Kerberos overview: Introducing network authentication
The Kerberos security protocol has become a staple of modern cyber security. It’s so well integrated, in fact, that most users or even…
MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN | CISA
Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.
Galaxy Store flaws can be exploited by hackers — update your Samsung phone now | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
Two vulnerabilities have been discovered in Samsung’s official Android app store that can be exploited by hackers to install apps on a user’s device without their consent or to take them to malicious websites. Discovered by researchers from the NCC Group at the end of last year, Samsung released a fix for both flaws on […]
If things go right, make sure it’s a trap, How the hackers are caught?
In today’s interconnected world, cybersecurity has become a top priority for organizations of all sizes. As cyber threats continue to…
FIDO2 Deep Dive: Attestations, Trust model and Security
Update 2020-02-14: As pointed out by a reader (thank you!), attestations do not protect against man-in-the-middle attacks where an attacker owns a genuine authenticator of the same model as the vic…
2024年上半年勒索攻击赎金支付再创新高,总额超32亿元;半数智利国民隐私信息因社保基金数据库配置不当泄露 | 牛览 - 安全牛
安全牛
From U.S. Navy to AI Innovation: How Uply Media, Inc.
Breaking into the world of federal contracting is no easy task, especially for small businesses. But Uply Media, Inc., led by Kyle Ransom…
IntelBroker’s Alleged Cisco Breach: A Deep Dive into the Claims and Responses
IntelBroker’s Alleged Cisco Breach: A Deep Dive into the Claims and Responses On October 14, 2024, IntelBroker, the notorious threat actor and current admin of popular hacker forum, BreachForums, claimed to have breached Cisco Systems. The actor, well-known for targeting high-profile organizations, shared details of the breach, asserting access to sensitive data, including source codes and internal documents. Cisco promptly responded, denying any compromise of their core systems and attributing...
Update your Android: Google patches two zero-day vulnerabilities
Google has announced patches for several high severity vulnerabilities. In total, 51 vulnerabilities have been patched in November’s updates, two of which are under limited, active exploitation by cybercriminals. If your Android phone shows patch level 2024-11-05 or later then the issues discussed below have been fixed. The updates have been made available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t a...
Google Fixes Critical Zero-Day Vulnerabilities In Latest Android Security Update
Google’s November security update patched two critical zero-day vulnerabilities, CVE-2024-43047 and CVE-2024-43093, actively exploited in targeted attacks on Android devices, alongside 49 additional vulnerabilities.
How I Discovered an HTTP Request Smuggling Vulnerability in a Major Web Console
Bug Bounty Essentials by Karthikeyan Nagaraj
A Journey of Discovery.
April 2009. At 15, I was leaving behind the only home I’d ever known — a vibrant twin-island nation in the Caribbean, Trinidad and Tobago…
Why RAG and LLMs Are the Future of Cloud Security and Compliance
As cloud environments grow more complex, securing and maintaining compliance in the cloud has become a formidable challenge. Traditionally…
Unveiling Cybersecurity Secrets: Your Armor Against Digital Threats
In a world powered by technology, the invisible battleground of cyberspace becomes more significant every day. As we marvel at the wonders…
Hacking the Belkin E Series OmniView 2-Port KVM Switch
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Sysdig 2024 global threat report
We know that cloud attacks happen very quickly. Our 2024 global threat year-in-review, the third annual threat report from the Sysdig Threat Research Team (TRT), revisits the team’s hottest findings from the last 12 months and explores how they relate to the broader cyber threat landscape. This year’s report also includes informed predictions about 2025’s security outlook and potential trends. In the 2023 Global Cloud Threat Report, Sysdig TRT discovered that telecommunications and financial se...
HOW TO USE CHATGPT TO BECOME A HACKER
Ever wanted to get into hacking but didn’t know where to start? or didn't have money to enroll in an online course ChatGPT could be your…
Microsoft: Hackers go headhunting on LinkedIn, use WhatsApp to deliver malware | IT Security News
Tech pros need to double-check job offers via LinkedIn, Microsoft warns. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Microsoft: Hackers go headhunting on LinkedIn, use WhatsApp to deliver malware
CEO Giancarlo pumps up need for flash storage at Pure//Accelerate | IT World Canada News
Pure Storage chairman and chief executive officer (CEO) Charles Giancarlo focused in on several key themes in a keynote speech Wednesday at the company's user conference – Pure//Accelerate 2023 – held in Las Vegas. Sustainability was among them, but the key one revolved around what differentiates his company from many other past or current storage
Android Alert: Active Vulnerabilities Threaten Millions of Devices with Spyware
Nov. 2024 — Millions of Android users face severe security risks after detecting two critical system vulnerabilities, recently patched by…
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk? - RedPacket Security
MITRE has released its annual list of the Top 25 "most dangerous software weaknesses" for the year 2023.
