Aggregator

今天给大家推送一些生物安全相关研究报告。

ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. [...]

When Skybox Security shut down, it raised real concerns for me, not just about employment, but about how the situation could affect the professional credibility I’ve built over nearly 25...

The post From Stranded to Supported: Helping My Customers Land Safely with FireMon appeared first on Security Boulevard.

Google Forms, the tech giant’s widely used survey tool, has become a favored weapon in cybercriminals’ arsenal. It enables them to bypass sophisticated email security filters and harvest sensitive credentials.  Security researchers have identified a surge in attacks that leverage this trusted platform to create convincing phishing campaigns that exploit users’ inherent trust in Google’s […]

The post Hackers Weaponized Google Forms to Evade Email Security & Steal Logins appeared first on Cyber Security News.

The FBI found that cybercrime losses climbed by 33% compared to 2023, driven by tactics like investment fraud and BEC

Which cybersecurity metrics should SOC teams be tracking to measure their success in detecting and responding to threats?

Currently trending CVE - Hype Score: 12 - In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.

A vulnerability was found in Ivanti LANDesk Management Suite up to 4.2-1.9 and classified as problematic. Affected by this issue is some unknown functionality of the file /client/index.php. The manipulation with the input %3F.php leads to incorrect behavior order: validate before canonicalize. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-43716. The attack may be launched remotely. Furthermore, there is an exploit available.

A severe security vulnerability in Synology’s DiskStation Manager (DSM) software has been identified. This vulnerability allows remote attackers to read arbitrary files through the Network File System (NFS) service without proper authorization.  The vulnerability, tracked as CVE-2025-1021 and detailed in a security advisory, was resolved in recent updates and affects multiple versions of the popular […]

The post Synology Network File System Vulnerability Let Read Any File appeared first on Cyber Security News.

Significant vulnerabilities in popular browser-based cryptocurrency wallets enable attackers to steal funds without any user interaction or approval.  These critical flaws, discovered in wallets including Stellar Freighter, Frontier Wallet, and Coin98, represent a significant shift in attack vectors against crypto users. Unlike traditional phishing attacks that require users to approve malicious transactions, these vulnerabilities allow […]

The post Critical Vulnerabilities in Browser Wallets Let Attackers Drain your Funds appeared first on Cyber Security News.

A significant vulnerability in the FireEye Endpoint Detection and Response (EDR) agent that could allow attackers to inject malicious code and render critical security protections ineffective. The vulnerability, tracked as CVE-2025-0618, was disclosed today and highlights the ongoing challenges in securing endpoint protection platforms against sophisticated threat actors. FireEye EDR Agent DoS Vulnerability The newly […]

The post FireEye EDR Agent Vulnerability Let Attackers Inject Malicious Code appeared first on Cyber Security News.

Россия готовит запрет на продвижение «духовных специалистов».

Phishing attacks now evade email filters, proxies, and MFA — making every attack feel like a zero-day. This article from Push Security breaks down why detection is failing and how real-time, in-browser analysis can help turn the tide. [...]

One of the ways threat actors keep up with the constantly evolving cyber defense landscape is by raising the level of sophistication of their attacks. This trend can be seen across many of our engagements, particularly when responding to China-nexus groups. These actors have demonstrated the ability to create custom malware ecosystems, identify and use zero-day vulnerabilities in security and other appliances, leverage proxy networks akin to botnets, target edge devices and platforms that traditionally lack endpoint detection and response, and employ custom obfuscators in their malware. They take these extra steps to evade detection, stifle analysis, and ultimately stay on systems for longer periods of time. 

However, not all successful attacks are highly complex and technical. Many times attackers will take advantage of the opportunities that are made available to them. This includes using credentials stolen in infostealer operations to gain initial access. Mandiant has seen such a rise in infostealer use that stolen credentials are now the second highest initial infection vector, making up 16% of our investigations. Other ways attackers are taking advantage of opportunities is by exploiting gaps and risks introduced in cloud migrations, and targeting unsecured data repositories to obtain credentials and other sensitive information. 

