Aggregator

Срочно проверьте свои устройства на SCOUT, если не хотите, чтобы хакеры знали ваш домашний адрес.

In today's digital landscape, organizations face an unprecedented volume of cybersecurity alerts on a daily basis. While these alerts are crucial for maintaining security, their sheer volume can overwhelm security teams, a phenomenon known as alert fatigue. This issue not only hampers the effectiveness of cybersecurity measures but also poses significant risks to business operations, financial performance, and organizational reputation. As CEOs and CFOs, understanding and addressing this challenge is imperative to safeguard your organization's assets and ensure sustained growth.​

The post Cybersecurity Alert Overload is a CEO’s Problem; Here’s How to Fix It appeared first on Security Boulevard.

The Cybersecurity and Infrastructure Security Agency (CISA) announced that it has transitioned to a new model to better equip state, local, tribal, and territorial (SLTT) governments to strengthen shared responsibility nationwide. CISA is supporting our SLTT partners with access to grant funding, no-cost tools, and cybersecurity expertise to be resilient and lead at the local level. 

CISA’s cooperative agreement with the Center for Internet Security (CIS) will reach its planned end on September 30, 2025. This transition reflects CISA’s mission to strengthen accountability, maximize impact, and empower SLTT partners to defend today and secure tomorrow.

Support for SLTTs includes:

• Access to Grant Funding from the Department of Homeland Security (DHS), available through CISA in coordination with the Federal Emergency Management Agency (FEMA). This funding is provided via the State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP).
• No-cost services and tools such as Cyber Hygiene scanning and vulnerability management
• Cybersecurity Performance Goals and the Cyber Security Evaluation Tool to prioritize and measure progress
• Regional Cybersecurity Advisors and Cybersecurity Coordinators delivering hands-on, local and virtual expertise
• Professional services including vulnerability assessments and incident response coordination
• Bi-monthly SLTT Security Operations Center calls providing timely cyber defense updates

This initiative reinforces CISA’s role as the nation’s leading cyber defense agency, protecting critical infrastructure, enabling secure communications, and empowering partners on the front lines of America’s cybersecurity.

For more information about CISA’s Cybersecurity Services for SLTT partners, visit:  CISA Cybersecurity Resources for State, Local, Tribal, and Territorial

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2021-21311 Adminer Server-Side Request Forgery Vulnerability
• CVE-2025-20352 Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
• CVE-2025-10035 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
• CVE-2025-59689 Libraesva Email Security Gateway Command Injection Vulnerability
• CVE-2025-32463 Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability

These types of vulnerabilities are frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture.

Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories and manufacturer-provided resources like software bill of materials to establish and maintain an accurate, up-to-date view of their OT systems.

A definitive OT record enables organizations to conduct more comprehensive risk assessments, prioritize critical and exposed systems, and implement appropriate security controls. The guidance also addresses managing third-party risks, securing OT information, and designing effective architectural controls.

Key recommendations include:

• Collaborating Across Teams: Foster coordination between OT and IT teams;
• Aligning with Standards: Follow international standards such as IEC 62443 and ISO/IEC 27001.

Organizations are encouraged to use this guidance to strengthen their OT security posture and reduce risks. For additional details, review the full guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture

One of the biggest challenges with precast concrete is connecting the concrete pieces at a job site.

eSentire TRU analyses the new DarkCloud V4.2 infostealer, rewritten in VB6. Find out how the malware steals browser data, crypto, and contacts via targeted phishing.

A sophisticated new cross-platform information stealer known as ModStealer has emerged, targeting macOS users and demonstrating concerning capabilities to evade Apple’s built-in security mechanisms. The malware represents the latest evolution in macOS-focused threats, which have seen a dramatic surge throughout 2024 and continue accelerating into the current year. ModStealer follows established patterns seen in other […]

The post New ModStealer Evade Antivirus Detection to Attack macOS Users and Steal Sensitive Data appeared first on Cyber Security News.

Dex是专门为移动端开发的一种可执行文件格式，本文介绍了Dex文件各个字段的含义，以及如何解析Dex文件。

Security teams face a rapidly evolving campaign that abuses compromised SonicWall SSL VPN credentials to deliver Akira ransomware in under four hours—dwell times among the shortest ever recorded for this type of threat. Within minutes of successful authentication—often originating from hosting-related ASNs—threat actors initiated port scans, leveraged Impacket SMB tools for discovery, and deployed the […]

The post Cybercriminals Target SonicWall Firewalls to Deploy Akira Ransomware via Malicious Login Attempts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Apache Fory up to 0.12.2. It has been declared as critical. The impacted element is the function pickle.loads of the component Python. Such manipulation leads to deserialization. This vulnerability is traded as CVE-2025-61622. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Progress Chef Automate 4.11.0 on Linux. It has been classified as critical. The affected element is an unknown function. This manipulation causes sql injection. This vulnerability appears as CVE-2025-6724. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Apt-Cacher-NG 3.2.1 and classified as problematic. Impacted is an unknown function of the file /html/.html. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-11147. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in deneme 1.33 and classified as critical. This issue affects some unknown processing. The manipulation leads to argument injection. This vulnerability is documented as CVE-2025-11150. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in Apt-Cacher-NG 3.2.1. This vulnerability affects unknown code of the file /acng-report.html. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-11146. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Perfex CRM 3.2.1. This affects an unknown part of the file admin/leads/lead of the component POST Request Handler. Performing manipulation of the argument name/address results in cross site scripting. This vulnerability is cataloged as CVE-2025-10345. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Perfex CRM 3.2.1. Affected by this issue is some unknown functionality of the file /projects/project/x of the component POST Request Handler. Such manipulation of the argument name/clientid leads to cross site scripting. This vulnerability is listed as CVE-2025-10344. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as problematic has been found in Perfex CRM 3.2.1. Affected by this vulnerability is an unknown functionality of the file /expenses/expense of the component POST Request Handler. This manipulation of the argument expense_name causes cross site scripting. This vulnerability is tracked as CVE-2025-10343. The attack is possible to be carried out remotely. No exploit exists.

本文记录Nexus 6P由Android 8.1刷机至10，完成TWRP、Magisk root及Frida环境搭建与实践的完整过程

A vulnerability described as problematic has been identified in Perfex CRM 3.2.1. Affected is an unknown function of the file /subscriptions/create of the component POST Request Handler. The manipulation of the argument Name results in cross site scripting. This vulnerability is identified as CVE-2025-10342. The attack can be executed remotely. There is not any exploit available.