Explore the World of Remote Cybersecurity Jobs
It’s a digital world, and there’s no industry that doesn’t use remote work. However, cybersecurity is among those leading in this growth…
Threat Hunting : How MDE Detects Network Intrusions Before It’s Too Late
Microsoft Defender for Endpoint (MDE) has become a cornerstone for organizations aiming to bolster their defences against sophisticated…
Industry group calls for harmonization of cloud security certification
The initiative aims to reduce compliance burdens for cloud service providers and foster international cooperation while maintaining strong security standards. Article Link: Industry group calls for harmonization of cloud security certification | SC Media
MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN | CISA
Affiliate marketing is a great way for beginners to start earning online by promoting products or…
Understanding Affiliate marketing.
FakeCalls Impersonates Leading Financial Institutions, Targets South Korea | Cyware Hacker News
Check Point Research found FakeCalls, a new Android vishing malware tool, targeting victims in South Korea by impersonating 20 leading financial institutions in the region. Continue reading!
How AWS WAF threat intelligence features help protect the player experience for betting and gaming customers | Amazon Web Services
The betting and gaming industry has grown into a data-rich landscape that presents an enticing target for sophisticated bots. The sensitive personally identifiable information (PII) that is collected and the financial data involved in betting and in-game economies is especially valuable. Microtransactions and in-game purchases are frequently targeted, making them an ideal case for safeguarding […]
Ducktail Operation - Hackers May Steal Your Credentials From Web Browser
Ducktail campaign can compromise Facebook business accounts and misuse the ad feature for malicious advertising. While along with Facebook, LinkedIn is also now actively targeted by threat actors for cybercriminal activities.
Revival Hijack - PyPI hijack technique exploited in the wild, puts 22K packages at risk
JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. This blog details a PyPI supply chain attack technique the JFrog research team discovered had been recently exploited in the wild. This attack technique …
Вредоносные пакеты NuGet используют лазейку в интеграции с MSBuild - SEC-1275-1
Вредоносные пакеты NuGet используют лазейку в интеграции с MSBuild - SEC-1275-1
MAR-10400779-1.v1 – Zimbra 1 | CISA
Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.
PBS Breached: How Hackers Probably Did It | Imperva
PBS Breach: With harvested data, hackers simply login into the websites.
Study of the ShadowPad APT backdoor and its relation to PlugX
SOC Security Services in Dubai: Protecting Your Business with eShield IT Services
As the cyber threat landscape continues to evolve, businesses must be proactive in safeguarding their digital assets. Security Operations…
Installing Win 11 on Mac M1/M2 for Malware Analysis
Well, since the Apple has released M1 and M2 chips for the Mac lovers. It has become quite a difficult task to use VMware, VirtualBox as…
Ghost in the Shellcode: TI-1337 (Pwnable 100)
Hey everybody, This past weekend was Shmoocon, and you know what that means—Ghost in the Shellcode! Most years I go to Shmoocon, but this year I couldn’t attend, so I did the next best thing: competed in Ghost in the Shellcode! This year, our rag-tag band of misfits—that is, the team who purposely decided not to ever decide on a team name, mainly to avoid getting competitive—managed to get 20th place out of at least 300 scoring teams! I personally solved three levels: TI-1337, gitsmsg, and fuzzy. This is the first of three writeups, for the easiest of the three: TI-1337—solved by 44 teams. You can download the binary, as well as the exploit, the IDA Pro files, and everything else worth keeping that I generated, from my Github repository.
