityintelligence.com/posts/passwords-passkeys-familiarity-bias/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs
State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices.
https://www.darkreading.com/endpoint-security/edge-vpns-firewalls-nonexistent-telemetry-apts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WordPress PWA – how to protect your Progressive Web Apps
Progressive Web Apps, or PWAs, are innovative web applications that are developed using modern web…
WordPress PWA – how to protect your Progressive Web Apps on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/23/wordpress-pwa-how-to-protect-your-progressive-web-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Hijacking Antivirus Updates to Deliver GuptiMiner
A sophisticated malware campaign has been compromising the update mechanism of eScan antivirus software to distribute malicious backdoors and cryptocurrency mining software. The campaign, dubbed GuptiMiner, has been linked to a threat actor with potential connections to the notorious Kimsuky group. GuptiMiner leverages a man-in-the-middle attack to exploit vulnerabilities in the update process of the […]
The post Hackers Hijacking Antivirus Updates to Deliver GuptiMiner appeared first on Cyber Security News.
https://cybersecuritynews.com/antivirus-updates-hijacked/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6746-1: Google Guest Agent and Google OS Config Agent vulnerability
It was discovered that Google Guest Agent and Google OS Config Agent incorrectly
handled certain JSON files. An attacker could possibly use this issue to
cause a denial of service.
https://ubuntu.com/security/notices/USN-6746-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proton Mail Unveils Dark Web Monitoring to Check for Credentials Leaks
Proton Mail has introduced a new feature to enhance the safety of its users’ online identities. The new Dark Web Monitoring tool is designed to alert users about potential credential leaks, ensuring they can take immediate action to protect their accounts. Here’s a detailed look at this innovative feature. Your email address is more than […]
The post Proton Mail Unveils Dark Web Monitoring to Check for Credentials Leaks appeared first on Cyber Security News.
https://cybersecuritynews.com/dark-web-monitoring/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6728-3: Squid vulnerability
USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused
Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled
in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected
and reinstated in this update.
We apologize for the inconvenience.
Original advisory details:
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. (CVE-2023-5824)
...
https://ubuntu.com/security/notices/USN-6728-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why You Should Consider AlmaLinux 9.4 Beta for Your Desktop
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a reliable server operating system, it can also function effectively as a desktop OS. Security, stability, and long-term support are key advantages of choosing AlmaLinux 9.4 beta as your desktop OS.
https://linuxsecurity.com/news/desktop-security/almalinux-9-4-beta-desktop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spectre V2: A New Threat to Linux Systems
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's delve into the details of the Spectre v2 exploit, its implications, and the measures being taken to mitigate its impact.
https://linuxsecurity.com/news/security-vulnerabilities/spectre-v2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This Website is Selling Billions of Private Messages of Discord Users
By Deeba Ahmed
Millions of Discord messages sold online! Protect yourself from leaked usernames, photos & financial details. Learn how to secure your Discord account.
This is a post from HackRead.com Read the original post: This Website is Selling Billions of Private Messages of Discord Users
https://www.hackread.com/website-selling-private-messages-of-discord-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI Director Wray Issues Warning on Chinese Cyber Attacks
Vanderbilt Summit on Modern Conflict and Emerging Threats, FBI Director Christopher Wray highlighted the severe and ongoing cyber threats the Chinese government poses to U.S. national and economic security. Speaking to an audience of experts from various sectors, including national security, cybersecurity, and academia, Director Wray articulated the immediate risks the Chinese government presents to […]
The post FBI Director Wray Issues Warning on Chinese Cyber Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/fbi-director-issues-warning/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Hackers Exploiting Windows Print Spooler Using GooseEgg Tool
Hackers abuse Windows Print Spooler vulnerabilities because it runs with elevated SYSTEM privileges, allowing privilege escalation. Also, exploiting it enables remote code execution and credential theft. Microsoft exposed the Russian threat actor Forest Blizzard (aka APT28, Sednit, Sofacy, and Fancy Bear), who has been using a custom tool called GooseEgg to elevate privileges and steal […]
The post Russian Hackers Exploiting Windows Print Spooler Using GooseEgg Tool appeared first on Cyber Security News.
https://cybersecuritynews.com/russian-apt28-exploits-windows-print-spooler/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers.
The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/?utm_source=rss&utm_medium=rss&utm_campaign=guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'NCSC Cyber Series' podcast now available
Listen to all five episodes now, covering a wide range of cyber security topics.
https://www.ncsc.gov.uk/blog-post/cyber-series-podcast
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Forminator WordPress Plugin Flaw Exposes Over 50,000 Websites to Cyber Attacks
In a recent cybersecurity revelation, over 50,000 websites using the popular WordPress plugin Forminator are at risk due to multiple critical vulnerabilities. If exploited, these flaws could allow attackers to perform a range of malicious activities, from stealing sensitive data to taking complete control of the affected websites. Forminator is a widely used WordPress plugin […]
The post Forminator WordPress Plugin Flaw Exposes Over 50,000 Websites to Cyber Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/forminator-wordpress-plugin/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the commercial spyware business. The US Department of State is imposing visa restrictions on 13 individuals involved in the development and sale of commercial spyware or their immediate family members. The measure aims to counter the misuse of surveillance technology targeting […]
https://securityaffairs.com/162187/laws-and-regulations/visa-restrictions-commercial-spyware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WordPress Responsive Theme Flaw Let Attackers Inject Malicious HTML Scripts
A vulnerability was identified in the WordPress theme, “Responsive,” allowing attackers to inject arbitrary HTML content into websites. This flaw, as CVE-2024-2848, poses a severe risk to website integrity and user safety. CVE-2024-2848 – Arbitrary HTML Content Injection The vulnerability was specifically found in the footer section of the Responsive theme, where attackers could modify […]
The post WordPress Responsive Theme Flaw Let Attackers Inject Malicious HTML Scripts appeared first on Cyber Security News.
https://cybersecuritynews.com/wordpress-responsive-theme-flaw-let-attackers-inject-malicious-html-scripts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ever wondered how a cyber crime gang operates?
NCSC publishes new report on criminal online activity.
https://www.ncsc.gov.uk/blog-post/ever-wondered-how-cyber-crime-gang-operates
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UnitedHealth Group Ransomware Attack : Hackers Stolen Patients Data
The global American health insurance and services corporation UnitedHealth Group has announced that its health IT subsidiary Change Healthcare was the target of a malicious cyberattack. Based on its initial targeted data sampling, the company has discovered files containing personally identifiable information (PII) or protected health information (PHI), which may include a significant proportion of the […]
The post UnitedHealth Group Ransomware Attack : Hackers Stolen Patients Data appeared first on Cyber Security News.
https://cybersecuritynews.com/unitedhealth-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Burp Extension: JWT-scanner
Authentication and authorization are critical components of any application. Various standards and frameworks have been developed to facilitate the development of such components and make applications more secure. Among them, JSON Web Tokens (JWTs) have become popular choice over the years.
In this article, we discuss commons flaws in JWT-based authentication and present our extension to automatically check for these issues in Burp: JWT-scanner.
https://blog.compass-security.com/2024/04/new-burp-extension-jwt-scanner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A cyber attack paralyzed operations at Synlab Italia
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical diagnosis services, since April 18. Since April 18, Synlab Italia, a major provider of medical diagnosis services, has been experiencing disruptions due to a cyber attack. The company initially cited technical issues as the cause leading to “temporary interruption of […]
https://securityaffairs.com/162172/hacking/synlab-italis-cyberattack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mastering Shodan Search Engine
Let's explore the depths of Shodan Dorking to level up your security testing. While Google can find many websites, Shodan lets you find everything else — servers, webcams, washing machines, etc. Imagine that you are a bad guy. It could be a true gold mine! But of course, I do not endorse anything illegal! The main thing that I'm trying to teach — is the methods to get some good leads, to find something that it's critical for certain organizations. Report those findings and might get some reward or recognition AKA Bounties.https://medium.com/media/0131ada64b901ed67658a9505c44e69b/hrefPreparationIf you have followed my YouTube videos, I've been doing recon on the Coca-Cola Company. Even before deep diving into the Shodan, I highly suggest gathering some information about...
https://infosecwriteups.com/mastering-shodan-search-engine-8c80b80dae09?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Email Verification Bypass via Remember Me
Today I will tell you my finding of email verification that I found accidently.We need to understand that bug 🐞 hunting is not a step by step process all the way. You need to think like this- “If I do this that what will happen”. This hungriness is must for bounty.Photo by Brett Jordan on UnsplashOne more thing, I bought my IPHONE 11 from bug bounty. Just Joking 😂😂Come to the topic. Companies are smarter 🧐 now, they don't want users to create dummy accounts using temporary emails. So they are implementing email verification, which means after creating account we don't redirected to the account's dashboard until OTP provided or confirmation link is clicked, which is sent to the email.But we are here to bypass these type of authentication. Let's see how?However,...
https://infosecwriteups.com/email-verification-bypass-via-remember-me-c6d34e6060e9?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes
Explore the intricate vulnerabilities CVE-2024–28185 and CVE-2024–28189 in Judge0, focusing on symlink attacks that enable code execution…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/exploiting-symlinks-a-deep-dive-into-cve-2024-28185-and-cve-2024-28189-of-judge0-sandboxes-36bd471cfc4d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Typo Trouble: Exploring the Telegram Python RCE Vulnerability
Telegram's Windows application was recently updated to address a critical zero-day flaw that permitted the execution of Python scripts without triggering security alerts, due to a typo in processing certain file extensions.This vulnerability first surfaced on online forums later proof of concept shared on the XSS forum. The issue centered around Python “.pyzw” files which, due to a typo let attackers to evaded Telegram's security protocols and ran immediately upon user interaction, provided Python was present on the device. Cyber adversaries could cloak these scripts as innocuous video files, duping users into running them.As of now Telegram has deployed a server-side remedy by tagging “.pyzw” files with the “.untrusted” suffix, thereby requiring user deliberation to execute...
https://infosecwriteups.com/typo-trouble-exploring-the-telegram-python-rce-vulnerability-b7bc8a12c9ba?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active DNS Recon using AXIOM
Are you interested in getting a lot of subdomains of big targets? Using tools like amass or subfinder is not enough for subdomain discovery. Let me guide you through how you can do active DNS Recon using puredns. There is a big difference between how you can collect subdomains. The vast majority of people are just using tools like amass or subfinder which both are pretty good for passive DNS Recon but you will need to do active DNS Recon as well. To put it in simple words, the active DNS Recon is just guessing subdomains. I want to emphasize that this is only useful for big targets that should have a lot of subdomains. Think of companies like Apple, Google, Microsoft, etc.https://medium.com/media/8b7af807b45a9a090119b6f75959cc88/hrefChoosing Wordlist For DNS BruteforceTo start, the first thing...
https://infosecwriteups.com/active-dns-recon-using-axiom-a5239b95f5ad?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Information Disclosure: Story of 500€ + 400$ Bounty
Hi, Fellow Hunters, Ram Ram Bhyi Sarya Ne,Hope you are doing well and taking care of your health, this side V3D.I am writing a write-up of one of my findings.Issue: Infomation Disclosure of Customer's invoices, Customer's emailsNote: These are private Bug Bounty Programs, so I can't disclose the program name, let's consider them as REDACTED.COMWithout any further ado… Let's Start…https://medium.com/media/7cbde9e06333eb87fd861e122e848f83/hrefOne of my friends Virdoexhunter told me about this website https://otx.alienvault.com, here OTX stand for (Open Threat Intelligence), It is a platform which is used by security researchers and threat data producers to share research and investigate new threats.How to use this website?Just navigate to https://otx.alienvault.com/indicator/domain/target.comHere...
https://infosecwriteups.com/information-disclosure-story-of-500-400-bounty-97d3b343f9ad?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Demystifying Password Cracking: Attacks and Defence Strategies
How passwords can get hacked and ways to stop themNearly every online and offline account and device is safeguarded by some form of password. A password (also known as a passcode or passphrase) is any secret code or string of characters that enables a user to authenticate or log in to their account. Our assets are kept secure behind these passwords. However, once a password is compromised, the consequences can be severe. Hackers can make any disaster they want depending on your profile. Often you'll hear people saying that their social media or email account got hacked. In most cases, it is the password that has been stolen. There are various techniques used to carry out these attacks. We will explore how these techniques work, as well as the preventative measures that can be taken against them.What...
https://infosecwriteups.com/demystifying-password-cracking-attacks-and-defence-strategies-1304bda73249?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Race Condition and Broken Access Control on Developer Dashboard
In the vast landscape of the digital world, security is the cornerstone of trust. Just as a sturdy lock secures our physical belongings, robust digital security safeguards our online identities. However, even the most fortified systems can harbor vulnerabilities. This report unveils two such vulnerabilities discovered on a target website — a race condition and a Broken access control (BAC) issue.So, the target was a self-hosted program, and the reward was for only Critical, High and Medium. Started testing from subdomain enumeration and filtering out the live subdomains. After testing out the subdomains one by one, I stumbled upon the developer dashboard on “developer.target.com” which has login/register feature. But the login should be done from the main domain ‘target.com'...
https://infosecwriteups.com/race-condition-and-broken-access-control-on-developer-dashboard-2a4e62c5f841?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Fundamentals 1 | TryHackMe Walk-Through
Royall ResearchersQuestions and AnswersRead above and start the virtual machine. DoneHere We need to Connect a Machine using RDP Protocol.we Should Know Machine_IP , UserName = administrator , Password = letmein123!I Use Remmina to connect the Windows Virtual MachineWhat encryption can you enable on Pro that you can't enable in Home? bitlockervisit this link https://www.microsoft.com/en-us/windows/compare-windows-11-home-vs-pro-versions#tabs1-2 the first option show the encryption in proWhich selection will hide/disable the Search box? hidden ##Right Click Task Bar and Navigate SearchWhich selection will hide/disable the Task View button? show task view button ##Right Click Task BarBesides Clock and Network, what other icon is visible in the Notification Area? action center #Right...
https://infosecwriteups.com/windows-fundamentals-1-tryhackme-walkthrough-20fae4f9bd68?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automate XSS testing with real browser rendering
SummaryIn this article I will explain what Cross-Site Scripting (XSS) is, but most importantly I will show you how to automatically detect this. This is a challenge, because it requires full browser rendering.DisclaimerThis article is for informational and educational purpose only, and for those who're willing and curious to know and learn about Security and Penetration Testing. The content may not be used for illegal purposes. If you're ready to learn something new for the good, then read on.DetailsCross-site scripting (XSS) is a web security vulnerability that allows attackers to compromise user interaction with vulnerable web applications. In a cross-site scripting attack, an attacker injects malicious browser-side script into a trusted website. Since the script runs on the target...
https://infosecwriteups.com/automate-xss-testing-with-real-browser-rendering-e81f55a98025?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity Pros
Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain.
https://www.darkreading.com/cyber-risk/licensed-to-bill-nations-mandate-certification-licensure-of-cybersecurity-pros
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
UnitedHealth Group cyber attack; U of M student arrests - MPR News
UnitedHealth Group cyber attack; U of M student arrests. Emily Bright. April 23, 2024 5:22 PM. ListenMinnesota Today - April 23, 2024. Share. Twitter ...
https://www.mprnews.org/episode/2024/04/23/unitedhealth-group-cyber-attack-u-of-m-student-arrests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
cyber attackers software code analytic technologies - Military Aerospace
System explainability will help explain why a cyber attack may or may not have come from specific countries, groups, or individuals. SoURCE CODE ...
https://www.militaryaerospace.com/trusted-computing/article/55019877/cyber-attackers-software-code-analytic-technologies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Onus on Tech Firms, White House Official Says - Government Technology
farm · Cybersecurity · Are We Ready for a Cyber Attack on Food and Farming? April 23, 2024. · Jule Pattison-Gordon. Stay on top of the latest state ...
https://www.govtech.com/security/cybersecurity-onus-on-tech-firms-white-house-official-says
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are We Ready for a Cyber Attack on Food and Farming? - Government Technology
... cyber attack on food and agriculture. The mock scenario imagined that adversaries exploited misconfigurations in victim organizations' cloud ...
https://www.govtech.com/security/are-we-ready-for-a-cyber-attack-on-food-and-farming
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CRDAMC pharmacy team safely working towards better wait times - DVIDS
In recent months several challenges arose that would have overwhelmed most teams, such as, the cyber-attack, the prescription verification system ...
https://www.dvidshub.net/news/469284/crdamc-pharmacy-team-safely-working-towards-better-wait-times
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons Learned from the TTC's Ransomware Attack - McMillan LLP
... cyber attack underscores this point.[1]. This bulletin will review the IPC's key findings and recommendations relating to the TTC's cybersecurity ...
https://mcmillan.ca/insights/publications/lessons-learned-from-the-ttcs-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alarm Sounded Over Major North Korea Hacks - Newsweek
Cyber Attack · Cybersecurity. Alarm Sounded Over Major North Korea Hacks. Published Apr 23, 2024 at 2:43 PM EDT. CLOSE X. By Micah McCartney. China ...
https://www.newsweek.com/alarm-sounded-over-major-north-korean-hacks-1893344
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bank of Italy - The G7 Cyber Expert Group (CEG) conducts a cross-border coordination ...
The exercise simulated a large-scale cyber attack against relevant financial entities and infrastructures across all G7 jurisdictions, bringing ...
https://www.bancaditalia.it/media/notizia/the-g7-cyber-expert-group-ceg-conducts-a-cross-border-coordination-exercise-in-the-financial-sector-in-the-event-of-a-cyber-incident/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hezbollah launches deepest attack into Israel since outbreak of Gaza war - The National
Both men were accused of serious involvement in attacks on Israel. READ MORE. Cyber attack on Lebanon state internet provider Ogero disrupts services.
https://www.thenationalnews.com/news/mena/2024/04/23/israel-claims-it-killed-two-senior-hezbollah-members-in-south-lebanon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
State-Sponsored Russian Hackers Linked to Breach of Texas Water Treatment Plant
Alert symbol ... A Massive Cyber Attack Disrupts Operations Across Numerous French Municipalities.
https://www.cpomagazine.com/cyber-security/state-sponsored-russian-hackers-linked-to-breach-of-texas-water-treatment-plant/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Massive Cyber Attack Disrupts Operations Across Numerous French Municipalities
A “large-scale cyber attack” has taken down local government services in several French municipalities since the night of Tuesday, April 9.
https://www.cpomagazine.com/cyber-security/a-massive-cyber-attack-disrupts-operations-across-numerous-french-municipalities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyberattackers target Meduza with unprecedented DDoS campaign in effort to disable site
Last month, Meduza reported on a far-reaching cyber-attack that targeted our newsroom in the leadup to Russia's presidential “election.” That ...
https://meduza.io/en/feature/2024/04/23/cyberattackers-target-meduza-with-unprecedented-ddos-campaign-in-effort-to-disable-site
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
ToddyCat APT Is Stealing Data on 'Industrial Scale'
The threat actor is deploying multiple connections into victim environments to maintain persistence and steal data.
https://www.darkreading.com/cyber-risk/-toddycat-apt-is-stealing-data-on-an-industrial-scale-
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “Forest Blizzard”, “Fancybear” or “Strontium” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. Since at least June 2020, and possibly earlier, the cyberespionage […]
https://securityaffairs.com/162154/apt/apt28-gooseegg-tool-win-bug.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Hallucinations: The Emerging Market for Insuring Against Generative AI's Costly Blunders
Written by MJ Schwenger, Co-Chair of the CSA AI Governance and Compliance Working Group.Generative AI: Embracing Hallucinations for Responsible InnovationThis blog delves into the fascinating world of Generative AI (GenAI), acknowledging its revolutionary potential while addressing the inherent challenge of "hallucinations." It explores the technical underpinnings of these hallucinations and proposes a nuanced perspective, shifting the focus from criticizing AI to fostering collaborative inte...
https://cloudsecurityalliance.org/articles/ai-hallucinations-the-emerging-market-for-insuring-against-generative-ai-s-costly-blunders
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD .7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps.
https://krebsonsecurity.com/2024/04/russian-fsb-counterintelligence-chief-gets-9-years-in-cybercrime-bribery-scheme/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar
An open direct vulnerability in the Nespresso Web domain lets attackers bypass detection as they attempt to steal victims' Microsoft credentials.
https://www.darkreading.com/cyberattacks-data-breaches/nespresso-domain-phish-cream-sugar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Akira Ransomware Attack
What is the Akira Ransomware Attack?
The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250 organizations and claimed approximately million (USD) in ransomware proceeds. The ransomware group gains initial access via either less-secured VPN or Cisco vulnerabilities. Once the network is compromised, the threat actor is able to target a system and encrypt files with .akira extension.
What is the recommended Mitigation?
Review attack surfaces and ensure that all systems are kept up-to-date with the latest patches. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization.
What FortiGuard Coverage is available?
FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5426
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6743-2: Linux kernel (Low Latency) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
https://ubuntu.com/security/notices/USN-6743-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. [...]
https://www.bleepingcomputer.com/news/security/microsoft-russian-apt28-hackers-exploit-windows-flaw-reported-by-nsa-using-gooseegg-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Capital One Teams Up With Top-Tier Ethical Hackers at H1-305
Capital One and 52 highly skilled global ethical hackers came together for the organization's second live hacking event with HackerOne.
https://www.hackerone.com/lhe/capital-one-h1-305
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#MIWIC2024: Melissa Chambers, CEO and Co-Founder of Sitehop
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024's Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee's answers are […]
The post #MIWIC2024: Melissa Chambers, CEO and Co-Founder of Sitehop first appeared on IT Security Guru.
The post #MIWIC2024: Melissa Chambers, CEO and Co-Founder of Sitehop appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/22/miwic2024-melissa-chambers-ceo-and-co-founder-of-sitehop/?utm_source=rss&utm_medium=rss&utm_campaign=miwic2024-melissa-chambers-ceo-and-co-founder-of-sitehop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Picking fights and gaining rights, with Justin Brookman: Lock and Code S05E09
This week on the Lock and Code podcast, we speak with Justin Brookman about past consumer wins in the tech world, and how to avoid despair.
https://www.malwarebytes.com/blog/podcast/2024/04/picking-fights-and-gaining-rights-with-justin-brookman-lock-and-code-s05e09
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Synlab Italia suspends operations following ransomware attack
Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. [...]
https://www.bleepingcomputer.com/news/security/synlab-italia-suspends-operations-following-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitLab affected by GitHub-style CDN flaw allowing malware hosting
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion. [...]
https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crafting AI's Future: Decoding the AI Executive Order
By: Rajat Kohli, Partner at Zinnov There is something to be learned from epic fantasy productions like Harry Potter. That every few years, there will be a gifted wizard who […]
The post Crafting AI's Future: Decoding the AI Executive Order appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/crafting-ais-future-decoding-the-ai-executive-order/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
48 Vulnerabilities Uncovered In AI systems : Surge By 220%
Since the initial disclosure of 15 vulnerabilities in November 2023, a 220% increase in vulnerabilities impacting AI systems has been discovered, bringing the total to 48 vulnerabilities. The world’s first AI/ML bug bounty program, Protect AI, analyzes the whole OSS AI/ML supply chain for significant vulnerabilities. The experts discovered that specific security risks may be […]
The post 48 Vulnerabilities Uncovered In AI systems : Surge By 220% appeared first on Cyber Security News.
https://cybersecuritynews.com/48-ai-vulnerabilities-220-percent/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies
In this first quarter of 2024, threat actors have been particularly busy in exploiting vulnerabilities (0-days but also old unpatched flaws) targeting traditional remote access technologies. In this blog post I summarized the main CVEs exploited so far in 2024.
https://www.hackmageddon.com/2024/04/22/cves-targeting-remote-access-technologies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6744-2: Pillow vulnerability
USN-6744-1 fixed a vulnerability in Pillow (Python 3). This update
provides the corresponding updates for Pillow (Python 2) in
Ubuntu 20.04 LTS.
