Aggregator

Authors/Presenters: Panel

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – The Village Peoples’ Panel What Really Goes On In A Village appeared first on Security Boulevard.

A Threat Actor is Allegedly Selling RDWeb Access to an Unidentified Company in the UK

A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component V8. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-0612. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component V8. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-0611. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A Threat Actor Claims to be Selling Access to an Unidentified Magento Store in the USA

The post Life in the Swimlane with Marian Fehrenbacher, HR Assistant & Office Manager appeared first on AI Security Automation.

The post Life in the Swimlane with Marian Fehrenbacher, HR Assistant & Office Manager appeared first on Security Boulevard.

A vulnerability was found in TCAS Collision Avoidance Systems 7.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to reliance on untrusted inputs in a security decision. The identification of this vulnerability is CVE-2024-9310. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Cloudflare WARP up to 2023.3.381.0 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component WARP Service. The manipulation leads to improper privilege management. This vulnerability was named CVE-2025-0651. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cilium up to 1.14.17/1.15.11/1.16.4. It has been classified as problematic. This affects an unknown part. The manipulation of the argument header leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-23047. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10).

My favorite quotes from the report follow below:

• “Nearly half (46.4%) of the observed security alerts were due to overprivileged service accounts. ” [A.C. — using new data on cloud detections, we confirmed an old hypothesis: if you overprovision, you suffer. Very cause->effect: overprovision -> suffer!]

• “During H2 2024, credential-related vulnerabilities like weak or no passwords continued to be the most common entry point for attackers as shown [below], though the frequency decreased slightly through 2024. Misconfiguration of cloud environments (services or software) remained a significant security gap.” [A.C. As I said in other THR blogs, the main news here is that there is no news; a lot of cloud security problems in 2025 are 2020 problems, at best. Initial access vectors didn’t change all that much. “Secure by default” seems to apply to new cloud deployments perhaps and having no effect on what is running today …]
• “We also observed a new trend in the second half of 2024: a sharp rise in compromised APIs and UIs due to threat actor targeting. These attacks accounted for 17.1% of observed incidents, a substantial increase from the approximately 13% observed in the first half of 2024. “ [A.C. — aha, something DOES change! Perhaps all that endless whining of those ‘“API security vendors” had an effect and attackers are finally interested :-)]

• “We also saw a significant trend in threat actors searching for insecure private keys (13.7%), reinforcing the need for organizations to prioritize the security and proper management of private keys.” [A.C. — next time, somebody asks you in the dark cloud alley “do you even lateral, dude?”, you go “PRIVATE KEY SEARCH!!!”]
• “More than half (62.2%) of threat actor movements once they gained access involved attempting lateral movement within an environment and downloading tools designed for this purpose.” [A.C. — not sure what happened to cryptomining, I think we fixed it…]

• “Identity compromise is no longer limited to password theft based upon misconfigurations or weak passwords. Threat actors are now gaining access by intercepting or stealing post-authenticated tokens or cookies, effectively bypassing traditional authentication criteria. ” [A.C. — while I am still not a fan of ITDR as a separate tool, it is very clear that we are still under-equipped to fight this one…]
• “The most common methods of identity compromise include brute-forcing using common/guessable passwords, replaying stolen credentials from a previous breach, credential stuffing, phishing, and social engineering.” [A.C. — in other words, a range of 1970s-2020s tactics and methods ;-) And, yes, well-crafted MFA helps against many of these, but not all]
• “Threat actors are increasingly targeting identities and databases, exploiting misconfigurations and vulnerabilities to gain access to sensitive information and resources. Insecure databases containing critical business data and personally identifiable information (PII) are particularly attractive targets.” [A.C. — I am going to channel Captain Obvious here, but can you imagine? Corporate databases contain valuable data! No way, right? And somebody will steal it if you don’t secure it….]
• “To take over cloud service accounts, TRIPLESTRENGTH leverages stolen credentials and cookies, at least a portion of which have come from Racoon infostealer logs, to gain access to victim cloud environments.” [A.C. — a fun example re: cookies!]
• “Mandiant has observed threat actors increasingly extorting victim organizations by exposing their stolen data on Data Leak Sites (DLS). […] The expanded use of these extortion tactics combined with the prevalence of DLS poses a growing threat for all organizations, regardless of where their data is stored.” [A.C. — kinda makes sense, I suspect [gut, not data!] that “encrypt only” was easier on-prem, whole “encrypt+steal and post” works in the cloud]

Now, go and read the THR 11 report!

P.S. Coming soon! Trend analysis of THR1–11!

Related posts:

• EP112 Threat Horizons — How Google Does Threat Intelligence podcast
• Google Cloud Security Threat Horizons Report #10 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #8 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #7 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #6 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #2 Is Out!
• Illicit coin mining, ransomware, APTs target cloud users in first Google
• Cybersecurity Action Team Threat Horizons report

Google Cloud Security Threat Horizons Report #11 Is Out! was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Google Cloud Security Threat Horizons Report #11 Is Out! appeared first on Security Boulevard.

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. [...]

Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network visibility to the cloud, providing users with a standardized approach to cloud observability. Stratoshark incorporates much of Wireshark’s codebase, including its user interface elements. The interface and workflows will feel instantly recognizable for those already acquainted with Wireshark. By integrating Wireshark’s functionality with Falco’s capabilities (a cloud-native security tool that provides runtime security across hosts, containers, Kubernetes, and cloud environments), Stratoshark delivers contextual visibility … More →

The post Stratoshark: Wireshark for the cloud – now available! appeared first on Help Net Security.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Human Altitude’ appeared first on Security Boulevard.

Oracle addresses 186 CVEs in its first quarterly update of 2025 with 318 patches, including 30 critical updates.

Background

On January 21, Oracle released its Critical Patch Update (CPU) for January 2025, the first quarterly update of the year. This CPU contains fixes for 186 CVEs in 318 security updates across 27 Oracle product families. Out of the 318 security updates published this quarter, 9.4% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 56.6%, followed by high severity patches at 32.4%.

This quarter’s update includes 30 critical patches across 18 CVEs.

SeverityIssues PatchedCVEsCritical3018High10355Medium180109Low54Total318186Analysis

This quarter, the Oracle REST Data Services product family contained the highest number of patches at 85, accounting for 26.7% of the total patches, followed by Oracle Health Sciences Applications at 39 patches, which accounted for 12.3% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product FamilyNumber of PatchesRemote Exploit without AuthOracle REST Data Services8559Oracle Health Sciences Applications394Oracle Communications Applications3124Oracle Graph Server and Client2815Oracle Construction and Engineering2621Oracle Analytics2314Oracle Communications2218Oracle Hospitality Applications166Oracle Java SE63Oracle MySQL64Oracle Database Server52Oracle Secure Backup41Oracle TimesTen In-Memory Database41Oracle Commerce33Oracle Big Data Spatial and Graph20Oracle E-Business Suite21Oracle Financial Services Applications20Oracle Fusion Middleware21Oracle Hyperion22Oracle Insurance Applications21Oracle PeopleSoft20Oracle Application Express10Oracle Blockchain Platform11Oracle Essbase11Oracle GoldenGate11Oracle Enterprise Manager11Oracle JD Edwards10Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the January 2025 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

• Oracle Critical Patch Update Advisory - January 2025
• Oracle January 2025 Critical Patch Update Risk Matrices
• Oracle Advisory to CVE Map

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Zphisher: An Automated Phishing Tool with 30+ Templates