ShadowGate Returns With Greenflash Sundown Exploit Kit
After almost two years of sporadic restricted activity, the ShadowGate campaign has started delivering cryptocurrency miners with a newly upgraded version of the Greenflash Sundown exploit kit.
qBittorrent、ユーザーを14年間MitM攻撃にさらす欠陥を修正 - PRSOL:CC
qBittorrentは、アプリ全体のダウンロードを管理するコンポーネントであるDownloadManagerにおいて、SSL/TLS証明書の検証の失敗によって引き起こされるリモートコード実行の欠陥に対処した。 2010年4月6日のコミットで導入されたこの欠陥は、最終的に14年以上経った2024年10月28日の最新リリースであるバージョン5.0.1で修正されました。 qBittorrentは、BitTorrentプロトコルでファイルをダウンロードおよび共有するための無料のオープンソースクライアントです。クロスプラットフォームであること、IPフィルタリング、統合検索エンジン、RSSフィードのサポート、Qtベースのモダンなインターフェースなどにより、特に人気が高い。 しかし、セキュリティ研究者であるSharp Securityがブログ投稿で強調したように、チームはユーザーに十分な告知をすることなく、また問題にCVEを割り当てることなく、重大な欠陥を修正した。 つの問題、複数のリスク 核心的な問題は、2010年以降、qBittorrentが偽造/非正規を含むあらゆる証明書を受け入れ、中間者的立場の攻撃者がネットワーク・トラフィックを変更することを可能にしていたことだ。 「qBittorrentでは、DownloadManagerクラスは、2010年4月6日のコミット9824d86以来、14年と6ヶ月の間、あらゆるプラットフォーム上で、これまでに発生したあらゆるSSL証明書の検証エラーを無視してきた。 「デフォルトの動作は、コミット3d9e971で2024年10月12日に検証するように変更されました。パッチが適用された最初のリリースは、2日前にリリースされたバージョン5.0.1である。 SSL証明書は、サーバーの証明書が認証局(CA)によって信頼された本物であることを検証することで、ユーザーが正規のサーバーに安全に接続できるようにするものだ。 この検証がスキップされると、正規のサーバーを装う任意のサーバーがデータ ストリーム内のデータを傍受、変更、または挿入できるようになり、qBittorrent はこのデータを信頼することになります。 Sharp Securityは、この問題から生じる4つの主なリスクを強調している: Windows上でPythonが利用できない場合、qBittorrentはPython実行ファイルを指すハードコードされたURL経由でインストールするようユーザーに促します。証明書の検証がないため、リクエストを傍受した攻撃者は、URL の応答を RCE を実行できる悪意のある Python インストーラーに置き換えることができます。 qBittorrent は、ハードコードされた URL から XML フィードを取得し、そのフィードを解析して新しいバージョンのダウンロードリンクを取得します。SSL 検証がないため、攻撃者はフィードに悪意のある更新リンクを代入し、ユーザーに悪意のあるペイロードをダウンロードさせることができます。 qBittorrent の DownloadManager は RSS フィードにも使用されるため、攻撃者は RSS フィードのコンテンツを傍受して変更し、安全なトレント リンクを装って悪意のある URL を挿入することができます。 qBittorrent は、ハードコードされた URL から圧縮された GeoIP データベースを自動的にダウンロードし、それを解凍するため、偽装されたサーバーから取得されたファイルを介して潜在的なメモリ オーバーフロー バグを悪用することができます。 研究者は、MitM攻撃は可能性が低いと見られがちだが、監視の厳しい地域ではより一般的になる可能性があるとコメントしている。 qBittorrentの最新バージョンである5.0.1では、上記のリスクに対処しているので、ユーザーはできるだけ早くアップグレードすることが推奨される。
Operating a SOC Analyst Home Lab
… “Find Evil — Know Normal.” (SANS DFIR slogan)
Exploring the World of Operating Systems and Linux Distributions
Introduction: Operating systems (OS) form the backbone of modern computing, providing the essential software interface between hardware and users. Among the various operating systems available, Linux…
The Lowdown On Wi-Fi Weaknesses
A flaw has been discovered, that if exploited, could give hackers access to credit card details, photos, private messages on your Wi-Fi network. Read on
Insider Risk: Unconventional Thoughts and Lessons Learned - Cybersecurity Insiders
By: Daron Hartvigsen, Managing Director, StoneTurn and Luke Tenery, Partner, StoneTurn When insider threat or insider risk is discussed in a corporate context, often the relevant topics include misconduct, fraud, misuse, or even the idea that insiders can be unwitting accomplices to social engineering exploitation. The recent slowing of the US economy and volatility in […]
7 Good Reasons To Protect Yourself From Corporate Hackers
7 Good Reasons To Protect Yourself From Corporate Hackers
Australian bikies who quit reveal being targeted and unable to sleep
Ex bikies have spoken about the fear of being targeted when they leave a gang, unable to sleep and facing violent retribution. One ex bikie says he still sleeps with one eye open.