Original advisory details:
Hugo van Kemenade discovered that Pillow was not properly performing
bounds checks when processing an ICC file, which could lead to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ICC file, an attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.
https://ubuntu.com/security/notices/USN-6744-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check and threatens to publish it. World-Check is a global database utilized by various organizations, including financial institutions, regulatory bodies, and law enforcement agencies, for assessing potential risks associated with individuals and entities. It compiles information from diverse sources like public […]
https://securityaffairs.com/162136/cyber-crime/hackers-threaten-leak-world-check.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Take Command Summit: Take Breaches from Inevitable to Preventable on May 21
Registration is now open for Take Command, a day-long virtual summit in partnership with AWS. You'll get new attack intelligence, insight into AI disruption, transparent MDR partnerships, and more.
https://blog.rapid7.com/2024/04/22/take-command-summit-take-breaches-from-inevitable-to-preventable-on-may-21/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dependency Confusion Vulnerability Found in an Archived Apache Project
Get details on the Legit research team's discovery of a dependency confusion vulnerability in an archived Apache project.
https://www.legitsecurity.com/blog/dependency-confusion-vulnerability-found-in-an-archived-apache-project
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Cybersecurity Questions Boards Can't Afford To Ignore
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Forbes Sausalito, Calif. – Apr. 22, 2024 As board directors head into their next round of quarterly meetings, there's one topic that should be on the agenda: cybersecurity. The rise
The post 5 Cybersecurity Questions Boards Can't Afford To Ignore appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/5-cybersecurity-questions-boards-cant-afford-to-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Sandworm hackers targeted 20 critical orgs in Ukraine
Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA). [...]
https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-targeted-20-critical-orgs-in-ukraine/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Giving NIST Digital Identity Guidelines a Boost: Supplement for Incorporating Syncable Authenticators
We all need supplements sometimes. Whether it's a little extra vitamin C during flu season or some vitamin D during the dark days of Winter. When used correctly, supplements help our body adjust to the changing conditions around us. Similarly, we are applying this same concept for the first time to our NIST SP 800-63B, Digital Identity Guidelines: Authentication and Lifecycle Management. Today, we published a supplement that provides interim guidance for agencies seeking to make use of ‘syncable authenticators' ( for example, passkeys) in both enterprise-facing and public-facing use cases
https://www.nist.gov/blogs/cybersecurity-insights/giving-nist-digital-identity-guidelines-boost-supplement-incorporating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor
By Deeba Ahmed
IT professionals are under attack! This article exposes a malicious malvertising campaign targeting IT teams with a novel backdoor named MadMxShell. Learn how attackers use typosquatting and DNS techniques to compromise systems.
This is a post from HackRead.com Read the original post: Malvertising: Fake Popular Software Ads Deliver New MadMxShell Backdoor
https://www.hackread.com/fake-popular-software-ads-madmxshell-backdoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6745-1: Percona XtraBackup vulnerability
It was discovered that in Percona XtraBackup, a local crafted filename
could trigger arbitrary code execution.
https://ubuntu.com/security/notices/USN-6745-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Billions of scraped Discord messages up for sale
An internet scraping platform is offering access to a database filled with over four billion Discord messages and combined user profiles.
https://www.malwarebytes.com/blog/news/2024/04/billions-of-scraped-discord-messages-up-for-sale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows DOS-to-NT flaws exploited to achieve unprivileged rootkit-like capabilities
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve rootkit-like capabilities. SafeBreach researcher Or Yair devised a technique, exploiting vulnerabilities in the DOS-to-NT path conversion process, to achieve rootkit-like capabilities on Windows. When a user executes a function with a path argument in Windows, the DOS path of the […]
https://securityaffairs.com/162129/security/windows-dos-to-nt-flaws-rootkit-like-capabilities.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deciphering the Economics of Software Development: An In-Depth Exploration
By Uzair Amir
The depth of activities within software development ranges from ideation and design to coding, testing, and deployment. The…
This is a post from HackRead.com Read the original post: Deciphering the Economics of Software Development: An In-Depth Exploration
https://www.hackread.com/deciphering-software-development-economics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Detailed Guide on Pwncat
Pwncat stands out as an open-source Python tool highly regarded for its versatility, providing a contemporary alternative to the traditional netcat utility. Tailored for network
The post A Detailed Guide on Pwncat appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-pwncat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Future of Automated Testing with DAQ
Introduction to the New Era Automated testing is transforming, morphing into an even more essential…
The Future of Automated Testing with DAQ on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/22/the-future-of-automated-testing-with-daq/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ACDS Launches Revolutionary OBSERVATORY Solution: Redefining Attack Surface Management
Advanced Cyber Defence Systems (ACDS) has unveiled its groundbreaking Attack Surface Management (ASM) solution: OBSERVATORY. Engineered with a comprehensive three-pronged approach—Discovery, Validation, and Insight—OBSERVATORY offers an unparalleled level of network security. As the number of internet-connected devices explodes, organisations struggle to keep track and secure them before attackers strike. Shockingly, surveys show 69% of companies […]
The post ACDS Launches Revolutionary OBSERVATORY Solution: Redefining Attack Surface Management first appeared on IT Security Guru.
The post ACDS Launches Revolutionary OBSERVATORY Solution: Redefining Attack Surface Management appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/22/acds-launches-revolutionary-observatory-solution-redefining-attack-surface-management/?utm_source=rss&utm_medium=rss&utm_campaign=acds-launches-revolutionary-observatory-solution-redefining-attack-surface-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Palo Alto Networks Patched A Pan-OS Vulnerability Under Attack
A critical zero-day vulnerability in Palo Alto networks Pan-OS firewall has received an emergency fix…
Palo Alto Networks Patched A Pan-OS Vulnerability Under Attack on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/22/palo-alto-networks-patched-a-pan-os-vulnerability-under-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ToddyCat is making holes in your infrastructure
We continue to report on the APT group ToddyCat. This time, we'll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.
https://securelist.com/toddycat-traffic-tunneling-data-extraction-tools/112443/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6738-1: LXD vulnerability
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that LXD
incorrectly handled the handshake phase and the use of sequence numbers in SSH
Binary Packet Protocol (BPP). If a user or an automated system were tricked
into opening a specially crafted input file, a remote attacker could possibly
use this issue to bypass integrity checks.
https://ubuntu.com/security/notices/USN-6738-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6744-1: Pillow vulnerability
Hugo van Kemenade discovered that Pillow was not properly performing
bounds checks when processing an ICC file, which could lead to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ICC file, an attacker could possibly use this issue
to cause a denial of service or execute arbitrary code.
https://ubuntu.com/security/notices/USN-6744-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple Removed Numerous Apps From China App Store
Apple users in China may no longer find various popular apps, such as WhatsApp and…
Apple Removed Numerous Apps From China App Store on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/22/apple-removed-numerous-apps-from-china-app-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Concerned About Your Online Privacy in 2024? You Are Not the Only One.
Today, using mobile apps is inevitable. It's no longer a matter of professional or business…
Concerned About Your Online Privacy in 2024? You Are Not the Only One. on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/22/concerned-about-your-online-privacy-in-2024-you-are-not-the-only-one/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (April 15 – April 21)
A list of topics we covered in the week of April 15 to April 21 of 2024
https://www.malwarebytes.com/blog/news/2024/04/a-week-in-security-april-15-april-21
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites
Japan’s CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads to the server. Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server. Forminator is a popular WordPress plugin that allows users […]
https://securityaffairs.com/162113/security/forminator-wordpress-plugin-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
T2 - 85,894 breached accounts
In April 2024, 86k records from the T2 tea store were posted to a popular hacking forum. Data included email and physical addresses, names, phone numbers, dates of birth, purchases and passwords stored as scrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#T2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing Case Under the Guise of Korean Portal Login Page
AhnLab SEcurity intelligence Center (ASEC) has recently identified the distribution of phishing files identical to Korean portal website login screens. Cases impersonating multiple Korean portal websites, logistics and shipping brands, and webmail login pages have been very common from the past. * In the left/right comparison images used in this post, the left side shows the phishing page and the right side shows the normal page. Figure 1 shows screenshots of the phishing page impersonating the Naver login page and...
The post Phishing Case Under the Guise of Korean Portal Login Page appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/64294/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Akira ransomware received M in ransom payments from over 250 victims
Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over million in ransom payments. A joint advisory published by CISA, the FBI, Europol, and the Netherlands' National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received million in ransom payments from more than 250 […]
https://securityaffairs.com/162098/cyber-crime/akira-ransomware-report-fbi.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DuneQuixote campaign targets the Middle East with a complex backdoor
Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote. Researchers from Kaspersky discovered the DuneQuixote campaign in February 2024, but they believe the activity may have been active since 2023. Kaspersky discovered over 30 DuneQuixote dropper samples used in the campaign. […]
https://securityaffairs.com/162036/hacking/dunequixote-campaign-targets-middle-east.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Critical CrushFTP zero-day exploited in attacks in the wild A French hospital was forced to reschedule […]
https://securityaffairs.com/162081/security/security-affairs-newsletter-round-468-by-pierluigi-paganini-international-edition.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weighing Down Cyberrisk Options: How to Make Objective Cybersecurity Decisions Without Negatively Impacting the Organization's IT Teams?
By Mike Starr, CEO of Trackd It's often paid lip service to (or worse, intentionally neglected), and rarely appreciated, but there's an operational cost to be paid for security. Security […]
The post Weighing Down Cyberrisk Options: How to Make Objective Cybersecurity Decisions Without Negatively Impacting the Organization's IT Teams? appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/weighing-down-cyberrisk-options-how-to-make-objective-cybersecurity-decisions-without-negatively-impacting-the-organizations-it-teams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack
By Deeba Ahmed
Veriti Research exposes surge in Androxgh0st attacks, exploiting CVEs and building botnets for credential theft. Patch systems, monitor for web shells, and use behavioral analysis to protect yourself.
This is a post from HackRead.com Read the original post: Androxgh0st Malware Compromises Servers Worldwide for Botnet Attack
https://www.hackread.com/androxgh0st-malware-servers-botnets-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Connecting Tech to Black America
By David Lee, Chief Evangelist and Visionary for Tech Diversity As technology rapidly evolves and advances, it can often seem inaccessible and intimidating for the everyday person. For Black Americans […]
The post Connecting Tech to Black America appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/connecting-tech-to-black-america/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons Learned From Recent Ransomware Attacks
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Spiceworks Sausalito, Calif. – Apr. 20, 2024 In today's digital landscape, ransomware attacks pose a significant threat to businesses worldwide, writes Shrav Mehta, founder and CEO of Secureframe. Cybersecurity Ventures
The post Lessons Learned From Recent Ransomware Attacks appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/lessons-learned-from-recent-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Weekly Wrap-Up 04/19/24
Welcome Ryan and the new CrushFTP module
It's not every week we add an awesome new exploit module to the Framework while adding the original discoverer of the vulnerability to the Rapid7 team as well. We're very excited to welcome Ryan Emmons to the Emergent Threat Response team, which works
https://blog.rapid7.com/2024/04/19/metasploit-weekly-wrap-up-04-19-24/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Response to March 2024 CSRB report
Publication Date: 2024/04/19 09:00 AM PDT
AWS is aware of a recent Cyber Safety Review Board (CSRB) report regarding a 2023 Microsoft Online Exchange issue. We are not affected by the issues described in this report and no customer action is required.
At AWS, security is our top priority. Every AWS customer benefits from the fact that we have the most operational experience of any cloud provider. We designed AWS from its very foundation to be the most secure way for our customers to run their workloads, and built our internal culture around security as a business imperative. The security of the AWS cloud is unique and differentiated by our technology, culture, and practices.
To learn more, please refer to our "How the unique culture of security at AWS makes a difference" blog post....
https://aws.amazon.com/security/security-bulletins/AWS-2024-004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT and Cybersecurity Jobs in the Age of Emerging AI Technologies
By Waqas
Fear AI taking your IT or cybersecurity job? Don't! Learn how AI creates new opportunities in network management, threat detection & more.
This is a post from HackRead.com Read the original post: IT and Cybersecurity Jobs in the Age of Emerging AI Technologies
https://www.hackread.com/it-and-cybersecurity-jobs-age-of-emerging-ai-technologies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tuta Mail (Tutanota) Accuses Google of Censoring Its Search Results
By Deeba Ahmed
Shadowboxing in Search Results: Tuta Mail De-ranked and Disappearing on Google!
This is a post from HackRead.com Read the original post: Tuta Mail (Tutanota) Accuses Google of Censoring Its Search Results
https://www.hackread.com/tuta-mail-tutanota-google-censoring-search-results/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6743-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- BPF subsystem;
- Netfilter;
(CVE-2023-52600, CVE-2024-26589, CVE-2024-26591, CVE-2024-26581,
CVE-2023-52603)
https://ubuntu.com/security/notices/USN-6743-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Importance of Cyber Hygiene for Businesses
By Rigo Van den Broeck, Executive Vice President, Cyber Security Product Innovation at Mastercard Cybercrime is set to cost .3 trillion worldwide by 2025, and it's growing fast. It's a […]
The post The Importance of Cyber Hygiene for Businesses appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-importance-of-cyber-hygiene-for-businesses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-6742-1: Linux kernel vulnerabilities
Daniele Antonioli discovered that the Secure Simple Pairing and Secure
Connections pairing in the Bluetooth protocol could allow an
unauthenticated user to complete authentication without pairing
credentials. A physically proximate attacker placed between two Bluetooth
devices could use this to subsequently impersonate one of the paired
devices. (CVE-2023-24023)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
- Netfilter;
(CVE-2024-26581, CVE-2023-52600, CVE-2023-52603)
https://ubuntu.com/security/notices/USN-6742-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting yourself after a medical data breach – Week in security with Tony Anscombe
What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?
https://www.welivesecurity.com/en/videos/protecting-yourself-medical-data-breach-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISOs Must Train Their Teams On AI To Combat Future Cyber Threats
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Security Infowatch Sausalito, Calif. – Apr. 19, 2024 In a Security Infowatch article, Shailesh Rao, president of the Cortex division at Palo Alto Networks, observes that chief information security officers
The post CISOs Must Train Their Teams On AI To Combat Future Cyber Threats appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cisos-must-train-their-teams-on-ai-to-combat-future-cyber-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unlocking the Power of Portfolio Analysis – A Comprehensive Guide
By Owais Sultan
In banking and business, you need to know how your investments are doing and what they are made…
This is a post from HackRead.com Read the original post: Unlocking the Power of Portfolio Analysis – A Comprehensive Guide
https://www.hackread.com/power-of-portfolio-analysis-comprehensive-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UK's Cydea introduces new way to quantify risk management
Cydea, the cyber risk management provider, has announced the Cydea Risk Platform, set to quantify threats in financial terms to businesses, allowing them to visualise the consequences of different business security-related scenarios. By giving a monetary value to risks and cyber threats, the company says its new platform is designed to enhance Board-level communication, speed […]
The post UK's Cydea introduces new way to quantify risk management first appeared on IT Security Guru.
The post UK’s Cydea introduces new way to quantify risk management appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/19/uks-cydea-introduces-new-way-to-quantify-risk-management/?utm_source=rss&utm_medium=rss&utm_campaign=uks-cydea-introduces-new-way-to-quantify-risk-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breach Debrief: The Fake Slackbot
Originally published by Adaptive Shield.Written by Hananel Livneh.Last month, The Verge reported on an amusing story of abusing Slack in a design, technology, science, and science fiction website. Tom McKay of IT Brew successfully hid on Slack after leaving the company in 2022 by assuming the persona of "Slackbot," remaining undetected by management for months. McKay shared screenshots of his antics on X and confirmed the escapade to The Verge. By changing his profile picture to resemble an a...
https://cloudsecurityalliance.org/articles/breach-debrief-the-fake-slackbot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding the Nuances: Privacy and Confidentiality
Originally published by MJD.Written by Shonda Knowles Elliott, CPA.In the digital age, where data is the new currency, businesses must prioritize the security and integrity of their clients' information. To demonstrate this, many organizations adhere to frameworks like SOC 2 (System and Organization Controls), developed by the American Institute of CPAs (AICPA). SOC 2 reports provide an independent auditor's opinion on the design and operating effectiveness of a company's information security...
https://cloudsecurityalliance.org/articles/understanding-the-nuances-privacy-and-confidentiality
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's in a Name? Defining Zero Trust for Leaders
Originally published by CXO REvolutionaries.Written by Nat Smith, Senior Director, Product Management, Zscaler.Could you accurately and succinctly describe zero trust to your leadership team or board? During my five years as a VP analyst at Gartner, I witnessed executives struggle to convey the concept in business language, and it's not entirely their fault; “Zero trust” rolls out the red carpet for misinterpretation and misrepresentation.Zero trust is a model for secure resource access. Gart...
https://cloudsecurityalliance.org/articles/what-s-in-a-name-defining-zero-trust-for-leaders
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are You Ready for Microsoft Copilot?
Originally published by Reco.Written by Gal Nakash.On March 14, Microsoft made Copilot available to customers in their 365 environment. Originally designed to enable productivity, Copilot is an AI chatbot that allows any user to conduct research or create content. It has the ability to generate slide decks, create text in word files, analyze spreadsheets and more. It's powerful. Shared Organizational Data Is Now at Risk of Data LeakageIt also opens up new doors for threat actors to gain acce...
https://cloudsecurityalliance.org/articles/are-you-ready-for-microsoft-copilot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a Data-Centric Approach to Security
Written by Uday Srinivasan, CTO, Acante.We previously discussed how the modern data stack has changed the threat landscape today. In part II, below, we outline exactly how security and data teams can enable modern data teams to innovate rapidly without compromising on the security and access governance of the enterprise data.The Need: A Data-centric Approach to SecurityHistorically, the term “data security” has been largely equated with encryption and similar control measures. However, with t...
https://cloudsecurityalliance.org/articles/implementing-a-data-centric-approach-to-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Role of ASPM in Enhancing Software Supply Chain Security
ASPM plays an essential role in optimizing your software supply chain security. Learn more about this critical facet of the SDLC and what the future holds for ASPM.
https://www.legitsecurity.com/blog/the-role-of-aspm-in-enhancing-software-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Law enforcement reels in phishing-as-a-service whopper
A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.
https://www.malwarebytes.com/blog/cybercrime/2024/04/law-enforcement-reels-in-phishing-as-a-service-whopper
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DevOps pioneers navigate organizational transformation
The latest webinar in Sonatype's DevOps Download series, presented in partnership with The New Stack, offered an in-depth exploration into how DevOps pioneers are catalyzing significant shifts within organizations.
https://blog.sonatype.com/devops-pioneers-navigate-organizational-transformation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Code Reviews, Small Moments, Big Impacts
Rafael de Carvalho shares tips for code reviews, how to optimize delivery, and providing effective feedback.
https://www.hackerone.com/engineering/code-review-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Interaction Hacks: Tips and Tricks for Crafting Effective Prompts
AI prompting is more of an art than a science. Zahra Putri Fitrianti shares tips and tricks for creating effective prompts.
https://www.hackerone.com/engineering/ai-prompting-tips
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FAQ: Everything Hackers Need to Know About the 2024 Ambassador World Cup
Answer all your questions about how to get involved in HackerOne's Ambassador World Cup!
https://www.hackerone.com/hackerone-community-blog/awc-faq
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #2: A brief history of the feature
@import url(https://themes.googleusercontent.com/fonts/css?kit=lhDjYqiy3mZ0x6ROQEUoUw);ul.lst-kix_isoepzyy3bf4-8{list-style-type:none}ul.lst-kix_isoepzyy3bf4-7{list-style-type:none}ul.lst-kix_isoepzyy3bf4-6{list-style-type:none}ul.lst-kix_isoepzyy3bf4-5{list-style-type:none}ul.lst-kix_isoepzyy3bf4-4{list-style-type:none}ul.lst-kix_isoepzyy3bf4-3{list-style-type:none}ul.lst-kix_isoepzyy3bf4-2{list-style-type:none}ul.lst-kix_isoepzyy3bf4-1{list-style-type:none}.lst-kix_qqcc7cub1y3f-1>li:before{content:"25cb "}ul.lst-kix_isoepzyy3bf4-0{list-style-type:none}.lst-kix_qqcc7cub1y3f-0>li:before{content:"25cf "}.lst-kix_qqcc7cub1y3f-5>li:before{content:"25a0 "}.lst-kix_qqcc7cub1y3f-3>li:before{content:"25cf "}.lst-kix_qqcc7cub1y3f-7>li:before{content:"25cb "}.lst-kix_qqcc7cub1y3f-2>li:before{content:"25a0...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #1: Introduction and research results
ul.lst-kix_c4pdvykpeuss-3{list-style-type:none}ul.lst-kix_c4pdvykpeuss-2{list-style-type:none}ul.lst-kix_c4pdvykpeuss-1{list-style-type:none}ul.lst-kix_c4pdvykpeuss-0{list-style-type:none}.lst-kix_2wnifzn4nxg9-1>li:before{content:"25cb "}ul.lst-kix_5uedwcx8bazf-3{list-style-type:none}ul.lst-kix_5uedwcx8bazf-4{list-style-type:none}.lst-kix_2wnifzn4nxg9-0>li:before{content:"25cf "}.lst-kix_2wnifzn4nxg9-2>li:before{content:"25a0 "}.lst-kix_4m34njm6c6og-6>li:before{content:"25cf "}ul.lst-kix_5uedwcx8bazf-5{list-style-type:none}ul.lst-kix_5uedwcx8bazf-6{list-style-type:none}.lst-kix_2wnifzn4nxg9-3>li:before{content:"25cf "}.lst-kix_4m34njm6c6og-7>li:before{content:"25cb "}ul.lst-kix_5uedwcx8bazf-7{list-style-type:none}ul.lst-kix_5uedwcx8bazf-8{list-style-type:none}.lst-kix_4m34njm6c6og-8>li:before{content:"25a0...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Getting Started on Personal Development
Have you ever found yourself feeling stuck? Rafael de Carvalho shares critical steps toward moving in the right direction.
https://www.hackerone.com/engineering/personal-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prevent Generative AI Data Leaks with Chrome Enterprise DLP
Posted Kaleigh Rosenblat, Chrome Enterprise Senior Staff Software Engineer, Security Lead
Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks. From customized content creation to source code generation, it can increase both our productivity and creative potential.
Businesses want to leverage the power of LLMs, like Gemini, but many may have security concerns and want more control around how employees make sure of these new tools. For example, companies may want to ensure that various forms of sensitive data, such as Personally Identifiable Information (PII), financial records and internal intellectual property, is not to be shared publicly on Generative AI platforms. Security leaders face the challenge of finding the right balance —...
http://security.googleblog.com/2024/04/prevent-generative-ai-data-leaks-with.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mental health company Cerebral failed to protect sensitive personal data, must pay million
The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.
https://www.malwarebytes.com/blog/news/2024/04/mental-health-company-cerebral-failed-to-protect-sensitive-personal-data-must-pay-7-million
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyberattacks
Kroll, the leading independent provider of global risk and financial advisory solutions, has released the State of Cyber Defense: Diagnosing Cyber Threats in Healthcare report, exposing the healthcare industry's disillusionment in terms of its cyber maturity. The research reveals that over a quarter (26%) of healthcare businesses have immature cybersecurity processes yet nearly 50% believe […]
The post Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyberattacks first appeared on IT Security Guru.
The post Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyberattacks appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/18/report-reveals-healthcare-industry-is-disillusioned-in-its-preparedness-for-cyberattacks/?utm_source=rss&utm_medium=rss&utm_campaign=report-reveals-healthcare-industry-is-disillusioned-in-its-preparedness-for-cyberattacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Cybersecurity Resolutions for the New Year
By Roger Spears, Schneider Downs Whenever the new year rolls around, resolutions—to achieve a goal, improve a behavior or continue good practices—abound. And, while many resolutions center personal goals such […]
The post 5 Cybersecurity Resolutions for the New Year appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/5-cybersecurity-resolutions-for-the-new-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpacking the NIST cybersecurity framework 2.0
The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity. NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for […]
The post Unpacking the NIST cybersecurity framework 2.0 appeared first on Security Intelligence.
https://securityintelligence.com/articles/nist-cybersecurity-framework-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Startup CEO: Oleria's New Approach To Identity Security
This week in cybersecurity from the editors at Cybercrime Magazine – Watch the Cybercrime Magazine Video Sausalito, Calif. – Apr. 18, 2024 Oleria, a company providing adaptive and autonomous identity security solutions, raised .1 million in a Series A funding round earlier this year. The investment, which
The post Startup CEO: Oleria’s New Approach To Identity Security appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/startup-ceo-olerias-new-approach-to-identity-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Goldilock Partners with organisation behind NATO's largest cyber defence exercise
Goldilock, the British cybersecurity startup behind a unique physical network isolation solution, has partnered with CR14, a cyber defence organisation established by the Estonian ministry of defence and host of NATO's operative Cyber Defence Centre of Excellence (CCDCOE), to conduct testing activities with the aim of increasing the resilience of critical national infrastructure (CNI). Testing […]
The post Goldilock Partners with organisation behind NATO's largest cyber defence exercise first appeared on IT Security Guru.
The post Goldilock Partners with organisation behind NATO's largest cyber defence exercise appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/18/goldilock-partners-with-organisation-behind-natos-largest-cyber-defence-exercise/?utm_source=rss&utm_medium=rss&utm_campaign=goldilock-partners-with-organisation-behind-natos-largest-cyber-defence-exercise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VectorKernel - PoCs For Kernelmode Rootkit Techniques Research
PoCs for Kernelmode rootkit techniques research or education. Currently focusing on Windows OS. All modules support 64bit OS only. NOTE Some modules use ExAllocatePool2 API to allocate kernel pool memory. ExAllocatePool2 API is not supported in OSes older than Windows 10 Version 2004. If you want to test the modules in old OSes, replace ExAllocatePool2 API with ExAllocatePoolWithTag API. Environment All modules are tested in Windows 11 x64. To test drivers, following options can be used for the testing machine: Enable Loading of Test Signed Drivers debugging-in-windbg--cdb--or-ntsd">Setting Up Kernel-Mode Debugging Each options require to disable secure boot. Modules Detailed information is given in README.md in each project's directories. All modules are tested in Windows...
http://www.kitploit.com/2024/04/vectorkernel-pocs-for-kernelmode.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Police apprehend global cyber gang implicated in large-scale fraud
The Met Police, a long with a host of other global law enforcement agencies, have dismantled a criminal gang that used a technology service to facilitate fraudulent text messages, leading to theft from victims. The scam primarily targeted younger individuals familiar with the internet. The technology service, LabHost, aided scammers in sending deceptive messages and […]
The post Police apprehend global cyber gang implicated in large-scale fraud first appeared on IT Security Guru.
