Aggregator

HybridPetya ransomware bypasses UEFI Secure Boot echoing Petya/NotPetya

5 months ago

HybridPetya ransomware bypasses UEFI Secure Boot to infect EFI partitions, echoing the infamous Petya/NotPetya attacks of 2016–2017. ESET researchers discovered a new ransomware called HybridPetya on the platform VirusTotal. The malware echoes the infamous Petya/NotPetya malware, supporting additional capabilities, such as compromising UEFI-based systems and exploiting CVE‑2024‑7344 to bypass UEFI Secure Boot on outdated systems. “Interestingly, the […]

Pierluigi Paganini

Understanding JWT Expiration Time claim (exp)

Security Boulevard

5 months ago

JSON Web Tokens (JWT) are a popular mechanism for authentication and authorization in modern web applications. One critical aspect of […]

The post Understanding JWT Expiration Time claim (exp) appeared first on Security Boulevard.

MojoAuth - Advanced Authentication & Identity Solutions

Бесконечный COVID, океан под океаном, пятна на Марсе... 10 тайн 2020-х, от которых мурашки по коже

Securitylab.ru

5 months ago

Ответы на самые интересные вопросы последних лет.

尼泊尔 Z 世代抗议中的技术力量

Solidot

5 months ago

因政府封禁大部分社交媒体，以及对精英阶层的炫富行为感到愤怒，本周一尼泊尔 Z 世代举行了大规模抗议。周一的抗议以悲剧收场，至少 19 人死亡。但在政府同意解除对社交媒体的封禁之后，更多尼泊尔人加入了抗议群体，议会大厦被烧毁，总理宣布辞职，军队暂时接手维持次序。下一步怎么办？年轻一代的活动人士转向了广泛使用的游戏聊天应用 Discord，他们热烈的讨论谁可以成为临时政府领导人。通过非正式投票，前最高法院首席大法官 Sushila Karki 脱颖而出。本周五，Sushila Karki 正式担任临时政府总理，她成为尼泊尔历史上首位女总理。根据世界银行的数据，尼泊尔 3000 万人口中逾半数上网。在抗议活动爆发前几天，很多人就转向了 VPN 等工具绕过封锁。因担心互联网被关闭，Jack Dorsey 创建的蓝牙消息应用 Bitchat 的下载量激增。在这次 Z 世代抗议运动中，科技扮演了重要角色。

HybridPetya Crypto-Locker Outsmarts UEFI Secure Boot

Ransomware DataBreachToday.com

5 months ago

Malware Not Yet Deployed in the Wild, Says Eset
New malware dubbed HybridPetya spotted on VirusTotal is adding to steadily growing pile of bootkits, creating more opportunities for hackers to infect desktops before the operating system and antivirus programs load. No telemetry exists showing HybridPetya has been deployed in the wild.

Ping Identity CEO: Bots Disrupt Identity, Trust Is 'On Fire'

Ransomware DataBreachToday.com

5 months ago

Durand: Agentic Models Require Stronger Verification and Complex Access Controls
With bots and personal agents poised to reshape digital identity, Ping Identity CEO Andre Durand says organizations must harden onboarding, reimagine omni-channel strategies and deploy "verified trust services" to combat fraud and deepfakes, especially in workforce and third-party access.

Scattered LAPSUS$ Hunters Announces Closure

Ransomware DataBreachToday.com

5 months ago

Announcement Provokes Skepticism in Cyber Community
A band of adolescent hackers behind attacks against airliners, insurers and casinos in the United Kingdom and the United States on Friday said they are shutting down their operations. Scattered Lapsus$ Hunters posted a semi-coherent screed announcing a decision to "go dark."

Finnish Vastaamo Hacker Freed While Appealing Conviction

Ransomware DataBreachToday.com

5 months ago

Vastaamo Hacker Aleksanteri Kivimäki Is Free, For Now
A Helsinki court ordered the release of Finland's most notorious hacker pending the resolution of his appeal of a conviction stemming from the theft of psychotherapy records of 33,000 individuals. Aleksanteri Kivimäki was convicted last year for hacking into now-defunct psychotherapy chain Vastaamo.

20 Best MCP Servers for Developers in 2025

Security Boulevard

5 months ago

Discover 20 top MCP servers for developers in 2025. Find practical tools to boost your workflow and streamline projects.