The Weekly Ink #7
The Weekly Ink is the weekly newsletter brought to you by Duo Labs, the security research team at Duo Security, with curated links of interest in the security world to inform the community on security happenings and culture.
Troubleshooting: Resolving IP Assignment Issues in Imported Linux VMs
Issue: Unable to locate your recently imported Linux VM using network discovery tools like nmap.
BianLian Ransomware Victim: Neutronic Stamping - RedPacket Security
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers
VisualCron: Automating with a GUI
VisualCron is not an application or tool I have used before. The software aims to be a one-stop shop for automation.
Shimano Faces Alleged Cyberattack by LockBit Ransomware Group
Japan-based bicycle parts manufacturing giant Shimano is reported to have fallen victim to a cyberattack orchestrated by the notorious LockBit
Triad Nexus: Silent Push exposes FUNNULL CDN's ongoing corruption efforts, hosting DGA bulk domains for suspect Chinese gambling sites, investment scams, a retail phishing campaign, and a supply chain attack impacting 110,000+ sites - Silent Push
Key findings Executive summary Background Join the Silent Push Community Sign up for a free Silent Push Community account FUNNULL and fake trading apps FUNNULL’s CDN, rising up from corrupted soil Additional hostname analysis FUNNULL CNAME chains An in-depth look at FUNNULL’s corporate brand Suncity Group connections Suncity Group-related infrastructure accounted for more than 6,500
[APT73] - Ransomware Victim: www[.]assurified[.]com - RedPacket Security
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers
Automate Web Reconnaissance and Security Testing with PhantomWeb
In the ever-evolving landscape of web security, it is crucial for security professionals and ethical hackers to have effective tools at…
Yashma Ransomware Evolves with Multilingual Attack | Cyware Hacker News
A newly identified strain of Yashma ransomware has raised concerns as it was found targeting organizations across Bulgaria, China, Vietnam, and English-speaking countries since June 4. Click for more!
Evil WiFi Part 1: Jasager/Fonera Setup
Introduction This is a multi-part series on getting Jasager to play nicely with Metasploit, Hamster & Ferret to create an evil wifi tar-pit...
Injection Vulnerabilities: More Than You Think!! 🤯
Uncovering the Hidden Dangers Beyond Injection Vulnerabilities
Trend Micro Extends NVIDIA Cybersecurity Alliance to Detect Threats in Real Time
Trend Micro revealed today it will extend an alliance with NVIDIA to include a Morpheus platform that harnesses graphical processor units (GPUs) to apply artificial intelligence (AI) to security operations.
Black Magic Parsing with Regular Expressions - Parsing for Pentesters
In a previous post, @Sw4mp_f0x and I discussed the importance of data parsing skills for penetration testers and detailed the basics of how to get started with it. In that post we covered multiple ways to match text and search for specific strings. The examples we used were pretty straightforward, which is not always true to life. In this post we will cover more advanced pattern matching with regular expressions, giving you even greater control and flexibility over your parsing tools.
Cryptoviki
Cryptoviki: шифровальщик-вымогатель, описание, технические подробности, дешифровка, обсуждение.
Top 15 Cybersecurity Companies in Dubai
Dubai is a growing hub for cybersecurity solutions in the Middle East. With the rising threat landscape, businesses are increasingly…
Scarab-Crypt000
Scarab-Crypt000: шифровальщик-вымогатель, описание, технические подробности, дешифровка, обсуждение.
Australian CEOs Struggling to Face Cyber Risk Realities
91% of CEOs view IT security as the CIO or CISO's problem, meaning IT leaders have more work to do to engage senior executives and boards.
[SPACEBEARS] - Ransomware Victim: MENZIES CNAC (Jardine Aviation Services) - RedPacket Security
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers
Newry child predator gets life imprisonment | #childpredator | #onlinepredator | #sextrafficing | National Cyber Security Consulting
Alexander McCartney, a man from Newry in Northern Ireland who detectives describe as a “disgusting child predator,” was sentenced to life imprisonment on Friday, October 25 at Belfast Crown Court. McCartney’s life imprisonment comes with a minimum tariff of 20 years. The 26-year-old faced 185 charges of child sexual abuse crimes and blackmail, along with […]
‘Ghostwriter’ Looks Like a Purely Russian Op—Except It's Not
Security researchers have found signs that the pervasive hacking and misinformation campaign comes not from Moscow but from Minsk.
Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free.
Cyberattacken - Angriff der "Chaostruppe"
Die Hackergruppe "Ghostwriter" hat deutsche Politiker im Visier. Ersten Analysen zufolge führt die Spur nach Russland. Die Sicherheitsbehörden sind besorgt, dass es zu gezielten Desinformationskampagnen im Bundestagswahlkampf kommen könnte.
Banking Industry Cyber Security Solutions
In the banking sector, customer transaction behaviors are undergoing a noticeable shift, with a rapid surge in the adoption of digital…
Public Funding Opportunities Can Support Sustainability Goals
Sustainability is key to public sector success. But where do you start? To help you out, we’ve put together the top best practices and offer up a key resource to make your journey easier. Take a few minutes today to get up to speed - and make a difference for people and our planet.
Understanding Threat Actors: Insights from OffSec TH-200 Course module 2 section 1
As I continue my journey through the OffSec TH-200 course, I’ve now reached Module 2, Section 1, which delves into some critical areas of…
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
Our Splunk security experts share a closer look at the Pulse Connect Secure attack, including a breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.
Fortinet Mid-September Data Breach Advisory
Let’s first review the breach as published in many online sources. Here is the summary of what happened The post Fortinet Mid-September Data Breach Advisory appeared first on Seceon.
Private Web Hosting: Safeguard Your Online Presence with Top Providers
Private web hosting refers to hosting services that prioritize user privacy and security. These providers often adopt stringent measures to safeguard users’ data and protect their online activities…
'CloudImposer' attack targets Google Cloud services
Researchers uncovered a vulnerability that could have placed millions of Google Cloud instances at risk of remote hijack. Article Link: 'CloudImposer' attack targets Google Cloud services | SC Media
Critical Vulnerability Detected in Multiple HP MFP Products, Patch Released
A critical vulnerability has recently been discovered in certain LaserJet MFP (Multifunction Printer) products. The company has promptly provided a
Increase in attacks on CVE-2010-1885
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
29 Docker security tools compared. – Sysdig
A comprehensive list of Docker security tools that can help you implement Docker security best practices. Image scanning, runtime security and much more.
niceideas.ch: Deciphering the Bangladesh bank heist
Warning: Hackers could take over your email account by stealing cookies, even if you have MFA
The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Here’s how it works. Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique session ID. This sessio...
CISA: CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants - RedPacket Security
CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants
New triple-threat mobile version of the malware WannaLocker targets banks in Brazil
Find out how Avast threat researcher Nikolaos Chrysaidos tracked a new version of malware that combines spyware, remote-access-Trojan malware, and banking Trojan malware
Поддельный Palo Alto GlobalProtect используется в качестве заманухи для создания бэкдоров на предприятиях - SEC-1275-1
Поддельный Palo Alto GlobalProtect используется в качестве заманухи для создания бэкдоров на предприятиях - SEC-1275-1
Bulletin d'actualité CERTFR-2024-ACT-049 - CERT-FR
New Research Exposes Iranian Threat Group Operations
IBM X-Force IRIS has uncovered details on the operations of the suspected Iranian threat group ITG18, which overlaps with Charming Kitten and Phosphorus.
Top Features of SonicWall Firewalls That Enhance Cybersecurity
SonicWall Firewalls are renowned for their robust security features that protect businesses from a wide range of cyber threats…
Advanced Firewall Architecture & Implementation
Introduction to Financial Network Security
Daily Blog #530: Teaching SANS Windows Forensics in the USA
A blog about computer and digital forensics and techniques, hacking exposed dfir incident response file systems journaling
Diving Deeper Into Pre-created Computer Accounts
Optiv's Source Zero team examines how resetting computer accounts can introduce backdoors and bypasses into an Active Directory environment.
Here are the best used phones to buy for $500 and less
Looking to replace your phone? You can save some money by going for a used one. Here are the best used phones between $100 and $500.
ServiceNow ‘knowledge base’ misconfiguration leaks sensitive data
Security pros say KBs can be easily misconfigured – data on more than 1,000 KBs exposed. Article Link: ServiceNow ‘knowledge base’ misconfiguration leaks sensitive data | SC Media