L'Actu de la presse spécialisée

CSA Updates Cloud Security Certificate, Training
Latest version of CSA's Cloud Security Knowledge Certificate provides a comprehensive catalog of the essential skills cybersecurity professionals need to master.
https://www.darkreading.com/cybersecurity-careers/csa-updates-cloud-security-certificate-training
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

China's APT41 Targets Global Logistics, Utilities Companies
According to Mandiant, among the many cyber espionage tools the threat actor is using is a sophisticated new dropper called DustTrap.
https://www.darkreading.com/threat-intelligence/china-apt41-targets-global-logistics-utilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

In Cybersecurity, Mitigating Human Risk Goes Far Beyond Training
As threat actors get smarter about how they target employees, the onus is on organizations to create a strong line of defense — and the human element is a critical component.
https://www.darkreading.com/cyber-risk/in-cybersecurity-mitigating-human-risk-goes-far-beyond-training
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Guardians of the Grid: Cyber-Secure Microgrids and the Future of Energy Resilience
The Crucial Role of Cyber-Resilient Microgrids The vulnerability of major metropolitan power grids to natural disasters has become a pressing concern, but mother nature isn't the only thing threatening our... The post Guardians of the Grid: Cyber-Secure Microgrids and the Future of Energy Resilience appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/guardians-of-the-grid-cyber-secure-microgrids-and-the-future-of-energy-resilience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Boardroom Executives Are Taking Cyberattacks As Seriously As Heart Attacks
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Newsday  Sausalito, Calif. – Jul. 19, 2024 Newsday reports that in the first half of 2024 one billion individuals had their data exposed in multiple incidents due to third-party The post Boardroom Executives Are Taking Cyberattacks As Seriously As Heart Attacks appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/boardroom-executives-are-taking-cyberattacks-as-seriously-as-heart-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ransomware Has Outsized Impact on Gas, Energy & Utility Firms
Attackers are more likely to target critical infrastructure industries and, when they do, they cause more disruption and ask higher ransoms, with the median payment topping .5 million.
https://www.darkreading.com/cyber-risk/ransomware-has-outsized-impact-on-gas-energy-and-utility-firms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beware of Free VPNs that Install Malicious Botnets
Virtual Private Networks (VPNs) have become essential tools for internet users. However, the allure of free VPN services can sometimes lead to unexpected and dangerous consequences. This article delves into the hidden risks of free VPNs, highlighting a significant incident involving the 911 S5 botnet and other malicious activities. The saying “There’s no such thing […] The post Beware of Free VPNs that Install Malicious Botnets appeared first on Cyber Security News.
https://cybersecuritynews.com/beware-of-free-vpns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide
Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement. "Mac and Linux hosts are not impacted. This is
https://thehackernews.com/2024/07/faulty-crowdstrike-update-crashes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Two Russian Nationals Plead Guilty in LockBit Ransomware Attacks
Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario. Astamirov was arrested in Arizona by U.S. law
https://thehackernews.com/2024/07/two-russian-nationals-plead-guilty-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CrowdStrike update crashes Windows systems, causes outages worldwide
A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. [...]
https://www.bleepingcomputer.com/news/security/crowdstrike-update-crashes-windows-systems-causes-outages-worldwide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russians plead guilty to involvement in LockBit ransomware attacks
Two Russian individuals admitted to participating in many LockBit ransomware attacks, which targeted victims worldwide and across the United States. [...]
https://www.bleepingcomputer.com/news/security/russians-plead-guilty-to-involvement-in-lockbit-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Safeguard Personal and Corporate Identities with Identity Intelligence
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill's threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In the current cyber threat landscape, the protection of personal and corporate identities has become vital.
https://thehackernews.com/2024/07/safeguard-personal-and-corporate.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6896-4: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042) Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-22099) Gui-Dong Han discovered that the software RAID driver in the...
https://ubuntu.com/security/notices/USN-6896-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Major Microsoft 365 outage caused by Azure configuration change
Microsoft says an Azure configuration change caused a major Microsoft 365 outage on Thursday, affecting customers across the Central US region. [...]
https://www.bleepingcomputer.com/news/microsoft/major-microsoft-365-outage-caused-by-azure-configuration-change/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ubuntu 6898-3: Linux kernel kernel Security Advisory Updates
Several security issues were fixed in the Linux kernel.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-6898-3-linux-kernel-kernel-security-advisory-updates-u1mxngx6x8zl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HPE Critical 3PAR Processor Flaw Let Remote Attackers Bypass Authentication
Hewlett Packard Enterprise (HPE) has addressed a critical vulnerability in its 3PAR Service Processor software that could have far-reaching implications for organizations relying on HPE 3PAR StoreServ Storage systems. The flaw, identified as CVE-2024-22442, allows remote attackers to bypass authentication mechanisms, potentially allowing unauthorized access to sensitive data and control over storage systems. CVE-2024-22442: A […] The post HPE Critical 3PAR Processor Flaw Let Remote Attackers Bypass Authentication appeared first on Cyber Security News.
https://cybersecuritynews.com/hpe-critical-3par-processor-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6898-3: Linux kernel kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Bai Jiaju...
https://ubuntu.com/security/notices/USN-6898-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware
A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own supporting infrastructure, Recorded Future's Insikt Group said. Targets of the ongoing campaign
https://thehackernews.com/2024/07/pro-houthi-group-targets-yemen-aid.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ubuntu 6895-3: Linux kernel Security Advisory Updates
Several security issues were fixed in the Linux kernel.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-6895-3-linux-kernel-security-advisory-updates-5bhvuycoyhe0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6895-3: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. (CVE-2024-0841) It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Gui-Dong Han discovered that the software RAID driver in the Linux...
https://ubuntu.com/security/notices/USN-6895-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users
Cisco has addressed a critical vulnerability that could allow attackers to add new root users to Security Email Gateway (SEG) appliances. Cisco fixed a critical vulnerability, tracked as CVE-2024-20401 (CVSS score 9.8), that could allow unauthenticated, remote attackers to add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances. The flaw […]
https://securityaffairs.com/165905/security/cisco-fixed-a-critical-flaw-in-security-email-gateway-that-could-allow-attackers-to-add-root-users.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Chrome Security Update: Patch for Multiple Flaws that Leads to Remote Code Execution
Google has announced the release of Chrome 126, a critical security update that addresses 10 vulnerabilities, including 8 high-severity flaws reported by external researchers. This update is now rolling out for Windows, macOS, and Linux users, with version numbers 126.0.6478.182/183 for Windows and macOS and 126.0.6478.182 for Linux. Protect Your Business Emails From Spoofing, Phishing […] The post Chrome Security Update: Patch for Multiple Flaws that Leads to Remote Code Execution appeared first on Cyber Security News.
https://cybersecuritynews.com/chrome-security-multiple-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.
Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group. "APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims' networks since
https://thehackernews.com/2024/07/apt41-infiltrates-networks-in-italy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Summary of "AI Leaders Spill Their Secrets" Webinar
Event Overview The "AI Leaders Spill Their Secrets" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and Stephen Hillian from Astronomer, moderated by Zalak Trivedi, Sigma Computing's Product Manager. Key Speakers and Their
https://thehackernews.com/2024/07/summary-of-ai-leaders-spill-their.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software
SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 13 vulnerabilities, eight are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining five weaknesses have been rated High in severity, with four of them having a CVSS
https://thehackernews.com/2024/07/solarwinds-patches-11-critical-flaws-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CrowdStrike Update Pushing Windows Machines Into a BSOD Loop
A recent update to the CrowdStrike Falcon sensor is causing major issues for Windows users worldwide. This update is leading to blue screen of death (BSOD) loops and making systems inoperable. The issue, which began on July 19, 2024, affects Windows 10 and 11 systems running CrowdStrike’s endpoint security software. Users report experiencing repeated BSODs […] The post CrowdStrike Update Pushing Windows Machines Into a BSOD Loop appeared first on Cyber Security News.
https://cybersecuritynews.com/crowdstrike-update-bsod-loop/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Oracle WebLogic Server Vulnerability Allows Complete Server Take Over
A critical vulnerability identified as CVE-2024-21181 has been discovered in the Oracle WebLogic Server, posing a significant risk to affected systems. This vulnerability, disclosed on July 17, 2024, allows unauthenticated attackers with network access via T3 and IIOP protocols to gain complete control over the server. Vulnerability Details The vulnerability is classified as easily exploitable, […] The post Oracle WebLogic Server Vulnerability Allows Complete Server Take Over appeared first on Cyber Security News.
https://cybersecuritynews.com/oracle-weblogic-server-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Indian Crypto Platform Wazirx Hacked: 0 Million Funds Stolen
 Indian cryptocurrency exchange WazirX announced that it has fallen victim to a sophisticated cyber attack, resulting in the theft of over 0 million from one of its multisig wallets on the X platform. The breach has sent shockwaves through the crypto community, raising significant concerns about the security of digital asset platforms. Incident Overview WazirX, […] The post Indian Crypto Platform Wazirx Hacked: 0 Million Funds Stolen appeared first on Cyber Security News.
https://cybersecuritynews.com/indian-crypto-platform-wazirx-hacked/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WazirX Cryptocurrency Exchange Loses 0 Million in Major Security Breach
Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of 0 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding 0 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and
https://thehackernews.com/2024/07/wazirx-cryptocurrency-exchange-loses.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 39: dotnet6.0 2024-523badd730 Security Advisory Updates
This is the July 2024 security update for .NET 6. Release Notes SDK: https://github.com/dotnet/core/blob/main/release- notes/6.0/6.0.32/6.0.132.md Runtime: https://github.com/dotnet/core/blob/main/release-
https://linuxsecurity.com/advisories/fedora/fedora-39-dotnet6-0-2024-523badd730-security-advisory-updates-ov2fadwq2pkm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 39: python-django4.2 2024-a7eef0ca7b Security Advisory Updates
Security fixes for https://nvd.nist.gov/vuln/detail/CVE-2024-38875 https://nvd.nist.gov/vuln/detail/CVE-2024-39329 https://nvd.nist.gov/vuln/detail/CVE-2024-3930 https://nvd.nist.gov/vuln/detail/CVE-2024-39614
https://linuxsecurity.com/advisories/fedora/fedora-39-python-django4-2-2024-a7eef0ca7b-security-advisory-updates-g9aloy0q2mcu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 39: rapidjson 2024-a3c1b2629e Security Advisory Updates
Fix for CVE-2024-38517.
https://linuxsecurity.com/advisories/fedora/fedora-39-rapidjson-2024-a3c1b2629e-security-advisory-updates-vegfj1wkuzth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fedora 39: python-django 2024-82547e3e16 Security Advisory Updates
Security fixes for https://nvd.nist.gov/vuln/detail/CVE-2024-38875 https://nvd.nist.gov/vuln/detail/CVE-2024-39329 https://nvd.nist.gov/vuln/detail/CVE-2024-3930 https://nvd.nist.gov/vuln/detail/CVE-2024-39614
https://linuxsecurity.com/advisories/fedora/fedora-39-python-django-2024-82547e3e16-security-advisory-updates-tvpmuqrvfbht
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Creating High-Performing CTA's: The Ultimate Guide
Your CTA is crucial, second only to your headline. Imagine unlocking higher conversions with just a tweak. Investing time in crafting compelling CTAs can significantly boost your success. This guide reveals the secrets to transforming your CTA from overlooked to irresistible. You'll discover how to make CTAs more clickable, avoid hidden pitfalls, and use powerful triggers to ease click anxiety. Dive in to learn about contrasting colors, perfect sizing, clear benefits, trust badges, actionable language, friction reduction, and visual storytelling. Plus, grab a free downloadable checklist to ensure your CTAs always hit the mark.
https://hackernoon.com/creating-high-performing-ctas-the-ultimate-guide?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing the Paris Olympics: Balancing AI Innovations & Heightened Cyber Threats
Cyberattacks targeting the Olympics are not new, but their frequency and sophistication have increased over the years. Large events like the Olympics have always been prime targets for cybersecurity attacks due to their large audience, complex infrastructure, and data-rich environment. The International Olympic Committee should take a cue from businesses and leverage AI to protect against cyber threats.
https://hackernoon.com/securing-the-paris-olympics-balancing-ai-innovations-and-heightened-cyber-threats?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Safety and Alignment: Could LLMs Be Penalized for Deepfakes and Misinformation?
A research area for AI safety and alignment could be to seek out how some memory or compute access of large language models [LLMs] might be briefly truncated, as a form of penalty for certain outputs or misuses, including biological threats. AI should not just be able to refuse an output, acting within guardrail, but slow the next response or shut down for that user, so that it is not penalized itself. LLMs have—large—language awareness and usage awareness, these could be channels to make it know, after pre-training that it could lose something, if it outputs deepfakes, misinformation, biological threats, or if it continues to allow a misuser try different prompts without shutting down or slowing against openness to a malicious intent. This could make it safer, since it would lose something...
https://hackernoon.com/ai-safety-and-alignment-could-llms-be-penalized-for-deepfakes-and-misinformation?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

UK Labour Party Commits to Digital Pound While Considering Crypto
Britain's Labour Party places Keir Starmer in a unique opportunity to reshape the UK's financial landscape. The Labour Party has already made, as part of its manifesto, a commitment to expand the use of AI in financial services. In February 2023, the UK Treasury and the Bank of England already announced that state-backed digital pound would likely be introduced later this decade.
https://hackernoon.com/uk-labour-party-commits-to-digital-pound-while-considering-crypto?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la presse

'This is not cyber attack' | 'It appears to be some routine maintenance that has gone ... - Facebook
'This is not cyber attack'. 'It appears to be some routine maintenance that has gone badly wrong.' Sky's science and technology editor Tom Clarke has ...
https://www.facebook.com/skynews/videos/this-is-not-cyber-attack/1129064784837500/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