The post Police apprehend global cyber gang implicated in large-scale fraud appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/18/police-apprehend-global-cyber-gang-implicated-in-large-scale-fraud/?utm_source=rss&utm_medium=rss&utm_campaign=police-apprehend-global-cyber-gang-implicated-in-large-scale-fraud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing Office 365 with better configuration
How our Office 365 advisory and new security guidance from Microsoft can help protect your cloud services.
https://www.ncsc.gov.uk/blog-post/securing-office-365-with-better-configuration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cannabis investment scam JuicyFields ends in 9 arrests
JuicyFields was an investment scam that urged victims to invest in cannabis production.
https://www.malwarebytes.com/blog/news/2024/04/cannabis-investment-scam-juicyfields-ends-in-9-arrests
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Assessment Framework 3.2
Latest version of the CAF reflects the increased threat to critical national infrastructure
https://www.ncsc.gov.uk/blog-post/cyber-assessment-framework-3-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.
https://securelist.com/dunequixote/112425/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January 2024 Cyber Attacks Timeline
In the second timeline of January 2024 I collected 168 events (10.50 events/day), dominated by ransomware, ahead of malware and the exploitation of vulnerabilities. There were also several mega breaches, multiple operations against fintech organizations, and the usual wave of attacks motivated by cyber espionage.
https://www.hackmageddon.com/2024/04/18/16-31-january-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The many faces of impersonation fraud: Spot an imposter before it's too late
What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn't who they claim to be?
https://www.welivesecurity.com/en/scams/many-faces-impersonation-fraud-spot-imposter-too-late/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of Pupy RAT Used in Attacks Against Linux Systems
Pupy is a RAT malware strain that offers cross-platform support. Because it is an open-source program published on GitHub, it is continuously being used by various threat actors including APT groups. For example, it is known to have been used by APT35 (said to have ties to Iran) [1] and was also used in Operation Earth Berberoka [2] which targeted online gambling websites. Recently, a malware strain named Decoy Dog was discovered, which is an updated version of Pupy RAT....
The post Analysis of Pupy RAT Used in Attacks Against Linux Systems appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/64258/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Le Slip Français - 1,495,127 breached accounts
In April 2024, the French underwear maker Le Slip Français suffered a data breach. The breach included 1.5M email addresses, physical addresses, names and phone numbers.
https://haveibeenpwned.com/PwnedWebsites#LeSlipFrancais
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […]
The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat Labs.
https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/?utm_source=rss&utm_medium=rss&utm_campaign=from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)
Zero Knowledge Networking vendor shrugs off firewall flaw In the wake of the recent disclosure…
Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400) on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/17/xiid-sealedtunnel-unfazed-by-yet-another-critical-firewall-vulnerability-cve-2024-3400/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Should you share your location with your partner?
Location sharing is popular among couples. But is it something you want in your own relationship?
https://www.malwarebytes.com/blog/privacy/2024/04/should-you-share-your-location-with-your-partner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.1, 1.2.3, 1.0.6 patch versions published
Today, we are publishing the 1.3.1, 1.2.3, and 1.0.6 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.3.1ClamAV 1.3.1 is a critical patch release with the following fixes:CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition.This issue affects version 1.3.0 only and does not affect prior versions.Thank you to Błażej Pawłowski for identifying this issue.GitHub pull requestUpdated select Rust dependencies to the latest versions. This resolved Cargo audit complaints and included...
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.
The post Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safeguarding ERP Systems in the Digital Age: The Crucial Role of NetSuite Support in Cyber Defense
An enterprise resource planning tool is a software program that unifies business operations. The most…
Safeguarding ERP Systems in the Digital Age: The Crucial Role of NetSuite Support in Cyber Defense on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/17/safeguarding-erp-systems-in-the-digital-age-the-crucial-role-of-netsuite-support-in-cyber-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security Offers Built-In Passphrase Generator to Strengthen Security
Today Keeper Security have announced the addition of a passphrase generator to Keeper Web Vault, with support on mobile and for the browser extension coming soon. The release also includes an update to the existing password generator which provides users with new options to meet specific password requirements. In addition to being able to include […]
The post Keeper Security Offers Built-In Passphrase Generator to Strengthen Security first appeared on IT Security Guru.
The post Keeper Security Offers Built-In Passphrase Generator to Strengthen Security appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/17/keeper-security-offers-built-in-passphrase-generator-to-strengthen-security/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-offers-built-in-passphrase-generator-to-strengthen-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Human Risk: An Organisation's Biggest Problem and Greatest Opportunity
Organisations often lean on the ‘People, Process, and Technology' (PPT) framework as a way of demarcating value streams and driving action. When managed well, the triad works in unison to ensure a comprehensive and layered approach to defence. But what happens when one pillar is weaker than the others? Human risk is incurred by the […]
The post Human Risk: An Organisation's Biggest Problem and Greatest Opportunity first appeared on IT Security Guru.
The post Human Risk: An Organisation's Biggest Problem and Greatest Opportunity appeared first on IT Security Guru.
https://www.itsecurityguru.org/2024/04/17/human-risk-an-organisations-biggest-problem-and-greatest-opportunity/?utm_source=rss&utm_medium=rss&utm_campaign=human-risk-an-organisations-biggest-problem-and-greatest-opportunity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evolution Equity Partners Closes On .1 Billion For Cybersecurity Investment In Oversubscribed Fund Raise
The Evolution Technology Fund III LP is the largest dedicated cybersecurity fund raised to date Growth and early growth stage investor committed to differentiated portfolio characterized by strong operating performance of software companies safeguarding the digital world. NEW YORK, N.Y., Apr. 17, 2024 – Evolution
The post Evolution Equity Partners Closes On .1 Billion For Cybersecurity Investment In Oversubscribed Fund Raise appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/evolution-equity-parnters-evolution-technology-fund-iii-lp/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hybrid Working is Changing How We Think About Security
By Prakash Mana, CEO, Cloudbrink Security will continue to head the list of priorities for CISOs in 2024, but how we secure our enterprises will need rethinking in the face […]
The post Hybrid Working is Changing How We Think About Security appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/hybrid-working-is-changing-how-we-think-about-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enforce and Report on PCI DSS v4 Compliance with Rapid7
The PCI Security Standards Council (PCI SSC) is a global forum that connects stakeholders from the payments and payment processing industries to craft and facilitate adoption of data security standards and relevant resources that enable safe payments worldwide.
https://blog.rapid7.com/2024/04/17/enforce-and-report-on-pci-dss-v4-compliance-with-rapid7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?
The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials. In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a […]
The post What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index? appeared first on Security Intelligence.
https://securityintelligence.com/posts/secops-teams-take-away-2024-threat-intelligence-index/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Scammers Stole More Than 0K From A Milwaukee Area Woman
This week in cybersecurity from the editors at Cybercrime Magazine – Listen to the Cybercrime Magazine Podcast Interview Sausalito, Calif. – Apr. 17, 2024 A complex and convincing scam drained a Whitefish Bay, Wis. woman of her entire savings. Throughout the month-long scam, the fraudsters
The post How Scammers Stole More Than 0K From A Milwaukee Area Woman appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/how-scammers-stole-more-than-200k-from-a-milwaukee-area-woman/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cookie-Monster - BOF To Steal Browser Cookies & Credentials
Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handle(s) and then filelessly download the target. Once the Cookies/Login Data file(s) are downloaded, the python decryption script can help extract those secrets! Firefox module will parse the profiles.ini and locate where the logins.json and key4.db files are located and download them. A seperate github repo is referenced for offline decryption. BOF Usage Usage: cookie-monster [ --chrome || --edge || --firefox || --chromeCookiePID <pid> || --chromeLoginDataPID <PID> || --edgeCookiePID <pid> || --edgeLoginDataPID <pid>] cookie-monster Example: cookie-monster...
http://www.kitploit.com/2024/04/cookie-monster-bof-to-steal-browser.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SoumniBot: the new Android banker's unique techniques
We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.
https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watch all the plenaries from CYBERUK 2024 live, and for free
Key talks from the UK government's flagship cyber security event will be livestreamed from Birmingham's ICC.
https://www.ncsc.gov.uk/blog-post/watch-cyberuk2024-plenaries
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance (CSA) AI Summit at RSAC to Deliver Critical Tools to Help Meet Rapidly Evolving Demands of AI
Event to provide attendees with a holistic understanding of AI's future along with pragmatic advice on managing risks and gaining benefits from generative AI SEATTLE – April 17, 2024 – This year, the Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, will host a revolutionary summit at the RSA Conference — the CSA AI Summit, which will bring together influentia...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-csa-ai-summit-at-rsac-to-deliver-critical-tools-to-help-meet-rapidly-evolving-demands-of-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating the Cyber Typhoon: Safeguarding Data Amidst US-China Geo-Political Tensions.
Nick Shevelyov, Senior Executive Reporter, Cyber Defense Magazine On February 7, 2024, the US Government Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory titled “PRC State-Sponsored Actors Compromise and […]
The post Navigating the Cyber Typhoon: Safeguarding Data Amidst US-China Geo-Political Tensions. appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/navigating-the-cyber-typhoon-safeguarding-data-amidst-us-china-geo-political-tensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7 Common Causes of Data Breach: Safeguarding Your Digital Assets
Originally published by InsiderSecurity.Data Breaches are an ever-present threat to enterprises in today's connected world. Whether you are a small SME or a large multinational company, the risk of a data breach and the company becoming another headline is a constant concern for senior management. It is not just financial loss that worries management but the loss of reputation and customer trust that can take years to recover if a data breach happens. This article reviews seven key issues tha...
https://cloudsecurityalliance.org/articles/7-common-causes-of-data-breach-safeguarding-your-digital-assets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Insight Platform Achieves Level 2 TX-Ramp Authorization
Rapid7's Insight Platform has officially achieved Level 2 Texas Risk and Authorization Management Program (TX-RAMP) authorization. This milestone marks a significant step forward in providing our customers peace-of-mind as well as the best end-to-end cloud security solutions.
https://blog.rapid7.com/2024/04/16/rapid7-insight-platform-achieves-level-2-tx-ramp-authorization/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pre-Pentest Checklist Part 2: Essential Questions to Answer Before Your Next Pentest
Part 2 of our pre-pentest checklist answers 9 questions about the "when," "who," and "how" of pentest preparation.
https://www.hackerone.com/penetration-testing/pre-pentest-checklist-part2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Microsoft guidance for the DoD Zero Trust Strategy
We are excited to announce new Zero Trust activity-level guidance for implementing the Department of Defense Zero Trust Strategy with Microsoft cloud services.
The post New Microsoft guidance for the DoD Zero Trust Strategy appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/04/16/new-microsoft-guidance-for-the-dod-zero-trust-strategy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'
We have repeatedly come across cases involving open source registries like npm and PyPI being flooded with thousands of packages in a short span of time. Typically, such surges in publishing activity are related to malware, dependency confusion PoCs, or just ...annoying SEO spam leveraging these registries.
It's not every day though that we see a virtually benign flood of packages that otherwise aren't conducting anything dangerous — well then, why the flood?
https://blog.sonatype.com/devs-flood-npm-with-10000-packages-to-reward-themselves-with-tea-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Personal Data Exposed in Massive Global Hack: Understanding the Implications & Guarding Privacy- Axios Security Group
In a digital age where information is the new currency, the recent global hack has…
Personal Data Exposed in Massive Global Hack: Understanding the Implications & Guarding Privacy- Axios Security Group on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/16/personal-data-exposed-in-massive-global-hack-understanding-the-implications-guarding-privacy-axios-security-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Annual Cybersecurity Training Isn't Working, So What's The Alternative?
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in TechRadar Pro Sausalito, Calif. – Apr. 16, 2024 According to Cybersecurity Ventures, the security awareness training market hit .6 billion in 2023 and is expected to surpass billion in the
The post Annual Cybersecurity Training Isn't Working, So What's The Alternative? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/annual-cybersecurity-training-isnt-working-so-whats-the-alternative/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Giant Tiger breach sees 2.8 million records leaked
A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger
https://www.malwarebytes.com/blog/news/2024/04/giant-tiger-breach-sees-2-8-million-records-leaked
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Guardz Welcomes SentinelOne as Strategic Partner and Investor to Boost Cybersecurity Defenses for SMBs
[Miami, FL – April 16, 2023] – Guardz, the cybersecurity company securing and insuring small…
Guardz Welcomes SentinelOne as Strategic Partner and Investor to Boost Cybersecurity Defenses for SMBs on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/16/guardz-welcomes-sentinelone-as-strategic-partner-and-investor-to-boost-cybersecurity-defenses-for-smbs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Obtaining security clearance: Hurdles and requirements
As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense. Obtaining that clearance, however, is far from simple. […]
The post Obtaining security clearance: Hurdles and requirements appeared first on Security Intelligence.
https://securityintelligence.com/articles/obtaining-security-clearance-hurdles-requirements/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected
NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly. Default Cmd: Windows Event Logs: Using NoArgs: Windows Event Logs: Functionality Overview The tool primarily operates by intercepting process creation calls made by the Windows API function CreateProcessW. When a process is initiated, this function is responsible for spawning the new process, along with any specified command-line arguments. The tool intervenes in this process creation flow, ensuring that the arguments are either hidden or manipulated before the new process is launched. Hooking Mechanism Hooking into CreateProcessW...
http://www.kitploit.com/2024/04/noargs-tool-designed-to-dynamically.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Stole 3.6M Tax Records from South Carolina?
For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed.
https://krebsonsecurity.com/2024/04/who-stole-3-6m-tax-records-from-south-carolina/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The ABCs of how online ads can impact children's well-being
From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here's how to help them stay safe.
https://www.welivesecurity.com/en/kids-online/abcs-online-ads-impact-childrens-well-being/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-28056
Publication Date: 2024/04/15 07:00 AM PST
AWS is aware of CVE-2024-28056, which affects Amplify CLI versions prior to 12.10.1 and Amplify Studio, which uses Amplify CLI. We released a fix to Amplify CLI on January 10, 2024 that also fixed Amplify Studio, and recommend customers upgrade to Amplify CLI 12.10.1 or higher to address this issue. We have proactively communicated with the customers using affected versions.
AWS has taken two additional steps to protect customers using Amplify from unintentional misconfigurations. First, AWS added a mitigation to the AWS Security Token Service (STS) where attempts to make a cross-account role assumption with a trust policy referencing Amazon Cognito as the trusted principal, without conditions to scope down access to specific Amazon Cognito...
https://aws.amazon.com/security/security-bulletins/AWS-2024-003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protect Your Linux Web Apps and Meet Compliance Standards
Security is vital for your Linux web apps, but keeping up with the latest exploits and meeting compliance standards can quickly become overwhelming.
https://linuxsecurity.com/features/features/linux-web-app-security-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Hot Penetration Testing Companies To Watch In 2024
Penetration testing is a skillset and a mindset – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Jan. 16, 2024 “If you're spending one dollar on cybersecurity and you're not doing penetration testing, then you're doing something terribly wrong,” says Seemant Sehgal, founder and CEO at BreachLock.
The post 10 Hot Penetration Testing Companies To Watch In 2024 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/10-hot-penetration-testing-companies-to-watch-in-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Set Your Small Privacy Team Up for Success
Originally published by Schellman.Amidst the evolving patchwork of data protection and privacy legislation in the United States, privacy remains a top priority for organizations. But protecting privacy also requires resources, and while not all organizations have that much to spare, it is possible to make do with only a small, dedicated team.In this blog post, we'll describe the common hurdles small privacy teams will face and how you can overcome them to set your organization up for long-ter...
https://cloudsecurityalliance.org/articles/how-to-set-your-small-privacy-team-up-for-success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Data Security Risks of Adopting Copilot for Microsoft 365
Originally published by Cyera.Written by Leo Reznik. Microsoft is taking the lead when it comes to AI-powered ecosystems. The company's newly introduced Copilot AI assistant for Microsoft 365 surfaces organizational data to deliver users a seamless workflow experience. However, with lots of data comes great responsibility. AI-powered tools enhance productivity while generating substantial new data that must be secured. These tools simultaneously raise the risk of inadvertent exposure of sensi...
https://cloudsecurityalliance.org/articles/the-data-security-risks-of-adopting-copilot-for-microsoft-365
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)
What is the vulnerability/attack?
A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under CVE-2024-3400 has a CVSS rating of 10.0. The GlobalProtect Gateway provides security solution for roaming users by extending the same next-generation firewall-based policies. According to the vendor advisory, active exploitation is on-going.
What is the recommended Mitigation?
The vendor has released a threat prevention signature on April 12th. And, they recently released firmware support withhotfix releases of PAN-OS.
What FortiGuard Coverage is available?
The FortiGuard has released an IPS and AV signatures to block exploitation attempts and malware delivery, respectively. It is still recommended to...
https://fortiguard.fortinet.com/threat-signal-report/5423
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Adapting to the Deluge of Cybersecurity Data
By Charlie Thomas, CEO, Deepwatch The ever-increasing volume of security data is becoming unmanageable through conventional data analysis, security tools and management techniques. Security teams are deluged with logs, events, […]
The post Adapting to the Deluge of Cybersecurity Data appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/adapting-to-the-deluge-of-cybersecurity-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Making Sense of the Sisense News
CISA issued a warning to CISOs that it was investigating a breach of Sisense. Let's make sense of this breach and what it means for organizations.
https://www.hackerone.com/vulnerability-management/sisense-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024
We're thrilled to announce that Forrester has recognized Microsoft as a Leader in the Forrester Wave™: Workforce Identity Platforms, Q1 2024 report. We're proud of this recognition, which we believe reflects our commitment to delivering advanced solutions that cater to the evolving needs of our customers in the workforce identity space.
The post Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/04/15/microsoft-recognized-as-a-leader-in-the-forrester-wave-workforce-identity-platform-q1-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Security Collides with Customer Impatience
How Biographic and Biometric Information Work as a Team to Solve the Problem By Raj Ananthanpillai, CEO, Trua Online customers don't take long to get fidgety. They want their transactions […]
The post When Security Collides with Customer Impatience appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/when-security-collides-with-customer-impatience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crickets from Chirp Systems in Smart Lock Key Leak
The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.
https://krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of Iframes, Allowing The Bypass Of Traditional Framebusters Implemented By Login Pages Like Microsoft And The Use With Evilginx
A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I recommend that you first check my talk at BSides 2023, where I first introduced this concept along with important details on how to craft the "perfect" phishing attack. ▶ Watch Video ☕︎ Buy Me A Coffee Video Tutorial: 👇 Disclaimer This tool is for educational and research purposes only. It demonstrates a non-iframe based Browser In The Browser (BITB) method. The author is not responsible for any misuse. Use this tool only legally and ethically, in controlled environments for cybersecurity...
http://www.kitploit.com/2024/04/frameless-bitb-new-approach-to-browser.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Artificial Intelligence Technology Affects Fintech Companies & The Financial Industry
The modern fintech sector is the result of the introduction of new technologies and approaches,…
How Artificial Intelligence Technology Affects Fintech Companies & The Financial Industry on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/04/15/how-artificial-intelligence-technology-affects-fintech-companies-the-financial-industry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using the LockBit builder to generate targeted ransomware
Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.
https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bitcoin scams, hacks and heists – and how to avoid them
Here's how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safe
https://www.welivesecurity.com/en/scams/bitcoin-scams-hacks-heists-protect-yourself/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (April 8 – April 14)
A list of topics we covered in the week of April 8 to April 14 of 2024
https://www.malwarebytes.com/blog/news/2024/04/a-week-in-security-april-8-april-14
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Totally Unexpected” Package Malware Using Modified Notepad++ Plug-in (WikiLoader)
AhnLab SEcurity intelligence Center (ASEC) has recently identified the distribution of a modified version of “mimeTools.dll”, a default Notepad++ plug-in. The malicious mimeTools.dll file in question was included in the package installation file of a certain version of the Notepad++ package and disguised as a legitimate package file. As shown in the image below, mimeTools is a module for conducting Base64 encoding and other tasks. It is included by default and does not require the user to add it manually....
The post “Totally Unexpected” Package Malware Using Modified Notepad++ Plug-in (WikiLoader) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/64106/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Amplify IAM role publicly assumable exposure
The AWS Amplify service was found to be misconfiguring IAM roles associated
with Amplify projects. This misconfiguration caused these roles to be assumable
by any other AWS account. Both the Amplify Studio and the Amplify CLI
exhibited this behavior. Any Amplify project created using the Amplify CLI
built between July 3, 2018 and August 8, 2019 had IAM roles that were assumable by
anyone in the world. The same was true if the authentication component was removed
from an Amplify project using the Amplify CLI or Amplify Studio built between
August 2019 and January 2024. AWS mitigated this vulnerability through backend changes to
STS and IAM, and also released a patch for the Amplify CLI to ensure that newly
created roles are properly configured in accordance with these changes.
https://www.cloudvulndb.org/aws-amplify-iam-role-publicly-assumable-exposure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Toolkit - The Essential Toolkit For Reversing, Malware Analysis, And Cracking
This tool compilation is carefully crafted with the purpose of being useful both for the beginners and veterans from the malware analysis world. It has also proven useful for people trying their luck at the cracking underworld. It's the ideal complement to be used with the manuals from the site, and to play with the numbered theories mirror. Advantages To be clear, this pack is thought to be the most complete and robust in existence. Some of the pros are: It contains all the basic (and not so basic) tools that you might need in a real life scenario, be it a simple or a complex one. The pack is integrated with an Universal Updater made by us from scratch. Thanks to that, we get to mantain all the tools in an automated fashion. It's really easy to expand and modify: you just have to...
http://www.kitploit.com/2024/04/toolkit-essential-toolkit-for-reversing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Giant Tiger - 2,842,669 breached accounts
In March 2024, Canadian discount store Giant Tiger suffered a data breach that exposed 2.8M customer records. Attributed to a vendor of the retailer, the breach included physical and email addresses, names and phone numbers.
https://haveibeenpwned.com/PwnedWebsites#GiantTiger
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Reduce the Risk of Using External AI Models in Your SDLC
Understand how AI models add risk and how to address it.
https://www.legitsecurity.com/blog/how-to-reduce-the-risk-of-using-external-ai-models-in-your-sdlc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Company Values Matter: Default to Disclosure
https://www.hackerone.com/culture-and-talent/hackerone-company-values-matter-default-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials
The new release of Metasploit Framework includes a Shadow Credentials module added by smashery used for reliably taking over an Active Directory user account or computer, and letting future authentication to happen as that account. This can be chained with other modules present in Metasploit
https://blog.rapid7.com/2024/04/12/metasploit-weekly-wrap-up-04-12-24/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 (Updated April 22)
We detail Operation MidnightEclipse, a campaign exploiting command injection vulnerability CVE-2024-3400, and include protections and mitigations.
The post Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 (Updated April 22) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cve-2024-3400/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to change your Social Security Number
Wondering whether changing your SSN is an option. Read here what you need to qualify for a new SSN and what you need to get one.
https://www.malwarebytes.com/blog/news/2024/04/how-to-change-your-social-security-number
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The essential duo of SCA and SBOM management
In the modern shifting landscape of software supply chain attacks, prioritizing application security and integrity is non-negotiable.
https://blog.sonatype.com/the-essential-duo-of-sca-and-sbom-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe
Almost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit
https://www.welivesecurity.com/en/videos/exotic-visit-exploitspy-malware-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-3400: Critical Command Injection Vulnerability in Palo Alto Networks Firewalls
On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 vulnerability in several versions of PAN-OS, the operating system that runs on the company's firewalls. CVE-2024-3400 allows for arbitrary code execution as root.
https://blog.rapid7.com/2024/04/12/etr-cve-2024-3400-critical-command-injection-vulnerability-in-palo-alto-networks-firewalls-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Porch-Pirate - The Most Comprehensive Postman Recon / OSINT Client And Framework That Facilitates The Automated Discovery And Exploitation Of API Endpoints And Secrets Committed To Workspaces, Collections, Requests, Users And Teams
Porch Pirate started as a tool to quickly uncover Postman secrets, and has slowly begun to evolve into a multi-purpose reconaissance / OSINT framework for Postman. While existing tools are great proof of concepts, they only attempt to identify very specific keywords as "secrets", and in very limited locations, with no consideration to recon beyond secrets. We realized we required capabilities that were "secret-agnostic", and had enough flexibility to capture false-positives that still provided offensive value. Porch Pirate enumerates and presents sensitive results (global secrets, unique headers, endpoints, query parameters, authorization, etc), from publicly accessible Postman entities, such as: Workspaces Collections Requests Users Teams Installation python3 -m pip install...
http://www.kitploit.com/2024/04/porch-pirate-most-comprehensive-postman.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Responding to a cyber incident – a guide for CEOs
Guidance to help CEOs in public and private sector organisations manage a cyber incident.
https://www.ncsc.gov.uk/guidance/ceos-responding-cyber-incidents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XZ backdoor story – Initial analysis
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.
https://securelist.com/xz-backdoor-story-part-1/112354/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why CISA is Warning CISOs About a Breach at Sisense
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.
https://krebsonsecurity.com/2024/04/why-cisa-is-warning-cisos-about-a-breach-at-sisense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a Race Condition Vulnerability Could Cast Multiple Votes
Hacker and Senior Solutions Architect Dane Sherrets tells the story of how a race condition vulnerability could cast multiple votes.
https://www.hackerone.com/vulnerability-management/sherrets-race-condition
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Microsoft discovers and mitigates evolving attacks against AI guardrails
Read about some of the key issues surrounding AI harms and vulnerabilities, and the steps Microsoft is taking to address the risk.
