Aggregator

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster tracked as APT32, a Vietnamese-aligned hacking crew that's also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. The intrusion is

North Korean groups exploited npm packages in coordinated attacks, targeting developers and cryptocurrency wallet browser extensions

CEO George Kurtz on New Recovery Techniques and Controls Implemented Post-Incident
CEO George Kurtz said CrowdStrike has blunted the business impact from the massive July 19 outage and is implementing changes to prevent a repeat occurrence. CrowdStrike is boosting the resilience of its Falcon platform through improved content visibility and control and enhanced quality assurance.

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Threat actors increasingly target industrial processes because of the costly and sometimes dangerous disruptions they can cause in OT environments. Making adversaries’ jobs easier are continued manufacturing security vulnerabilities that both provide entry points to these environments and facilitate dangerous lateral movement. Here’s a look at some of the main manufacturing security vulnerabilities threat groups have been targeting lately.  Industrial ... Read More

The post Manufacturing Security Vulnerabilities: Combating the Risks appeared first on Nuspire.

The post Manufacturing Security Vulnerabilities: Combating the Risks appeared first on Security Boulevard.

8月批次项目申报截止日为2024年10月31日

The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. [...]

Background A pre-authentication vulnerability in Apache OFBiz can result in remote code execution. With a CVSS score of 9.8, the […]

The post CISA Warning: CVE-2024-38856 Apache OFBiz RCE Vulnerability under active exploitation appeared first on HawkEye.

黑客正利用升泰科技一款已停产停止支持的网络安全探头的 0day 安装恶意程序 Mirai 组建僵尸网络。Akamai 称，攻击者利用的是 AVM1203 上一个有 5 年历史的漏洞 CVE-2024-7029，该漏洞很容易利用，能被用于执行恶意代码。AVM1203 已停售和停止支持，因此不会有补丁去修复该漏洞。攻击者正利用漏洞安装 Mirai 的一个变种。鉴于该探头已停止支持，因此修复该漏洞的最佳方法是更换探头。

BlackByte, linked to the Conti group, exploited VMware ESXi CVE-2024-37085 to control virtual machines

by Mike Saunders, Principal Consultant     This blog is the eleventh in a series of blogs on obfuscation techniques for hiding shellcode. You can find the rest of the […]

Discover how GitGuardian's latest product innovations enhance your secrets security, streamline remediation, and improve incident management for better protection of your software supply chain.

The post Elevating your secrets security hygiene: H1 roundup of our product innovations appeared first on Security Boulevard.

Authors/Presenters:Harun Oz, Ahmet Aris, Abbas Acar, Güliz Seray Tuncay, Leonardo Babun, Selcuk Uluagac

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – RøB: Ransomware over Modern Web Browsers appeared first on Security Boulevard.

Background Concerns have been raised by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) over the potential exploitation of a […]

The post CVE-2024-6800: A critical authentication bypass vulnerability affects the GitHub Enterprise Server appeared first on HawkEye.

Исследование о том, что происходит с памятью на уровне молекул.