7NEWS Melbourne on X: "BREAKING: The catastrophic software failure taking systems down right ...
BREAKING: The catastrophic software failure taking systems down right across the globe is not a cyber-attack, according to the Department of Home ...
https://twitter.com/7NewsMelbourne/status/1814189315590898026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GP appointment booking system down after global tech outage, NHS confirms - The Telegraph
NHS cyber attack fallout. The global problems caused Windows systems to shut down. Cyber security engineers examining problems in other sectors ...
https://www.telegraph.co.uk/news/2024/07/19/gp-appointment-booking-system-down-global-tech-outage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Blue Screen of Death: Global outage that led to Windows 10 crash explained
The National Cyber Security Coordinator of Australia, Michelle McGuinness, has ruled out the possibility of a cyber-attack behind the crash. “I am ...
https://www.business-standard.com/industry/news/decoded-windows-10-crash-what-s-blue-screen-of-death-ways-to-resolve-124071900491_1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Update on cyber incident: Clinical impact in south east London – Friday 19 July
NHS England London has released the latest data update on the clinical impact of the ransomware cyber attack against pathology services provider ...
https://www.england.nhs.uk/london/2024/07/19/update-on-cyber-incident-clinical-impact-in-south-east-london-friday-19-july/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Get used to it: Albanese says massive cyber attack affecting 13 million 'won't be the last time'
A cyber attack that led to the theft of personal data relating to almost half of all Australians will not be the last incident of its kind, ...
https://www.inqld.com.au/news/2024/07/19/albanese-says-massive-cyber-theft-that-affects-13-million-people-wont-be-the-last-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Medisecure reveals 12.9 million Australians are exposed by ransomware attack | 7NEWS
4:27 · Go to channel · MediSecure reveals 12.9 million Australians involved in cyber attack | ABC News. ABC News (Australia) New 8.2K views · 16:25.
https://www.youtube.com/watch%3Fv%3DHrudtNzFsKE
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cryptocurrency firm WazirX suffered a major security breach. How did it happen?
“A cyber attack occurred in one of our multisig wallets involving a loss of funds exceeding 0 million. This wallet was operated utilising the ...
https://indianexpress.com/article/explained/explained-economics/crypto-wazirx-security-breach-cyberattack-9463004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Global IT outage live: Australia banks, supermarkets and media outlets hit by CrowdStrike ...
But as we said earlier, they don't believe the outage is linked to a "cyber security incident", which we understand to mean a cyber attack.
https://www.abc.net.au/news/2024-07-19/global-it-outage-crowdstrike-microsoft-banks-airlines-australia/104119960
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Australians affected by MediSecure hack may never know their personal details have been ...
... 10 Dec 2022. I am a Medibank customer. Am I affected by the cyber-attack? What can I do to protect myself? 10 Nov 2022. More from Headlines ...
https://www.theguardian.com/technology/article/2024/jul/19/australia-medisecure-hack-details-leaked-passwords-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kieran Maguire on X: "Liverpool suspend ticket sales after cyber attack https://t.co/DLszYH1xQZ" / X
Liverpool suspend ticket sales after cyber attack https://t.co/DLszYH1xQZ.
https://twitter.com/KieranMaguire/status/1814183685337305146
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Australia warned to wise up as cyber attacks continue | The Canberra Times
Anthony Albanese said the cyber attack on ...
https://www.canberratimes.com.au/story/8701041/australia-warned-to-wise-up-as-cyber-attacks-continue/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu de la veille (Presse spécialisée)

Warning Against the Distribution of Malware Disguised as Software Cracks (Disrupts V3 Lite Installation)
AhnLab SEcurity intelligence Center (ASEC) has previously introduced the dangers of malware disguised as crack programs through a post titled  “Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)”. [1] Malware strains disguised as crack programs are primarily distributed through file-sharing platforms, blogs, and torrents, leading to the infection of multiple systems. These infected systems are continually managed by threat actors through periodic updates. In this case, it was confirmed that the threat actor installed different... The post Warning Against the Distribution of Malware Disguised as Software Cracks (Disrupts V3 Lite Installation) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/68011/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Real or not real? Social Media, Parasocial Relationships, and Internet Influencers
My parasocial relationships with 2010s internet influencers began when social media platforms were new. These influencers felt like friends, sharing relatable content and personal stories. Their seemingly perfect lives influenced my purchasing decisions and emotional investments. However, unexpected events, like breakups, revealed the hidden, flawed sides of their lives, leaving me feeling betrayed. This essay explores the dynamics of parasocial relationships, the power imbalance, and the challenges faced by influencers and their audiences in navigating these one-sided connections.
https://hackernoon.com/real-or-not-real-social-media-parasocial-relationships-and-internet-influencers?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA Publishes Resiliency Playbook for Critical Infrastructure
The manual provides guidance on how to improve the resiliency of critical infrastructure.
https://www.darkreading.com/cyber-risk/cisa-publishes-resiliency-playbook-for-critical-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiMail - SMTP Smuggling
Fortinet is aware of the new SMTP smuggling technique.By exploiting interpretation differences of the SMTP protocol for the end of data sequence, it is possible to send spoofed e-mails, while still passing SPF alignment checks.FortiMail may be susceptible to smuggling attacks if some measures are not put in place. We therefore recommend to adhere to the following indications in order to mitigate the potential risk associated to the smuggling attacks:- Enable DKIM (Domain Keys Identified Mail) to enhance e-mail authentication. Select "None" action under DKIM check in AntiSpam profile in order to block by default e-mail without DKIM signature.- Disable "any-any" traffic policy to restrict unauthorized access.- Modify the configuration settings in line with the recommended security practices...
https://fortiguard.fortinet.com/psirt/FG-IR-24-009
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sizable Chunk of SEC Charges Against SolarWinds Tossed Out of Court
Judge dismisses claims against SolarWinds for actions taken after its systems had been breached, but allows the case to proceed for alleged misstatements prior to the incident.
https://www.darkreading.com/application-security/solarwinds-charges-tossed-out-of-court-in-legal-victory-against-sec
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Revolver Rabbit gang registers 500,000 domains for malware campaigns
A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. [...]
https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

US Data Breach Victim Numbers Increase by 1,000%, Literally
Though the number of victims has risen, the actual number of breaches has gone down, as fewer, bigger breaches affect more individuals.
https://www.darkreading.com/cyberattacks-data-breaches/us-data-breach-victim-numbers-increase-1000
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NeRF Editing and Inpainting Techniques: Experiments and Qualitative results
This paper proposes Inpaint4DNeRF to capitalize on state-of-the-art stable diffusion models for direct generation of the underlying completed background content
https://hackernoon.com/nerf-editing-and-inpainting-techniques-experiments-and-qualitative-results?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NeRF Editing and Inpainting Techniques: Abstract and Introduction
This paper proposes Inpaint4DNeRF to capitalize on state-of-the-art stable diffusion models for direct generation of the underlying completed background content
https://hackernoon.com/nerf-editing-and-inpainting-techniques-abstract-and-introduction?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NeRF Editing and Inpainting Techniques: Progressive Training
This paper proposes Inpaint4DNeRF to capitalize on state-of-the-art stable diffusion models for direct generation of the underlying completed background content
https://hackernoon.com/nerf-editing-and-inpainting-techniques-progressive-training?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NeRF Editing and Inpainting Techniques: Training View Pre-processing
This paper proposes Inpaint4DNeRF to capitalize on state-of-the-art stable diffusion models for direct generation of the underlying completed background content
https://hackernoon.com/nerf-editing-and-inpainting-techniques-training-view-pre-processing?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NeRF Editing and Inpainting Techniques: Conclusion and References
This paper proposes Inpaint4DNeRF to capitalize on state-of-the-art stable diffusion models for direct generation of the underlying completed background content
https://hackernoon.com/nerf-editing-and-inpainting-techniques-conclusion-and-references?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NeRF Editing and Inpainting Techniques: Ablation and comparison
This paper proposes Inpaint4DNeRF to capitalize on state-of-the-art stable diffusion models for direct generation of the underlying completed background content
https://hackernoon.com/nerf-editing-and-inpainting-techniques-ablation-and-comparison?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NeRF Editing and Inpainting Techniques: Method
This paper proposes Inpaint4DNeRF to capitalize on state-of-the-art stable diffusion models for direct generation of the underlying completed background content
https://hackernoon.com/nerf-editing-and-inpainting-techniques-method?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

High-Severity Cisco Bug Grants Attackers Password Access
The vulnerability was given the highest CVSS score possible, though few details have been released due to its severity.
https://www.darkreading.com/vulnerabilities-threats/high-severity-cisco-bug-grants-attackers-password-access
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unidentified Attacker “Revolver Rabbit” Uses RDGA to Register 500,000 Domains
Although not new, Registered Domain Generation Algorithms (RDGAs) have become a major cybersecurity threat, exploited by threat actors…
https://hackread.com/threat-actor-revolver-rabbit-rdga-register-domains/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

20 Million Trusted Domains Vulnerable to Email Hosting Exploits
Three newly discovered SMTP smuggling attack techniques can exploit misconfigurations and design decisions made by at least 50 email-hosting providers.
https://www.darkreading.com/threat-intelligence/20-million-trusted-domains-vulnerable-to-email-hosting-exploits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges
An official stamp of approval might give the impression that a purported "HotPage" adtech tool is not, in fact, a dangerous kernel-level malware — but that's just subterfuge.
https://www.darkreading.com/threat-intelligence/microsoft-signed-chinese-adware-opens-the-door-to-kernel-privileges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unveiling Key Insights from the 2024 Take Command Summit
The 2024 Take Command Summit, held virtually in partnership with AWS, united over 2,000 security professionals to delve into critical cybersecurity issues.
https://blog.rapid7.com/2024/07/18/unveiling-key-insights-from-the-2024-take-command-summit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Novel Chinese Browser Injector Lets Hackers Intercept Web Traffic
Hackers exploit browser injectors to manipulate web content, steal sensitive information, and hijack user sessions. By injecting malicious code into a user’s browser, they can facilitate a multitude of illicit activities. In addition, they will do so by leveraging the user’s trust in their browser. Cybersecurity researchers at ESET recently identified a novel Chinese browser […] The post Novel Chinese Browser Injector Lets Hackers Intercept Web Traffic appeared first on Cyber Security News.
https://cybersecuritynews.com/novel-chinese-browser-injector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NHL Attacks Making Waves: Insights on Latest 5 Incidents
Originally published by Astrix.Non-human identity (NHI) attacks are making waves in the cybersecurity landscape, with five high-profile incidents reported in the past few weeks alone. To help you stay on top of this threat vector, our research team provides insights on the latest incidents in this short article. Let's get started.Incident 1: Snowflake data breach by UNC5537 (May 15, 2024)Incident overview:One of the largest incidents in recent years, hundreds of Snowflake instances have been ...
https://cloudsecurityalliance.org/articles/nhl-attacks-making-waves-insights-on-latest-5-incidents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SolarWinds fixes 8 critical bugs in access rights audit software
SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices. [...]
https://www.bleepingcomputer.com/news/security/solarwinds-fixes-8-critical-bugs-in-access-rights-audit-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Russian National Jailed for Smuggling US Military Tech to Russia
Russian businessman sentenced to 3 years for smuggling military-grade microelectronics to Russia via Hong Kong. Maxim Marchenko used…
https://hackread.com/russian-national-jail-smuggle-us-military-tech-russia/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft fixes bug blocking Windows 11 Photos from starting
Microsoft has fixed a known issue preventing the Microsoft Photos app from starting on some Windows 11 22H2 and 23H2 systems. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-blocking-windows-11-photos-from-starting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MediSecure Data Breach: 12.9 Million Australian Users' Sensitive Data Hacked
In one of the largest cyber breaches in Australian history, MediSecure, a former provider of digital prescriptions, has revealed that hackers earlier this year stole the personal and medical data of approximately 12.9 million Australians. This large number represents almost half of the country’s people, making it an unusually big breach. This event has raised […] The post MediSecure Data Breach: 12.9 Million Australian Users’ Sensitive Data Hacked appeared first on Cyber Security News.
https://cybersecuritynews.com/medisecure-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SAPwned flaws in SAP AI core could expose customers' data
Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers’ data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked as SAPwned, in the SAP AI Core cloud-based platform. An attacker can exploit the flaws to obtain access tokens and customer data. SAP AI Core, developed by SAP, is a cloud-based platform providing the […]
https://securityaffairs.com/165888/hacking/sap-ai-core-sapwned.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024 Survey''Understanding Current Needs." This report highlights the urgent need for formalized training and education in secure software development. It was derived from an industry survey of nearly 400 software developers, which revealed significant knowledge gaps.
https://linuxsecurity.com/news/organizations-events/the-urgent-need-for-secure-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Remains a Wild Card in the War Against Disinformation
Digital literacy and protective measures will be key to detecting disinformation and deepfakes as AI is used to shape public opinion and erode trust in the democratic processes, as well as identify nefarious content.
https://www.darkreading.com/cyber-risk/ai-remains-wild-card-in-war-against-disinformation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercriminals Heavily Preparing For 2024 Paris Olympic Games Based Attacks
Major sporting events with massive online audiences, like the World Cup and Olympics, have become magnets for cyberattacks, which are growing rapidly as documented attacks skyrocketed from 212 million at the 2012 Olympics to a staggering 4.4 billion by the 2020 Games. The events present a high-value target for cybercriminals due to the vast number […] The post Cybercriminals Heavily Preparing For 2024 Paris Olympic Games Based Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/cybercriminals-preparing-2024-paris-olympics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Spotlight on DeepKeep.ai
DeepKeep, the leading provider of AI-Native Trust, Risk, and Security Management (TRiSM), empowers large corporations that rely on AI, GenAI, and LLM technologies to manage risk and protect growth. Our... The post Spotlight on DeepKeep.ai appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/spotlight-on-deepkeep-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BadPack APK Malware Using Wired Trick to Attack Users & Stay Undetected
Hackers often exploit the APK packers to hide malicious codes within Android applications. This will make detecting and analyzing malware more difficult for security programs. This technique increases the likelihood of a successful breach while ensuring that the malware remains persistent and hidden on the compromised devices. Cybersecurity analysts at Plaoalto Networks’s Unit42 recently identified […] The post BadPack APK Malware Using Wired Trick to Attack Users & Stay Undetected appeared first on Cyber Security News.
https://cybersecuritynews.com/apk-packer-to-hide-malware-file-structure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alert: HotPage Adware Disguised as Ad Blocker Installs Malicious Kernel Driver
Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer ("HotPage.exe"), according to new findings from ESET, which
https://thehackernews.com/2024/07/alert-hotpage-adware-disguised-as-ad.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FIN7 Cybercrime Gang Evolves with Ransomware and Hacking Tools
FIN7, a notorious cybercrime gang, is back with a new bag of tricks! Learn about FIN7’s evolving tactics,…
https://hackread.com/fin7-cybercrime-gang-ransomware-hacking-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Importance Of Women In Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Observer Sausalito, Calif. – Jul. 18, 2024 Observer reports that in cybersecurity, where women make up less than 25 percent of the global cyber workforce, men are four times more likely to The post The Importance Of Women In Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-importance-of-women-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. [...]
https://www.bleepingcomputer.com/news/security/critical-cisco-bug-lets-hackers-add-root-users-on-seg-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Gen Z breakups tainted by login abuse for spying and stalking, research shows
Gen Z, who are most likely to engage in consensual tracking, are also the most likely to face non-consensual tracking after a breakup.
https://www.malwarebytes.com/blog/news/2024/07/gen-z-breakups-tainted-by-login-abuse-for-spying-and-stalking-research-shows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber Essentials 'Pathways': From experiment to proof of concept
We are encouraging large organisations to help us develop an alternative route to certification.
https://www.ncsc.gov.uk/blog-post/cyber-essentials-pathway-proof-of-concept
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6902-1: Apache HTTP Server vulnerability
It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.
https://ubuntu.com/security/notices/USN-6902-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AppSec Webinar: How to Turn Developers into Security Champions
Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs — a way to turn developers from
https://thehackernews.com/2024/07/appsec-webinar-how-to-turn-developers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft: Windows 11 23H2 now available for all eligible devices
Microsoft says the Windows 11 2023 Update has entered the broad deployment phase and is now available to all seekers on eligible systems. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-23h2-now-available-for-all-eligible-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Latest WatchGuard Report Reveals Rise in Threat Actors Exploiting Remote Access
Cybersecurity threats continue to grow, with the threat landscape constantly evolving and hackers employing increasingly sophisticated and unpredictable methods. With an ongoing cybersecurity skills shortage, the need for Managed Service... The post Latest WatchGuard Report Reveals Rise in Threat Actors Exploiting Remote Access appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/latest-watchguard-report-reveals-rise-in-threat-actors-exploiting-remote-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums
The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums. FIN7 developed a tool called AvNeutralizer (also known as AuKill) that can bypass […]
https://securityaffairs.com/165863/cyber-crime/fin7-advertising-security-evasion.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Recent OpenSSH RCE Bug Explained: Impact & Mitigations
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys' Threat Research Unit (TRU) demands the open source community's immediate attention. Dubbed as "regreSSHion" and assigned the identifier CVE-2024-6387 , this vulnerability stands out not merely because of its potential to enable unauthenticated, remote attackers to execute arbitrary code as root, but also due to its broad impact, affecting millions of OpenSSH server instances globally.
https://linuxsecurity.com/news/security-vulnerabilities/openssh-rce-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Automated Threats Pose Increasing Risk to the Travel Industry
As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That's according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry's web traffic in 2023—a significant jump from 37.4% in 2022. 
https://thehackernews.com/2024/07/automated-threats-pose-increasing-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Container Breakouts: Escape Techniques in Cloud Environments
Unit 42 researchers test container escape methods and possible impacts within a Kubernetes cluster using a containerd container runtime. The post Container Breakouts: Escape Techniques in Cloud Environments appeared first on Unit 42.
https://unit42.paloaltonetworks.com/container-escape-techniques/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SAP AI Core Vulnerabilities Expose Customer Data to Cyber Attacks
Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers
https://thehackernews.com/2024/07/sap-ai-core-vulnerabilities-expose.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