The post How Microsoft discovers and mitigates evolving attacks against AI guardrails appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/04/11/how-microsoft-discovers-and-mitigates-evolving-attacks-against-ai-guardrails/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint is Recognized as a 2024 Gartner® Peer Insights™ Customers' Choice for Data Loss Prevention
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-recognized-2024-gartner-peer-insights-customers-choice-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware payouts hit all-time high, but that's not the whole story
Ransomware payments hit an all-time high of .1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities. In 2023, however, ransomware payouts came roaring back to […]
The post Ransomware payouts hit all-time high, but that's not the whole story appeared first on Security Intelligence.
https://securityintelligence.com/articles/ransomware-all-time-high-attackers-struggle/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
APKDeepLens - Android Security Insights In Full Spectrum
APKDeepLens is a Python based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration testers, and security researchers to assess the security posture of Android apps. Features APKDeepLens is a Python-based tool that performs various operations on APK files. Its main features include: APK Analysis -> Scans Android application package (APK) files for security vulnerabilities. OWASP Coverage -> Covers OWASP Top 10 vulnerabilities to ensure a comprehensive security assessment. Advanced Detection -> Utilizes custom python code for APK file analysis and vulnerability detection. Sensitive Information Extraction -> Identifies...
http://www.kitploit.com/2024/04/apkdeeplens-android-security-insights.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond fun and games: Exploring privacy risks in children's apps
Should children's apps come with ‘warning labels'? Here's how to make sure your children's digital playgrounds are safe places to play and learn.
https://www.welivesecurity.com/en/kids-online/beyond-fun-games-privacy-risks-childrens-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Meterpreter Installed via Redis Server
AhnLab SEcurity intelligence Center (ASEC) recently discovered that the Metasploit Meterpreter backdoor has been installed via the Redis service. Redis is an abbreviation of Remote Dictionary Server, which is an open-source in-memory data structure storage that is also used as a database. It is presumed that the threat actors abused inappropriate settings or ran commands through vulnerability attacks. Redis is used for various purposes with the main ones being session management, message broker, and queues. As many systems all over...
The post Metasploit Meterpreter Installed via Redis Server appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/64034/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salvadoran Citizens - 946,989 breached accounts
In April 2024, nearly 6 million records of Salvadoran citizens were published to a popular hacking forum. The data included names, dates of birth, phone numbers, physical addresses and nearly 1M unique email addresses. Further, over 5M corresponding profile photos were also included in the breach.
https://haveibeenpwned.com/PwnedWebsites#SalvadoranCitizens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strategies for Improving Linux Security Through Cross-Browser Compatibility Testing
In the dynamic landscape of web development , ensuring that applications perform uniformly across various web browsers is a vital aspect of user experience. This becomes increasingly important for Linux systems, where the default browsers and configurations range presents unique challenges. Cross-browser compatibility testing on Linux helps to identify and resolve these discrepancies, thereby enhancing the accessibility and functionality of web applications for all users.
https://linuxsecurity.com/features/features/cross-browser-compatibility-testing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Gatekeeper to Guardian: Why CISOs Must Embrace Their Inner Business Superhero
Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.(And why it should become our outer superhero persona, too)Let's face it. The days of the CISO as the lone wolf, guarding the castle walls with a stack of firewalls and a suspicious glare, are over (though some of us still have an icy glare). Today's cybersecurity landscape demands a different kind of hero: a business-savvy leader who understands the intricate dance of protecting the organization whil...
https://cloudsecurityalliance.org/articles/from-gatekeeper-to-guardian-why-cisos-must-embrace-their-inner-business-superhero
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cantwell Proposes Legislation to Create a Blueprint for AI Innovation and Security
Originally published by Truyo.Written by Dan Clarke.In 2024, a surge of global AI legislation is imminent, with the United States poised to follow the European Union's lead by implementing comprehensive nationwide rules and guidelines. Senate Commerce Committee Chair Maria Cantwell is gearing up to unleash a wave of groundbreaking AI legislation, marking the first comprehensive initiative in Congress to address the multifaceted challenges posed by the currently unregulated technology.While th...
https://cloudsecurityalliance.org/articles/cantwell-proposes-legislation-to-create-a-blueprint-for-ai-innovation-and-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter's Clumsy Pivot to X.com Is a Gift to Phishers
On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets.
https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Detailed Guide on RustScan
In the realm of cybersecurity, network scanning tools play a vital role in reconnaissance and vulnerability assessment. Among the array of options available, Rustscan has
The post A Detailed Guide on RustScan appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-rustscan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader
In part one of our blog series, we discussed how a Rust based application was used to download and execute the IDAT Loader. In part two of this series, we will be providing analysis of how an MSIX installer led to the download and execution of the IDAT Loader.
https://blog.rapid7.com/2024/04/10/stories-from-the-soc-part-2-msix-installer-utilizes-telegram-bot-to-execute-idat-loader/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What should an AI ethics governance framework look like?
While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher. As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is […]
The post What should an AI ethics governance framework look like? appeared first on Security Intelligence.
https://securityintelligence.com/articles/ai-governance-framework-ethics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RemoteTLSCallbackInjection - Utilizing TLS Callbacks To Execute A Payload Without Spawning Any Threads In A Remote Process
This method utilizes TLS callbacks to execute a payload without spawning any threads in a remote process. This method is inspired by Threadless Injection as RemoteTLSCallbackInjection does not invoke any API calls to trigger the injected payload. Quick Links Maldev Academy Home Maldev Academy Syllabus Related Maldev Academy Modules New Module 34: TLS Callbacks For Anti-Debugging New Module 35: Threadless Injection Implementation Steps The PoC follows these steps: Create a suspended process using the CreateProcessViaWinAPIsW function (i.e. RuntimeBroker.exe). Fetch the remote process image base address followed by reading the process's PE headers. Fetch an address to a TLS callback function. Patch a fixed shellcode (i.e. g_FixedShellcode) with runtime-retrieved...
http://www.kitploit.com/2024/04/remotetlscallbackinjection-utilizing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerOne Celebrates Global Work from Home Day
https://www.hackerone.com/culture-and-talent/hackerone-celebrates-global-work-home-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - April 2024
One late-breaking zero-day vuln. Defender for IoT critical RCEs. Dozens of SQL OLE DB driver RCEs. Microsoft adds CWE and Vector String Source to advisories.
https://blog.rapid7.com/2024/04/09/patch-tuesday-april-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
April's Patch Tuesday Brings Record Number of Fixes
If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147 flaws in Windows and related software.
https://krebsonsecurity.com/2024/04/aprils-patch-tuesday-brings-record-number-of-fixes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Muddled Libra's Evolution to the Cloud
Muddled Libra now actively targets CSP environments and SaaS applications. Using the MITRE ATT&CK framework, we outline observed TTPs from incident response.
The post Muddled Libra's Evolution to the Cloud appeared first on Unit 42.
https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decoding the Characteristics of Modern Pentesting: Value
Let's explore the "Value" factor of different pentesting methodologies and see how each one measures up.
https://www.hackerone.com/penetration-testing/modern-pentesting-value
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in LG WebOS
As the creator of the world's first smart home cybersecurity hub, Bitdefender
regularly audits popular IoT hardware for vulnerabilities. This research paper
is part of a broader program that aims to shed light on the security of the
world's best-sellers in the IoT space. This report covers vulnerabilities
discovered while researching the LG WebOS TV operating system.
We have found several issues affecting WebOS versions 4 through 7 running on LG
TVs. These vulnerabilities let us gain root acces
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why security orchestration, automation and response (SOAR) is fundamental to a security platform
Placing SOAR at the heart of a security platform helps teams extend and maximize value across the ecosystem and to any security process while working in a centralized, coordinated manner.
The post Why security orchestration, automation and response (SOAR) is fundamental to a security platform appeared first on Security Intelligence.
https://securityintelligence.com/posts/why-security-orchestration-automation-and-response-soar-is-fundamental-to-a-security-platform/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sicat - The Useful Exploit Finder
Introduction SiCat is an advanced exploit search tool designed to identify and gather information about exploits from both open sources and local repositories effectively. With a focus on cybersecurity, SiCat allows users to quickly search online, finding potential vulnerabilities and relevant exploits for ongoing projects or systems. SiCat's main strength lies in its ability to traverse both online and local resources to collect information about relevant exploitations. This tool aids cybersecurity professionals and researchers in understanding potential security risks, providing valuable insights to enhance system security. SiCat Resources Exploit-DB Packetstorm Security Exploit Alert NVD Database Metasploit Modules Installation git clone https://github.com/justakazh/sicat.git...
http://www.kitploit.com/2024/04/sicat-useful-exploit-finder.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interactive administration in the cloud: managing the risks
Tips to help you secure and reduce interactive access to your cloud infrastructure.
https://www.ncsc.gov.uk/blog-post/interactive-administration-cloud-managing-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Behind The Scenes Of Ransomware Attacks
This is hopefully the most useless blog post you will read this year as this post will detail our experience dealing with ransomware cases. It is one of the most common reasons why we get called in to help and it has become a big business. Chainalysis, for example, has tracked .1 billion in ransomware […]
https://blog.compass-security.com/2024/04/behind-the-scenes-of-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Administrator cookie leakage
An insufficiently protected credentials vulnerability (CWE-522) in FortiOS and FortiProxy may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN.
https://fortiguard.fortinet.com/psirt/FG-IR-23-493
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary file delete on endpoint
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox may allow an authenticated attacker with at least read-only permission to delete arbitrary files via crafted HTTP requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-454
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary file read on endpoint
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability |CWE-22] in FortiSandbox may allow an authenticated attacker with at least read-only permission to read arbitrary files via crafted http requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-060
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiMail - SMTP Smuggling
Fortinet is aware of the new SMTP smuggling technique.By exploiting interpretation differences of the SMTP protocol for the end of data sequence, it is possible to send spoofed e-mails, while still passing SPF alignment checks.FortiMail may be susceptible to smuggling attacks if some measures are not put in place. We therefore recommend to adhere to the following indications in order to mitigate the potential risk associated to the smuggling attacks:- Enable DKIM (Domain Keys Identified Mail) to enhance e-mail authentication. Select "None" action under DKIM check in AntiSpam profile in order to block by default e-mail without DKIM signature.- Disable "any-any" traffic policy to restrict unauthorized access.- Modify the configuration settings in line with the recommended security practices...
https://fortiguard.fortinet.com/psirt/FG-IR-24-009
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiManager - Code Injection via Jinja Template
An improper neutralization of special elements used in a template engine [CWE-1336] vulnerability in FortiManager provisioning templates may allow a local authenticated attacker with at least read-only permissions to execute arbitrary code via specially crafted templates.
https://fortiguard.fortinet.com/psirt/FG-IR-23-419
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiOS - Format String in CLI command
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-413
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox may allow a privileged attacker with super-admin profile and CLI access to execute arbitrary code via CLI.
https://fortiguard.fortinet.com/psirt/FG-IR-23-416
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FortiSandbox - Command injection impacting CLI command
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox may allow a privileged attacker with super-admin profile and CLI access to execute arbitrary code via CLI.
https://fortiguard.fortinet.com/psirt/FG-IR-23-411
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lack of certificate validation
An improper certificate validation vulnerability [CWE-295] in FortiNAC-F may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.
https://fortiguard.fortinet.com/psirt/FG-IR-23-288
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lack of configuration file validation
An external control of file name or path vulnerability [CWE-73] in FortiClientMac's installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
https://fortiguard.fortinet.com/psirt/FG-IR-23-345
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OS command injection on endpoint
Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox may allow an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-489
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Code Execution due to dangerous ELECTRONJS configuration
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow##an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.
https://fortiguard.fortinet.com/psirt/FG-IR-23-087
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kaspersky Club - 55,971 breached accounts
In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.
https://haveibeenpwned.com/PwnedWebsites#KasperskyClub
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise
We describe the characteristics of malware-initiated scanning attacks. These attacks differ from direct scanning and are increasing according to our data.
The post It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we built the new Find My Device network with user security and privacy in mind
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Keeping people safe and their data secure and private is a top priority for Android. That is why we took our time when designing the new Find My Device, which uses a crowdsourced device-locating network to help you find your lost or misplaced devices and belongings quickly – even when they're offline. We gave careful consideration to the potential user security and privacy challenges that come with device finding services. During development, it was important for us to ensure the new Find My Device was secure by default and private by design. To build a private, crowdsourced device-locating network, we first conducted user research and gathered feedback from privacy and advocacy groups. Next, we developed multi-layered...
http://security.googleblog.com/2024/04/find-my-device-network-security-privacy-protections.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CloudGrappler - A purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure
Permiso: https://permiso.io Read our release blog: https://permiso.io/blog/cloudgrappler-a-powerful-open-source-threat-detection-tool-for-cloud-environments CloudGrappler is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in popular cloud environments such as AWS and Azure. Notes To optimize your utilization of CloudGrappler, we recommend using shorter time ranges when querying for results. This approach enhances efficiency and accelerates the retrieval of information, ensuring a more seamless experience with the tool. Required Packages bash pip3 install -r requirements.txt Cloning cloudgrep locally To clone the cloudgrep repository locally, run the clone.sh file. Alternatively, you can manually clone...
http://www.kitploit.com/2024/04/cloudgrappler-purpose-built-tool.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
boAt - 7,528,985 breached accounts
In March 2024, the Indian audio and wearables brand boAt suffered a data breach that exposed 7.5M customer records. The data included physical and email address, names and phone numbers, all of which were subsequently published to a popular clear web hacking forum.
https://haveibeenpwned.com/PwnedWebsites#boAt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Recovering a hacked account
A step by step guide to recovering online accounts.
https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2)
AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube channels and distribute malware—they are stealing well-known channels that already exist to achieve their goal. In one of the cases, the targeted channel had more than 800,000 subscribers. The threat actors who abuse YouTube are mainly distributing Infostealers. The RedLine Infostealer that was distributed via YouTube in 2020 as well...
The post Threat Actors Hack YouTube Channels to Distribute Infostealers (Vidar and LummaC2) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/63980/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Online Scams: I Just Wanted to Make a Lot of Money Easily
Online investment scams these days are no longer an issue limited to specific nations, now becoming a social issue prevalent around the globe. Scammers (criminals) deceive their victims through illegal and immoral means, extorting financial assets including cash and virtual assets from them. They are usually a part of a structured criminal syndicate, where they devise sophisticated scenarios to commit “transnational” fraud crimes. Anyone can fall victim to their expertise and slick persuasion, regardless of age, income, or intelligence. The...
The post Online Scams: I Just Wanted to Make a Lot of Money Easily appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/63884/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GDBFuzz - Fuzzing Embedded Systems Using Hardware Breakpoints
This is the companion code for the paper: 'Fuzzing Embedded Systems using Debugger Interfaces'. A preprint of the paper can be found here https://publications.cispa.saarland/3950/. The code allows the users to reproduce and extend the results reported in the paper. Please cite the above paper when reporting, reproducing or extending the results. Folder structure . ├── benchmark # Scripts to build Google's fuzzer test suite and run experiments ├── dependencies # Contains a Makefile to install dependencies for GDBFuzz ├── evaluation # Raw exeriment data, presented in the paper ├── example_firmware # Embedded example applications, used for the evaluation ├── example_programs # Contains a compiled...
http://www.kitploit.com/2024/04/gdbfuzz-fuzzing-embedded-systems-using.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ADOKit - Azure DevOps Services Attack Toolkit
Azure DevOps Services Attack Toolkit - ADOKit is a toolkit that can be used to attack Azure DevOps Services by taking advantage of the available REST API. The tool allows the user to specify an attack module, along with specifying valid credentials (API key or stolen authentication cookie) for the respective Azure DevOps Services instance. The attack modules supported include reconnaissance, privilege escalation and persistence. ADOKit was built in a modular approach, so that new modules can be added in the future by the information security community. Full details on the techniques used by ADOKit are in the X-Force Red whitepaper. Installation/Building Libraries Used The below 3rd party libraries are used in this project. Library URL License Fody https://github.com/Fody/Fody...
http://www.kitploit.com/2024/04/adokit-azure-devops-services-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Weekly Wrap-Up 04/05/2024
New ESC4 Templates for AD CS
Metasploit added capabilities for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the ad_cs_cert_templates module which enables users to read and write
https://blog.rapid7.com/2024/04/05/metasploit-weekly-wrap-up-04-05-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automating and maintaining SBOMs
The software bill of materials (SBOM) is an indispensable artifact of modern software development, detailing all the components of a software supply chain.
https://blog.sonatype.com/automating-and-maintaining-sboms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The devil is in the fine print – Week in security with Tony Anscombe
Temu's cash giveaway where people were asked to hand over vast amounts of their personal data to the platform puts the spotlight on the data-slurping practices of online services today
https://www.welivesecurity.com/en/videos/devil-fine-print-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Explore Microsoft's AI innovations at RSA Conference 2024
Will you be at the RSA Conference? Join us for Microsoft Pre-Day, sessions, and other events for insights on leading in AI. Keep reading for what to expect at the event.
The post Explore Microsoft's AI innovations at RSA Conference 2024 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/04/04/explore-microsofts-ai-innovations-at-rsa-conference-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2024 Cyber Attacks Timeline
I am back with the first timeline of 2024, with some changes: ransomware counted as a specific attack technique, and an optimization of the sources. With this new methodology I collected 116 events, and for the first time, the threat landscape was dominated by account takeovers, a consequence of the numerous crypto scams that have flooded X (previously Twitter), ahead of Ransomware and malware (16.4%), and exploitation of vulnerabilities (9.5%).
https://www.hackmageddon.com/2024/04/04/1-15-january-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Lawsuit Threat Exposes Privnote Phishing Sites
A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.
https://krebsonsecurity.com/2024/04/fake-lawsuit-threat-exposes-privnote-phishing-sites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI meets next-gen info stealers in social media malvertising campaigns
The impact that AI has on society has steadily crept into the darkest nooks and
crannies of the internet. So much so that cybercrooks are hitching free rides on
the AI bandwagon by leveraging the increased demand of AI-powered software for
content creators.
Cybercriminal groups constantly adapt their operating methods and tools to stay
a step ahead of potential victims. Highly focused on enhancing their deceptive
practices, threat actors have, unfortunately, found a most reliable and powerful
a
https://www.bitdefender.com/blog/labs/ai-meets-next-gen-info-stealers-in-social-media-malvertising-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Rapid7 Products & Services: Q1 2024 in Review
We kicked off 2024 with a continued focus on bringing security professionals the tools and functionality needed to anticipate risks, pinpoint threats, and respond faster with confidence.
https://blog.rapid7.com/2024/04/04/whats-new-in-rapid7-products-services-q1-2024-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud security uncertainty: Do you know where your data is?
How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried. In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say […]
The post Cloud security uncertainty: Do you know where your data is? appeared first on Security Intelligence.
https://securityintelligence.com/articles/cloud-security-uncertainty-hybrid-cloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Latrodectus Downloader Picks Up Where QBot Left Off
https://www.proofpoint.com/us/newsroom/news/malicious-latrodectus-downloader-picks-where-qbot-left
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS)
Recently, AhnLab SEcurity intelligence Center (ASEC) discovered the distribution of Rhadamanthys under the guise of an installer for groupware. The threat actor created a fake website to resemble the original website and exposed the site to the users using the ad feature in search engines. ASEC Blog has previously covered malware distributed through such ad features of search engines in the article titled “Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking [1]. The malware in...
The post Rhadamanthys Malware Disguised as Groupware Installer (Detected by MDS) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/63864/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Alternative of Netcat Listener
Pentesters rely on a variety of tools to establish connections and maintain access during security assessments. One critical component of their toolkit is the listener—a
The post Best Alternative of Netcat Listener appeared first on Hacking Articles.
https://www.hackingarticles.in/best-alternative-of-netcat-listener/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XZ Utils Supply Chain Attack (CVE-2024-3094)
What is the vulnerability/attack?
A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced an unexpected behavior, leading to further investigation and discovery of the vulnerability.
What is the recommended Mitigation?
CISA has advised XZ Utils users to downgrade to an older version of the utility immediately (i.e., any version before 5.6.0) and update their installations and packages according to distribution maintainer directions. Major Linux distributions and package maintainers have published guidance...
https://fortiguard.fortinet.com/threat-signal-report/5408
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Get end-to-end protection with Microsoft's unified security operations platform, now in public preview
Microsoft's unified security operations platform is now in public preview. Read on for details of how a comprehensive approach to cybersecurity can benefit your security operations center.
The post Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/04/03/get-end-to-end-protection-with-microsofts-unified-security-operations-platform-now-in-public-preview/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting
This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.
The post Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting appeared first on The GitHub Blog.
https://github.blog/2024-04-03-security-research-without-ever-leaving-github-from-code-scanning-to-cve-via-codespaces-and-private-vulnerability-reporting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘The Manipulaters' Improve Phishing, Still Fail at Opsec
Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities.
https://krebsonsecurity.com/2024/04/the-manipulaters-improve-phishing-still-fail-at-opsec/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GenAI: The next frontier in AI security threats
Threat actors aren’t attacking generative AI (GenAI) at scale yet, but these AI security threats are coming. That prediction comes from the 2024 X-Force Threat Intelligence Index. Here’s a review of the threat intelligence types underpinning that report. Cyber criminals are shifting focus Increased chatter in illicit markets and dark web forums is a sign […]
The post GenAI: The next frontier in AI security threats appeared first on Security Intelligence.
https://securityintelligence.com/articles/gen-ai-next-ai-security-threat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
YouTube channels found using pirated video games as bait for malware campaign
https://www.proofpoint.com/us/newsroom/news/youtube-channels-found-using-pirated-video-games-bait-malware-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How often should you change your passwords?
And is that actually the right question to ask? Here's what else you should consider when it comes to keeping your accounts safe.
https://www.welivesecurity.com/en/cybersecurity/how-often-should-change-passwords/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SurveyLama - 4,426,879 breached accounts
In February 2024, the paid survey website SurveyLama suffered a data breach that exposed 4.4M customer email addresses. The incident also exposed names, physical and IP addresses, phone numbers, dates of birth and passwords stored as either salted SHA-1, bcrypt or argon2 hashes. When contacted about the incident, SurveyLama advised that they had already "notified the users by email".
https://haveibeenpwned.com/PwnedWebsites#SurveyLama
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Named an Overall Leader in KuppingerCole Leadership Compass for Email Security
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-named-overall-leader-kuppingercole-leadership-compass-email
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Priva announces new solutions to help modernize your privacy program
Today, we are beyond thrilled to announce the expansion of the Microsoft Priva family of products in public preview. These new features bring automated functionality and capabilities to help organizations meet adapting privacy requirements.
The post Microsoft Priva announces new solutions to help modernize your privacy program appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/04/02/microsoft-priva-announces-new-solutions-to-help-modernize-your-privacy-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The evolution of a CISO: How the role has changed
In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will […]
The post The evolution of a CISO: How the role has changed appeared first on Security Intelligence.
https://securityintelligence.com/articles/ciso-role-evolution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malware hiding in pictures? More likely than you think
There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.
https://www.welivesecurity.com/en/malware/malware-hiding-in-pictures-more-likely-than-you-think/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Hope Is Not a Strategy”: Cyber Leaders on the Real Keys to Executing a Defense-in-Depth Strategy
https://www.proofpoint.com/us/newsroom/news/hope-not-strategy-cyber-leaders-real-keys-executing-defense-depth-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Setting up 2-Step Verification (2SV)
How setting up 2SV can help protect your online accounts, even if your password is stolen.
https://www.ncsc.gov.uk/guidance/setting-2-step-verification-2sv
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Social Media: how to use it safely
Use privacy settings across social media platforms to manage your digital footprint.
https://www.ncsc.gov.uk/guidance/social-media-how-to-use-it-safely
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the Software Supply Chain: Risk Management Tips
Securing the software supply chain can seem daunting, but with the right strategy, you can optimize your software supply chain risk management practices.
https://www.legitsecurity.com/blog/securing-the-software-supply-chain-risk-management-tips
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma
As sure as long weekends arrive in the western world, so too does news of new supply chain attacks. The easter bank holidays were no exception, with the discovery of a targeted attack against the popular XZ compression utility seen in many linux distributions such as fedora, debian to name a few.
https://blog.sonatype.com/cve-2024-3094-the-targeted-backdoor-supply-chain-attack-against-xz-and-liblzma
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pandabuy - 1,348,407 breached accounts
In March 2024, 1.3M unique email addresses from the online store for purchasing goods from China, Pandabuy, were posted to a popular hacking forum. The data also included IP and physical addresses, names, phone numbers and order enquiries. The breach was alleged to be attributed to "Sanggiero" and "IntelBroker".
https://haveibeenpwned.com/PwnedWebsites#Pandabuy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Hey, This Isn't the Right Site!” Distribution of Malware Exploiting Google Ads Tracking
AhnLab SEcurity intelligence Center (ASEC) has recently detected a malware strain being distributed by using the Google Ads tracking feature. The confirmed cases show that the malware is being distributed by disguising itself as an installer for popular groupware such as Notion and Slack. Once the malware is installed and executed, it downloads malicious files and payloads from the attacker’s server. Below is the list of the file names that have been discovered so far. This type of malware is...