Today we released M-Trends 2025, the 16th edition of our annual report, to help organizations stay ahead of all types of attacks. We dive deep into several trends and share data and analysis from the frontlines of our incident response engagements to arm defenders with critical insights into the latest cyber threats.

aside_block

<ListValue: [StructValue([('title', 'M-Trends 2025 is available!'), ('body', <wagtail.rich_text.RichText object at 0x3ec70d32f940>), ('btn_text', 'Read now'), ('href', 'https://cloud.google.com/security/resources/m-trends?utm_source=m-trends-launch-blog&utm_medium=blog&utm_campaign=FY25-Q2-global-GCP33067-website-dl-dgcsm-m-trends-2025-report&utm_content=m-trends-launch-blog&utm_term=-'), ('image', <GAEImage: m-trends 2025 cover>)])]>

Data and Trends

M-Trends 2025 data is based on more than 450,000 hours of Mandiant Consulting investigations. The metrics are based on investigations of targeted attack activity conducted between Jan. 1, 2024 and Dec. 31, 2024. Key findings in M-Trends 2025 include: 

• 55% of threat groups active in 2024 were financially motivated, which marks a steady increase, and 8% of threat groups were motivated by espionage.

• Exploits continue to be the most common initial infection vector (33%), and for the first time stolen credentials rose to the second most common in 2024 (16%).

• The top targeted industries include financial (17.4%), business and professional services (11.1%), high tech (10.6%), government (9.5%), and healthcare (9.3%).

• Global median dwell time rose to 11 days from 10 days in 2023. Global median dwell time was 26 days when external entities notified, 5 days when adversaries notified (notably in ransomware cases), and 10 days when organizations discovered malicious activity internally.

M-Trends 2025 dives deep into the aforementioned infostealer, cloud, and unsecured data repository trends, and several other topics, including:

• Democratic People's Republic of Korea deploying citizens as remote IT contractors, using false identities to generate revenue and fund national interests.

• Iran-nexus threat actors ramping up cyber operations in 2024, notably targeting Israeli entities and using a variety of methods to improve intrusion success.

• Attackers targeting cloud-based stores of centralized authority, such as single sign-on portals, to gain broad access.

• Increased targeting of Web3 technologies such as cryptocurrencies and blockchains for theft, money laundering, and financing illicit activities.

Recommendations for Organizations

Each article in M-Trends 2025 offers critical recommendations for organizations to enhance their cybersecurity postures, with several of them being applicable to multiple trends. We advise that organizations:

• Implement a layered security approach that emphasizes sound fundamentals such as vulnerability management, least privilege, and hardening.

• Enforce FIDO2-compliant multi-factor authentication across all user accounts, especially privileged accounts.

• Invest in advanced detection technologies and develop robust incident response plans. 

• Improve logging and monitoring practices to identify suspicious activity and reduce dwell time. 

• Consider threat hunting exercises to proactively search for indicators of compromise.

• Implement strong security controls for cloud migrations and deployments. 

• Regularly assess and audit cloud environments for vulnerabilities and misconfigurations.

• Mitigate insider risk by practicing thorough vetting processes for employees (especially remote workers), monitoring for suspicious activity, and enforcing strict access controls.

• Keep up-to-date with the latest threat intelligence, adapt security strategies accordingly, and regularly review and update security policies and procedures to address evolving threats. 

Be Ready to Respond

The M-Trends mission has always been to equip security professionals with frontline insights into the latest evolving cyberattacks and to provide practical and actionable learnings for better organizational security.

Read the full M-Trends 2025 report today, and register for our M-Trends 2025 webinar series for a more in-depth look at the data, topics, and recommendations discussed in the report. The M-Trends 2025 Executive Edition is also available, featuring a high-level look at the data and trends, along with key recommendations. Listen to the M-Trends 2025 episode of the Cloud Security Podcast to learn more about what the findings mean, and how the report gets created.

In a world where insider threats, nation-state adversaries, and technological evolution create new challenges, companies must prioritize transparency, ethical leadership, and a culture rooted in trust.

IRONSCALES announced deepfake protection for enterprise email security. The announcement comes as deepfake-driven social engineering attacks continue to gain momentum. From 2022 to 2023, the total volume of deepfake-driven cyberattacks levied against private enterprises grew by a staggering 1,000% globally and by over 1,740% in North America. While the right mix of training and policies can go a long way toward mitigating these threats, technological defensive solutions have lagged far behind. A recent study from … More →

The post IRONSCALES introduces deepfake protection capabilities appeared first on Help Net Security.