HotPage: Story of a signed, vulnerable, ad-injecting driver
A study of a sophisticated Chinese browser injector that leaves more doors open!
https://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Protect Privacy and Build Secure AI Products
AI systems are transforming technology and driving innovation across industries. How to protect privacy and build secure AI products? How to Protect Privacy and Build Secure AI Products AI systems are transforming technology and driving innovation across industries. However, their unpredictability raises significant concerns about data security and privacy. Developers struggle to ensure the integrity […]
https://securityaffairs.com/165866/security/how-to-build-secure-ai-products.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Iranian Cyber-Threat Group Drops New Backdoor, 'BugSleep'
The group — which has targeted Israel, Saudi Arabia, and other nations — often uses spear-phishing and legitimate remote management tools but is developing a brand-new homegrown tool set.
https://www.darkreading.com/threat-intelligence/iranian-threat-group-drops-new-backdoor-bugsleep
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6901-1: stunnel vulnerability
It was discovered that stunnel did not properly validate client certificates when configured to use both the redirect and verifyChain options. A remote attacker could potentially use this issue to obtain sensitive information by accessing the tunneled service.
https://ubuntu.com/security/notices/USN-6901-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SolarWinds Serv-U Information Disclosure Vulnerability (CVE-2024-28995)
What is the Vulnerability?A Directory Traversal Vulnerability in SolarWinds Serv-U software is being actively exploited in the wild. Tracked as CVE-2024-28995, the vulnerability is due to improper validation of the user-supplied inputs. An attacker could exploit this vulnerability by sending crafted requests to the target host machine. Successful exploitation could allow access to read sensitive files on the host machine. CISA has added CVE-2024-28995 to its Known Exploited Vulnerabilities (KEV) catalog on July 17, 2024 and a publicly available proof-of-concept (PoC) exploit code is available.What is the recommended Mitigation?Apply the most recent upgrade or patch from the vendor. https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995 What FortiGuard Coverage is available?FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5495
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu à J-2 (Presse spécialisée)

A critical flaw in Cisco SSM On-Prem allows attackers to change any user's password
A vulnerability in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers allows threat actors to change any user’s password. Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password. The issue […]
https://securityaffairs.com/165848/security/critical-flaw-cisco-ssm-on-prem.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Notorious FIN7 hackers sell EDR killer to other threat actors
The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. [...]
https://www.bleepingcomputer.com/news/security/notorious-fin7-hackers-sell-edr-killer-to-other-threat-actors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Remote Work, Remote Risks: Strategies for Securing Your Distributed Workforce
Remember that news story a few months ago about a wave of cyberattacks targeting employees… Remote Work, Remote Risks: Strategies for Securing Your Distributed Workforce on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/17/remote-work-remote-risks-strategies-for-securing-your-distributed-workforce/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacked YouTube Channels Use Trump Assassination News to Push Crypto Scam
Cybercriminals exploit Trump’s assassination attempt to lure victims into a crypto doubling scam using deepfake Elon Musk videos…
https://hackread.com/hacked-youtube-channels-trump-assassination-crypto-scam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exchange Online adds Inbound DANE with DNSSEC for security boost
Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. [...]
https://www.bleepingcomputer.com/news/microsoft/exchange-online-adds-inbound-dane-with-dnssec-for-security-boost/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MarineMax data breach impacted over 123,000 individuals
The world’s largest recreational boat and yacht retailer MarineMax, disclosed a data breach following a cyber attack. The world’s largest recreational boat and yacht retailer MarineMax disclosed a data breach that impacted over 123,000 individuals. In March, the company suffered a cyber attack, and the Rhysida ransomware gang claimed to have stolen company sensitive data. […]
https://securityaffairs.com/165843/data-breach/marinemax-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cisco SSM On-Prem bug lets hackers change any user's password
Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. [...]
https://www.bleepingcomputer.com/news/security/cisco-ssm-on-prem-bug-lets-hackers-change-any-users-password/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Over 400,000 Life360 user phone numbers leaked via unsecured API
A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. [...]
https://www.bleepingcomputer.com/news/security/over-400-000-life360-user-phone-numbers-leaked-via-unsecured-android-api/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6896-3: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042) Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-22099) Gui-Dong Han discovered that the software RAID driver in the...
https://ubuntu.com/security/notices/USN-6896-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How HackerOne Organizes a Remote Hack Week

https://www.hackerone.com/culture-and-talent/how-hackerone-organizes-remote-hack-week
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Connect with Microsoft Security at Black Hat USA 2024​​
Join Microsoft Security leaders and other security professionals from around the world at Black Hat USA 2024 to learn the latest information on security in the age of AI, cybersecurity protection, threat intelligence insights, and more.​ The post Connect with Microsoft Security at Black Hat USA 2024​​ appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/17/connect-with-microsoft-security-at-black-hat-usa-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6900-1: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. (CVE-2024-0841) It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service (system crash). (CVE-2024-1151) Gui-Dong Han discovered that the software RAID driver in the Linux...
https://ubuntu.com/security/notices/USN-6900-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6898-2: Linux kernel vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Bai Jiaju...
https://ubuntu.com/security/notices/USN-6898-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Void Banshee exploits CVE-2024-38112 zero-day to spread malware
Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. The vulnerability is a Windows MSHTML Platform Spoofing Vulnerability. Successful exploitation of […]
https://securityaffairs.com/165832/apt/void-banshee-cve-2024-38112-zero-day-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Family Location Tracker App Life360 Breach: 443,000 Users' Data Leaked
Life360, a popular family location tracker app, suffered a data breach affecting 443,000 users. Personal details, including first…
https://hackread.com/family-location-tracker-app-life360-breach-data-leak/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercrime Magazine Will Be At DEF CON 32 In Las Vegas
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 17, 2024 Cybercrime Magazine will make its annual trek to the DEF CON hacking convention in Las Vegas next month. Our media roadie Ethan Brown, and Sherrod DeGrippo, director of threat intelligence strategy The post Cybercrime Magazine Will Be At DEF CON 32 In Las Vegas appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-magazine-will-be-at-def-con-32-in-las-vegas/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Pitfalls (and How to Avoid Them) for Cybersecurity Startup Founders
The cybersecurity landscape is a battlefield, but the biggest threats don’t always come from external hackers. As a seasoned warrior in this space, I’ve seen countless founders, brimming with passion... The post The Pitfalls (and How to Avoid Them) for Cybersecurity Startup Founders appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-pitfalls-and-how-to-avoid-them-for-cybersecurity-startup-founders/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rite Aid says 2.2 million people affected in data breach
Rite Aid has started notifying 2.2 million people that were affected by data breach that was part of a June ransomware attack.
https://www.malwarebytes.com/blog/news/2024/07/rite-aid-says-2-2-million-people-affected-in-data-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Private HTS Program Continuously Used in Attacks
AhnLab SEcurity intelligence Center (ASEC) has previously covered a case where Quasar RAT was distributed through private home trading systems (HTS) in the blog post “Quasar RAT Being Distributed by Private HTS Program“. The same threat actor has been continuously distributing malware, and attack cases have been confirmed even recently. Similar to the previous case, the malware was distributed through an HTS named HPlus. The overall infection flow remains similar, but the initial distribution file, which was previously in the... The post Private HTS Program Continuously Used in Attacks appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67969/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal
Microsoft said that in Q2 2024, the Octo Tempest cybercrime gang added RansomHub and Qilin ransomware to its arsenal. In the second quarter of 2024, financially motivated threat actor Octo Tempest (aka Scattered Spider, UNC3944, and 0ktapus), added RansomHub and Qilin ransomware to its arsenal and used them in its campaigns. Octo Tempest has been active […]
https://securityaffairs.com/165811/cyber-crime/octo-tempest-ransomhub-qilin-ransomware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-38112)
What is the Vulnerability?CVE-2024-38112 is a spoofing vulnerability in Windows MSHTML Platform. The attacker can abuse internet shortcuts and Microsoft protocol handlers to execute malicious code. This vulnerability is known to be used by attackers to deliver information stealer malware and CISA has added CVE-2024-38112 to its Known Exploited Vulnerabilities (KEV) catalog on July 9th, 2024.What is the recommended Mitigation?Microsoft has released a fix for this vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature "MS.Office.Internet.Shortcut.File.Remote.Code.Execution" to detect and block any attack attempts targeting the vulnerability (CVE-2024-38112).FortiGuard...
https://fortiguard.fortinet.com/threat-signal-report/5494
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Progress Telerik Report Server Authentication Bypass Vulnerability
What is the Vulnerability?Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability, allowing an attacker to bypass authentication and create rogue administrator users. The flaw, tracked as CVE-2024-4358, has been added to CISA's known exploited vulnerabilities catalog (KEV) in mid-June and FortiGuard Labs continues to see attack attempts targeting this particular vulnerability.What is the recommended Mitigation?Apply mitigations as outlined in the vendor advisory: https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358 What FortiGuard Coverage is available?FortiGuard Labs has provided protection through the IPS signature "Progress.Telerik.Report.Server.Register.Authentication.Bypass" which was released in mid-June to detect...
https://fortiguard.fortinet.com/threat-signal-report/5480
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

L'Actu des jours précédents

Trello Data Breach: Hacker Dumps Personal Info of Millions of Users
The hacker behind the Trello data breach claims the data was stolen in January 2024 and can be…
https://hackread.com/trello-data-breach-hacker-dumps-users-personal-info/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Defending Against APTs: A Learning Exercise with Kimsuky
The latest research paper coming out of Rapid7 Labs examines the tactics of North Korea's Kimsuky threat group.
https://blog.rapid7.com/2024/07/16/defending-against-apts-a-learning-exercise-with-kimsuky/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 Important Questions to Add to Your Security Questionnaire
Originally published by Vanta.The technology your organization uses is integral to its success. When selecting vendors, security should be at the forefront of your decision. A strong vendor review process is crucial for selecting partners that align with your company's security goals, and security questionnaires are a key step in this process. You'll send these questionnaires to your prospective vendors with the aim of identifying potential risks and vulnerabilities and ensuring that they mee...
https://cloudsecurityalliance.org/articles/10-important-questions-to-add-to-your-security-questionnaire
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Launch a Successful ICO: 2024 Guide
Dive into our step-by-step guide, explore the benefits, navigate legal complexities, and execute a successful token sale with…
https://hackread.com/how-to-launch-a-successful-ico-2024-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Breach Debrief: Twilio's Authy Breach is a MFA Wakeup Call
Originally published by Adaptive Shield.Inside the HackEarlier this week, Twilio issued a security alert informing customers that hackers had exploited a security lapse in the Authy API to verify Authy MFA phone numbers. Hackers were able to check if a phone number was registered with Authy by feeding the number into an unauthenticated API endpoint. Using this data, hackers can conduct phishing campaigns to steal login credentials.Twilio quickly addressed the issue and secured the API endpoin...
https://cloudsecurityalliance.org/articles/breach-debrief-twilio-s-authy-breach-is-a-mfa-wakeup-call
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Leadership Tightrope: Why Leading in Today's Workforce is a Balancing Act
Originally published by CXO REvolutionaries.Written by Ben Corll, CISO in Residence, Zscaler.Leadership. It's a word that's often tossed around (as if we all understand what it is and how it's performed). Yet, truly effective leaders are very hard to find. Some might see leadership as a natural progression of their career. In reality, navigating the complexities of modern team leading is challenging. For many, the act of leading may not be natural, much like walking on a tightrope. Because of...
https://cloudsecurityalliance.org/articles/the-leadership-tightrope-why-leading-in-todays-workforce-is-a-balancing-act
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Iran's MuddyWater APT targets Saudis and Israelis with BugSleep Backdoor
New Backdoor ‘BugSleep’ Discovered in MuddyWater Phishing Attacks. Cybersecurity researchers uncover a custom-made backdoor used by the notorious…
https://hackread.com/iran-muddywater-saudi-israel-bugsleep-backdoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Assessment, Remediation, and Certification Framework for Anything as a Service (XaaS) Products
Written by the CSA Enterprise Authority to Operate (EATO) Working Group.Introduction by Jim Reavis, CEO of the Cloud Security AllianceI would say that a lesson learned from spending many years in the cybersecurity industry is that one-size-fits-all solutions are rarely the approach we need to take for achieving high standards for governance, risk, and compliance. At CSA, we are always seeking to improve our tools and willing to question the status quo. When the stakeholders that would become ...
https://cloudsecurityalliance.org/articles/assessment-remediation-and-certification-framework-for-anything-as-a-service-xaas-products
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Iraqi Hackers Exploit PyPI to Infiltrate Systems Through Python Packages
Python packages are being used to steal data from developers and companies. Learn about the extensive cybercriminal operation…
https://hackread.com/iraqi-hackers-exploit-pypi-infiltrate-system-python-packages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Purview Data Governance will be generally available September 1, 2024
Microsoft Purview Data Governance will become generally available to enterprise customers on September 1, 2024. It helps today's data leaders solve their key data governance and security challenges in one unified AI-powered and business-friendly solution. The post Microsoft Purview Data Governance will be generally available September 1, 2024 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/16/microsoft-purview-data-governance-will-be-generally-available-september-1-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CISA adds OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer GeoTools bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer GeoTools eval injection vulnerability, tracked as CVE-2024-36401 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. GeoServer is an open-source server that allows […]
https://securityaffairs.com/165812/security/cisa-adds-osgeo-geoserver-geotools-bug-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI device Rabbit r1 logged user interactions without an option to erase them before selling
Rabbit has introduced an option to erase all data from the r1 device before selling it on, but what if you lose it or it gets stolen?
https://www.malwarebytes.com/blog/news/2024/07/ai-device-rabbit-r1-logged-user-interactions-without-an-option-to-erase-them-before-selling-device
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Securing IT Assets: Practical Strategies for Linux Admins & IT Teams
Have you ever wondered why your organization needs IT asset management? ITAM or IT asset management ensures your organization's assets are deployed, upgraded, maintained, accounted for, and disposed of in due time. It ensures that your organization's valuable items (both tangible and intangible) are being used and tracked.
https://linuxsecurity.com/features/features/securing-it-assets-practical-strategies-for-linux-admins-it-teams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6899-1: GTK vulnerability
It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges.
https://ubuntu.com/security/notices/USN-6899-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybercrime Is A Tailwind For Cybersecurity Stocks Tenable And ZScaler
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in The Motley Fool Sausalito, Calif. – Jul. 16, 2024 According to Cybersecurity Ventures, cybercrime is set to cost the world .5 trillion this year, and the damage bill could top The post Cybercrime Is A Tailwind For Cybersecurity Stocks Tenable And ZScaler appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-is-a-tailwind-for-cybersecurity-stocks-tenable-and-zscaler/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security Threats Targeting Large Language Models
Evolving landscape of LLM Security The emergence of Large Language Models (LLMs) has revolutionized the capabilities of artificial intelligence, offering unprecedented potential for various applications. However, like every new technology,... The post Security Threats Targeting Large Language Models appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/security-threats-targeting-large-language-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ZDI Slams Microsoft for Not Crediting It in Last Week's Patch Tuesday
Microsoft faces backlash from Zero Day Initiative (ZDI) and security researchers over lack of transparency in vulnerability disclosure…
https://hackread.com/zdi-slams-microsoft-not-crediting-patch-tuesday/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Secure Your Data Warehouse in a Linux System
The world of enterprise solutions relies heavily on effective data management. Standard systems, which work great for small businesses, simply break down once you have thousands of moving components operating worldwide - if not hundreds of thousands. Maintaining unstructured data, primarily if your business operates on a global scale, isn't just a waste of resources; it's also a risk to your company.
https://linuxsecurity.com/features/features/how-to-secure-your-data-warehouse-in-a-linux-system
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