The post “Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/63477/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Washington State Food Worker Card - 1,594,305 breached accounts
In June 2023, the Tacoma-Pierce County Health Department announced a data breach of their Washington State Food Worker Card online training system. The breach was published to a popular hacking forum the year before and dated back to a 2018 database backup. Included in the data were 1.6M unique email addresses along with names, post codes, dates of birth and approximately 9.5k driver's licence numbers.
https://haveibeenpwned.com/PwnedWebsites#WashingtonStateFoodWorkerCard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094)
An overview of CVE-2024-3094, a vulnerability in XZ Utils, and information about how to mitigate.
The post Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What You Need to Know About the XZ Utils Backdoor
Understand how to respond to the announcement of the XZ Utils backdoor.
https://www.legitsecurity.com/blog/what-you-need-to-know-about-the-xz-utils-backdoor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-3094
Publication Date: 2024/03/29 12:30 PM PST CVE Identifier: CVE-2024-3094
AWS is aware of CVE-2024-3094, which affects versions 5.6.0 and 5.6.1 of the xz-utils package. This issue may attempt to introduce security issues in openssh through the use of liblzma within some operating system environments. Amazon Linux customers are not affected by this issue, and no action is required. AWS infrastructure and services do not utilize the affected software and are not impacted. Users of Bottlerocket are not affected.
Customers using other operating systems are advised to refer to information provided by the OS vendor to address any concerns originating from this reported issue.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2024-002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SBOM, VDR, and Maven: Transforming the Apache Logging experience to a common pattern
In late 2023, a few members of the Apache Logging Services project – known for providing the famous Log4j logging framework – received funding from the Sovereign Tech Fund (STF) to enhance security aspects of their work.
https://blog.sonatype.com/sbom-vdr-and-maven-transforming-the-apache-logging-experience-to-a-common-pattern
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
64-bit Linux Assembly and Shellcoding
Introduction Shellcodes are machine instructions that are used as a payload in the exploitation of a vulnerability. An exploit is a small code that targets
The post 64-bit Linux Assembly and Shellcoding appeared first on Hacking Articles.
https://www.hackingarticles.in/64-bit-linux-assembly-and-shellcoding/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RDP remains a security concern – Week in security with Tony Anscombe
Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result
https://www.welivesecurity.com/en/videos/rdp-security-concern-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Toronto 2023: Part 5 – The Exploit
In this final part of this series, we are finally going to explain how the stack-based buffer overflow vulnerability can be exploited to gain unauthenticated remote code execution (RCE) on the Synology BC500 camera.
https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-5-the-exploit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
England Cricket - 43,299 breached accounts
In March 2024, English Cricket's icoachcricket website suffered a data breach that exposed over 40k records. The data included email addresses and passwords stored as either bcrypt hashes, salted MD5 hashes or both. The data was provided to HIBP by a source who requested it be attributed to "IntelBroker".
https://haveibeenpwned.com/PwnedWebsites#ECB
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thread Hijacking: Phishes That Prey on Your Curiosity
Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here's the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.
https://krebsonsecurity.com/2024/03/thread-hijacking-phishes-that-prey-on-your-curiosity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Public DNS's approach to fight against cache poisoning attacks
Tianhao Chi and Puneet Sood, Google Public DNSThe Domain Name System (DNS) is a fundamental protocol used on the Internet to translate human-readable domain names (e.g., www.example.com) into numeric IP addresses (e.g., 192.0.2.1) so that devices and servers can find and communicate with each other. When a user enters a domain name in their browser, the DNS resolver (e.g. Google Public DNS) locates the authoritative DNS nameservers for the requested name, and queries one or more of them to obtain the IP address(es) to return to the browser.When DNS was launched in the early 1980s as a trusted, content-neutral infrastructure, security was not yet a pressing concern, however, as the Internet grew DNS became vulnerable to various attacks. In this post, we will look at DNS cache poisoning attacks...
http://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DinodasRAT Linux implant targeting entities worldwide
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
https://securelist.com/dinodasrat-linux-implant/112284/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in February 2024
27 new CVEs, and continued IoT targeting. See what's new from February 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-february-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Toronto 2023: Part 4 – Memory Corruption Analysis
In this fourth part of the series, we analyze the memory corruption identified previously and manage to overwrite the program pointer!
https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-4-memory-corruption-analysis/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exvagos - 2,121,789 breached accounts
In July 2022, the direct download website Exvagos suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 2.1M unique email addresses along with IP addresses, usernames, dates of birth and MD5 password hashes.
https://haveibeenpwned.com/PwnedWebsites#Exvagos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256)
What is the vulnerability?
Cyber threat actors are actively targeting Linear eMerge E3-Series to exploit a 5-year-old critical vulnerability. The vulnerability tracked as CVE-2019-7256 is a command injection flaw that could allow an attacker to cause remote code execution and full access to the system.
The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which underscores the importance of the potential widespread impact of this vulnerability.
What is the recommended Mitigation?
Nice has released a security bulletin that advises users to apply the latest firmware to mitigate the risk and recommends defensive measures to minimize the risk of exploitation. https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf
What...
https://fortiguard.fortinet.com/threat-signal-report/5405
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exposing a New BOLA Vulnerability in Grafana
Unit 42 researchers discovered CVE-2024-1313, a broken object level authorization (BOLA) vulnerability in open-source data visualization platform Grafana.
The post Exposing a New BOLA Vulnerability in Grafana appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-bola-vulnerability-grafana/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New service from Proofpoint prevents email data loss through AI
https://www.proofpoint.com/us/newsroom/news/new-service-proofpoint-prevents-email-data-loss-through-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Unleashes the Power of Behavioral AI to Thwart Data Loss over Email
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-unleashes-power-behavioral-ai-thwart-data-loss-over-email
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Toronto 2023: Part 3 – Exploration
In this third part of the series, we focus on the exposed web services running on TCP ports 80 and 443.
Since a valid exploit chain must achieve code execution without prior authentication, we focus on the available functionality that can be accessed without authentication.
https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-3-exploration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GSM Hosting - 2,607,440 breached accounts
In August 2016, breached data from the vBulletin forum for GSM-Hosting appeared for sale alongside dozens of other hacked services. The breach impacted 2.6M users of the service and included email and IP addresses, usernames and salted MD5 password hashes.
https://haveibeenpwned.com/PwnedWebsites#GSMHosting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ASEAN Entities in the Spotlight: Chinese APT Group Targeting
We analyze the actions of two separate Chinese APTs — including Stately Taurus — that targeted ASEAN-affiliated entities through different methods.
The post ASEAN Entities in the Spotlight: Chinese APT Group Targeting appeared first on Unit 42.
https://unit42.paloaltonetworks.com/chinese-apts-target-asean-entities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897)
What is the Vulnerability?
Cyber threat actors are actively targeting Jenkins, a Java-based open-source automation server widely used by application developers. The critical vulnerability tracked as CVE-2024-23897 could enable remote code execution (RCE) potentially leading to unauthorized access and data compromise. Exploiting this vulnerability allows attackers to read any files on the Jenkins controller file system.FortiRecon ACI service has observed recent discussions related to CVE-2024-23897 on the Dark Web. Also, a Proof of Concept (PoC) exploit has been made publicly available which makes this vulnerability crucial for continuous monitoring and exploitation activities.
What is the Vendor Solution?
Jenkins released a security advisory about this vulnerability on January 24, 2024....
https://fortiguard.fortinet.com/threat-signal-report/5401
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Address Sanitizer for Bare-metal Firmware
Posted by Eugene Rodionov and Ivan Lozano, Android Team
With steady improvements to Android userspace and kernel security, we have noticed an increasing interest from security researchers directed towards lower level firmware. This area has traditionally received less scrutiny, but is critical to device security. We have previously discussed how we have been prioritizing firmware security, and how to apply mitigations in a firmware environment to mitigate unknown vulnerabilities.
In this post we will show how the Kernel Address Sanitizer (KASan) can be used to proactively discover vulnerabilities earlier in the development lifecycle. Despite the narrow application implied by its name, KASan is applicable to a wide-range of firmware targets. Using KASan enabled builds during testing...
http://security.googleblog.com/2024/03/address-sanitizer-for-bare-metal.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Recent ‘MFA Bombing' Attacks Targeting Apple Users
Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code.
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber readiness and SBOMs
The Advanced Technology Academic Research Center (ATARC) recently hosted the webinar "Unlocking Cyber Readiness with SBOMs," focusing on the essential role of software bills of materials (SBOMs) in enhancing cybersecurity frameworks across various government agencies and private-sector organizations.
https://blog.sonatype.com/cyber-readiness-and-sboms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The foundation for responsible analytics with Microsoft Purview
If you're attending the Microsoft Fabric Community Conference, check out one of our opportunities to learn more about Microsoft Purview. This blog post outlines the major announcements of new capabilities.
The post The foundation for responsible analytics with Microsoft Purview appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/03/26/the-foundation-for-responsible-analytics-with-microsoft-purview/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Cyber Attacks Statistics
In 2023, there was a 35% increase in cyber attacks to 4,128 events, with the MOVEit CVE-2023-34362 vulnerability being heavily exploited. Cybercrime dominated as the main motivation at 79%, while malware led attack techniques with 35.9%. Healthcare remained a top target for ransomware. The data, though not exhaustive, provides an overview of the cyber threat landscape.
https://www.hackmageddon.com/2024/03/26/2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Borrower beware: Common loan scams and how to avoid them
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here's how to avoid being scammed when considering a loan.
https://www.welivesecurity.com/en/scams/borrower-beware-common-loan-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Toronto 2023: Part 2 – Exploring the Attack Surface
In this second blog post of the series, we start with the reconnaissance phase on the camera, a crucial step in understanding our target.
The aim here is to gather information about the target and identify potential vulnerabilities.
https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-2-exploring-the-attack-surface/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Kimsuky group distributing malware disguised as an installer from a Korean public institution. The malware in question is a dropper that creates the Endoor backdoor, which was also used in the attack covered in the previous post, “TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)”. [1] While there are no records of the dropper being used in actual attacks, there was an attack case that involved the backdoor created...
The post Malware Disguised as Installer from Korean Public Institution (Kimsuky Group) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/63396/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimsuky Malware Attack
What is the Kimsuky Malware Attack?
Kimsuky, officially known as the Kim Suky Group, is a cyber-espionage group linked to North Korea. The group has been active since at least 2012 and is primarily focused on gathering intelligence targeting South Korean government entities. According to a recent observation by Rapid7, the group launched an attack leveraging weaponized Microsoft Office documents, ISO files, Windows shortcut (LNK), and CHM files, or Compiled HTML Help files.
What is the recommended Mitigation?
Maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. And, ensuring that all systems and software are kept up-to-date with the latest patches.
What FortiGuard Coverage is available?
FortiGuard Labs has existing...
https://fortiguard.fortinet.com/threat-signal-report/5404
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Get the Most From Your Secrets Scanning
Secret scanning is essential for unlocking next-level software supply chain security. Get tips & best practices for optimal secret scanning to secure your code.
https://www.legitsecurity.com/blog/how-to-get-the-most-from-your-secrets-scanning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Frost & Sullivan names Microsoft a Leader in the Frost Radar™: Managed Detection and Response, 2024
The Frost Radar™: Managed Detection and Response, 2024 report recognizes Microsoft as a Leader. Learn how Microsoft Defender Experts for XDR augments your security operations center team to triage, investigate, and respond to incidents for you.
The post Frost & Sullivan names Microsoft a Leader in the Frost Radar™: Managed Detection and Response, 2024 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/03/25/frost-sullivan-names-microsoft-a-leader-in-the-frost-radar-managed-detection-and-response-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US and UK go after Chinese hackers accused of state-backed operation against politicians, dissidents
https://www.proofpoint.com/us/newsroom/news/us-and-uk-go-after-chinese-hackers-accused-state-backed-operation-against-politicians
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Toronto 2023: Part 1 – How it all started
Around a year ago a few Compass analysts watched a talk at the Insomni'Hack conference about the Pwn2Own contest.
This is when they decided to take part! In this blog post, they talk about how they picked their target, got the firmware from the camera, and got into the shell.
https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open source ML/AI models: attackers' next target
We are now in an era where AI and ML tools are thriving, with a new AI service popping up every week—from voice cloning apps to those perfecting digitalized art generation. It is worth noting though that many of these complex systems are the result of open source machine learning models.
https://blog.sonatype.com/open-source-ml/ai-models-attackers-next-potential-target
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AceCryptor attacks surge in Europe – Week in security with Tony Anscombe
The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT
https://www.welivesecurity.com/en/videos/acecryptor-attacks-europe-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Large-Scale StrelaStealer Campaign in Early 2024
We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript.
The post Large-Scale StrelaStealer Campaign in Early 2024 appeared first on Unit 42.
https://unit42.paloaltonetworks.com/strelastealer-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats
Learn how Microsoft Incident Response works together with Microsoft Defender for Identity to give customers fast, flexible service—before, during, or after a cybersecurity incident occurs.
The post How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/03/21/how-microsoft-incident-response-and-microsoft-defender-for-identity-work-together-to-detect-and-respond-to-cyberthreats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Model Updates in Privacy-Preserving Federated Learning
In our second post we described attacks on models and the concepts of input privacy and output privacy. ln our last post, we described horizontal and vertical partitioning of data in privacy-preserving federated learning (PPFL) systems. In this post, we explore the problem of providing input privacy in PPFL systems for the horizontally-partitioned setting. Models, training, and aggregation To explore techniques for input privacy in PPFL, we first have to be more precise about the training process. In horizontally-partitioned federated learning, a common approach is to ask each participant to
https://www.nist.gov/blogs/cybersecurity-insights/protecting-model-updates-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2023 Cyber Attacks Statistics
In Q4 2023, cyber attack events decreased by 7.1% to 1029 compared to the previous quarter. Cybercrime remains the primary motive, although slightly reduced, while malware tops attack techniques, increasing from the last quarter. Multiple industries and healthcare are the most targeted sectors. These statistics represent only public source data and should be considered as an overview of the cyber threat landscape. The statistics are summarized in an infographic, and the author encourages following their work on social media and supporting it through donations.
https://www.hackmageddon.com/2024/03/21/q4-2023-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Training for small organisations and charities now available
New online learning helps small organisations get to grips with cyber security.
https://www.ncsc.gov.uk/blog-post/training-for-small-organisations-and-charities-now-available
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Curious Serpens' FalseFont Backdoor: Technical Analysis, Detection and Prevention
Iran-linked APT Curious Serpens is using a new backdoor, FalseFont, to target the aerospace and defense industries through fake job recruitment.
The post Curious Serpens' FalseFont Backdoor: Technical Analysis, Detection and Prevention appeared first on Unit 42.
https://unit42.paloaltonetworks.com/curious-serpens-falsefont-backdoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Warning Against Infostealer Disguised as Installer
The StealC malware disguised as an installer is being distributed en masse. It was identified as being downloaded via Discord, GitHub, Dropbox, etc. Considering the cases of distribution using similar routes, it is expected to redirect victims multiple times from a malicious webpage disguised as a download page for a certain program to the download URL. StealC is an Infostealer that extorts a variety of key information such as system, browser, cryptocurrency wallet, Discord, Telegram, and mail client data. The...
The post Warning Against Infostealer Disguised as Installer appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/63308/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to integrate SBOMs into the software development life cycle
The widespread availability of third-party and open source software has significantly accelerated modern software development. These technologies also pose a risk, because the external code used by a company has not gone through vital security review processes. A software bill of materials (SBOM) can help provide governance over these external components. An SBOM lists the libraries used by a piece of software and in some cases describes their vulnerability and license status.
https://blog.sonatype.com/how-to-integrate-sboms-into-the-software-development-life-cycle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android malware, Android malware and more Android malware
In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan.
https://securelist.com/crimeware-report-android-malware/112121/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2023 Cyber Attacks Timeline
December 2023 saw a decline in cyber events to 260 from November's 390, with Cyber Crime still leading at 75.4%. Cyber Espionage rose to 10.4%, Hacktivism to 7.3%, and Cyber Warfare doubled to 4.2%. Malware attacks led at 38.5%, while Account Takeovers and Targeted Attacks increased. Multiple Organizations remained top targets.
https://www.hackmageddon.com/2024/03/19/december-2023-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unit 42 Collaborative Research With Ukraine's Cyber Agency To Uncover the Smoke Loader Backdoor
A surge in use of malware Smoke Loader by threat group UAC-0006 is highlighted in the first-ever joint research published by Unit 42 and SSSCIP Ukraine.
The post Unit 42 Collaborative Research With Ukraine's Cyber Agency To Uncover the Smoke Loader Backdoor appeared first on Unit 42.
https://unit42.paloaltonetworks.com/unit-42-scpc-ssscip-uncover-smoke-loader-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat landscape for industrial automation systems. H2 2023
Kaspersky ICS CERT shares industrial threat statistics for H2 2023: most commonly detected malicious objects, threat sources, threat landscape by industry and region.
https://securelist.com/threat-landscape-for-industrial-automation-systems-h2-2023/112153/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Streamline your SBOM management with SBOM Manager
Modern software development means applications are woven from diverse components sourced from in-house development, open source repositories, and external vendors. Keeping track of all these dependencies is becoming more critical as governments are recognizing the challenge and are starting to use regulations to standardize how software supply chain security is managed. Today, the software bill of materials (SBOMs) is seen as the key tool by which software across every industry can be audited and regulated.
https://blog.sonatype.com/streamline-your-sbom-management-with-sbom-manager
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint's Inaugural Data Loss Landscape Report Reveals Careless Employees are Organizations' Biggest Data Loss Problem
https://www.proofpoint.com/us/newsroom/press-releases/proofpoints-inaugural-data-loss-landscape-report-reveals-careless-employees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I'll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I'll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.
The post Gaining kernel code execution on an MTE-enabled Pixel 8 appeared first on The GitHub Blog.
https://github.blog/2024-03-18-gaining-kernel-code-execution-on-an-mte-enabled-pixel-8/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Under Attack by Russian Cyberattackers
Understand how these attackers are operating and what their tactics mean for security strategies.
https://www.legitsecurity.com/blog/microsoft-under-attack-by-russian-cyberattackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled
We analyze recent samples of BunnyLoader 3.0 to illuminate this malware's evolved and upscaled capabilities, including its new downloadable module system.
The post Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled appeared first on Unit 42.
https://unit42.paloaltonetworks.com/analysis-of-bunnyloader-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Real-time, privacy-preserving URL protection
Posted by Jasika Bawa, Xinghui Lu, Google Chrome Security & Jonathan Li, Alex Wozniak, Google Safe Browsing
For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning users about potentially abusive sites on more than 5 billion devices around the world. As attackers grow more sophisticated, we've seen the need for protections that can adapt as quickly as the threats they defend against. That's why we're excited to announce a new version of Safe Browsing that will provide real-time, privacy-preserving URL protection for people using the Standard protection mode of Safe Browsing in Chrome.
Current landscape
Chrome automatically protects you by flagging potentially dangerous sites and files,...
http://security.googleblog.com/2024/03/blog-post.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Bad Bots Review
Learn the latest trends in bots and malicious automation so you can compare with attacks against your own organizations.
https://www.f5.com/labs/articles/threat-intelligence/2024-bad-bots-review
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A patched Windows attack surface is still exploitable
In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them have been exploited or if there have been any attempts to exploit them.
https://securelist.com/windows-vulnerabilities/112232/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 December 2023 Cyber Attacks Timeline
The last cyber attacks timeline of 2023 revealed a decrease in events (120 events down from 140 of the previous timeline), and this trend extended to lower ransomware and malware rates. There were a few mega breaches, and some events in the cryptocurrency sector. Cyber espionage and hacktivism remained prominent, influenced by Iranian and Russian groups.
https://www.hackmageddon.com/2024/03/14/16-31-december-2023-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JetBrains TeamCity Authentication Bypass Vulnerabilities (CVE-2024-27198, CVE-2024-27199)
What are the Vulnerabilities?
Two new vulnerabilities affecting JetBrains TeamCity CI/CD server have been identified and tagged as CVE-2024-27198 and CVE-2024-27199. The most severe of the two, CVE-2024-27198, has been added to CISA's known exploited catalog which allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker.
What is the Vendor Solution?
On March 3, 2024, JetBrains released TeamCity 2023.11.4 to fix both CVE-2024-27198 and CVE-2024-27199. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has provided protection via IPS signature "JetBrains.TeamCity.BaseController.Authentication.Bypass" to detect and block attack attempts targeting CVE-2024-27198 and has also released endpoint vulnerability signatures for...
https://fortiguard.fortinet.com/threat-signal-report/5400
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't Miss These Emerging Trends in Cloud Application Security
Get details on trends and best practices in cloud application security.
https://www.legitsecurity.com/blog/dont-miss-these-emerging-trends-in-cloud-application-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's in your notepad? Infected text editors target Chinese users
Infected versions of the text editors VNote and Notepad‐‐ for Linux and macOS, apparently loading a backdoor, are being distributed through a Chinese search engine.
https://securelist.com/trojanized-text-editor-apps/112167/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Reward Program: 2023 Year in Review
Posted by Sarah Jacobus, Vulnerability Rewards Team
Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our products and services. Working with our dedicated bug hunter community, we awarded million to our 600+ researchers based in 68 countries.
New Resources and Improvements
Just like every year, 2023 brought a series of changes and improvements to our vulnerability reward programs:
Through our new Bonus Awards program, we now periodically offer time-limited, extra rewards for reports to specific VRP targets.
We expanded our exploit reward program to Chrome and Cloud through the launch of v8CTF, a CTF focused on V8, the JavaScript engine...
http://security.googleblog.com/2024/03/vulnerability-reward-program-2023-year.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Manipulating LLMs – How to confuse ChatGPT
What are LLMs LLMs (Large Language Models) are language models with a large number of parameters. These parameters are the model’s variables, which it learns during training. Typically, this training is unsupervised learning on a large data set, during which the algorithm tries to find patterns in the provided data. The more it learns, the […]
https://blog.compass-security.com/2024/03/manipulating-llms-how-to-confuse-chatgpt/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using AI to Reduce False Positives in Secrets Scanners
Get an overview of how secrets scanners work, and how Legit is dramatically reducing secret-scanning false positives.
https://www.legitsecurity.com/blog/using-ai-to-reduce-false-positives-in-secrets-scanners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Group Assessment: Muddled Libra (Updated)
Muddled Libra continues to evolve. From social engineering to adaptation of new technologies, significant time is spent breaking down organizational defenses.
The post Threat Group Assessment: Muddled Libra (Updated) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/muddled-libra/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding the White House Report on Secure and Measurable Software
Get details on the new White House ONCD report, how to address it, and how Legit can help.
https://www.legitsecurity.com/blog/understanding-the-white-house-report-on-secure-and-measurable-software
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure by Design: Google's Perspective on Memory Safety
Alex Rebert, Software Engineer, Christoph Kern, Principal Engineer, Security FoundationsGoogle's Project Zero reports that memory safety vulnerabilities—security defects caused by subtle coding errors related to how a program accesses memory—have been "the standard for attacking software for the last few decades and it's still how attackers are having success". Their analysis shows two thirds of 0-day exploits detected in the wild used memory corruption vulnerabilities. Despite substantial investments to improve memory-unsafe languages, those vulnerabilities continue to top the most commonly exploited vulnerability classes.In this post, we share our perspective on memory safety in a comprehensive whitepaper. This paper delves into the data, challenges of tackling memory unsafety, and...
http://security.googleblog.com/2024/03/secure-by-design-googles-perspective-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wireshark Tutorial: Exporting Objects From a Pcap
This Wireshark tutorial guides the reader in exporting different packet capture objects. It builds on a foundation of malware traffic analysis skills.
The post Wireshark Tutorial: Exporting Objects From a Pcap appeared first on Unit 42.
https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeping secrets out of public repositories
With push protection now enabled by default, GitHub helps open source developers safeguard their secrets, and their reputations.
The post Keeping secrets out of public repositories appeared first on The GitHub Blog.
https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sponsored Ad Fraud: Mystery Box Scams Flood Social Media
Social media platforms are overflowing with scams.
