Aggregator

American Water, the largest water utility in the US, discovered a cyber-attack impacting internal systems on October 3

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. [...]

重点关注

本周，来自66个国家及地区的网络安全负责人——其中包括18个新成员、欧盟和国际刑警组织的代表们齐聚华盛顿，共同推动全球范围内对勒索软件活动的打击工作。

Healthcare organizations should rethink some of their approach to security, enhancing focus on insider threats, improving cyber awareness training and securing mobile applications and devices, said Ryan Witt, vice president of industry solutions at Proofpoint, discussing findings of a new study.

Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.

The post File hosting services misused for identity phishing appeared first on Microsoft Security Blog.

Learn five tips that will help improve the API exploits you submit into security triage as part of your vulnerability research.

The post 5 tips to improve your API exploits appeared first on Dana Epp's Blog.

【君哥内推】旨在帮助甲方信息安全部门发布招聘需求，推送频率不定。欢迎甲方朋友们将招聘需求发给我，我愿意出力，

安全行动，只为中国（五）—— APT捕获分析溯源篇 by ourren

open-eBackup:开源备份软件 by ourren

Fuzzer开发4：快照、代码覆盖率与模糊测试 by ourren

ITRC《2024年上半年数据泄露分析》报告解读 by ourren

一次解决Go编译问题的经过 by 洞源实验室

更多最新文章，请访问SecWiki

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. [...]

Partnership aims to help businesses eliminate vulnerable attack surfaces and provide a more streamlined user experience. Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today announced a partnership with CyberArk and the public release of its integration in the CyberArk Marketplace. According to the CyberArk website: The Badge CyberArk Identity integration allows specified […]

The post Badge and CyberArk Announce Partnership to Redefine Privacy in PAM and Secrets Management appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

在 Epic Games 提起的反垄断诉讼中，加州法官 James Donato 裁决 Google 必须向竞争对手开放其 Google Play Store，允许第三方应用商店通过 Play Store 下载它们没有的应用。Google 官方博客发表声明表示提起上诉，要求暂停实施相关要求，理由是要为用户和开发商保持一致且安全的体验。法官的裁决要求 Google 在三年内允许第三方 Android 应用商店访问 Google Play Store 的应用目录；对于仅通过 Google Play Store 提供的应用，Google 将允许用户通过 Google Play Store 完成应用下载，Google 可保留此类下载相关的所有收入；Google 将为开发商提供一种机制，选择不将其应用包含在任何特定第三方 Android 应用商店访问的目录中。

Tenable’s latest report reveals 38% of organizations face risks from a “toxic cloud triad” of security gaps

A vulnerability, which was classified as critical, has been found in Microsoft Windows Vista SP2 up to Server 2012 R2. This issue affects some unknown processing of the component Group Policy Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2016-3223. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows Vista SP2 up to Server 2012 R2. Affected is an unknown function of the component SMB Server. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2016-3225. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Center for Digital Democracy(CDD)发布了一份 48 页的报告《How TV Watches Us: Commercial Surveillance in the Streaming Era》，称智能电视和流媒体播放器制造商，以及流媒体服务提供商等业内企业开发了一种监控系统，将会在长期破坏隐私和消费者的保护。CDD 同时致函 FTC、FCC、加州总检察长和加州隐私保护局 (CPPA) ，对此状况表达了担忧，它认为智能电视变成了家庭中的数字木马，呼吁加强监管。

A vulnerability, which was classified as critical, was found in LogosQuest Beginnings 1.0. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-7495. Access to the local network is required for this attack to succeed. There is no exploit available.

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm, creating a hidden administrative share and executing a malicious batch file named p.bat.  This batch file performed various malicious actions like creating and executing malicious executables, opening firewall ports, setting up port forwarding, and scheduling tasks for persistence.  It also included […]

The post LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.