USN-6896-2: Linux kernel vulnerabilities
It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042) Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-22099) Gui-Dong Han discovered that the software RAID driver in the...
https://ubuntu.com/security/notices/USN-6896-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

2024 DDoS Attack Trends
Unveiling the rise of Hacktivism in a tense global climate.
https://www.f5.com/labs/articles/threat-intelligence/2024-ddos-attack-trends
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beware of BadPack: One Weird Trick Being Used Against Android Devices
Our data shows a pattern of APK malware bundled as BadPack files. We discuss how this technique is used to garble malicious Android files, creating challenges for analysts. The post Beware of BadPack: One Weird Trick Being Used Against Android Devices appeared first on Unit 42.
https://unit42.paloaltonetworks.com/apk-badpack-malware-tampered-headers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills
These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity
https://www.welivesecurity.com/en/cybersecurity/small-but-mighty-top-5-pocket-sized-gadgets-boost-ethical-hacking-skills/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kaspersky leaves U.S. market following the ban on the sale of its software in the country
Kaspersky is leaving the U.S. market following the recent ban on the sales of its software imposed by the Commerce Department. Russian cybersecurity firm Kaspersky announced its exit from the U.S. market following the ban on the sale of its software in the country by the Commerce Department. In June, the Biden administration announced it […]
https://securityaffairs.com/165799/breaking-news/kaspersky-is-leaving-the-u-s-market.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brain Cipher Ransomware Attack
What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia's government-owned national data centers. This incident involved threat actors encrypting government data, which disrupted digital services for immigration, airport checks, and several public services.. This ransomware attack represents a new variant of the LockBit 3.0 ransomware. In 2023, the LockBit hacker group also severely disrupted the Bank Syariah Indonesia (BSI) systems.What is the recommended Mitigation?Ensure that all systems are up to date with robust cybersecurity measures. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. What FortiGuard Coverage is available?FortiGuard Labs has AV signatures to block...
https://fortiguard.fortinet.com/threat-signal-report/5479
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

10 Years of the GitHub Security Bug Bounty Program
Celebrating 10 years of GitHub's bug bounty program! Learn insights into bug bounty growth from a top program.
https://www.hackerone.com/customer-stories/10-years-github-security-bug-bounty-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

WinRM Penetration Testing
Windows Remote Management (WinRM) is a protocol developed by Microsoft for remotely managing hardware and operating systems on Windows machines. It is a component of The post WinRM Penetration Testing appeared first on Hacking Articles.
https://www.hackingarticles.in/winrm-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Healthcare Industry Under Siege: Latest String of Ransomware Attacks Renews Emphasis on Cybersecurity Defenses
As the ransomware threat landscape continues to wreak havoc on industries across the nation, healthcare providers all over the country are having difficulties receiving payment due to an attack that... The post Healthcare Industry Under Siege: Latest String of Ransomware Attacks Renews Emphasis on Cybersecurity Defenses appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/healthcare-industry-under-siege-latest-string-of-ransomware-attacks-renews-emphasis-on-cybersecurity-defenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How an AI “artist” stole a woman's face, with Ali Diamond (Lock and Code S05E15)
This week on the Lock and Code podcast, we speak with Ali Diamond about what it felt like to find an AI image model of herself online.
https://www.malwarebytes.com/blog/podcast/2024/07/how-an-ai-artist-stole-a-womans-face-with-ali-diamond-lock-and-code-s05e15
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks
At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven't set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated Squarespace accounts that hadn't yet been registered, merely by supplying an email address tied to an existing domain.
https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shopping and paying safely online
Tips to help you purchase items safely and avoid fraudulent websites.
https://www.ncsc.gov.uk/guidance/shopping-online-securely
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

I'll make you an offer you can't refuse...
How to prevent malicious advertisements from ruining your day.
https://www.ncsc.gov.uk/blog-post/ill-make-you-offer-you-cant-refuse
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

With Security Teams Understaffed, Here's How to Maintain a Solid Posture
IT security teams are facing a serious labor shortage, which risks compromising their organizations' security… With Security Teams Understaffed, Here's How to Maintain a Solid Posture on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/with-security-teams-understaffed-heres-how-to-maintain-a-solid-posture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Disney “breached”, data dumped online
Hacktivists claim they have stolen 1.2 TB of data from Disney's developer Slack channels.
https://www.malwarebytes.com/blog/news/2024/07/disney-breached-data-dumped-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity crisis communication: What to do
Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects — how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook […] The post Cybersecurity crisis communication: What to do appeared first on Security Intelligence.
https://securityintelligence.com/articles/cybersecurity-crisis-communication-what-to-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary. But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Protecting Trained Models in Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . The last two posts in our series covered techniques for input privacy in privacy-preserving federated learning in the context of horizontally and vertically partitioned data. To build a complete privacy-preserving federated learning
https://www.nist.gov/blogs/cybersecurity-insights/protecting-trained-models-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hello, is it me you're looking for? How scammers get your phone number
Your humble phone number is more valuable than you may think. Here's how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.
https://www.welivesecurity.com/en/scams/hello-is-it-me-youre-looking-for-how-scammers-get-your-phone-number/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability In Modern Events Calendar WordPress Plugin Actively Exploited
WordPress admins running the Modern Events Calendar plugin on their websites must rush to update… Vulnerability In Modern Events Calendar WordPress Plugin Actively Exploited on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/vulnerability-in-modern-events-calendar-wordpress-plugin-actively-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hackers Exploited Windows MSHTML Vulnerability For Over A Year
Researchers revealed that the recently patched Windows MSHTML vulnerability remained under attack for over a… Hackers Exploited Windows MSHTML Vulnerability For Over A Year on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/hackers-exploited-windows-mshtml-vulnerability-for-over-a-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Google Announced 5x Raise In Its Bug Bounty Program Rewards
A lucrative opportunity to win hefty bounties has arrived for security researchers. Google has increased… Google Announced 5x Raise In Its Bug Bounty Program Rewards on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/google-announced-5x-raise-in-its-bug-bounty-program-rewards/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ProfileGrid WordPress Plugin Vulnerability Could Allow Admin Access
WordPress admins must update their websites with the latest ProfileGrid plugin release. A severe privilege… ProfileGrid WordPress Plugin Vulnerability Could Allow Admin Access on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/profilegrid-wordpress-plugin-vulnerability-could-allow-admin-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Latest CapraRAT Android Spyware Campaign Targets Gamers, TikTokers
Researchers found a new malware campaign from the long-known CapraRAT Android spyware that impersonates legit… Latest CapraRAT Android Spyware Campaign Targets Gamers, TikTokers on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/15/latest-caprarat-android-spyware-campaign-targets-gamers-tiktokers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A week in security (July 8 – July 14)
A list of topics we covered in the week of July 8 to July 14 of 2024
https://www.malwarebytes.com/blog/news/2024/07/a-week-in-security-july-8-july-14
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Role of Human Error in Data Spillage Incidents
Unraveling Human Factors in Data Breaches Data spillage is a term used to describe the exposure of sensitive or classified information outside an organization's designated boundary of network or safety... The post The Role of Human Error in Data Spillage Incidents appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-role-of-human-error-in-data-spillage-incidents/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AT&T Data Breach Poses Phishing Attack Risk To Consumers
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Newsday Story Sausalito, Calif. – Jul. 13, 2024 Newsday reports that AT&T disclosed Jul. 12 that nearly all its customers were affected by a data breach that exposed call and text message The post AT&T Data Breach Poses Phishing Attack Risk To Consumers appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/att-data-breach-poses-phishing-attack-risk-to-consumers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Morphing of Misinformation in a Super Election Year
Security a Top Concern During 2024 Election ‘Super-Cyle' With an unprecedented ‘super-cycle' of elections in 2024, almost half the world's population will go to the polls before the year is... The post The Morphing of Misinformation in a Super Election Year appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/the-morphing-of-misinformation-in-a-super-election-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Crooks Steal Phone, SMS Records for Nearly All AT&T Customers
AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people -- nearly all of its customers. AT&T said it delayed disclosing the incident in response to "national security and public safety concerns," noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).
https://krebsonsecurity.com/2024/07/hackers-steal-phone-sms-records-for-nearly-all-att-customers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake Microsoft Teams for Mac delivers Atomic Stealer
In a new malware campaign, threat actors are using Google ads to target Mac users looking to download Microsoft Teams.
https://www.malwarebytes.com/blog/threat-intelligence/2024/07/fake-microsoft-teams-for-mac-delivers-atomic-stealer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dangerous monitoring tool mSpy suffers data breach, exposes customer details
Customers of the stalkerware application mSpy had their customer support details exposed after a data breach
https://www.malwarebytes.com/blog/news/2024/07/dangerous-monitoring-tool-mspy-suffers-data-breach-exposes-customer-details
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 07/12/2024
This week's release features two new exploits targeting Confluence & Ivanti -CVE-2024-21683 and CVE-2024-29824. Learn more!
https://blog.rapid7.com/2024/07/12/metasploit-weekly-wrap-up-07-12-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

“Nearly all” AT&T customers had phone records stolen in new data breach disclosure
AT&T has told customers about yet another data breach. This time call and text records of nearly all customers were stolen.
https://www.malwarebytes.com/blog/news/2024/07/nearly-all-att-customers-had-phone-records-stolen-in-new-data-breach-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Future Of Cybersecurity: Emerging Threats And How To Combat Them
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Forbes Story Sausalito, Calif. – Jul. 12, 2024 The world of cybersecurity is always evolving, with cybercriminals constantly finding new and more persistent ways to exploit vulnerabilities. According to Cybersecurity Ventures, The post The Future Of Cybersecurity: Emerging Threats And How To Combat Them appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-future-of-cybersecurity-emerging-threats-and-how-to-combat-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Overcome AI-Oriented Phishing Attacks with These Sure-Fire Strategies
Artificial intelligence is an ever-evolving subject; year by year, its landscape is expanding to different industries, and the outcome of its optimization is noteworthy. One of the prominent tech giants,... The post Overcome AI-Oriented Phishing Attacks with These Sure-Fire Strategies appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/overcome-ai-oriented-phishing-attacks-with-these-sure-fire-strategies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Brands are changing cybersecurity strategies due to AI threats
 Over the past 18 months, AI has changed how we do many things in our work and professional lives — from helping us write emails to affecting how we approach cybersecurity. A recent Voice of SecOps 2024 study found that AI was a huge reason for many shifts in cybersecurity over the past 12 months. […] The post Brands are changing cybersecurity strategies due to AI threats appeared first on Security Intelligence.
https://securityintelligence.com/articles/brands-changing-cybersecurity-strategies-due-to-ai-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Should ransomware payments be banned? – Week in security with Tony Anscombe
Blanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective?
https://www.welivesecurity.com/en/videos/should-ransomware-payments-be-banned-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

iPhone users in 98 countries warned about spyware by Apple
Apple has sent a warning to people targeted by mercenary spyware in 98 countries.
https://www.malwarebytes.com/blog/news/2024/07/iphone-users-in-98-countries-warned-about-spyware-by-apple
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

3 Reasons Data Access & Data Classification Are Crucial
Originally published by Cyera. Written by Jaye Tillson.The digital revolution has irrevocably transformed our world. From the constant stream of social media updates to the ever-growing network of internet-connected devices, we generate a staggering amount of data every single day. Experts at IDC estimate the global datasphere will reach a mind-boggling 175 zettabytes by 2025 – that's 175 followed by 21 zeros! This data deluge has fundamentally reshaped how we live, work, and interact, but wi...
https://cloudsecurityalliance.org/articles/3-reasons-data-access-data-classification-are-crucial
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Non-Human Identity Management
Originally published by Oasis.Non-human identities, or NHIs, serve as digital gatekeepers, enabling secure machine-to-machine and human-to-machine access and authentication within modern enterprise systems. The push for innovation has led to the adoption of microservices, third-party solutions, and cloud-based platforms, creating a complex web of interconnected systems. In this intricate network, NHIs are key players in facilitating secure communication and authentication. Their numbers surpa...
https://cloudsecurityalliance.org/articles/non-human-identity-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Feedback-Driven Interviewing at HackerOne

https://www.hackerone.com/culture-and-talent/feedback-driven-interviewing-hackerone
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What HackerOne Customers Say About the Problems Hackers Solve
Learn why organizations work with ethical hackers, like preventing breaches, meeting regulatory compliance, and helping the security budget.
https://www.hackerone.com/customer-stories/hackers-solve-problems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available
Microsoft is announcing the Microsoft Entra Suite and the unified security operations platform, two innovations that simplify the implementation of your Zero Trust security strategy. The post Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/11/simplified-zero-trust-security-with-the-microsoft-entra-suite-and-unified-security-operations-platform-now-generally-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Phishing Campaign Using AI generated Emails, Human Live Chat to Target Social Media Business Accounts
Fraudsters leverage complex phishing scams in attempt to gain control over organizations' Meta accounts A sophisticated phishing campaign is targeting businesses of every size in an attempt to compromise Facebook... The post New Phishing Campaign Using AI generated Emails, Human Live Chat to Target Social Media Business Accounts appeared first on Cyber Defense Magazine.
https://www.cyberdefensemagazine.com/new-phishing-campaign-using-ai-generated-emails-human-live-chat-to-target-social-media-business-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What's New in Rapid7 Products & Services: Q2 2024 in Review
In Q2, we focused on enhancing visualization, prioritization, and integration capabilities across our key products and services.
https://blog.rapid7.com/2024/07/11/whats-new-in-rapid7-products-services-q2-2024-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