In the past couple of months, Bitdefender Labs has been monitoring a steep
increase in fraudulent social media ads on Facebook promoting various swindles
ranging from crypto-doubling
[https://www.bitdefender.com/blog/labs/stream-jacking-2-0-deep-fakes-power-account-takeovers-on-youtube-to-maximize-crypto-doubling-scams/]
to AI-generated celebrity-endorsed giveaways
[https://www.bitdefender.com/blog/labs/audio-deepfakes-celebrity-endorsed-givea
https://www.bitdefender.com/blog/labs/sponsored-ad-fraud-mystery-box-scams-flood-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.
https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/?utm_source=rss&utm_medium=rss&utm_campaign=lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updates on NIST's Interagency International Cybersecurity Standardization Working Group
Last November, I was pleased to chair the most recent meeting of the Interagency International Cybersecurity Standardization Working Group (IICSWG) – a group NIST created in 2016. Our charge, from the Cybersecurity Enhancement Act of 2014, was to build a coordination mechanism for government agencies to discuss international cybersecurity standardization issues, consistent with agencies' responsibilities under OMB Circular A-119. Since then, IICSWG has grown as a forum to discuss cybersecurity and privacy standardization topics, examine the overall cybersecurity standardization landscape (
https://www.nist.gov/blogs/cybersecurity-insights/updates-nists-interagency-international-cybersecurity-standardization
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Stealers Converge: New Variant of Atomic Stealer in the Wild
Here at Bitdefender, we're constantly working on improving detection
capabilities for our macOS cyber-security products; part of this effort involves
revisiting old (or digging up new) samples from our malware zoo. During routine
verifications, we were able to isolate multiple suspicious and undetected macOS
disk image files surprisingly small for files of this kind (1.3 MB per file).
A short look into the code revealed that these files are significantly similar
to other samples analysed in the
https://www.bitdefender.com/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Distribution in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Our first post in the series introduced the concept of federated learning and described how it's different from traditional centralized learning - in federated learning, the data is distributed among participating organizations, and
https://www.nist.gov/blogs/cybersecurity-insights/data-distribution-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Luring the Threat: Lessons from ICS Honeypots in Ukraine and Germany
In today’s interconnected world, it is a well-known fact that systems with Internet exposure are under continual threat of cyber-attacks. This risk extends from private websites to corporate infrastructure. With the increasing modernization of Industrial Control Systems (ICS), these vital components also become more exposed to such threats. But what is the extent and nature […]
https://blog.compass-security.com/2024/02/luring-the-threat-lessons-from-custom-ics-honeypots-in-ukraine-and-germany/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
What is the Vulnerability?
On February 19, 2024, ConnectWise published a security advisory for their remote desktop application software called ScreenConnect. One of the flaws, CVE-2024-1709 is an authentication bypass vulnerability that could let attackers gain administrative access to a ScreenConnect instance. That vulnerability has a public proof-of-concept (PoC) available and recently been added to CISA's known exploited catalog. The second flaw tracked as CVE-2024-1708 is a path traversal vulnerability that may allow an attacker to execute remote code.
What is the Vendor Solution?
ConnectWise has released a patch covering both vulnerabilities. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has released endpoint vulnerability signatures to detect vulnerable...
https://fortiguard.fortinet.com/threat-signal-report/5389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Travel Update! The NIST CSF 2.0 is HERE…Along with Many Helpful Resources…
NIST CSF 2.0 QUICK LINKS | Explore our Full Suite of Resources: CSF 2.0 Quick Start Guides CSF 2.0 Profiles CSF 2.0 Informative References Cybersecurity & Privacy Reference Tool (CPRT) CSF 2.0 Reference Tool CSF 2.0 Website ( Homepage ) Official NIST News Announcement The NIST Cybersecurity Framework (CSF) development process all started with Executive Order (EO)13636 over a decade ago, which called for building a set of approaches ( a framework ) for reducing risks to critical infrastructure. Through this EO, NIST was tasked with developing a "Cybersecurity Framework." We knew that, to do
https://www.nist.gov/blogs/cybersecurity-insights/travel-update-nist-csf-20-herealong-many-helpful-resources
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Looking Forward, Looking Back: A Quarter Century as a CISO
Gail Coury explores how cybersecurity has evolved and what the future holds, after a distinguished career as a CISO.
https://www.f5.com/labs/articles/cisotociso/looking-forward-looking-back-a-quarter-century-as-a-ciso
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Details on Apple's Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204
CVE-2024-23204 [https://nvd.nist.gov/vuln/detail/CVE-2024-23204] sheds light on
the critical importance of continuous security vigilance. Apple's Shortcuts
application, designed to enhance user automation, can inadvertently become a
potential vector for privacy breaches. This analysis aims to provide users,
developers, and security professionals with insights into the nature of the
vulnerability, its potential impact, and recommended mitigation measures.
At a glance:
* We have discovered a vul
https://www.bitdefender.com/blog/labs/details-on-apples-shortcuts-vulnerability-a-deep-dive-into-cve-2024-23204/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to stay safe from repo-jacking
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.
The post How to stay safe from repo-jacking appeared first on The GitHub Blog.
https://github.blog/2024-02-21-how-to-stay-safe-from-repo-jacking/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: HomuWitch Ransomware
HomuWitch is a ransomware strain that initially emerged in July 2023. Unlike the majority of current ransomware strains, HomuWitch targets end-users - individuals - rather than institutions and companies.
The post Decrypted: HomuWitch Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-homuwitch-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-homuwitch-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in January 2024
More IoT Targeting, plus a bunch of new CVEs! See what attackers went after in January 2024.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-january-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)
What is the Vulnerability?
Microsoft disclosed a critical security flaw in the Exchange Server. Tracked as CVE-2024-21410, the issue has been described as a privilege escalation vulnerability. This security flaw can let remote unauthenticated threat actors escalate privileges in NTLM relay attacks against vulnerable Exchange Servers. Microsoft reported that the flaw has been actively exploited in the wild.
What is the Vendor Solution?
Microsoft released a patch on Feb 13, 2024, as part of its Patch Tuesday updates. Please follow the link to learn more about mitigation steps. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has an Endpoint Vulnerability Signature in place for CVE-2024-21410 to detect any vulnerable systems and auto patch if enabled.
FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5382
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Build code security skills with the GitHub Secure Code Game
Learn to find and fix security issues while having fun with Secure Code Game, now with new challenges focusing on JavaScript, Python, Go, and GitHub Actions!
The post Build code security skills with the GitHub Secure Code Game appeared first on The GitHub Blog.
https://github.blog/2024-02-15-build-code-security-skills-with-the-github-secure-code-game/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Audio deepfakes: Celebrity-endorsed giveaway scams and fraudulent investment opportunities flood social media platforms
Bitdefender Labs has been keeping up with the latest modus operandi of
cybercrooks who adapt emerging technologies to siphon money from consumers.
Artificial intelligence is just one of the many tools that help in the creation
and successful dissemination of online schemes to extort money and sensitive
information.
This paper focuses on voice cloning (audio deepfakes) schemes and how they are
proliferated via social media to trick unsuspecting victims.
Before delving deeper into the main subj
https://www.bitdefender.com/blog/labs/audio-deepfakes-celebrity-endorsed-giveaway-scams-and-fraudulent-investment-opportunities-flood-social-media-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST Celebrates National Entrepreneurship Week
What is National Entrepreneurship (NatlEshipWeek) Week? Celebrated February 10-17, 2024, “NatlEshipWeek is a congressionally chartered week dedicated to empowering entrepreneurship across the United States. The annual initiative was relaunched in 2017 as NatlEshipWeek to bring together a network of partners from Maui to Miami to educate, engage, and build equitable access to America's Entrepreneurship Ecosystem.” Follow along online with #NatlEshipWeek. You can learn more about the initiative here: https://www.natleshipweek.org/about . Supporting Entrepreneurship is at the Heart of NIST's
https://www.nist.gov/blogs/cybersecurity-insights/nist-celebrates-national-entrepreneurship-week
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 December 2023 Cyber Attacks Timeline
In early December 2023, event recordings decreased significantly to 135, with ransomware dominating 35.5% of incidents. The period saw a notable data breach at ESO Solutions, affecting 2.7 million patients, and a .7 million crypto theft at OKX. Geopolitical tensions spurred active cyber espionage, with APT28 exploiting critical vulnerabilities. The author encourages timeline review and community risk awareness support.
https://www.hackmageddon.com/2024/02/13/1-15-december-2023-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decrypted: Rhysida Ransomware
The team at Avast has developed a decryptor for the Rhysida ransomware and released it for public download. The Rhysida ransomware has been active since May 2023. As of Feb 2024, their TOR site lists 78 attacked companies, including IT (Information Technology) sector, healthcare, universities, and government organizations.
The post Decrypted: Rhysida Ransomware appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-rhysida-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-rhysida-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft BitLocker Bypasses are Practical
In this blog article, we would like to share key insights from the "Defeating Microsoft's Default BitLocker Implementation" security training by Hands-On Security and emphasize the potential risks and consequences associated with this attack technique. Our target audience includes businesses looking to safeguard sensitive data on their Windows devices, as well as individuals with an elevated requirement for protecting their data.
https://blog.compass-security.com/2024/02/microsoft-bitlocker-bypasses-are-practical/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure Site Recovery privilege escalation
When the ASR service is enabled, it uses an Automation Account with a System-Assigned Managed Identity
to manage Site Recovery extensions on VMs. However, the Runbook (a set of scripts for managing extensions)
executed by the Automation Account had its job output visible to users, and this output mistakenly included
a cleartext Management-scoped Access Token for the System-Assigned Managed Identity, which possesses the
Contributor role over the entire Azure subscription. Therefore, lower-privileged user roles who could access
the Automation Account's job output could see and use this Access Token. This access allowed these users to
impersonate the Managed Identity, thereby elevating their privileges to that of a Contributor for the whole
subscription, including the ability to execute commands...
https://www.cloudvulndb.org/azure-site-recovery-pe
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The architecture of SAST tools: An explainer for developers
More developers will have to fix security issues in the age of shifting left. Here, we break down how SAST tools can help them find and address vulnerabilities.
The post The architecture of SAST tools: An explainer for developers appeared first on The GitHub Blog.
https://github.blog/2024-02-12-the-architecture-of-sast-tools-an-explainer-for-developers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Detailed Guide on Ligolo-Ng
This comprehensive guide delves into the intricacies of Lateral Movement utilizing Ligolo-Ng, a tool developed by Nicolas Chatelain. The Ligolo-Ng tool facilitates the establishment of
The post A Detailed Guide on Ligolo-Ng appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-ligolo-ng/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New macOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
UPDATE:
Following our initial release, we have been contacted by our fellow researchers
at Jamf who were able to identify three more samples that act like first-stage
payloads. They are responsible for downloading the backdoor:
* e7cab6f2be47940bf36e279bbec54ec7 - Jobinfo.app.zip
* 26d6a7e3507edf9953684d367dcd44bd - Jobinfo.zip
* 775851f86cbde630808ff6d2cf8cedbf - Jobinfo.zip
Combined with information in our previous research, the investigation of these
samples revealed new components of t
https://www.bitdefender.com/blog/labs/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – International Dialogues, Workshops, and Translations
With the new year under way, NIST is continuing to engage with our international partners to enhance cybersecurity. Here are some updates on our international work from the end of 2023 into the beginning of 2024: Conversations have continued with our partners throughout the world on the update to the NIST Cybersecurity Framework (CSF) 2.0 . The current Draft CSF 2.0 has been shared in a public comment period that ended in November 2023. Stay tuned for the final version to be published soon! NIST international engagement continues through our support to the Department of State and the
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 feature release and 1.2.2, 1.0.5 security patch release!
The ClamAV 1.3.0 feature release is now stable!Today, we are also publishing the 1.2.2 and 1.0.5 security patch versions. ClamAV 1.1 is past EOL for security fixes and will not receive an update. Switch to the 1.0 LTS, 1.2, or 1.3 versions for continued support.The release files are available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and may not be available until later in the day.Continue reading to learn what changed in each version.1.3.0ClamAV 1.3.0 includes the following improvements and changes:Major changesAdded support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default,...
http://blog.clamav.net/2023/11/clamav-130-122-105-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q4/2023 Threat Report
10 Billion Attacks Blocked in 2023, Qakbot's Resurrection, and Google API Abused
The post Avast Q4/2023 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q4-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q4-2023-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Piloting new ways of protecting Android users from financial fraud
Posted by Eugene Liderman, Director of Mobile Security Strategy, Google
From its founding, Android has been guided by principles of openness, transparency, safety, and choice. Android gives you the freedom to choose which device best fits your needs, while also providing the flexibility to download apps from a variety of sources, including preloaded app stores such as the Google Play Store or the Galaxy Store; third-party app stores; and direct downloads from the Internet.Keeping users safe in an open ecosystem takes sophisticated defenses. That's why Android provides multiple layers of protections, powered by AI and backed by a large dedicated security & privacy team, to help to protect our users from security threats while continually making the platform more resilient. We also provide...
http://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from financial-fraud.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AppSec is harder than you think. Here's how AI can help.
In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here's how.
The post AppSec is harder than you think. Here's how AI can help. appeared first on The GitHub Blog.
https://github.blog/2024-02-06-appsec-is-harder-than-you-think-heres-how-ai-can-help/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure HDInsight privilege escalation and DoS vulnerabilities
Three privilege escalation and denial-of-service vulnerabilities were discovered in Azure HDinsight, related to their usage of Apache Oozie and Ambari.
The root cause of at least one of these vulnerabilities is a flaw in Apache Oozie itself, leading to regex denial-of-service (ReDoS). The other two vulnerabilities
could allow an authenticated attacker with HDI cluster access to gain cluster administrator privileges and perform any resource service management operation.
The vulnerabilities were patched in the October 2023 security update of Azure HDinsight.
https://www.cloudvulndb.org/azure-hdinsight-dos
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti Connect Secure and Policy Secure Gateways Zero-day Vulnerabilities (CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, CVE-2024-21893)
What is the Vulnerability?
Ivanti recently published an advisory on two vulnerabilities on Jan 10, 2024 affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways (CVE-2023-46805 and CVE-2024-21887). The vulnerabilities are an authentication bypass and command injection vulnerabilities, respectively in the web component of affected application. According to the vendor advisory, when chained together, exploiting these vulnerabilities when chained together may allow attackers to run commands without the need for authentication on the compromised system. Both vulnerabilities have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog.
What is the Vendor Solution?
At the time of posting, there is no patch available; Ivanti has released workarounds as the two new...
https://fortiguard.fortinet.com/threat-signal-report/5371
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improving Interoperability Between Rust and C++
Posted by Lars Bergstrom – Director, Android Platform Tools & Libraries and Chair of the Rust Foundation Board
Back in 2021, we announced that Google was joining the Rust Foundation. At the time, Rust was already in wide use across Android and other Google products. Our announcement emphasized our commitment to improving the security reviews of Rust code and its interoperability with C++ code. Rust is one of the strongest tools we have to address memory safety security issues. Since that announcement, industry leaders and government agencies have echoed our sentiment.
We are delighted to announce that Google has provided a grant of million to the Rust Foundation to support efforts that will improve the ability of Rust code to interoperate with existing legacy C++ codebases. We're...
http://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bots Cheat to Win
How automated fraudsters tried to ruin a restaurant’s promotional contest.
https://www.f5.com/labs/articles/threat-intelligence/bots-cheat-to-win
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-21626 - Runc container issue
Publication Date: 2024/01/31 1:30 PM PST CVE Identifier: CVE-2024-21626
AWS is aware of a recently disclosed security issue affecting the runc component of several open source container management systems (CVE-2024-21626). With the exception of the AWS services listed below, no customer action is required to address this issue.
Amazon Linux An updated version of runc is available for Amazon Linux 1 (runc-1.1.11-1.0.amzn1), Amazon Linux 2 (runc-1.1.11-1.amzn2) and for Amazon Linux 2023 (runc-1.1.11-1.amzn2023). AWS recommends that customers using runc or other container-related software apply those updates or a newer version. Further information is available in the Amazon Linux Security Center.
Bottlerocket OS An updated version of runc will be included in Bottlerocket 1.19.0, which will...
https://aws.amazon.com/security/security-bulletins/AWS-2024-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
November 2023 Cyber Attacks Statistics
November 2023 saw a rise to 39 events, with Cyber Crime remaining dominant at 78.7%. Cyber Espionage increased to 9.7%, while Hacktivism fell to 5.4%. Malware was the leading attack technique at 42.1%, and Multiple Organizations were the most targeted at 17.7%.
https://www.hackmageddon.com/2024/02/02/november-2023-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UN Cybercrime Treaty Could Endanger Web Security
Royal Hansen, Vice President of Privacy, Safety and Security EngineeringThis week, the United Nations convened member states to continue its years-long negotiations on the UN Cybercrime Treaty, titled “Countering the Use of Information and Communications Technologies for Criminal Purposes.” As more aspects of our lives intersect with the digital sphere, law enforcement around the world has increasingly turned to electronic evidence to investigate and disrupt criminal activity. Google takes the threat of cybercrime very seriously, and dedicates significant resources to combating it. When governments send Google legal orders to disclose user data in connection with their investigations, we carefully review those orders to make sure they satisfy applicable laws, international norms,...
http://security.googleblog.com/2024/02/un-cybercrime-treaty-could-endanger-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scaling security with AI: from detection to solution
Dongge Liu and Oliver Chang, Google Open Source Security Team, Jan Nowakowski and Jan Keller, Machine Learning for Security TeamThe AI world moves fast, so we've been hard at work keeping security apace with recent advancements. One of our approaches, in alignment with Google's Secure AI Framework (SAIF), is using AI itself to automate and streamline routine and manual security tasks, including fixing security bugs. Last year we wrote about our experiences using LLMs to expand vulnerability testing coverage, and we're excited to share some updates. Today, we're releasing our fuzzing framework as a free, open source resource that researchers and developers can use to improve fuzzing's bug-finding abilities. We'll also show you how we're using AI to speed up the bug patching...
http://security.googleblog.com/2024/01/scaling-security-with-ai-from-detection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager
Posted by Sherif Hanna, Group Product Manager, Pixel Security
Helping Pixel owners upgrade to the easier, safer way to sign in
Your phone contains a lot of your personal information, from financial data to photos. Pixel phones are designed to help protect you and your data, and make security and privacy as easy as possible. This is why the Pixel team has been especially excited about passkeys—the easier, safer alternative to passwords.
Passkeys are safer because they're unique to each account, and are more resistant against online attacks such as phishing. They're easier to use because there's nothing for you to remember: when it's time to sign in, using a passkey is as simple as unlocking your device with your face or fingerprint, or your PIN/pattern/password.
Google is...
http://security.googleblog.com/2024/01/upgrade-to-passkeys-on-pixel-with-google-password-manager.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-30 November 2023 Cyber Attacks Timeline
In the latter half of November 2023, I collected 207 cybersecurity events, with ransomware dominating at 34.78%. Financial technology sector hacks led to 7 million in crypto losses, along with significant data breaches and cyber espionage by groups from Palestine, North Korea, China, and Russia.
https://www.hackmageddon.com/2024/01/29/16-30-november-2023-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating Worldwide SMS Scams, and Tens of Millions of Dollars in Fraud
SMS services remain a critical part of telecommunications; they don't require
Internet access, and companies use them to inform their customers. This
combination of features makes them incredibly useful for criminals who use the
technology as a stepping stone in their never-ending campaigns. And if you think
that the new RCS messaging standard
[https://en.wikipedia.org/wiki/Rich_Communication_Services] will offer any
protection, you would be wrong. These types of scams will continue to spread
re
https://www.bitdefender.com/blog/labs/investigating-worldwide-sms-scams-and-tens-of-millions-of-dollars-in-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Year, New Initiatives for the NIST Privacy Framework!
It's been four years since the release of The NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0. Since then, many organizations have found it highly valuable for building or improving their privacy programs. We've also been able to add a variety of resources to support its implementation. We're proud of how much has been accomplished in just a few short years, but we're not resting on our laurels. As another, more famous, Dylan once said, “the times they are a-changin'.” For example, the past year has seen the release of the NIST AI Risk
https://www.nist.gov/blogs/cybersecurity-insights/new-year-new-initiatives-nist-privacy-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 Second Release Candidate now available!
We are excited to announce the ClamAV 1.3.0 release candidate.You can find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc2.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use these tags:clamav/clamav:unstableclamav/clamav:unstable_base clamav/clamav-debian:unstableclamav/clamav-debian:unstable_base This...
http://blog.clamav.net/2024/01/clamav-130-second-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in December 2023
We add 6 CVEs to our list and do a brief roundup of some stats from 2023.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-december-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy Attacks in Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or the CDEI blog . Our first post in the series introduced the concept of federated learning—an approach for training AI models on distributed data by sharing model updates instead of training data. At first glance, federated learning seems to be a perfect fit for privacy since it completely avoids sharing data
https://www.nist.gov/blogs/cybersecurity-insights/privacy-attacks-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Debian multi-Arch Docker images now available!
We now offer official ClamAV docker images based on `debian:11-slim`.In addition to offering an alternative to the original Alpine Linux images, the new images are multi-arch images supporting `linux/amd64`, `linux/arm64`, and `linux/ppc64le`.ClamAV's Alpine-based and Debian-based Docker images are now built weekly to pick up security fixes in the base images. Check it out here.
http://blog.clamav.net/2024/01/clamav-debian-multi-arch-docker-images.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burpsuite for Pentester: Autorize
In order to protect online assets, web application security testing is an essential element of safeguarding them. Burp Suite has been a leader in this
The post Burpsuite for Pentester: Autorize appeared first on Hacking Articles.
https://www.hackingarticles.in/burpsuite-for-pentester-autorize/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stream-Jacking 2.0: Deep fakes power account takeovers on YouTube to maximize crypto-doubling scams
As of October 2023, researchers at Bitdefender Labs have been actively keeping
tabs
[https://www.bitdefender.com/blog/labs/a-deep-dive-into-stream-jacking-attacks-on-youtube-and-why-theyre-so-popular/]
on steam-jacking attacks against high-profile YouTube accounts used to conduct a
myriad of crypto doubling scams.
Fast forward to 2024; our investigation into the fraudulent takeovers and usage
of YouTube accounts has rendered new findings, as financially motivated threat
actors meticulously evo
https://www.bitdefender.com/blog/labs/stream-jacking-2-0-deep-fakes-power-account-takeovers-on-youtube-to-maximize-crypto-doubling-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rotating credentials for GitHub.com and new GHES patches
GitHub received a bug bounty report of a vulnerability that allowed access to the environment variables of a production container. We have patched GitHub.com and rotated all affected credentials. If you have hardcoded or cached a public key owned by GitHub, read on to ensure your systems continue working with the new keys.
The post Rotating credentials for GitHub.com and new GHES patches appeared first on The GitHub Blog.
https://github.blog/2024-01-16-rotating-credentials-for-github-com-and-new-ghes-patches/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Recover an Unsaved Excel File
If your Excel file was left unsaved by accident, don’t fret – Microsoft understands mistakes happen and provides built-in functionality to help recover it. To recover an unsaved file, navigate...
The post How to Recover an Unsaved Excel File appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-recover-unsaved-excel-file/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to See Who Blocked You on Facebook
If you suspect someone has blocked you on Facebook, various methods exist to investigate their actions. One option would be searching for their name; they may have blocked you if...
The post How to See Who Blocked You on Facebook appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-see-who-blocked-you-on-facebook/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Access Your Photos On iCloud
iCloud can be an easy and secure way to back up photos and videos, but accessing those files across devices may prove challenging. Thank goodness there are multiple ways to...
The post How To Access Your Photos On iCloud appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-access-your-photos-on-icloud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why is the iPhone Force Restart Not Working?
If the iPhone force restart does not work as intended, there may be an issue with the iOS system. To address this, look for physical damage to buttons used for...
The post Why is the iPhone Force Restart Not Working? appeared first on Hacker Combat.
https://www.hackercombat.com/iphone-force-restart-not-working/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
YouTube Not Working on iPhone? Here's How to Fix It
If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and...
The post YouTube Not Working on iPhone? Here’s How to Fix It appeared first on Hacker Combat.
https://www.hackercombat.com/youtube-not-working-on-iphone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities identified in Bosch BCC100 Thermostat
Several factors underscore the importance of smart thermostats: energy
efficiency, environmental sustainability, and the spread of smart home
technologies. These devices have a major impact on energy conservation and its
associated cost savings, while making homes noticeably more comfortable.