The post 20 Best MCP Servers for Developers in 2025 appeared first on Security Boulevard.

SSOJet - Enterprise SSO & Identity Solutions

RCE 漏洞

迪哥讲事

5 months ago

Nmap vs. Wireshark: Choosing the Right Tool for Network Penetration Testing

Cyber Security News

5 months ago

Nmap vs Wireshark are the most popular Network penetration testing tools. Security professionals face an increasingly complex threat landscape, and picking the right penetration testing tools can make the difference between a secure infrastructure and a compromised network. While both serve critical roles in network analysis and security assessment, they address fundamentally different aspects of […]

The post Nmap vs. Wireshark: Choosing the Right Tool for Network Penetration Testing appeared first on Cyber Security News.

Guru Baran

Role of AI in Detecting and Preventing Financial Fraud

Security Boulevard

5 months ago

The banking sector has always been one of the prime targets for hackers due to the highly sensitive nature of its operations. It holds not only vast amounts of money but also valuable customer data, making it a lucrative target. As users continue to embrace the digital economy, cybersecurity in banking has become a top […]

The post Role of AI in Detecting and Preventing Financial Fraud appeared first on Kratikal Blogs.

The post Role of AI in Detecting and Preventing Financial Fraud appeared first on Security Boulevard.

Shikha Dhingra

Proton Mail 应网络安全机构要求关闭了记者账户

Solidot

5 months ago

瑞士加密邮箱服务 ProtonMail 再次引发了争议，它自称是用户个人数据的中立的安全避风港，致力于捍卫用户的自由，但在没有给出任何解释的情况下关闭了两位记者的账户，直到引发长达数周的争论和抗议之后它才恢复账户。它没有给出关闭账户的详细解释。在账户被关闭时两名记者正以 Saber 和 cyb0rg 笔名为黑客杂志《Phrack》的 8 月份撰写一篇朝鲜政府支持的黑客组织入侵韩国多个政府机构计算机网络的文章。文章称入侵活动是朝鲜 APT 组织 Kimsuky 发动的，包括韩国外交部和国防反间谍司令部在内的政府机构网络都被渗透。但上个月 ProtonMail 在收到未指明的网络安全机构的投诉后关闭了记者的账户，影响了记者与受影响机构的沟通。

Radar

Dark Feed IO

5 months ago

You must login to view this content

cohenido

Radar

Dark Feed IO

5 months ago

You must login to view this content

cohenido

New VoidProxy Phishing Service Bypasses MFA on Microsoft and Google Accounts

Hack Read

5 months ago

Okta Threat Intelligence exposes VoidProxy, a new PhaaS platform. Learn how this advanced service uses the Adversary-in-the-Middle technique…

Deeba Ahmed

Точный возраст — 85 миллионов лет. Китайские учёные изобрели способ допросить само яйцо динозавра

Securitylab.ru

5 months ago

Лазерная технология XXI века встретилась с меловым периодом.

CVE-2018-1000180 | Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload risky encryption (EUVD-2018-0718 / Nessus ID 110599)

Vuldb Updates

5 months ago

A vulnerability marked as critical has been reported in Oracle Enterprise Manager for Fusion Middleware 13.2/13.3. The impacted element is an unknown function of the component Apache Commons FileUpload. Performing manipulation results in risky cryptographic algorithm. This vulnerability is known as CVE-2018-1000180. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2018-1000180 | Oracle Data Integrator 12.2.1.3.0 Spring Framework risky encryption (EUVD-2018-0718 / Nessus ID 110599)

Vuldb Updates

5 months ago

A vulnerability was found in Oracle Data Integrator 12.2.1.3.0. It has been classified as critical. This affects an unknown function of the component Spring Framework. Performing manipulation results in risky cryptographic algorithm. This vulnerability was named CVE-2018-1000180. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

vuldb.com

CVE-2018-1000180 | Oracle Communications Diameter Signaling Router 8.0.0/8.1.0/8.2.0/8.2.1 IDIH Visualization risky encryption (EUVD-2018-0718 / ID 87375)

Vuldb Updates

5 months ago

A vulnerability was found in Oracle Communications Diameter Signaling Router 8.0.0/8.1.0/8.2.0/8.2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component IDIH Visualization. The manipulation results in risky cryptographic algorithm. This vulnerability was named CVE-2018-1000180. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

vuldb.com

Aggregator

Managed ad