39% of MSPs report major setbacks when adapting to advanced security technologies
SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in […] The post 39% of MSPs report major setbacks when adapting to advanced security technologies appeared first on Security Intelligence.
https://securityintelligence.com/articles/msps-report-setbacks-adapting-advanced-security-technologies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep Observability Wanted By CISOs And Corporate Boards
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story at Data Breach Today Sausalito, Calif. – Jul. 11, 2024 What good are a company's cybersecurity defenses if they can't detect a breach? This would be like owning a guard dog The post Deep Observability Wanted By CISOs And Corporate Boards appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/deep-observability-wanted-by-cisos-and-corporate-boards/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Beware Of Scam Olympics Ticket Websites, Fans Warned

https://www.proofpoint.com/us/newsroom/news/beware-scam-olympics-ticket-websites-fans-warned
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft July 2024 Patch Tuesday Fixed 140+ Vulnerabilities
Heads up, Microsoft users! It's time to update your devices with the latest security updates,… Microsoft July 2024 Patch Tuesday Fixed 140+ Vulnerabilities on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/11/microsoft-july-2024-patch-tuesday-fixed-140-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unsecured Authy MFA API Exploited For Malicious Phone Number Verification
Reportedly, criminal hackers exploited an unsecured Authy (an MFA app) API to verify phone numbers… Unsecured Authy MFA API Exploited For Malicious Phone Number Verification on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/11/unsecured-authy-mfa-api-exploited-for-malicious-phone-number-verification/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

When spear phishing met mass phishing
Kaspersky experts have discovered a new scheme that combines elements of spear and mass phishing
https://securelist.com/spear-phishing-meets-mass/113125/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DarkGate: Dancing the Samba With Alluring Excel Files
We perform an in-depth study of a DarkGate malware campaign exploiting Excel files from early this year, assessing its functionality and its C2 traffic. The post DarkGate: Dancing the Samba With Alluring Excel Files appeared first on Unit 42.
https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cloud Security Alliance Announces 2024 Chapter Ambassadors List
Annul program recognizes individuals who best exemplify CSA valuesSEATTLE – July 11, 2024 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, is pleased to announce its inaugural list of Chapter Ambassadors. The CSA Chapter Ambassador program annually recognizes individual volunteers who best exemplify CSA values of dedication, innovation, and trust in the...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-announces-2024-chapter-ambassadors-list
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Stark Truth Behind the Resurgence of Russia's Fin7
The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands of websites mimicking a range of media and technology companies -- with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.
https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting for Web Applications
Learn testing methodologies, common vulnerabilities, and best practices for pentesting web applications with PTaaS.
https://www.hackerone.com/penetration-testing/web-applications
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Peloton accused of providing customer chat data to train AI
Exercise company Peloton is accused of providing customer chat data to a third party for AI training.
https://www.malwarebytes.com/blog/news/2024/07/peloton-accused-of-providing-customer-chat-data-to-train-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Takeaways From The Take Command Summit: Unlocking ROI in Security
Rapid7 CMO Cindy Stanton hosted a discussions with Cindy Stanton, Byron Anderson and Gaël Frouin to talk strategies for measuring team performance at Rapid7's recent Take Command summit.
https://blog.rapid7.com/2024/07/10/takeaways-from-the-take-command-summit-unlocking-roi-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers. Sponsored supplement scams on social media platforms H
https://www.bitdefender.com/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Digital solidarity vs. digital sovereignty: Which side are you on?
The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts: digital solidarity and digital sovereignty. The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, […] The post Digital solidarity vs. digital sovereignty: Which side are you on? appeared first on Security Intelligence.
https://securityintelligence.com/articles/digital-solidarity-vs-digital-sovereignty/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Understanding IoT security risks and how to mitigate them | Cybersecurity podcast
As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?
https://www.welivesecurity.com/en/videos/understanding-iot-security-risks-mitigate-cybersecurity-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Heritage Foundation - 72,004 breached accounts
In July 2024, hacktivists published almost 2GB of data taken from The Heritage Foundation and their media arm, The Daily Signal. The data contained 72k unique email addresses, primarily used for commenting on articles (along with names, IP addresses and the comments left) and by content contributors (along with usernames and passwords stored as either MD5 or phpass hashes).
https://haveibeenpwned.com/PwnedWebsites#TheHeritageFoundation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Distribution of AsyncRAT Disguised as Ebook
1. Overview AhnLab SEcurity intelligence Center (ASEC) covered cases of AsyncRAT being distributed via various file extensions (.chm, .wsf, and .lnk). [1] [2] In the aforementioned blog posts, it can be seen that the threat actor used normal document files disguised as questionnaires to conceal the malware. In a similar vein, there have been cases recently where the malware was disguised as an ebook. 2. Malware Executed via Scripts The compressed file disguised as an ebook contains a malicious LNK file disguised... The post Distribution of AsyncRAT Disguised as Ebook appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67861/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Revamping Third Party Vendor Assessments for the Age of Large Language Models
Written by MJ Schwenger, Member of the CSA AI Working Group.Originally published on LinkedIn.Introduction The increasing adoption of Large Language Models (LLMs) in the supply chain presents a new challenge for traditional Third-Party Vendor Security Assessments (TPVRAs). This blog explores how to adapt existing TPVRAs to gather critical information about the integration of LLMs within the organizational ecosystem and its associated risks. A subsequent blog will outline the specifics of upd...
https://cloudsecurityalliance.org/articles/revamping-third-party-vendor-assessments-for-the-age-of-large-language-models
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Patch Tuesday - July 2024
Microsoft has published 139 vulnerabilities this July 2024 Patch Tuesday, two of which had already been seen exploited in the wild.
https://blog.rapid7.com/2024/07/09/patch-tuesday-july-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Patch Tuesday, July 2024 Edition
Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.
https://krebsonsecurity.com/2024/07/microsoft-patch-tuesday-july-2024-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Neiman Marcus - 31,152,842 breached accounts
In May 2024, the American luxury retailer Neiman Marcus suffered a data breach which was later posted to a popular hacking forum. The data included 31M unique email addresses, names, phone numbers, dates of birth, physical addresses and partial credit card data (note: this is insufficient to make purchases). The breach was traced back to a series of attacks against the Snowflake cloud service which impacted 165 organisations worldwide.
https://haveibeenpwned.com/PwnedWebsites#NeimanMarcus
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ticketmaster says stolen Taylor Swift Eras Tour tickets are useless
Ticketmaster claims that tickets stolen in its data breach are useless, while scalpers have proven the rolling barcode method is not 100% effective.
https://www.malwarebytes.com/blog/news/2024/07/ticketmaster-says-stolen-taylor-swift-eras-tour-tickets-are-useless
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK
How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help.
https://securelist.com/detection-engineering-backlog-prioritization/113099/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Boston Business Journal Names Rapid7 as a Best Place to Work in Boston
On June 13th, 2024, Rapid7 was recognized by The Boston Business Journal as a Best Place to Work in Boston. This marks the 13th consecutive year Rapid7 has made the list, this time coming in at #8 in the extra large company category.
https://blog.rapid7.com/2024/07/09/rapid7-recognized-as-a-best-place-to-work-in-boston-by-the-boston-business-journal/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A decade of global cyberattacks, and where they left us
The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so. I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “’mega-breaches’ were relatively rare, but now […] The post A decade of global cyberattacks, and where they left us appeared first on Security Intelligence.
https://securityintelligence.com/articles/decade-global-cyberattacks-where-they-left-us/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Grappling With The Cybersecurity Talent Shortfall
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Forbes Sausalito, Calif. – Jul. 9, 2024 A Forbes article reports that the cybersecurity talent shortfall threatens to undermine national security and economic prosperity. According to Cybersecurity Ventures, up to 3.5 The post Grappling With The Cybersecurity Talent Shortfall appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/grappling-with-the-cybersecurity-talent-shortfall/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Q1 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in the first quarter of 2024. In this period, I collected a total of 833 events (9.15 events/day) dominated by Cyber Crime with 75.2%...
https://www.hackmageddon.com/2024/07/09/q1-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

5 common Ticketmaster scams: How fraudsters steal the show
Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account
https://www.welivesecurity.com/en/scams/5-common-ticketmaster-scams-fraudsters-steal-show/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cross site scripting vulnerability in SSL VPN web UI
An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS and FortiProxy's web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via social engineering the targeted user into bookmarking a malicious samba server, then opening the bookmark.
https://fortiguard.fortinet.com/psirt/FG-IR-23-485
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiAIOps - CSV Injection in export device inventory feature
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.
https://fortiguard.fortinet.com/psirt/FG-IR-24-073
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiAIOps - Cross-site request forgery
Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-070
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiAIOps - Improper Session Management
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-069
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiAIOps - Sensitive Information leak to an Unauthorized Actor
Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] may allow an authenticated attacker to retrieve sensitive information from the API endpoint or logs.
https://fortiguard.fortinet.com/psirt/FG-IR-24-072
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FortiOS - IP address validation mishandles zero characters
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiOS and FortiProxy IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-446
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Improper access control vulnerability in administrative interface
An improper access control vulnerability [CWE-284] in FortiADC may allow a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.
https://fortiguard.fortinet.com/psirt/FG-IR-23-469
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Insecure Direct Object Reference in policy API Endpoint
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortiportal organization interface may allow an authenticated attacker to view resources of other organizations via HTTP or HTTPS requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-011
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Multiple lack of client-side certificate validation when establishing secure connections
An improper certificate validation vulnerability [CWE-295] in FortiADC may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.
https://fortiguard.fortinet.com/psirt/FG-IR-22-298
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

OpenSSH regreSSHion Attack (CVE-2024-6387)
CVE-2024-6387A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This could lead to remote code execution with root privileges.
https://fortiguard.fortinet.com/psirt/FG-IR-24-258
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Privilege escalation from low privilege administrator
An improper access control vulnerability [CWE-284] in FortiExtender authentication component may allow a remote authenticated attacker to create users with elevated privileges via a crafted HTTP request.
https://fortiguard.fortinet.com/psirt/FG-IR-23-459
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Make Threat Hunting Easier With Endpoint Detection and Response (EDR)
Why many CISOs are turning to data lakes for a more effective way to gain valuable insights from EDR data – Steve Fielder, Senior Director, Managed SIEM & EDR Engineering, Optiv Denver, Colo. – Jul. 8, 2024 Studies have estimated that roughly 90 percent of The post Make Threat Hunting Easier With Endpoint Detection and Response (EDR) appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/make-threat-hunting-easier-with-endpoint-detection-and-response-edr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of the 2024 Verizon Data Breach Investigations Report
Originally published by BARR Advisory.The 2024 Verizon Data Breach Investigations Report (DBIR)—an annual report examining dominant trends in data breaches and cyberattacks throughout the world—is now out for review. Verizon began releasing this report in 2008, and throughout its tenure it has served as one of the most influential and highly-regarded reports in the cybersecurity industry. Verizon examined over 10,000 breaches to provide actionable perspective and analysis for companies of all...
https://cloudsecurityalliance.org/articles/analysis-of-the-2024-verizon-data-breach-investigations-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking Paris 2024: Olympic Cyber Threats
Originally published by CXO REvolutionaries. Written by Rob Sloan, VP, Cybersecurity Advocacy, Zscaler.Despite repeated predictions of cyber-fueled chaos at the Olympic and Paralympic Games since at least 2004, to date, no Olympics has ever been significantly disrupted. There is reason to believe this year might be different.Over the last two decades, the reliance on IT to make the Games a success has grown exponentially. Despite sophisticated defenses, an ever-growing attack surface is makin...
https://cloudsecurityalliance.org/articles/hacking-paris-2024-olympic-cyber-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Streamlining Compliance: Leveraging OSCAL Automation for Effective Risk Management
Originally published by RegScale.Written by Esty Peskowitz.Navigating FedRAMP compliance complexities is growing more challenging by the day. The use of automation in everyday activities has become a necessity for security professionals. During a fireside chat at Coalfire's RAMPCon event on June 25, 2024, industry experts Dale Hoak, Director of Information Security at RegScale, and Charles Johnson, Vice President of Solution Architecture at Coalfire, shed light on how to drive compliance exce...
https://cloudsecurityalliance.org/articles/streamlining-compliance-leveraging-oscal-automation-for-effective-risk-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Rapid7 completes IRAP PROTECTED assessment for Insight Platform solutions
Rapid7 has successfully completed an Information Security Registered Assessors Program (IRAP) assessment to PROTECTED Level for several of our Insight Platform solutions.
https://blog.rapid7.com/2024/07/08/rapid7-completes-irap-protected-assessment-for-insight-platform-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

A Simple 2FA Bypass
2FA bypass through response manipulationTwo-Factor Authentication (2FA) serves as a robust shield against unauthorized access. However, during a recent engagement in a RVDP, I found a critical vulnerability that allows an attacker to bypass 2FA using response manipulation.Bug-bounty (zoom.us)Below are the steps that led to bypass 2FA:I logged-in as a normal user and enabled 2FA for that accountNext, I logged out and logged-in again with login credentialsThen I entered the wrong OTP and captured that response to that request as shown belowWrong OTP Response4. The response had 401 Unauthorized and the body had wrong OTP message5. I manipulated the response code to 200 OK and replaced the body with the content of valid OTPManipulated Response6. That's it, with this I was able to bypass...
https://infosecwriteups.com/a-simple-2fa-bypass-43c8af9006ec?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Data Profiling Reveals Why 39+ U.S. States Banned TikTok
Data Profiling Reveals Reasons Behind Over 39 States of USA Banning Chinese Tik-Tok App.Image by cottonbro studioThere is only one reason why more than 39 states of the USA have banned Tik-Tok by issuing official orders: the resolution to end this app's involvement in suspicious activity and data piracy.This app has allegedly stolen USA state citizens' data (according to Forbes) without their knowledge. Initially considered merely an allegation possibly related to the trade war,this accusation gained more credibility when it was realised that TikTok is operated in a country where citizen data is considered irrelevant.While this news may suffice for the average person, the intellectually curious undoubtedly wonder how. I will end your doubt on one condition: read this article until the end.Disclaimer:Neither...
https://infosecwriteups.com/data-profiling-reveals-why-39-u-s-states-banned-tiktok-4c64f968af7b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BountyDork: Your Ultimate Automatic Dorking Testing Companion For Bug Bounty
Discover BountyDork, a powerful tool designed for penetration testers and cybersecurity researchers, offering automation, reporting, and…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/bountydork-your-ultimate-automatic-dorking-testing-companion-for-bug-bounty-b2bd41cb7344?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