This combination of energy efficiency, convenience and environmental
consciousness, which resonate with the current priorities of individuals,
governments and societies, have led to the diversification of
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-bosch-bcc100-thermostat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Easy way to Generate Reverse Shell
In this article, we will learn how to get a reverse in a few easy steps. Usually, the problem when reverse shell commands is to
The post Easy way to Generate Reverse Shell appeared first on Hacking Articles.
https://www.hackingarticles.in/easy-way-to-generate-reverse-shell/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Journey into the Immersive Frontier: Preliminary NIST Research on Cybersecurity and Privacy Standards for Immersive Technologies
Words like “metaverse” and “augmented reality” may conjure up thoughts of friends in headsets wielding virtual sabers or folks roaming the streets at night in search of PokéStops. Virtual, augmented, and mixed reality technologies (“immersive technologies”) have entered the popular conscience thanks in part to the success of games, but their applications go well beyond new experiences in entertainment. They are already being utilized to increase access to education , improve manufacturing , bolster accessibility , and train workforces in healthcare and retail. Immersive technologies have the
https://www.nist.gov/blogs/cybersecurity-insights/journey-immersive-frontier-preliminary-nist-research-cybersecurity-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police
In cooperation with Cisco Talos and Dutch Police, Avast is releasing an updated version of the Avast Babuk decryption tool, capable of restoring files encrypted by the Babuk variant called Tortilla.
The post Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-updates-babuk-ransomware-decryptor-in-cooperation-with-cisco-talos-and-dutch-police/?utm_source=rss&utm_medium=rss&utm_campaign=avast-updates-babuk-ransomware-decryptor-in-cooperation-with-cisco-talos-and-dutch-police
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub and the Ekoparty 2023 Capture the Flag
The GitHub Security Lab teamed up with Ekoparty once again to create some challenges for its yearly Capture the Flag competition!
The post GitHub and the Ekoparty 2023 Capture the Flag appeared first on The GitHub Blog.
https://github.blog/2024-01-08-github-and-the-ekoparty-2023-capture-the-flag/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Frenemies to friends: Developers and security tools
When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let's explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.
The post Frenemies to friends: Developers and security tools appeared first on The GitHub Blog.
https://github.blog/2024-01-08-frenemies-to-friends-developers-and-security-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unveiling Mobile App Secrets: A 6-Month Deep Dive into Surprising Behavior Patterns
Bitdefender launched in May 2023, an industry-first technology called App
Anomaly Detection
[https://www.bitdefender.com/blog/labs/app-anomaly-detection-technology-from-bitdefender-to-protect-against-yet-unknown-threats/]
that gave the security solutions feature in our mobile security solution for
Android the power to analyze app behavior and identify threats based on what
applications do after installation. We took a closer at what this new technology
found in the wild over the course of a few
https://www.bitdefender.com/blog/labs/unveiling-mobile-app-secrets-a-6-month-deep-dive-into-surprising-behavior-patterns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool
BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground
https://www.darknet.org.uk/2024/01/best-edr-of-the-market-beotm-endpoint-detection-and-response-testing-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure Pipelines Agent poisoned pipeline execution
Azure Pipelines and GitHub Actions allow deployment of runners and agents using VM images sourced from a GitHub-managed
repository (github.com/actions/runner-images). This repo was misconfigured to use self-hosted runners insecurely,
in a way that could have allowed a malicious external contributor (i.e., anyone who had previously had at least one PR
approved and merged in the repo) to poison the repository and achieve code execution on runners in the repo. This in turn
could have theoretically allowed an attacker to modify the source code of the images, and thereby conduct a supply chain
attack against Pipelines and Actions customers.
https://www.cloudvulndb.org/pipelines-agent-ppe
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in November 2023
We add two IoT CVEs and discuss the other sorts of traffic we see regularly.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-november-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Temporarily Deactivate Instagram?
Instagram is an amazing social platform where you can stay in touch with your friends and influencers, but sometimes it can be too much. Taking a break may help. Instagram...
The post How to Temporarily Deactivate Instagram? appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-temporarily-deactivate-instagram/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Delete Facebook Business Page?
An inactive Facebook business page won’t do your brand any good; sometimes, it may be best to delete it and start fresh. Deleting a page is straightforward and can be...
The post How To Delete Facebook Business Page? appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-delete-facebook-business-page/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do AirPods Work With Android?
AirPods work well with Android, but the experience may be less satisfying or convenient compared to Apple’s ecosystem. Certain features are unavailable such as customizing double-tap functionality and access to...
The post Do AirPods Work With Android? appeared first on Hacker Combat.
https://www.hackercombat.com/do-airpods-work-with-android/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Know If Someone Screengrabs Your Instagram Story
Instagram doesn’t inform its users when their Story or Reel has been screengrabbed – no matter whether they have millions of followers or just an everyday account – which means...
The post How to Know If Someone Screengrabs Your Instagram Story appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-know-if-someone-screengrabs-your-instagram-story/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Scan a QR Code On iPhone
The iPhone offers multiple ways of scanning QR codes, but the quickest and easiest method is using its built-in camera app. Open your camera app and point at a QR...
The post How To Scan a QR Code On iPhone appeared first on Hacker Combat.
https://www.hackercombat.com/how-to-scan-a-qr-code-on-iphone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The anatomy of a scam: ‘Like YouTube Videos and Get Paid' schemes
Have you ever considered a remote job that only requires you to click the like
or subscribe button on YouTube videos?
If you have, we're sorry to say it's a scam. This month, researchers at
Bitdefender Labs have been taking a closer look at the latest remote job
swindles polluting social media platforms – namely getting paid for liking
random YouTube videos.
Online part-time job listings can be a great opportunity to earn extra cash.
Despite many legitimate work-from-home options out there, sc
https://www.bitdefender.com/blog/labs/the-anatomy-of-a-scam-like-youtube-videos-and-get-paid-schemes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.3.0 release candidate now available!
The ClamAV 1.3.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.3.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
http://blog.clamav.net/2023/12/clamav-130-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Opening a new front against DNS-based threats
DNS is a hierarchical decentralized naming system. There are multiple ways in which threat actors can leverage DNS to carry out attacks. We will provide a an introduction to DNS threat landscape.
The post Opening a new front against DNS-based threats appeared first on Avast Threat Labs.
https://decoded.avast.io/threatintel/opening-a-new-front-against-dns-based-threats/?utm_source=rss&utm_medium=rss&utm_campaign=opening-a-new-front-against-dns-based-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2024 Cybersecurity Predictions
To quote the late David Foster Wallace: sure, I’m paranoid—but am I paranoid enough?
https://www.f5.com/labs/articles/cisotociso/2024-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Note on progress…NIST's Digital Identity Guidelines.
In August 2023 the Digital Identity Guidelines team hosted a two-day workshop to provide a public update on the status of revision 4. As part of that session, we committed to providing further information on the status of each volume going forward. In fulfillment of this commitment, we wanted to offer a quick update on where we stand. Our goal remains to have the next version of each volume out by the Spring of 2024. With our gratitude for the robust and substantive engagement we received during the comment period, at this time we would like to announce that all four volumes of Special
https://www.nist.gov/blogs/cybersecurity-insights/note-progressnists-digital-identity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Account Creation Bots – Part 4
The fourth and final part of a series investigating how automation is used to create fake accounts for fraud, disinformation, scams, and account takeover.
https://www.f5.com/labs/articles/threat-intelligence/fake-account-creation-bots-part-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The UK-US Blog Series on Privacy-Preserving Federated Learning: Introduction
This post is the first in a series on privacy-preserving federated learning. The series is a collaboration between CDEI and NIST. Advances in machine learning and AI, fueled by large-scale data availability and high-performance computing, have had a significant impact across the world in the past two decades. Machine learning techniques shape what information we see online, influence critical business decisions, and aid scientific discovery, which is driving advances in healthcare, climate modelling, and more. Training Models: Conventional vs Federated Learning The standard way to train
https://www.nist.gov/blogs/cybersecurity-insights/uk-us-blog-series-privacy-preserving-federated-learning-introduction
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sensor Intel Series: Top CVEs in October 2023
Despite an overall downward trend, an old favorite comes back into play.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-october-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bots Target Retailers for Black Friday Bargains
Did automation targeting retail companies rise towards Black Friday 2022?
https://www.f5.com/labs/articles/threat-intelligence/bots-target-retailers-for-black-friday-bargains
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Avast Q3/2023 Threat Report
Stunning 50% Surge in Blocked Attacks, Resulting in 1 Billion Monthly Blocks
The post Avast Q3/2023 Threat Report appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/avast-q3-2023-threat-report/?utm_source=rss&utm_medium=rss&utm_campaign=avast-q3-2023-threat-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
First handset with MTE on the market
@import url(https://themes.googleusercontent.com/fonts/css?kit=DFQxm4rd7fRHgM9OTejWVT5Vho6BE7M80rHXEVKqXWcinf93kRmgH2T4xWS0JMLd96xlbbE5D7Gw2o7jubnkMA);.lst-kix_mpwcgajc4xj4-0>li{counter-increment:lst-ctn-kix_mpwcgajc4xj4-0}ol.lst-kix_mpwcgajc4xj4-4{list-style-type:none}.lst-kix_d02lf6xv7lip-8>li:before{content:"- "}ol.lst-kix_mpwcgajc4xj4-3{list-style-type:none}ol.lst-kix_mpwcgajc4xj4-6{list-style-type:none}.lst-kix_d02lf6xv7lip-7>li:before{content:"- "}.lst-kix_6winxzvxkxle-2>li:before{content:"- "}.lst-kix_6winxzvxkxle-4>li:before{content:"- "}ol.lst-kix_mpwcgajc4xj4-5{list-style-type:none}ol.lst-kix_mpwcgajc4xj4-0{list-style-type:none}ol.lst-kix_mpwcgajc4xj4-2.start{counter-reset:lst-ctn-kix_mpwcgajc4xj4-2 0}.lst-kix_d02lf6xv7lip-6>li:before{content:"- "}.lst-kix_mpwcgajc4xj4-6>li{counter-increment:lst-ctn-kix_mpwcgajc4xj4-6}ol.lst-kix_mpwcgajc4xj4-2{list-style-type:none}.lst-kix_6winxzvxkxle-3>li:before{content:"-...
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burpsuite for Pentester: Logger++
In this article, we'll learn about a powerful Burp Extension cool tool called “Burp Logger++”. It is like a super detective for websites, always on
The post Burpsuite for Pentester: Logger++ appeared first on Hacking Articles.
https://www.hackingarticles.in/burpsuite-for-pentester-logger/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firefox Addons for Pentesting
In this article, we will learn how to customise the Firefox browser for efficient pen-testing along with extensions you can use for the same purpose.
The post Firefox Addons for Pentesting appeared first on Hacking Articles.
https://www.hackingarticles.in/firefox-addons-for-pentesting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rhysida Ransomware Technical Analysis
Technical analysis of Rhysida Ransomware family that emerged in the Q2 of 2023
The post Rhysida Ransomware Technical Analysis appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/rhysida-ransomware-technical-analysis/?utm_source=rss&utm_medium=rss&utm_campaign=rhysida-ransomware-technical-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.2.1, 1.1.3, 1.0.4, 0.103.11 patch versions published
Today, we are publishing the 1.2.1, 1.1.3, 1.0.4, and 0.103.11 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. Continue reading to learn what changed in each version.1.2.1ClamAV 1.2.1 is a patch release with the following fixes:Eliminate security warning about unused "atty" dependency.GitHub pull request.Upgrade the bundled UnRAR library (libclamunrar) to version 6.2.12.GitHub pull request.Build system: Fix link error with Clang/LLVM/LLD version 17. Patch courtesy of Yasuhiro Kimura.GitHub pull request.Fix alert-exceeds-max feature for files > 2GB and < max-filesize.GitHub pull request. Special thanks to Yasuhiro Kimura for code contributions and bug reports.1.1.3ClamAV...
http://blog.clamav.net/2023/10/clamav-121-113-104-010311-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing a “Share on Mastodon” button for a blog
I decided that I would make it easier for people to share my articles on social media, most importantly on Mastodon. However, my Hugo theme didn't support showing a “Share on Mastodon” button yet. It wasn't entirely trivial to add support either: unlike with centralized solutions like Facebook where a simple link is sufficient, here one would need to choose their home instance first.
As far as existing solutions go, the only reasonably sophisticated approach appears to be Share₂Fedi. It works nicely, privacy-wise one could do better however. So I ended up implementing my own solution while also generalizing that solution to support a variety of different Fediverse applications in addition to Mastodon.
Contents
Why not Share₂Fedi?
Share on Mastodon or on Fediverse?
...
https://palant.info/2023/10/19/implementing-a-share-on-mastodon-button-for-a-blog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
@import url(https://themes.googleusercontent.com/fonts/css?kit=lhDjYqiy3mZ0x6ROQEUoUw);.lst-kix_fcb9u51bqgft-4>li{counter-increment:lst-ctn-kix_fcb9u51bqgft-4}ol.lst-kix_shbeio5ln3sf-3.start{counter-reset:lst-ctn-kix_shbeio5ln3sf-3 0}.lst-kix_shbeio5ln3sf-0>li{counter-increment:lst-ctn-kix_shbeio5ln3sf-0}ul.lst-kix_wvnn2lytn2eh-3{list-style-type:none}ul.lst-kix_wvnn2lytn2eh-2{list-style-type:none}ul.lst-kix_wvnn2lytn2eh-5{list-style-type:none}ul.lst-kix_wvnn2lytn2eh-4{list-style-type:none}ul.lst-kix_wvnn2lytn2eh-1{list-style-type:none}.lst-kix_shbeio5ln3sf-6>li{counter-increment:lst-ctn-kix_shbeio5ln3sf-6}ul.lst-kix_wvnn2lytn2eh-0{list-style-type:none}ol.lst-kix_shbeio5ln3sf-7.start{counter-reset:lst-ctn-kix_shbeio5ln3sf-7 0}ol.lst-kix_fcb9u51bqgft-2.start{counter-reset:lst-ctn-kix_fcb9u51bqgft-2...
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amazon WorkSpaces Windows client credential logging
AWS identified an issue in the Amazon WorkSpaces Windows client which resulted in unintentionally logging
connection debugging information to a user's local system. This data could include usernames or passwords
if they contain specific characters: \ (backslash) or " (double quotes). If an attacker gained access to
an Amazon WorkSpaces user's machine, they could then compromise such credentials from the log.
https://www.cloudvulndb.org/aws-2023-010
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reported TorchServe Issue (CVE-2023-43654)
Publication Date: 2023/10/02 02:00 PM EDT
AWS is aware of CVE-2023-43654 and CVE-2022-1471 in PyTorch TorchServe versions 0.3.0 to 0.8.1, which use a version of the SnakeYAML v1.31 open source library. TorchServe version 0.8.2 resolves these issues. AWS recommends customers using PyTorch inference Deep Learning Containers (DLC) 1.13.1, 2.0.0, or 2.0.1 in EC2, EKS, or ECS released prior to September 11, 2023, update to TorchServe version 0.8.2.
Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker are not affected.
Customers can use the following new image tags to pull DLCs that ship with patched TorchServe version 0.8.2:
The full DLC image URI details can be found at: https://github.com/aws/deep-learning-containers/blob/master/available_images.md#available-deep-learning-containers-images....
https://aws.amazon.com/security/security-bulletins/AWS-2023-009/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing a Modern In-the-wild Android Exploit
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google's Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG's blog post covers the targeting and the actor behind the campaign. This is a technical analysis of the final stage of one of the exploit chains, specifically CVE-2023-0266 (a 0-day in the ALSA compatibility layer) and CVE-2023-26083 (a 0-day in the Mali GPU driver) as well as the techniques used by the attacker to gain kernel arbitrary read/write access.Notably, several of the previous stages of the exploit chain used n-day vulnerabilities:CVE-2022-4262, a 0-day vulnerability in Chrome was exploited in the Samsung browser to achieve RCE.CVE-2022-3038, a Chrome n-day that unpatched in the Samsung browser, was used...
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A year after the disastrous breach, LastPass has not improved
In September last year, a breach at LastPass' parent company GoTo (formerly LogMeIn) culminated in attackers siphoning out all data from their servers. The criticism from the security community has been massive. This was not so much because of the breach itself, such things happen, but because of the many obvious ways in which LastPass made matters worse: taking months to notify users, failing to provide useful mitigation instructions, downplaying the severity of the attack, ignoring technical issues which have been publicized years ago and made the attackers' job much easier. The list goes on.
Now this has been almost a year ago. LastPass promised to improve, both as far as their communication goes and on the technical side of things. So let's take a look at whether they managed to...
https://palant.info/2023/09/05/a-year-after-the-disastrous-breach-lastpass-has-not-improved/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AgentSmith HIDS – Host Based Intrusion Detection
AgentSmith HIDS is a powerful component of a Host-based Intrusion Detection system, it has anti-rootkit functionalities and is a very performant way to collect information about a host.
https://www.darknet.org.uk/2023/08/agentsmith-hids-host-based-intrusion-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Sync privacy is still very bad
Five years ago I wrote an article about the shortcomings of Chrome Sync (as well as a minor issue with Firefox Sync). Now Chrome Sync has seen many improvements since then. So time seems right for me to revisit it and to see whether it respects your privacy now.
Spoiler: No, it doesn't. It improved, but that's an improvement from outright horrible to merely very bad. The good news: today you can use Chrome Sync in a way that preserves your privacy. Google however isn't interested in helping you figure out how to do it.
Contents
The default flow
The privacy-preserving flow
What does Google do with your data?
It could have been worse
Comparison to Firefox Sync
The default flow
Chrome Sync isn't some obscure feature of Google Chrome. In fact, as of Chrome...
https://palant.info/2023/08/29/chrome-sync-privacy-is-still-very-bad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.2.0 feature version and 1.1.2, 1.0.3, 0.103.10 patch versions published
The ClamAV 1.2.0 feature release is now stable and available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub.Today, we are also publishing the 1.1.2, 1.0.3, and 0.103.10 security patch versions. You may be surprised about the impromptu patch release. Indeed, we just published patch versions earlier this month. Unfortunately, a recent CVE for the UnRAR* library has prompted us to prepare these additional updates. We strongly encourage everyone to upgrade to one of these versions. The release files for the patch versions are also available for download on the ClamAV downloads page, on the Github Release page, and through Docker Hub. Because ClamAV 1.2.0 is now the latest release, the release files for version 1.1.2 will be found under the...
http://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kubernetes Security Issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955)
Publication Date: 2023/08/23 10:00 AM PDT
AWS is aware of three security issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) in Kubernetes that affect Amazon EKS customers with Windows EC2 nodes in their clusters. These issues do not affect any Kubernetes control plane or the service itself, nor do these issues permit cross-customer impact. Updated Amazon EKS Windows AMIs are now available for Kubernetes versions 1.23 through 1.27 that include patched builds of kubelet and csi-proxy. We recommend that EKS customers update their configurations to launch new worker nodes from the latest AMI version.
Customers using Managed node groups can refer to the EKS Documentation for instructions on upgrading their node groups. Customers self-managing worker nodes should replace existing instances...
https://aws.amazon.com/security/security-bulletins/AWS-2023-008/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.1.1, 1.0.2, 0.103.9 patch versions published
Today, we are releasing the following critical patch versions for ClamAV: 1.1.1 1.0.2 0.103.9 ClamAV 0.105 and 0.104 have reached end-of-life according to the ClamAV's End of Life (EOL) policy and will not be patched.The release files are available for download on ClamAV.net, on the Github Release page, and through Docker Hub.Note: We observed an issue building ClamAV on Windows using the recently released libjson-c version 0.17. If you are building ClamAV for Windows, you should use libjson-c version 0.16 or prior. 1.1.1 ClamAV 1.1.1 is a critical patch release with the following fixes: CVE-2023-20197 Fixed a possible denial of service vulnerability in the HFS+ file parser. This issue affects versions 1.1.0, 1.0.1 through 1.0.0, 0.105.2 through 0.105.0,...
http://blog.clamav.net/2023/07/2023-08-16-releases.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
H1 2023 Bad Bots Review
Bot traffic for the first half of 2023 was fairly typical, some rapid change in a few industries notwithstanding. Learn who got hit hard and who got off easy.
https://www.f5.com/labs/articles/threat-intelligence/monthly-bot-stats-report-h1-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2023-20569 - RAS Poisoning - Inception
Publication Date: 2023/08/08 11:30AM PDT
AWS is aware of CVE-2023-20569, also known as “RAS Poisoning” or “Inception”. AWS customers' data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this class of issues. Amazon EC2 instances, including Lambda, Fargate, and other AWS-managed compute and container services, protect customer data against Inception through microcode and software-based mitigations.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2023-006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-40982 - Gather Data Sampling - Downfall
Publication Date: 2023/08/08 1:00 PM PDT
AWS is aware of CVE-2022-40982, also known as “Gather Data Sampling” (GDS) or “Downfall”. AWS customers' data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this class of issues. Amazon EC2 instances, including Lambda, Fargate, and other AWS-managed compute and container services protect customer data against GDS through microcode and software based mitigations.
Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.2.0 release candidate now available
We are excited to announce the ClamAV 1.2.0 release candidate.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.2.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase...
http://blog.clamav.net/2023/08/clamav-120-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Power Platform Custom Code information disclosure
A vulnerability in Power Platform could lead to unauthorized access to Custom
Code functions used for custom connectors, thereby allowing cross-tenant information
disclosure of secrets or other sensitive information if these were embedded in a
Custom Code function. The issue occurred as a result of insufficient access control
to Azure Function hosts, which are launched as part of the creation and operation of
custom connectors in Microsoft's Power Platform. An attacker who determined the
hostname of the Azure Function associated with the custom connector could interact
with the function without authentication. Microsoft fixed the issue by requiring Azure
Function keys for accessing the Function hosts and their HTTP trigger. An initial fix
was deployed (on June 7th, 2023), but customers using...
https://www.cloudvulndb.org/power-platform-info-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MTE As Implemented, Part 1: Implementation Testing
@import url(https://themes.googleusercontent.com/fonts/css?kit=cGvuclDC_Z1vE_cnVEU6AbvdjsQquauI-GoInd1DzsRjfxSl7duaBsON8MRB32eGNP6BCxV-AQSEvP01Vpd9xT0e5qzIIUg9OvSRGeMDk3I);.lst-kix_exl34y7adtul-6>li{counter-increment:lst-ctn-kix_exl34y7adtul-6}.lst-kix_s8b3u49h11dr-4>li:before{content:"- "}.lst-kix_s8b3u49h11dr-6>li:before{content:"- "}.lst-kix_w66ctsc8735u-5>li{counter-increment:lst-ctn-kix_w66ctsc8735u-5}.lst-kix_s8b3u49h11dr-3>li:before{content:"- "}.lst-kix_s8b3u49h11dr-7>li:before{content:"- "}.lst-kix_7336pfhg38rf-8>li{counter-increment:lst-ctn-kix_7336pfhg38rf-8}ol.lst-kix_w66ctsc8735u-1.start{counter-reset:lst-ctn-kix_w66ctsc8735u-1 0}.lst-kix_s8b3u49h11dr-5>li:before{content:"- "}ol.lst-kix_pmivlm2h8rwq-6.start{counter-reset:lst-ctn-kix_pmivlm2h8rwq-6 0}.lst-kix_cm1sbgja1sfy-8>li:before{content:"-...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MTE As Implemented, Part 3: The Kernel
@import url(https://themes.googleusercontent.com/fonts/css?kit=4mNYFHt_IKFsPe52toizH6nwuZUPj2AFYBEz-aMyENVctA_KpTDBIb9wIwVqFCm-);.lst-kix_46kwnuz47r-3>li{counter-increment:lst-ctn-kix_46kwnuz47r-3}ol.lst-kix_46kwnuz47r-1.start{counter-reset:lst-ctn-kix_46kwnuz47r-1 0}.lst-kix_8lngbvh6wilc-4>li{counter-increment:lst-ctn-kix_8lngbvh6wilc-4}ol.lst-kix_46kwnuz47r-0{list-style-type:none}ol.lst-kix_46kwnuz47r-2{list-style-type:none}.lst-kix_46kwnuz47r-2>li{counter-increment:lst-ctn-kix_46kwnuz47r-2}.lst-kix_8lngbvh6wilc-5>li{counter-increment:lst-ctn-kix_8lngbvh6wilc-5}ol.lst-kix_cp4qttrp12lb-6.start{counter-reset:lst-ctn-kix_cp4qttrp12lb-6 0}ol.lst-kix_46kwnuz47r-1{list-style-type:none}ol.lst-kix_46kwnuz47r-4{list-style-type:none}ol.lst-kix_46kwnuz47r-3{list-style-type:none}ol.lst-kix_8lngbvh6wilc-8.start{counter-reset:lst-ctn-kix_8lngbvh6wilc-8...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-3-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MTE As Implemented, Part 2: Mitigation Case Studies
@import url(https://themes.googleusercontent.com/fonts/css?kit=4mNYFHt_IKFsPe52toizH6nwuZUPj2AFYBEz-aMyENXbDjL3Cv1g7CpfdyRoONLEXShKQSnoFmUtAspFfwQKag);ol.lst-kix_46kwnuz47r-8.start{counter-reset:lst-ctn-kix_46kwnuz47r-8 0}.lst-kix_46kwnuz47r-3>li{counter-increment:lst-ctn-kix_46kwnuz47r-3}ol.lst-kix_46kwnuz47r-1.start{counter-reset:lst-ctn-kix_46kwnuz47r-1 0}.lst-kix_46kwnuz47r-8>li{counter-increment:lst-ctn-kix_46kwnuz47r-8}ol.lst-kix_46kwnuz47r-0{list-style-type:none}ol.lst-kix_46kwnuz47r-2{list-style-type:none}.lst-kix_46kwnuz47r-2>li{counter-increment:lst-ctn-kix_46kwnuz47r-2}ol.lst-kix_cp4qttrp12lb-6.start{counter-reset:lst-ctn-kix_cp4qttrp12lb-6 0}ol.lst-kix_46kwnuz47r-1{list-style-type:none}ol.lst-kix_46kwnuz47r-4{list-style-type:none}ol.lst-kix_46kwnuz47r-3{list-style-type:none}.lst-kix_cp4qttrp12lb-5>li{counter-increment:lst-ctn-kix_cp4qttrp12lb-5}ol.lst-kix_46kwnuz47r-6{list-style-type:none}.lst-kix_46kwnuz47r-5>li:before{content:"("...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-2-mitigation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Summary: MTE As Implemented
@import url(https://themes.googleusercontent.com/fonts/css?kit=DFQxm4rd7fRHgM9OTejWVT5Vho6BE7M80rHXEVKqXWdbV0WvE1cEyAoIq5yYZlSc);.lst-kix_exl34y7adtul-6>li{counter-increment:lst-ctn-kix_exl34y7adtul-6}.lst-kix_kzys3uxts4nk-6>li:before{content:"" counter(lst-ctn-kix_kzys3uxts4nk-6,decimal) ". "}.lst-kix_kzys3uxts4nk-8>li:before{content:"" counter(lst-ctn-kix_kzys3uxts4nk-8,lower-roman) ". "}.lst-kix_s8b3u49h11dr-4>li:before{content:"- "}.lst-kix_s8b3u49h11dr-6>li:before{content:"- "}.lst-kix_kzys3uxts4nk-7>li:before{content:"" counter(lst-ctn-kix_kzys3uxts4nk-7,lower-latin) ". "}.lst-kix_w66ctsc8735u-5>li{counter-increment:lst-ctn-kix_w66ctsc8735u-5}.lst-kix_s8b3u49h11dr-3>li:before{content:"- "}.lst-kix_s8b3u49h11dr-7>li:before{content:"- "}.lst-kix_7336pfhg38rf-8>li{counter-increment:lst-ctn-kix_7336pfhg38rf-8}ol.lst-kix_w66ctsc8735u-1.start{counter-reset:lst-ctn-kix_w66ctsc8735u-1...
https://googleprojectzero.blogspot.com/2023/08/summary-mte-as-implemented.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Recent Software-based Power Side-Channel Security Research
Publication Date: 2023/08/01 10:00AM PDT
AWS is aware of recently-published security research describing software-based power side-channel concerns, otherwise known as ”Collide+Power“. AWS customers' data and instances are not impacted by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against these types of concerns. Amazon EC2 instances, including Lambda, Fargate, and other AWS-managed compute and container services, do not expose power measurement mechanisms, such as Running Average Power Limit (RAPL) or similar interfaces, within the virtualized environment.