RegreSSHion (CVE-2024–6387): Dive into the Latest OpenSSH Server Threat
Explore CVE-2024–6387, a critical cybersecurity vulnerability.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/regresshion-cve-2024-6387-dive-into-the-latest-openssh-server-threat-ba4a6e0983e4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Do You Need To Know Coding In Cloud Security ??
My take on this commonly asked questionContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/do-you-need-to-know-coding-in-cloud-security-3ee686c0c814?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Step-by-Step Guide on How to Hack Phone Remotely
Photo by Mika Baumeister on UnsplashIn the age of digital sophistication, questions like how to hack a phone or understanding the underlying vulnerabilities are becoming increasingly prevalent. With the evolution of technology, hacking techniques have become more sophisticated, targeting not just the individual's personal data but also encompassing malware attacks, phishing attempts, and unauthorized GPS tracking. This interest is often driven by concerns over security, a desire to understand potential risks, and the mechanisms to protect against them. It's crucial, however, to approach this information with an understanding of the ethical implications and strictly for educational purposes.This guide will delve into the essentials of how to hack a phone remotely, laying down a step-by-step...
https://infosecwriteups.com/step-by-step-guide-on-how-to-hack-phone-remotely-a8b1b8d13015?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Enabling Reproducible and Verification of Time to Network Protocol Testing
Discover the “Network Simulator-centric Compositional Testing” (NSCT) methodology, a groundbreaking approach destined to transform network…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/unveiling-nsct-a-breakthrough-in-network-protocol-testing-b2356c2c7d70?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Art of finding zero day vulnerabilities using Open Source AI
I am Harish SG, a security researcher who studies Masters in Cybersecurity at UT Dallas and AI security engineer at Cisco,previously hunted on the Microsoft Bug Bounty Program and Google VRPI am sharing this article for security awareness and educational purposes only and I am sharing only personal opinions and none of these are related to my work at Cisco.In this article I am gonna share how I used an Opensource AI model finetuned for finding vulnerabilities called codeastra-7B to idenify zero day vulnerabilities in various opensource project such as apache pulsar , apache airflow , apache cocoon , tensorflow , imagemagik etc and how to build a framwork which combines both static analysis tools such as semgrep and AI agents built on top of opensource models such as CodeAstra-7B to find...
https://infosecwriteups.com/art-of-finding-zero-day-vulnerabilities-using-open-source-ai-e26eaaf323cb?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Unlocking Kubernetes Security: The Complete Checklist
Kubernetes has quickly become the go-to system for managing containerized apps, making it a massive playground for both deploying cool apps and, unfortunately, encountering some not-so-cool security gaps.In this write-up, we're going to explore the world of Kubernetes pentesting, presenting a comprehensive checklist that serves as your guiding light through the dark corners of Kubernetes environments.Entry Points into the cluster#The Kubernetes API server is the main point of entry to a cluster for external parties.1)NodePort and LoadBalancer Service▶k get svc -A2)hostPort▶k describe pod <pod>#Pods can be directly exposed via hostPort. This is not the recommended way of exposing a pod3)Ingress Paths▶kubectl get ingress -A -o=jsonpath='{range .items[*]}{@.metadata.name}{"\n"}{range...
https://infosecwriteups.com/unlocking-kubernetes-security-the-complete-checklist-538fff3adacf?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

0 Click — Account Takeover | Bug Bounty
0 Click — Account Takeover | Bug BountyBounty ❌️ Swag ✅️This is not a bounty program that's why they only provide swags.I was searching bug bounty programs on Linkedin! 🫨 Yes you heard it right, we can find latest bug bounty programs on Linkedin that are self hosted. [Research Yourself]Start-I got one program that was launched just 1 day before. I started recon, got some low hanging but, 🫣 didn't report.After that I got OAuth misconfiguration leads to account takeover. I reported that and in 30 minutes, got a reply that you are awarded with a swag 😎Vulnerable endpoint-🔥 Now I saw forgot password functionality that sends OTP code to the email for resetting password.Request-POST /forgot-pass{“email”: “victim email id”}✨️Above request will send...
https://infosecwriteups.com/0-click-account-takeover-bug-bounty-12d6641f69f5?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DORA: What You Need to Know
Learn about DORA, the new EU regulation for digital operational resilience, and how to meet the requirements with pentesting.
https://www.hackerone.com/penetration-testing/dora
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Proton Docs Arrives As An Encrypted Document Sharing Platform
The security brand Proton has just launched another online product aimed at securing users' privacy.… Proton Docs Arrives As An Encrypted Document Sharing Platform on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2024/07/08/proton-docs-arrives-as-an-encrypted-document-sharing-platform/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What You Need to Know About the EU Cyber Resilience Act
Understand what the CRA entails and how to comply.   
https://www.legitsecurity.com/blog/what-you-need-to-know-about-the-eu-cyber-resilience-act
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI Can't Be Our Only Defense Against AI-Generated Cyber Threats
This week in cybersecurity from the editors at Cybercrime Magazine – Read the Full Story in Security Boulevard Sausalito, Calif. – Jul. 8, 2024 From casual users to international corporations, people are flocking to artificial intelligence tools to boost their productivity. But they're not the The post AI Can't Be Our Only Defense Against AI-Generated Cyber Threats appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-cant-be-our-only-defense-against-ai-generated-cyber-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New APT Group "CloudSorcerer" Targets Russian Government Entities

https://www.proofpoint.com/us/newsroom/news/new-apt-group-cloudsorcerer-targets-russian-government-entities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Decrypted: DoNex Ransomware and its Predecessors
Researchers from Avast have discovered a flaw in the cryptographic schema of the DoNex ransomware and its predecessors. In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024. The  cryptographic weakness was made public at Recon 2024 and therefore we have no reason to keep […] The post Decrypted: DoNex Ransomware and its Predecessors appeared first on Avast Threat Labs.
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/?utm_source=rss&utm_medium=rss&utm_campaign=decrypted-donex-ransomware-and-its-predecessors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CloudSorcerer – A new APT targeting Russian government entities
Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.
https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Husky Owners - 16,502 breached accounts
In July 2024, the Husky Owners forum website was defaced and linked to a breach of user data containing 16k records. The exposed data included usernames, email addresses, dates of birth and time zones.
https://haveibeenpwned.com/PwnedWebsites#HuskyOwners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

FNTECH - 10,386 breached accounts
In July 2024, the events management platform FNTECH suffered a data breach that exposed 10k unique email addresses. The data contained registrants from various events, including participants of the Roblox Developer Conference registration list. The data also included names and IP addresses.
https://haveibeenpwned.com/PwnedWebsites#RobloxDeveloperConference2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

MSSQL for Pentester: Command Execution with xp_cmdshell
Transact-SQL (T-SQL) is an extension of the SQL language used primarily in Microsoft SQL Server. T-SQL expands the functionality of SQL by adding procedural programming The post MSSQL for Pentester: Command Execution with xp_cmdshell appeared first on Hacking Articles.
https://www.hackingarticles.in/mssql-for-pentester-command-execution-with-xp_cmdshell/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 07/05/2024
3 new modules - MOVEit Transfer authentication bypass CVE-2024-5806, Zyxel command injection, and Azure CLI credentials gatherer
https://blog.rapid7.com/2024/07/05/metasploit-wrapup-75/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Kimsuky Group's New Backdoor (HappyDoor)
Table of Contents This report is a summarized version of “Analysis Report of Kimsuky Group’s HappyDoor Malware” introduced in AhnLab Threat Intelligence Platform (TIP), containing key information for analyzing breaches. The report in AhnLab TIP includes details on encoding & encryption methods, packet structure, and more in addition to the characteristics and features of the malware. In particular, it also provides an IDA plugin and a backdoor test server developed by AhnLab for the convenience of analysts. Note that the masked... The post Kimsuky Group’s New Backdoor (HappyDoor) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67660/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What HackerOne Customers Say About Remediating Vulnerabilities and Getting the Best Results From Hackers
Learn how HackerOne customers remediate vulnerabilities and get the best results and value from ethical hackers.
https://www.hackerone.com/customer-stories/get-the-most-from-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Social media and teen mental health – Week in security with Tony Anscombe
Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?
https://www.welivesecurity.com/en/videos/social-media-teen-mental-health-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Polyfill.io Supply Chain Attack
What is the attack?Over 100,000+ sites have been impacted by a supply chain attack involving the Polyfill.io service. Polyfill is a popular tool used for enhancing browser capabilities by hundreds of thousands of sites to ensure that all website visitors can use the same codebase for unsupported functionality. Earlier this year, the polyfill.io domain was purchased, and the script was modified to redirect users to malicious and scam sites.What is the recommended Mitigation?Given the confirmed malicious operations, owners of websites using polyfill.io are advised to remove it immediately and search their code repositories for instances of polyfill.io. Users are also advised to consider using alternate services provided by Cloudflare and Fastly.What FortiGuard Coverage is available?Fortinet's...
https://fortiguard.fortinet.com/threat-signal-report/5478
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692)
HTTP File Server (HFS) is a program that provides a simple type of web service. Because it can provide web services with just an executable file without having to build a web server, it is often used for sharing files, allowing users to connect to the address through web browsers and easily download files. Because HFS is exposed to the public in order to enable users to connect to the HFS web server and download files, it can be a... The post Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67650/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Linux Defense Evasion Techniques Detected by AhnLab EDR (2)
The blog post “Linux Defense Evasion Techniques Detected by AhnLab EDR (1)” [1] covered methods where the threat actors and malware strains attacked Linux servers before incapacitating security services such as firewalls and security modules and then concealing the installed malware. This post will cover additional defense evasion techniques against Linux systems not covered in the past post. For example, methods of concealing malware include having the running malware delete itself to not be noticed by an administrator, or deleting... The post Linux Defense Evasion Techniques Detected by AhnLab EDR (2) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67636/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Dissecting GootLoader With Node.js
We demonstrate effective methods to circumvent anti-analysis evasion techniques from GootLoader, a backdoor and loader malware distributed through fake forum posts. The post Dissecting GootLoader With Node.js appeared first on Unit 42.
https://unit42.paloaltonetworks.com/javascript-malware-gootloader/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Not-So-Secret Network Access Broker x999xx
Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case study in this phenomenon is "x999xx," the nickname chosen by a venerated Russian hacker who specializes in providing the initial network access to various ransomware groups.
https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Does your business have an AI blind spot? Navigating the risks of shadow AI
With AI now an integral part of business operations, shadow AI has become the next frontier in information security. Here’s what that means for managing risk. For many organizations, 2023 was the breakout year for generative AI. Now, large language models (LLMs) like ChatGPT have become household names. In the business world, they’re already deeply […] The post Does your business have an AI blind spot? Navigating the risks of shadow AI appeared first on Security Intelligence.
https://securityintelligence.com/articles/does-your-business-have-ai-blind-spot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

No room for error: Don't get stung by these common Booking.com scams
From sending phishing emails to posting fake listings, here's how fraudsters hunt for victims while you're booking your well-earned vacation
https://www.welivesecurity.com/en/scams/common-bookingcom-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability
This threat brief details CVE-2024-6387, called RegreSSHion, an RCE vulnerability affecting connectivity tool OpenSSH servers on glibc-based Linux systems. The post Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerabilities in PanelView Plus devices could lead to remote code execution
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell's PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). PanelView Plus devices are graphic terminals, which are known as human machine interface (HMI) and are used in the industrial space. The post Vulnerabilities in PanelView Plus devices could lead to remote code execution appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Takeaways From The Take Command Summit: Navigating Modern SOC Challenges
At our recent Take Command summit, experts delved into the pressing challenges faced by SOC teams.
https://blog.rapid7.com/2024/07/02/takeaways-from-the-take-command-summit-navigating-modern-soc-challenges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

It all adds up: Pretexting in executive compromise
Executives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords. While phishing remains the primary pathway to executive compromise, increasing C-suite awareness of […] The post It all adds up: Pretexting in executive compromise appeared first on Security Intelligence.
https://securityintelligence.com/articles/pretexting-in-executive-compromise-social-engineering/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strategies to accelerate dependency management for modern enterprise software development
Contrary to common belief, security and productivity are not necessarily at odds in modern software development.
https://www.sonatype.com/blog/strategies-to-accelerate-dependency-management-for-modern-enterprise-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Shadow IT
Managing 'unknown assets' that are used within an organisation.
https://www.ncsc.gov.uk/guidance/shadow-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

March 2024 Cyber Attacks Statistics
In March 2024 I collected and analyzed 203 events dominated by malware attacks. Cyber Crime continued to lead the Motivations chart with 72.9%, ahead of Cyber Espionage with 13.3%, Cyber Warfare (5.9%) and Hacktivism (2.5%).
https://www.hackmageddon.com/2024/07/02/march-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Operation Endgame: The ultimate troll patrol.

https://www.proofpoint.com/us/newsroom/news/operation-endgame-ultimate-troll-patrol
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

AI in the workplace: The good, the bad, and the algorithmic
While AI can liberate us from tedious tasks and even eliminate human error, it's crucial to remember its weaknesses and the unique capabilities that humans bring to the table
https://www.welivesecurity.com/en/we-live-progress/ai-workplace-good-bad-algorithmic/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

SAML Raider Release 2.0.0
SAML Raider is a Burp Suite extension and the tool of choice for many pentesters for testing SAML infrastructures. This blog post should give a brief introduction to what has changed in the new version 2.0.0. From Improving developer and user experience to bug fixes.
https://blog.compass-security.com/2024/07/saml-raider-release-2-0-0/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

ChatGPT 4 can exploit 87% of one-day vulnerabilities
Since the widespread and growing use of ChatGPT and other large language models (LLMs) in recent years, cybersecurity has been a top concern. Among the many questions, cybersecurity professionals wondered how effective these tools were in launching an attack. Cybersecurity researchers Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang recently performed a study to […] The post ChatGPT 4 can exploit 87% of one-day vulnerabilities appeared first on Security Intelligence.
https://securityintelligence.com/articles/chatgpt-4-exploits-87-percent-one-day-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Strengthening Microsoft 365 with Human-centric Security

https://www.proofpoint.com/us/newsroom/news/strengthening-microsoft-365-human-centric-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)
AhnLab SEcurity intelligence Center (ASEC) recently discovered a case where an unidentified threat actor exploited a Korean ERP solution to carry out an attack. After infiltrating the system, the threat actor is believed to have attacked the update server of a specific Korean ERP solution to take control of systems within the company. In another attack case, a vulnerable web server was attacked to distribute malware. The targets of these attacks have been identified as the Korean defense and manufacturing... The post Xctdoor Malware Used in Attacks Against Korean Companies (Andariel) appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67558/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Metasploit Weekly Wrap-Up 06/28/2024
This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router. Learn more.
https://blog.rapid7.com/2024/06/28/metasploit-weekly-wrap-up-06-28-2024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing HackerOne's Hai API: Revolutionize Your Workflow Automation with AI
Learn about Hai API: designed specifically for customers seeking efficient interaction and automation capabilities.
https://www.hackerone.com/ai/hai-api
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

What Is Application Security Posture Management (ASPM): A Comprehensive Guide
Get details on what ASPM is, the problems it solves, and what to look for.  
https://www.legitsecurity.com/blog/what-is-application-security-posture-management-aspm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe
Learn about the types of threats that 'topped the charts' and the kinds of techniques that bad actors leveraged most commonly in the first half of this year
https://www.welivesecurity.com/en/videos/key-trends-shaping-threat-landscape-h1-2024-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Vulnerability management empowered by AI
Vulnerability management involves an ongoing cycle of identifying, prioritizing and mitigating vulnerabilities within software applications, networks and computer systems. This proactive strategy is essential for safeguarding an organization’s digital assets and maintaining its security and integrity. To make the process simpler and easier, we need to involve artificial intelligence (AI). Let’s examine how AI is […] The post Vulnerability management empowered by AI appeared first on Security Intelligence.
https://securityintelligence.com/posts/ai-powered-vulnerability-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention
Our novel contrastive credibility propagation algorithm improves on data loss prevention and has unique applications to sensitive material. The post The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention appeared first on Unit 42.
https://unit42.paloaltonetworks.com/contrastive-credibility-propagation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

16-31 March 2024 Cyber Attacks Timeline
In the second timeline of March 2024 I collected 104 events dominated by malware, exploitation of vulnerabilities and ransomware. The threat landscape was also characterized by several mega breaches, multiple cyber espionage operations and also some remarkable events related to cyber warfare.
https://www.hackmageddon.com/2024/06/28/16-31-march-2024-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ticketek - 17,643,173 breached accounts
In May 2024, the Australian event ticketing company Ticketek reported a data breach linked to a third party cloud-based platform. The following month, the data appeared for sale on a popular hacking forum and was later linked to a series of breaches of the Snowflake cloud storage service. The data contained almost 30M rows with 17.6M unique email addresses alongside names, genders, dates of birth and hashed passwords.
https://haveibeenpwned.com/PwnedWebsites#Ticketek
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz
Rapid7 investigated suspicious behavior emanating from the installation of Notezilla, RecentX, & Copywhiz. These installers are distributed by Conceptworld.
https://blog.rapid7.com/2024/06/27/supply-chain-compromise-leads-to-trojanized-installers-for-notezilla-recentx-copywhiz/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Sustaining Digital Certificate Security - Entrust Certificate Distrust
Posted by Chrome Root Program, Chrome Security Team .code { font-family: "Courier New", Courier, monospace; font-size: 11.8px; font-weight: bold; background-color: #f4f4f4; padding: 10px; border: 1px solid #ccc; border-radius: 2px; white-space: pre-wrap; display: inline-block; line-height: 12px; } .highlight { color: red; } The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond...
http://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Virtual Escape; Real Reward: Introducing Google's kvmCTF
Marios Pomonis, Software EngineerGoogle is committed to enhancing the security of open-source technologies, especially those that make up the foundation for many of our products, like Linux and KVM. To this end we are excited to announce the launch of kvmCTF, a vulnerability reward program (VRP) for the Kernel-based Virtual Machine (KVM) hypervisor first announced in October 2023.KVM is a robust hypervisor with over 15 years of open-source development and is widely used throughout the consumer and enterprise landscape, including platforms such as Android and Google Cloud. Google is an active contributor to the project and we designed kvmCTF as a collaborative way to help identify & remediate vulnerabilities and further harden this fundamental security boundary. Similar to kernelCTF,...
http://security.googleblog.com/2024/06/virtual-escape-real-reward-introducing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The Windows Registry Adventure #3: Learning resources
@import url(https://themes.googleusercontent.com/fonts/css?kit=4mNYFHt_IKFsPe52toizHz0e5qzIIUg9OvSRGeMDk3I); .lst-kix_80vdbxrca7qi-0>li:before { content: "25cf " } ul.lst-kix_pv42b0usiw40-7 { list-style-type: none } ul.lst-kix_pv42b0usiw40-8 { list-style-type: none } .lst-kix_80vdbxrca7qi-5>li:before { content: "25a0 " } .lst-kix_80vdbxrca7qi-4>li:before { content: "25cb " } .lst-kix_80vdbxrca7qi-2>li:before { content: "25a0 " } .lst-kix_80vdbxrca7qi-3>li:before { content: "25cf " } .lst-kix_80vdbxrca7qi-1>li:before { content: "25cb " } ol.lst-kix_hmg5xw3mb42j-2.start { counter-reset: lst-ctn-kix_hmg5xw3mb42j-2...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Common Ecommerce Vulnerabilities: Reflected XSS
With an example from Shopify, learn about the impact of Reflected XSS vulnerabilities in e-commerce and how to remediate them.
https://www.hackerone.com/vulnerability-management/reflected-xss-ecommerce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Software composition analysis (SCA): A beginner's guide
In modern software development, applications are rarely built from scratch. Development teams extensively rely upon open source software components to accelerate development and foster innovation in software supply chains.
https://www.sonatype.com/blog/software-composition-analysis-sca-a-beginners-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New InnoSetup Malware Created Upon Each Download Attempt
AhnLab SEcurity intelligence Center (ASEC) has discovered the distribution of a new type of malware that is disguised as cracks and commercial tools. Unlike past malware which performed malicious behaviors immediately upon being executed, this malware displays an installer UI and malicious behaviors are executed upon clicking buttons during the installation process. It is deemed that when the user makes a download request, a malware is instantly created to give a reply instead of distributing pre-made malware. This means that... The post New InnoSetup Malware Created Upon Each Download Attempt appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67502/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DBatLoader Distributed via CMD Files
AhnLab SEcurity intelligence Center (ASEC) has recently discovered malware being distributed through CMD files and identified it as a downloader called DBatLoader (ModiLoader) that had been distributed before via phishing emails in RAR file format containing an EXE file. The file contained “FF, FE” which means “UTF-16LE”, so when the internal code was opened with a text editor, the content of the code was not displayed correctly. However, if “FF, FE” is deleted or the file is converted to”UTF-8″, the... The post DBatLoader Distributed via CMD Files appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/67468/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Mitigating Skeleton Key, a new type of generative AI jailbreak technique
Microsoft recently discovered a new type of generative AI jailbreak method called Skeleton Key that could impact the implementations of some large and small language models. This new method has the potential to subvert either the built-in model safety or platform safety systems and produce any content. It works by learning and overriding the intent of the system message to change the expected behavior and achieve results outside of the intended use of the system. The post Mitigating Skeleton Key, a new type of generative AI jailbreak technique appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/06/26/mitigating-skeleton-key-a-new-type-of-generative-ai-jailbreak-technique/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attack of the clones: Getting RCE in Chrome's renderer with duplicate object properties
In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post Attack of the clones: Getting RCE in Chrome's renderer with duplicate object properties appeared first on The GitHub Blog.
https://github.blog/2024-06-26-attack-of-the-clones-getting-rce-in-chromes-renderer-with-duplicate-object-properties/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Working with a cybersecurity committee of the board
Learn about the rise of cybersecurity committees and how the CISO and IT security team can work with them to produce the best result for the organization's IT security and enable digital transformation. The post Working with a cybersecurity committee of the board appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/06/26/working-with-a-cybersecurity-committee-of-the-board/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pentesting for NIST 800-53, FISMA, and FedRAMP
Learn how to address NIST 800-53, FISMA, and FedRAMP compliance with pentesting and the ethical hacker community.
https://www.hackerone.com/security-compliance/nist-800-53-fisma-fedramp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Polyfill.io supply chain attack hits 100,000+ websites — all you need to know
In a significant supply chain attack, over 100,000 websites using Polyfill[.]io, a popular JavaScript CDN service, were compromised.
https://www.sonatype.com/blog/polyfill.io-supply-chain-attack-hits-100000-websites-all-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Exploit creator selling 250+ reserved npm packages on Telegram
Recently, the Sonatype Security Research team identified more than 250 npm packages which are lucrative and convincing exploits, because these are named exactly like the open source projects coming from Amazon Web Services (AWS), Microsoft, React, CKEditor, among other popular names.
https://www.sonatype.com/blog/exploit-creator-selling-250-reserved-npm-packages-via-telegram
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The dangers of anthropomorphizing AI: An infosec perspective
The generative AI revolution is showing no signs of slowing down. Chatbots and AI assistants have become an integral part of the business world, whether for training employees, answering customer queries or something else entirely. We’ve even given them names and genders and, in some cases, distinctive personalities. There are two very significant trends happening […] The post The dangers of anthropomorphizing AI: An infosec perspective appeared first on Security Intelligence.
https://securityintelligence.com/articles/anthropomorphizing-ai-danger-infosec-perspective/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Ashok - A OSINT Recon Tool, A.K.A Swiss Army Knife
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine. Main Features - Wayback Crawler Machine- Google Dorking without limits- Github Information Grabbing- Subdomain Identifier - Cms/Technology Detector With Custom Headers Installation ~> git clone https://github.com/ankitdobhal/Ashok~> cd Ashok~> python3.7 -m pip3 install -r requirements.txt How to use Ashok? A detailed usage guide is available on Usage section of the Wiki. But Some index of options is given below:...
http://www.kitploit.com/2024/06/ashok-osint-recon-tool-aka-swiss-army.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cyber insurance as part of the cyber threat mitigation strategy
Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies
https://www.welivesecurity.com/en/business-security/cyber-insurance-part-cyber-threat-mitigation-strategy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

America's drinking water is facing attack, with links back to China, Russia and Iran

https://www.proofpoint.com/us/newsroom/news/americas-drinking-water-facing-attack-links-back-china-russia-and-iran
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Maven Central and the tragedy of the commons
The tragedy of the commons is a concept in economics and ecology that describes a situation where individuals, acting in their own self-interest, collectively deplete a shared resource. In simpler terms, it's the idea that when a resource is available to everyone without restriction, some individuals tend to overuse it, leading to its eventual depletion and harming everyone in the long run. In the case of Maven Central, we are experiencing an unwitting tyranny by the few.
https://www.sonatype.com/blog/maven-central-and-the-tragedy-of-the-commons
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attackers Exploiting Public Cobalt Strike Profiles
Unit 42 researchers examine how attackers use publicly available Malleable C2 profiles, examining their structure to reveal evasive techniques. The post Attackers Exploiting Public Cobalt Strike Profiles appeared first on Unit 42.
https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Pride Month: Stories from Our LGBTQ+ Employees

https://www.hackerone.com/culture-and-talent/pride-month-stories-our-lgbtq-employees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Find XSS
Security researcher Haoxi Tan breaks down the best practices and tools for finding the different types of XSS vulnerabilities.
https://www.hackerone.com/ethical-hacker/how-to-find-xss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to boost your incident response readiness
Discover key steps to bolster incident response readiness, from disaster recovery plans to secure deployments, guided by insights from the Microsoft Incident Response team. The post How to boost your incident response readiness appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/06/25/how-to-boost-your-incident-response-readiness/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hacking for Defenders: approaches to DARPA's AI Cyber Challenge
Oliver Chang, Jonathan Metzman, OSS-Fuzz and Alex Rebert, Security EngineeringThe US Defense Advanced Research Projects Agency, DARPA, recently kicked off a two-year AI Cyber Challenge (AIxCC), inviting top AI and cybersecurity experts to design new AI systems to help secure major open source projects which our critical infrastructure relies upon. As AI continues to grow, it's crucial to invest in AI tools for Defenders, and this competition will help advance technology to do so. Google's OSS-Fuzz and Security Engineering teams have been excited to assist AIxCC organizers in designing their challenges and competition framework. We also playtested the competition by building a Cyber Reasoning System (CRS) tackling DARPA's exemplar challenge. This blog post will share our approach...
http://security.googleblog.com/2024/06/hacking-for-defenders-approaches-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CloudBrute - Awesome Cloud Enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here Motivation we are always thinking of something we can automate to make black-box security testing easier. We discussed this idea of creating a multiple platform cloud brute-force hunter.mainly to find open buckets, apps, and databases hosted on the clouds and possibly app behind proxy servers. Here is the list issues on previous approaches we tried to fix: separated wordlists lack of proper concurrency lack of supporting all major cloud providers require authentication or keys or cloud CLI access...
http://www.kitploit.com/2024/06/cloudbrute-awesome-cloud-enumerator.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cybersecurity in the SMB space — a growing threat
Kaspersky analysts explain which applications are targeted the most, and how enterprises can protect themselves from phishing and spam.
https://securelist.com/smb-threat-report-2024/113010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Hfinger - Fingerprinting HTTP Requests
Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be seen only in one particular malware family, yet one family can have multiple fingerprints. Hfinger represents the request in a shorter form than printing the whole request, but still human interpretable. Hfinger can be used in manual malware analysis but also in sandbox systems or SIEMs. The generated fingerprints are useful for grouping requests, pinpointing requests to particular malware families, identifying different operations of one family, or discovering unknown malicious requests omitted...
http://www.kitploit.com/2024/06/hfinger-fingerprinting-http-requests.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Fake software fixes fuel money-stealing malware threat

https://www.proofpoint.com/us/newsroom/news/fake-software-fixes-fuel-money-stealing-malware-threat
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XZ backdoor: Hook analysis
In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.
https://securelist.com/xz-backdoor-part-3-hooking-ssh/113007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Advance Auto Parts - 79,243,727 breached accounts
In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees. In total, 79M unique email addresses were included in the breach, alongside names, phone numbers, addresses and further data attributes related to company employees.
https://haveibeenpwned.com/PwnedWebsites#AdvanceAutoParts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

DORA ICT risk management framework: What to know
The Digital Operational Resilience Act, or DORA, focuses on limiting how disruptive cyberattacks are to financial institutions. One of its key characteristics is that it views open source analysis, also known as software composition analysis (SCA), as a basic security requirement that all institutions under its guidance must develop as a capability.
https://www.sonatype.com/blog/dora-ict-risk-management-framework-what-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of CoinMiner Attacks Targeting Korean Web Servers
Since web servers are externally exposed to provide web services to all available users, they have been major targets for threat actors since the past. AhnLab SEcurity Intelligence Center (ASEC) is monitoring attacks against vulnerable web servers that have unpatched vulnerabilities or are being poorly managed, and is sharing the attack cases that have been confirmed through its ASEC Blog. ASEC recently identified attack cases where a Korean medical institution was targeted, resulting in the installation of CoinMiners. The targeted... The post Analysis of CoinMiner Attacks Targeting Korean Web Servers appeared first on ASEC BLOG.
https://asec.ahnlab.com/en/66994/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

VulnNodeApp - A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open terminal/command prompt and navigate to the location of downloaded/cloned repository. Run command: npm install DB setup Install and configure latest mysql version and start the mysql service/deamon Login with root user in mysql and run below sql script: CREATE USER 'vulnnodeapp'@'localhost' IDENTIFIED BY 'password';create database vuln_node_app_db;GRANT ALL PRIVILEGES ON vuln_node_app_db.* TO 'vulnnodeapp'@'localhost';USE vuln_node_app_db;create table users (id int AUTO_INCREMENT PRIMARY...
http://www.kitploit.com/2024/06/vulnnodeapp-vulnerable-nodejs.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