We would like to thank the Graz University of Technology and CISPA Helmholtz Center for Information Security for responsibly disclosing this issue and working...
https://aws.amazon.com/security/security-bulletins/AWS-2023-005/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bad.Build
An information disclosure vulnerability in the Google Cloud Build service could have
allowed an attacker to view sensitive logs if they had gained prior access to a GCP
environment and had permission to create a new Cloud Build instance (cloudbuild.builds.create)
or permission to directly impersonate the Cloud Build default service account (which is highly
privileged by design and therefore considered to be a known privilege escalation vector in GCP).
An attacker could then potentially use this information in order to better facilitate lateral movement,
privilege escalation or a supply chain attack by other means. This issue was due to excessive
permissions granted to the default service account created by Cloud Build, particularly access to
audit logs containing all project permissions (logging.privateLogEntries.list)....
https://www.cloudvulndb.org/badbuild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure Front Door client-side desync
A client-side desync vulnerability was discovered in Front Door, one of Azure's CDN solutions,
caused by mishandling of the 'Content-Length' header in HTTP requests. Exploiting this vulnerability
would most likely require user interaction through social engineering (such as clicking on a malicious
link), but could allow an attacker to steal session cookies or forge responses to victim requests.
https://www.cloudvulndb.org/azure-front-door-desync
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
nOAuth
Descope identified a possible misconfiguration in Azure AD which could lead to misuse of the "Log in with Microsoft"
authentication method on a web app. If an application relies on email attribute claims for authentication (which is
against best practice) and also merges user accounts without proper validation, an attacker could falsify an email
claim to gain full control over the target account. Descope and Microsoft Microsoft identified several popular multi-tenant
applications with users that used an email address with an unverified domain owner, which would therefore be vulnerable
to this type of takeover. Following disclosure, Microsoft deployed mitigations to omit token claims from unverified
domain owners for most applications.
https://www.cloudvulndb.org/noauth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why browser extension games need access to all websites
When installing browser extensions in Google Chrome, you are asked to confirm the extension's permissions. In theory, this is supposed to allow assessing the risk associated with an extension. In reality however, users typically lack the knowledge to properly interpret this prompt. For example, I've often seen users accusing extension developers of spying just because the prompt says they could.
On the other hand, people will often accept these cryptic prompts without thinking twice. They expect the browser vendors to keep them out of harm's way, trust that isn't always justified [1] [2] [3]. The most extreme scenario here is casual games not interacting with the web at all, yet requesting access to all websites. I found a number of extensions that will abuse this power to hijack...
https://palant.info/2023/06/14/why-browser-extension-games-need-access-to-all-websites/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XSS in Azure Bastion and Container Registry
Orca discovered vulnerabilities in Azure Bastion and Azure Container Registry
that could have enabled an attacker to achieve Cross-Site Scripting (XSS) by
using iframe postMessages. The vulnerabilities allowed embedding of endpoints
within remote attacker-controlled servers using the iframe tag, thereby granting
unauthorized access to the victim's session in the affected service if they
were tricked into navigating to an attacker-controlled website. The root cause
was that certain web pages in the Bastion and Container Registry customer-facing
portals allowed embedding of iframes in remote servers, meaning they were not
using mitigations such as the X-Frame-Options header or the frame-ancestors
directive in a Content Security Policy (CSP), which would have prevented these issues.
https://www.cloudvulndb.org/bastion-container-reg-xss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure App Services takeover via legacy API
Binary Security found two vulnerabilities in the legacy Azure Resource Manager (ARM) REST API.
The first vulnerability allowed an attacker with Reader access to an Azure Function, acting from
a Windows host, to get an admin token that could be exchanged for a master key granting access
to all operations in Kudu (the Functions deployment service). This would allow them to tamper
with the function by deploying malicious code to it. The other vulnerability allowed an attacker
with Reader access to an Azure App Service to read all process environment variables, including
Key Vault references. For Azure Functions, this would result in complete compromise of the app.
https://www.cloudvulndb.org/azure-mgmt-api-rce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shutting down old ClamAV Bugzilla
ClamAV will shut down the old ClamAV Bugzilla server in July. Users who have any outstanding Bugzilla reports should move them to GitHub Issues as soon as possible.We disabled new tickets in Bugzilla in December 2021 in favor of GitHub Issues for all new ClamAV bug reports and a new process for reporting vulnerabilities as defined by a new security policy. As it has now been 18 months since the switch to GitHub Issues, we have decided to shut down our old Bugzilla. We plan to take the Bugzilla server off the internet sometime after July 1 and keep it as an internal reference for our development team. It will no longer be accessible to the public.
http://blog.clamav.net/2023/06/shutting-down-old-clamav-bugzilla.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Another cluster of potentially malicious Chrome extensions
We've already seen Chrome extensions containing obfuscated malicious code. We've also seen PCVARK's malicious ad blockers. When looking for more PCVARK extensions, I stumbled upon an inconspicuous extension called “Translator - Select to Translate.” The only unusual thing about it were its reviews, lots of raving positive reviews mixed with usability complains. That, and the permissions: why does a translator extension need webRequest and webRequestBlocking permissions?
When I looked into this extension, I immediately discovered a strange code block. Supposedly, it was buggy locale processing. In reality, it turned out to be an obfuscated malicious logic meant to perform affiliate fraud.
That extension wasn't alone. I kept finding similar extensions until I had a list of 109 extensions,...
https://palant.info/2023/06/08/another-cluster-of-potentially-malicious-chrome-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Directory Service not checking iam:PassRole on EnableRoleAccess
AWS Directory Service didn't check the iam:PassRole permissions when using the
EnableRoleAccess action. This could have been used for privilege escalation by an
authenticated user with sufficient permissions (ds:EnableRoleAccess), if the
role had a trust policy that allowed use by Directory Service.
https://www.cloudvulndb.org/aws-directory-service-passrole
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing PCVARK and their malicious ad blockers
It isn't news that the overwhelming majority of ad blockers in Chrome Web Store is either outright malicious or waiting to accumulate users before turning malicious. So it wasn't a surprise that the very first ad blocker I chose semi-randomly (Adblock Web with 700,000 users) turned out malicious. Starting from it, I found another malicious extension (Ad-Blocker, 700,000 users) and two more that have been removed from Chrome Web Store a year ago (BitSafe Adblocker and Adblocker Unlimited).
All these ad blockers and probably some more were developed by the company PCVARK. According to Malwarebytes Labs, this company specializes in developing “potentially unwanted programs.” In other words: they show users warnings about alleged compromise, only to push them into installing their software....
https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How malicious extensions hide running arbitrary code
Two days ago I wrote about the malicious extensions I discovered in Chrome Web Store. At some point this article got noticed by Avast. Once their team confirmed my findings, Google finally reacted and started removing these extensions. Out of the 34 extensions I reported, only 8 extensions remain. These eight were all part of an update where I added 16 extensions to my list, an update that came too late for Avast to notice.
Note: Even for the removed extensions, it isn't “mission accomplished” yet. Yes, the extensions can no longer be installed. However, the existing installations remain. From what I can tell, Google didn't blocklist these extensions yet.
Avast ran their own search, and they found a bunch of extensions that I didn't see. So how come they missed eight extensions?...
https://palant.info/2023/06/02/how-malicious-extensions-hide-running-arbitrary-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More malicious extensions in Chrome Web Store
Two weeks ago I wrote about the PDF Toolbox extension containing obfuscated malicious code. Despite reporting the issue to Google via two different channels, the extension remains online. It even gained a considerable number of users after I published my article.
A reader tipped me off however that the Zoom Plus extension also makes a request to serasearchtop[.]com. I checked it out and found two other versions of the same malicious code. And I found more extensions in Chrome Web Store which are using it.
So now we are at 18 malicious extensions with a combined user count of 55 million. The most popular of these extensions are Autoskip for Youtube, Crystal Ad block and Brisk VPN: nine, six and five million users respectively.
Update (2023-06-01): With an increased sample I was able to find...
https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
padre – Padding Oracle Attack Exploiter Tool
padre is an advanced exploiter and Padding Oracle attack tool that can be deployed against CBC mode encryption.
https://www.darknet.org.uk/2023/05/padre-padding-oracle-attack-exploiter-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious code in PDF Toolbox extension
The PDF Toolbox extension for Google Chrome has more than 2 million users and an average rating of 4,2 in the Chrome Web Store. So I was rather surprised to discover obfuscated code in it that has apparently gone unnoticed for at least a year.
The code has been made to look like a legitimate extension API wrapper, merely with some convoluted logic on top. It takes a closer look to recognize unexpected functionality here, and quite some more effort to understand what it is doing.
This code allows serasearchtop[.]com website to inject arbitrary JavaScript code into all websites you visit. While it is impossible for me to tell what this is being used for, the most likely use is injecting ads. More nefarious uses are also possible however.
Update (2023-06-12): The complete list of extension IDs...
https://palant.info/2023/05/16/malicious-code-in-pdf-toolbox-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
End of life (EOL) policy change, 0.103 one year extension, 0.105 past end of life
End of life (EOL) policy change ClamAV is making a minor change to our EOL policy. The original EOL policy stated that Long Term Support (LTS) versions will lose access to signature updates on the same date that we end support for additional patch versions. We are changing the policy to allow signature updates for at least one year after we stop supporting the release with patch versions. 0.103 support extension We are also announcing a one-year extension of support for ClamAV 0.103 LTS. We decided to extend the life of the 0.103 LTS release because of the significant changes to the build system in 0.104 and the change in 0.105 requiring the Rust programming language toolchain to compile ClamAV. The one-year support extension does not apply to future LTS...
http://blog.clamav.net/2023/05/end-of-life-eol-policy-change-0103-one.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.1.0 released
The ClamAV 1.1.0 feature release is now stable and available for download on ClamAV.net or through Docker Hub. ClamAV 1.1.0 includes the following improvements and changes.Major changesAdded the ability to extract images embedded in HTML CSS <style> blocks.GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/813Updated to Sigtool so that the --vba option will extract VBA code from Microsoft Office documents the same way that libclamav extracts VBA. This resolves several issues where Sigtool could not extract VBA. Sigtool will also now display the normalized VBA code instead of the pre-normalized VBA code.GitHub pull request: https://github.com/Cisco-Talos/clamav/pull/852Added a new ClamScan and ClamD option: --fail-if-cvd-older-than=days....
http://blog.clamav.net/2023/05/clamav-110-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue With IAM Supporting Multiple MFA Devices
Initial Publication Date: 04/25/2023 10:00AM EST
A security researcher recently reported an issue with AWS's recently-released (November 16th, 2022) support for multiple multi-factor authentication (MFA) devices for IAM user principals. The reported issue could have potentially arisen only when the following three conditions were met: (1) An IAM user had possession of long-term access key (AK)/secret key (SK) credentials, (2) that IAM user had the privilege to add an MFA to their own identity without using an MFA, and (3) that IAM user's overall access privileges beyond console sign-in had been configured by an administrator to be greater after adding the MFA. Under those narrow conditions, possession of AK/SK alone was equivalent to possession of AK/SK and a previously configured MFA....
https://aws.amazon.com/security/security-bulletins/AWS-2023-001/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Release of a Technical Report into Intel Trust Domain Extensions
ol{margin:0;padding:0}table td,table th{padding:0}.RqhFbizZKN-c0{color:#000000;font-weight:400;text-decoration:none;vertical-align:baseline;font-size:11pt;font-family:"Arial";font-style:normal}.RqhFbizZKN-c2{padding-top:0pt;padding-bottom:0pt;line-height:1.5;orphans:2;widows:2;text-align:left}.RqhFbizZKN-c4{text-decoration-skip-ink:none;-webkit-text-decoration-skip:none;color:#1155cc;text-decoration:underline}.RqhFbizZKN-c1{padding-top:0pt;padding-bottom:0pt;line-height:1.0;text-align:left}.RqhFbizZKN-c7{background-color:#ffffff;max-width:468pt;padding:72pt 72pt 72pt 72pt}.RqhFbizZKN-c5{color:inherit;text-decoration:inherit}.RqhFbizZKN-c3{border:1px solid black;margin:5px}.RqhFbizZKN-c6{height:11pt}.title{padding-top:0pt;color:#000000;font-size:26pt;padding-bottom:3pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}.subtitle{padding-top:0pt;color:#666666;font-size:15pt;padding-bottom:16pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}li{color:#000000;font-size:11pt;font-family:"Arial"}p{margin:0;color:#000000;font-size:11pt;font-family:"Arial"}h1{padding-top:20pt;color:#000000;font-size:20pt;padding-bottom:6pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h2{padding-top:18pt;color:#000000;font-size:16pt;padding-bottom:6pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h3{padding-top:16pt;color:#434343;font-size:14pt;padding-bottom:4pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h4{padding-top:14pt;color:#666666;font-size:12pt;padding-bottom:4pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h5{padding-top:12pt;color:#666666;font-size:11pt;padding-bottom:4pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h6{padding-top:12pt;color:#666666;font-size:11pt;padding-bottom:4pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;font-style:italic;orphans:2;widows:2;text-align:left}
...
https://googleprojectzero.blogspot.com/2023/04/technical-report-into-intel-tdx.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy Implications of Web 3.0 and Darknets
The evolution of the internet has been rapid over the years and has impacted the privacy implications of Web 3.0 and Darknets
https://www.darknet.org.uk/2023/03/privacy-implications-of-web-3-0-and-darknets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DataSurgeon – Extract Sensitive Information (PII) From Logs
DataSurgeon (ds) is a versatile tool designed to Extract Sensitive Information (PII) From Logs, it's intended to be used for incident response, penetration testing, and CTF challenges.
https://www.darknet.org.uk/2023/03/datasurgeon-extract-sensitive-information-pii-from-logs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems
.lst-kix_iavizzpdbbty-5>li{counter-increment:lst-ctn-kix_iavizzpdbbty-5}ol.lst-kix_iavizzpdbbty-0{list-style-type:none}ol.lst-kix_iavizzpdbbty-4.start{counter-reset:lst-ctn-kix_iavizzpdbbty-4 0}ol.lst-kix_iavizzpdbbty-2{list-style-type:none}ol.lst-kix_iavizzpdbbty-1{list-style-type:none}ol.lst-kix_iavizzpdbbty-0.start{counter-reset:lst-ctn-kix_iavizzpdbbty-0 0}.lst-kix_pidqkndckybh-1>li:before{content:"25cb "}.lst-kix_pidqkndckybh-2>li:before{content:"25a0 "}ol.lst-kix_iavizzpdbbty-7.start{counter-reset:lst-ctn-kix_iavizzpdbbty-7 0}.lst-kix_tkumn87s07hu-6>li:before{content:"25cf "}.lst-kix_pidqkndckybh-0>li:before{content:"25cf "}.lst-kix_tkumn87s07hu-5>li:before{content:"25a0 "}.lst-kix_tkumn87s07hu-4>li:before{content:"25cb "}.lst-kix_tkumn87s07hu-3>li:before{content:"25cf...
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap
Pwnagotchi is an A2C-based "AI" leveraging bettercap that learns from its surrounding WiFi environment to maximize crackable WPA key material it captures
https://www.darknet.org.uk/2023/02/pwnagotchi-maximize-crackable-wpa-key-material-for-bettercap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploiting null-dereferences in the Linux kernel
@import url('https://themes.googleusercontent.com/fonts/css?kit=lhDjYqiy3mZ0x6ROQEUoUw');ol.lst-kix_3558t16xb2i9-3.start{counter-reset:lst-ctn-kix_3558t16xb2i9-3 0}.lst-kix_dt3x5t4funnl-8>li:before{content:"" counter(lst-ctn-kix_dt3x5t4funnl-8,lower-roman) ". "}ol.lst-kix_ehkygwr8rii2-3.start{counter-reset:lst-ctn-kix_ehkygwr8rii2-3 0}ol.lst-kix_dt3x5t4funnl-6.start{counter-reset:lst-ctn-kix_dt3x5t4funnl-6 0}.lst-kix_3558t16xb2i9-5>li{counter-increment:lst-ctn-kix_3558t16xb2i9-5}.lst-kix_dt3x5t4funnl-7>li:before{content:"" counter(lst-ctn-kix_dt3x5t4funnl-7,lower-latin) ". "}.lst-kix_dt3x5t4funnl-1>li{counter-increment:lst-ctn-kix_dt3x5t4funnl-1}.lst-kix_dt3x5t4funnl-2>li:before{content:"" counter(lst-ctn-kix_dt3x5t4funnl-2,lower-roman) ". "}.lst-kix_ehkygwr8rii2-5>li{counter-increment:lst-ctn-kix_ehkygwr8rii2-5}.lst-kix_dt3x5t4funnl-1>li:before{content:""...
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons Learned from Cybersecurity Mentoring
I suppose one could say that I’ve been doing this far too long, and I’ve gained some knowledge about how the cybersecurity industry works, and how people succeed or fail at the field. To give back to newcomers, I recently opened up a Calendly to do ad hoc career mentoring, in addition to the career… Read More Lessons Learned from Cybersecurity Mentoring
https://tisiphone.net/2023/01/03/lessons-learned-from-cybersecurity-mentoring/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HardCIDR – Network CIDR and Range Discovery Tool
HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test.
https://www.darknet.org.uk/2022/12/hardcidr-network-cidr-and-range-discovery-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Career Counseling Office Hours!
I now have some limited appointments for career counseling and resume discussion open for sign-ups. These sessions are free for college students and current enlisted military, and tip-what-you can for everyone else, if you feel my help was meaningful. You can sign up here: https://calendly.com/lesleycarhart Keep in mind that I can only review North American… Read More Career Counseling Office Hours!
https://tisiphone.net/2022/12/05/career-counseling-office-hours/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I've Moved to Mastodon!
Hi friends! I hope you’re having a wonderful Thanksgiving weekend (for the US folks), or a nice weekend regardless of location. I just wanted to drop a quick note to let you all know that from now on the best way to follow my daily social media posts, which include Q&As, cybersecurity news, and news… Read More I’ve Moved to Mastodon!
https://tisiphone.net/2022/11/26/ive-moved-to-mastodon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast: Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Lesley Carhart | Episode 28
Via: https://www.itspmagazine.com/securing-bridges-podcast
https://tisiphone.net/2022/11/13/podcast-securing-bridges-a-live-stream-podcast-with-alyssa-miller-guest-lesley-carhart-episode-28/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infosec Mastodon Lists!
Hi pals! I hear you like lists as folks migrate over to Mastodon. Here are some I will keep relatively updated you may find useful, just to track people down! If you want me to remove you for some reason, contact me by DM or email. You can import these lists in your Mastodon preferences… Read More Infosec Mastodon Lists!
https://tisiphone.net/2022/11/10/infosec-mastodon-lists/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretech.com/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
(Podcast) ITSP – Martial Arts, Marksmanship, And ICS Cyber Incident Response | A Conversation With Lesley Carhart
https://itspmagazinepodcast.com/episodes/martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart-cy-beat-podcast-with-deb-radcliff-2dWkd8yh
https://tisiphone.net/2022/10/10/podcast-itsp-martial-arts-marksmanship-and-ics-cyber-incident-response-a-conversation-with-lesley-carhart/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ASIS Article – Preparing for OT Incident Response
https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2022/october/Your-Cyber-Response-Plan-Needs-These-6-Components/ Cybersecurity incidents are no longer a matter of if, but when. Building a good strategy and architecture to deter intrusions is incredibly important in reducing the frequency and severity of incidents, but there is no scenario where any organization is totally immune. That means that every organization must have a plan for what they… Read More ASIS Article – Preparing for OT Incident Response
https://tisiphone.net/2022/10/10/asis-article-preparing-for-ot-incident-response/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Introduction to Use-After-Free Vulnerabilities | UserAfterFree Challenge Walkthrough (Part: 1)
https://malwaretech.com/2022/05/video-introduction-to-use-after-free-vulnerabilities-userafterfree-challenge-walkthrough-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Other similar tools check username availability by requesting the profile page of the username in question and based on […]
https://www.darknet.org.uk/2022/04/socialscan-command-line-tool-to-check-for-email-and-social-media-username-usage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis
https://malwaretech.com/2022/04/video-exploiting-windows-rpc-cve-2022-26809-explained-patch-analysis.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts. You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks […]
https://www.darknet.org.uk/2022/01/cfripper-cloudformation-security-scanning-audit-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently. At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning […]
https://www.darknet.org.uk/2022/01/credninja-test-credential-validity-of-dumped-credentials-or-hashes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An in-depth look at hacking back, active defense, and cyber letters of marque
https://malwaretech.com/2021/11/an-in-depth-look-at-hacking-back-active-defense-and-cyber-letters-of-marque.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ask Lesley: How Much Should SOC Work Suck?
“Dear Lesley, I’ve been in a MSSP Security Operations Center (SOC) for a few months as my first cybersecurity job. The work is monotonous, I have access to only a few SIEM tools, and most of what I do is handle repetitive tickets for a ton of customers all by myself on awkward shifts. I… Read More Ask Lesley: How Much Should SOC Work Suck?
https://tisiphone.net/2021/09/22/ask-lesley-how-much-should-soc-work-suck/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable IR Team Expectations
With the surplus of ransomware attacks consistently increasing, I have unfortunately witnessed another increase – in shoddy and predatory cybersecurity incident response firms with good SEO taking advantage of victims. In some cases this may be opportunistic, and in others simply a side effect of the shortage of senior and principal level incident responders in… Read More Reasonable IR Team Expectations
https://tisiphone.net/2021/05/11/reasonable-ir-team-expectations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ask Lesley: From Ops to DFIR, a Tough Transition
Lesley, I am having the hardest time getting my foot in the door in an investigative role. I have spent almost 4 years at the same job, in the same role, and cannot find a way to transition out of the operations side of the house. I went into operations with the intent of doing… Read More Ask Lesley: From Ops to DFIR, a Tough Transition
https://tisiphone.net/2021/03/19/ask-lesley-from-ops-to-dfir-a-tough-transition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Best Hacking Books 2018
One of the most popular and most asked questions since I’ve started this blog is if I can recommend some good hacking books to read for beginners and more experienced hackers and penetration testers. In this article I want to highlight some hacking books and InfoSec books that I personally liked that cover subjects such as ethical hacking, [...]
The post The Best Hacking Books 2018 appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/infosec-books/the-best-hacking-books-2018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)