XMGoat - Composed of XM Cyber terraform templates that help you learn about common Azure security issues
XM Goat is composed of XM Cyber terraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations. Your job is to attack and compromise the environments. Here's what to do for each environment: Run installation and then get started. With the initial user and service principal credentials, attack the environment based on the scenario flow (for example, XMGoat/scenarios/scenario_1/scenario1_flow.png). If you need help with your attack, refer to the solution (for example, XMGoat/scenarios/scenario_1/solution.md). When you're done learning the attack, clean up. Requirements Azure tenant Terafform version 1.0.9 or above Azure CLI Azure User with Owner permissions on Subscription and Global Admin...
http://www.kitploit.com/2024/06/xmgoat-composed-of-xm-cyber-terraform.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Extrude - Analyse Binaries For Missing Security Features, Information Disclosure And More...
Analyse binaries for missing security features, information disclosure and more. Extrude is in the early stages of development, and currently only supports ELF and MachO binaries. PE (Windows) binaries will be supported soon. Usage Usage: extrude [flags] [file]Flags: -a, --all Show details of all tests, not just those which failed. -w, --fail-on-warning Exit with a non-zero status even if only warnings are discovered. -h, --help help for extrude Docker You can optionally run extrude with docker via: docker run -v `pwd`:/blah -it ghcr.io/liamg/extrude /blah/targetfile Supported Checks ELF PIE RELRO BIND NOW Fortified Source Stack Canary NX Stack MachO PIE Stack Canary NX Stack NX Heap ARC Windows Coming soon... TODO Add support for PE Add secret scanning...
http://www.kitploit.com/2024/06/extrude-analyse-binaries-for-missing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

The long-tail costs of a data breach – Week in security with Tony Anscombe
Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents
https://www.welivesecurity.com/en/videos/long-tail-costs-data-breach-week-security-tony-anscombe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Scanning for TP-Link Wifi Router Vulnerability Increases by 100%
The TP-Link Archer AX21 Wifi Router vulnerability CVE-2023-1389 experiences massive targeting along with a rather old critical RCE in PHPUnit.
https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-may-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO
On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity.
https://krebsonsecurity.com/2024/06/krebsonsecurity-threatened-with-defamation-lawsuit-over-fake-radaris-ceo/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
@import url(https://themes.googleusercontent.com/fonts/css?kit=DFQxm4rd7fRHgM9OTejWVT5Vho6BE7M80rHXEVKqXWckOnM5xqt2DUw2f5lNcrroidEvLLi3H0BPvcL7ypcd6c76ZZ8PqJ7WOKqynLI9-xo);.lst-kix_s8mzwdo5vrhy-8>li:before{content:"25a0 "}ol.lst-kix_s8mzwdo5vrhy-0{list-style-type:none}.lst-kix_s8mzwdo5vrhy-5>li:before{content:"25a0 "}.lst-kix_s8mzwdo5vrhy-0>li{counter-increment:lst-ctn-kix_s8mzwdo5vrhy-0}.lst-kix_s8mzwdo5vrhy-6>li:before{content:"25cf "}li.li-bullet-0:before{margin-left:-18pt;white-space:nowrap;display:inline-block;min-width:18pt}.lst-kix_s8mzwdo5vrhy-7>li:before{content:"25cb "}ol.lst-kix_s8mzwdo5vrhy-0.start{counter-reset:lst-ctn-kix_s8mzwdo5vrhy-0 0}ul.lst-kix_s8mzwdo5vrhy-7{list-style-type:none}.lst-kix_s8mzwdo5vrhy-0>li:before{content:"" counter(lst-ctn-kix_s8mzwdo5vrhy-0,decimal)...
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Staying Safe with Chrome Extensions
Posted by Benjamin Ackerman, Anunoy Ghosh and David Warren, Chrome Security Team .code { background-color: #f4f4f4; border: 1px solid #ccc; border-radius: 4px; padding: 13px; } .highlight { color: red; } Chrome extensions can boost your browsing, empowering you to do anything from customizing the look of sites to providing personalized advice when you're planning a vacation. But as with any software, extensions can also introduce risk. That's why we have a team whose only job is to focus on keeping you safe as you install and take advantage of Chrome extensions. Our team: Provides you with a personalized summary of the extensions you've installed Reviews extensions before they're published on the Chrome Web Store Continuously monitors...
http://security.googleblog.com/2024/06/staying-safe-with-chrome-extensions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features!
A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor Twitter Notable Contributions Bobby Cooke @0xBoku Project original author and maintainer Santiago Pecin @s4ntiago_p Reflective Loader major enhancements Chris Spehn @ConsciousHacker Aggressor scripting Joshua Magri @passthehashbrwn IAT hooking Dylan Tran @d_tranman Reflective Call Stack Spoofing James Yeung @5cript1diot Indirect System Calls UDRL Usage Considerations The built-in Cobalt Strike reflective loader is robust, handling all Malleable PE evasion features Cobalt Strike has to offer. The major disadvantage to using a custom UDRL is Malleable PE evasion features may or may not be supported out-of-the-box....
http://www.kitploit.com/2024/06/bokuloader-proof-of-concept-cobalt.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we'll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects. The post Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects appeared first on The GitHub Blog.
https://github.blog/2024-06-20-execute-commands-by-sending-json-learn-how-unsafe-deserialization-vulnerabilities-work-in-ruby-projects/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Volana - Shell Command Obfuscation To Avoid Detection Systems
Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to be stealth. For this reason you should clear your tracks after your passage. Nevertheless, many infrastructures log command and send them to a SIEM in a real time making the afterwards cleaning part alone useless.volana provide a simple way to hide commands executed on compromised machine by providing it self shell runtime (enter your command, volana executes for you). Like this you clear your tracks DURING your passage Usage You need to get an interactive shell. (Find a way to spawn it, you are a hacker, it's your job ! otherwise). Then download it on target machine and launch it. that's it, now you can type the command you want to be stealthy executed ## Download it from github release##...
http://www.kitploit.com/2024/06/volana-shell-command-obfuscation-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Google Chrome Warning—You Must Never Copy And Paste This Text

https://www.proofpoint.com/us/newsroom/news/new-google-chrome-warning-you-must-never-copy-and-paste-text
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services
Microsoft Defender Experts for XDR delivered excellent results during round 2 of the MITRE Engenuity ATT&CK® Evaluations for Managed Services menuPass + ALPHV BlackCat. The post Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/06/18/microsoft-defender-experts-for-xdr-recognized-in-the-latest-mitre-engenuity-attck-evaluation-for-managed-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

CyberChef - The Cyber Swiss Army Knife - A Web App For Encryption, Encoding, Compression And Data Analysis
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more. The tool is designed to enable both technical and non-technical analysts to manipulate data in complex ways without having to deal with complex tools or algorithms. It was conceived, designed, built and incrementally improved by an analyst in their 10% innovation time over several years. Live demo CyberChef is still under active development. As a result, it shouldn't be considered a finished product....
http://www.kitploit.com/2024/06/cyberchef-cyber-swiss-army-knife-web.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

New Diamorphine rootkit variant seen undetected in the wild
Introduction Code reuse is very frequent in malware, especially for those parts of the sample that are complex to develop or hard to write with an essentially different alternative code. By tracking both source code and object code, we efficiently detect new malware and track the evolution of existing malware in-the-wild.  Diamorphine is a well-known […] The post New Diamorphine rootkit variant seen undetected in the wild appeared first on Avast Threat Labs.
https://decoded.avast.io/davidalvarez/new-diamorphine-rootkit-variant-seen-undetected-in-the-wild/?utm_source=rss&utm_medium=rss&utm_campaign=new-diamorphine-rootkit-variant-seen-undetected-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Analysis of user password strength
Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques.
https://securelist.com/password-brute-force-time/112984/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Attack Paths Into VMs in the Cloud
Virtual machines (VMs) are a significant attack target. Focusing on three major CSPs, this research summarizes the conditions for possible VM attack paths. The post Attack Paths Into VMs in the Cloud appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Introducing Conkeyscan – Confluence Keyword Scanner
TL;DR Release of Conkeyscan – A Confluence Keyword/Secret Scanner, which is tailored towards pentesters. Secrets Everywhere Many companies, especially larger ones, need to store knowledge in a centralized way. A wiki is the usual choice for this. One product that is frequently used for this purpose is Confluence from Atlassian. Similar to how sensitive data […]
https://blog.compass-security.com/2024/06/introducing-conkeyscan-confluence-keyword-scanner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Start building your CRA compliance strategy now
In March 2024, the European Parliament overwhelmingly approved the EU Cyber Resilience Act, or CRA, which will now be formally adopted with the goal of improving the cybersecurity of digital products. It sets out to do this by establishing essential requirements for manufacturers to ensure their products reach the market with fewer vulnerabilities.
https://www.sonatype.com/blog/start-building-your-cra-compliance-strategy-now
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Issue with DeepJavaLibrary - CVE-2024-37902
Publication Date: 2024/06/17 10:30 AM PDT AWS is aware of CVE-2024-37902, relating to a potential issue with the archive extraction utilities for DeepJavaLibrary (DJL). On May 15, 2024, we released version 0.28.0 to address this issue. If you are using an affected version (0.1.0 through 0.27.0), we recommend you upgrade to 0.28.0 or higher. For additional information, please refer to the DJL release notes. Security-related questions or concerns can be brought to our attention via aws-security@amazon.com.
https://aws.amazon.com/security/security-bulletins/AWS-2024-007/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

As Companies Flood Into Security AI, Do Large Players Have A Data Advantage?

https://www.proofpoint.com/us/newsroom/news/companies-flood-security-ai-do-large-players-have-data-advantage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Zadig & Voltaire - 586,895 breached accounts
In June 2024, a data brach sourced from French fashion brand Zadig & Voltaire was publicly posted to a popular hacking forum. The data included names, email and physical addresses, phone numbers and genders. When contacted about the incident, Zadig & Voltaire advised the incident had occurred more than 6 months ago and that "all measures were taken quickly".
https://haveibeenpwned.com/PwnedWebsites#ZadigVoltaire
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

GCP HMAC Keys are not discoverable or revokable other than for self
GCP administrators face challenges in managing HMAC keys within their organizations, lacking visibility into which user accounts have generated these keys and whether they are actively being used to access storage objects. Additionally, there's a lack of functionality to revoke keys associated with other users, restricting their ability to enforce security policies effectively. Similarly, GCP incident response teams rely on Cloud Logging to monitor Cloud Storage object access, but they lack specific indicators to determine if HMAC keys are being utilized in these access attempts.
https://www.cloudvulndb.org/gcp-hmac-keys-unauditable
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NativeDump - Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!)
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get the "SeDebugPrivilege" privilege RtlGetVersion to get the Operating System version details (Major version, minor version and build number). This is necessary for the SystemInfo Stream NtQueryInformationProcess and NtReadVirtualMemory to get the lsasrv.dll address. This is the only module necessary for the ModuleList Stream NtOpenProcess to get a handle for the lsass process NtQueryVirtualMemory and NtReadVirtualMemory to loop through the memory regions and dump all possible ones. At the same time it populates the...
http://www.kitploit.com/2024/06/nativedump-dump-lsass-using-only-native.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to Spot a Business Email Compromise Scam

https://www.proofpoint.com/us/newsroom/news/how-spot-business-email-compromise-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Alleged Boss of ‘Scattered Spider' Hacking Group Arrested
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.
https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Secure sanitisation of storage media
Why sanitisation is necessary, the risks to manage, and how to sanitise affordably.
https://www.ncsc.gov.uk/guidance/secure-sanitisation-storage-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Driving forward in Android drivers
@import url(https://themes.googleusercontent.com/fonts/css?kit=MXVwpSGzOOhqOc5hUWJbBLizfYjsfH9XaeDpmRKYJN5bV0WvE1cEyAoIq5yYZlSc);.lst-kix_3dxxrae9diso-3>li:before{content:"25cf "}.lst-kix_m966q2gfyys4-7>li:before{content:"" counter(lst-ctn-kix_m966q2gfyys4-7,lower-latin) ". "}.lst-kix_3dxxrae9diso-2>li:before{content:"25a0 "}.lst-kix_3dxxrae9diso-4>li:before{content:"25cb "}.lst-kix_m966q2gfyys4-6>li:before{content:"" counter(lst-ctn-kix_m966q2gfyys4-6,decimal) ". "}.lst-kix_m966q2gfyys4-8>li:before{content:"" counter(lst-ctn-kix_m966q2gfyys4-8,lower-roman) ". "}.lst-kix_kbd3zqh16g9u-4>li{counter-increment:lst-ctn-kix_kbd3zqh16g9u-4}.lst-kix_3dxxrae9diso-1>li:before{content:"25cb "}.lst-kix_3dxxrae9diso-5>li:before{content:"25a0 "}ol.lst-kix_m966q2gfyys4-3.start{counter-reset:lst-ctn-kix_m966q2gfyys4-3...
https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft's Recall changes might be too little, too late

https://www.proofpoint.com/us/newsroom/news/microsofts-recall-changes-might-be-too-little-too-late
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Security Challenges Introduced by Modern Software Development
Understand how modern software development is changing security threats.  
https://www.legitsecurity.com/blog/security-challenges-introduced-by-modern-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Cinterion EHS5 3G UMTS/HSPA Module Research
We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities.
https://securelist.com/telit-cinterion-modem-vulnerabilities/112915/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIS2 readiness: Ensure compliance with the EU Cybersecurity Directive
The software development community has been awash in new requirements and legislation recently, with the goal of neutralizing — or at least minimizing — cybersecurity threats. If your day-to-day work has not already been impacted by these new rules, it will soon be.
https://www.sonatype.com/blog/nis2-readiness-ensure-compliance-with-the-eu-cybersecurity-directive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Time to challenge yourself in the 2024 Google CTF
Hlynur Gudmundsson, Software EngineerIt's Google CTF time! Install your tools, commit your scripts, and clear your schedule. The competition kicks off on June 21 2024 6:00 PM UTC and runs through June 23 2024 6:00 PM UTC. Registration is now open at goo.gle/ctf.Join the Google CTF (at goo.gle/ctf), a thrilling arena to showcase your technical prowess. The Google CTF consists of a set of computer security puzzles (or challenges) involving reverse-engineering, memory corruption, cryptography, web technologies, and more. Participants can use obscure security knowledge to find exploits through bugs and creative misuse, and with each completed challenge your team will earn points and move up through the ranks. The top 8 teams of the Google CTF will qualify for our Hackceler8 competition...
http://security.googleblog.com/2024/06/time-to-challenge-yourself-in-2024.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

Microsoft Incident Response tips for managing a mass password reset
When an active incident leaves systems vulnerable, a mass password reset may be the right tool to restore security. This post explores the necessity and risk associated with mass password resets. The post Microsoft Incident Response tips for managing a mass password reset appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2024/06/12/microsoft-incident-response-tips-for-managing-a-mass-password-reset/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

How to achieve cloud-native endpoint management with Microsoft Intune
In this post, we're focusing on what it really takes for organizations to become fully cloud-native in endpoint management—from the strategic leadership to the tactical execution. The post How to achieve cloud-native endpoint management with Microsoft Intune appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/microsoft-365/blog/2024/06/12/how-to-achieve-cloud-native-endpoint-management-with-microsoft-intune/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)

NIST's International Cybersecurity and Privacy Engagement Update – Mexico City, RSA Conference, and More
The last few months have brought even more opportunities for NIST to engage with our international partners to enhance cybersecurity. Here are some updates on our recent international engagement: Conversations have continued with our partners throughout the world on the recent release of the Cybersecurity Framework Version 2.0 . NIST international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international dialogues. Most recently, NIST participated in interagency dialogues to share information on NIST
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-mexico
Partager : LinkedIn / Twitter / Facebook / View / View (lite)