Aggregator

Russia's aviation sector continues to report digital disruptions, with the latest affecting the website of one of its busiest airports.

Административные права стали слабым звеном в цепи корпоративной безопасности.

ESET found that the FSB-affiliated groups, Gamaredon and Turla, are sharing tools to help conduct espionage attacks against Ukrainian organizations

有关全球网络犯罪条约的基本事实到 2024 年，全球超过 60% 的人口连接到互联网，数字领域正在迅速扩张。

Mark Gorak outlined that the department has seen a drop in the time it takes to hire, but much more work is needed.

The post DOD official: We need to drop the cybersecurity talent hiring window to 25 days appeared first on CyberScoop.

好久没发文章，因为AI带来的冲击实在太大了，研究AI去了最近一段时间对AI的探索和思考，把一些对产品经理和产品

The emergence of the SystemBC botnet marks a significant evolution in proxy-based criminal infrastructure. Rather than co-opt residential devices for proxying, SystemBC operators have shifted to compromising large commercial Virtual Private Servers (VPS), enabling high-volume proxy services with minimal disruption to end users. In recent months, Lumen Technologies has observed an average of 1,500 newly […]

The post SystemBC Botnet Hacked 1,500 VPS Servers Daily to Hire for DDoS Attack appeared first on Cyber Security News.

Фреймворк-альтернатива сетевым гигантам стала быстрее и надёжнее.

Check out why CISOs are embracing security platforms to reduce tool sprawl. Plus, learn how to prompt AI developer assistants so that they generate secure code. Further, dig into CISA’s analysis of malware tied to Ivanti EPMM vulnerabilities. And get the latest on external attack surface management and the Qilin ransomware threat to local governments.

Key takeaways

1. Facing tight budgets, CISOs are all in on integrated cybersecurity platforms that let them consolidate cyber functions.
    
2. That AI coding assistant saving you hours of work? It might also be injecting vulnerabilities into your code. The solution? Better prompts.
    
3. If you use Ivanti EPMM, CISA wants you to stop what you're doing and make sure it's patched.

Here are five things you need to know for the week ending September 19.

1 - Study: CISOs heart cybersecurity platforms, MSSPs

As they deal with budget pressures, technical complexity and scalability needs, CISOs are increasingly turning to integrated security platforms and to managed security services providers (MSSPs).

That’s a key takeaway from the “Security Software and Services 2025 Benchmark Report” published by IANS Research and Artico Search and based on a survey of 628 CISOs.

“The findings of this survey research show that tools consolidation and MSSPs can deliver value to CISOs where they need it most,” reads an IANS Research blog posted this week.

Specifically, 70% of CISOs said they either have consolidated or are in the process of consolidating standalone security tools with integrated platforms. Another 13% have plans to do so.
 

(Source: “Security Software and Services 2025 Benchmark Report” from IANS Research and Artico Search, September 2025)

Drivers for platform adoption include:

• Less tool sprawl, more clarity: Fewer tools mean less chaos and a clearer view of what's happening.
• Smarter security: Platforms integrate data, making it easier to spot and stop threats.
• Easier on the wallet: Bundled pricing beats buying dozens of individual products.

CISOs’ preferred areas for tool consolidation are endpoint security, cloud security and security operations. Network security, identity and access management (IAM) and data security are also seeing consolidation.

Meanwhile, almost 70% of CISOs have used at least one MSSP to manage security functions, including threat detection and response (84%), endpoint protection (57%), network security monitoring (43%) and incident response (33%).

“Success with these strategies will depend on striking the right balance – using integrated platforms to simplify security operations and MSSPs to scale, without sacrificing control or resilience,” the blog reads.

For more information about the benefits of an exposure management platform, check out these Tenable resources:

• “Exposure Management: 7 Benefits of a Platform Approach” (blog)
• “What Is Exposure Management?” (cybersecurity guide)
• “Breaking Down Silos: Why You Need an Ecosystem View of Cloud Risk” (blog)
• “How Exposure Management Has Helped Tenable Reduce Risk and Align with the Business” (blog)
• “Exposure Management Is the Future of Proactive Security” (blog)

2 - Is your AI coding assistant a security liability?

The productivity boost that developers get from using AI assistants for coding can come at a high price if they don’t use the tools securely.

To assist developers with this issue, the Open Source Security Foundation (OpenSSF) this week published the guide “Security-Focused Guide for AI Code Assistant Instructions.”

“AI code assistants are powerful tools. They can speed up development, suggest solutions, and help explore alternatives,” reads the OpenSSF blog “New OpenSSF Guidance on AI Code Assistant Instructions.”

“But they also create security risks, because the results you get depend heavily on what you ask,” it adds.
 

The guide offers developers tips and best practices on how to prompt these AI coding helpers to reduce the risk that they’ll generate unsafe code.

Specifically, the guide’s advice seeks to ensure that the AI coding assistants take into account:

• Application code security, such as validating inputs and managing secrets
• Supply chain safety, such as selecting safe dependencies and using package managers
• Platform or language-specific considerations, such as applying security best practices to containers
• Security standards and frameworks, such as those from OWASP and the SANS Institute

“In practice, this means fewer vulnerabilities making it into your codebase,” reads the guide.

For more information about the cyber risks of AI coding assistants:

• “Hackers setting traps for vibe coders: AI assistants can deliver malware” (Cybernews)
• “Cybersecurity Risks of AI-Generated Code” (Georgetown University)
• “Security risks of AI-generated code and how to manage them” (TechTarget)
• “AI-generated code risks: What CISOs need to know” (ITPro)
• “GitLab's AI Assistant Opened Devs to Code Theft” (Dark Reading)

3 - CISA slices and dices Ivanti EPMM vulnerability malware

If you use the Ivanti Endpoint Manager Mobile (EPMM) product, CISA has a message for you: Make sure you’re running its latest version. If you’re not, upgrade ASAP.

In a report published this week, CISA unpacks a sophisticated malware campaign targeting this endpoint mobile management tool. Specifically, the report details the functionality of "malicious listener" malware used by threat actors to compromise the systems of an unnamed organization.

The attackers gained initial access by exploiting two Ivanti EPMM vulnerabilities: CVE-2025-4427 and CVE-2025-4428. Ivanti provided patches for both in mid-May.

By chaining these vulnerabilities, the actors were able to execute remote commands, collect system information, download malicious files, map the network and exfiltrate sensitive data, including LDAP credentials. 
 

CISA's analysis focused on two distinct sets of malware discovered in the compromised environment, according to its report, titled “Malicious Listener for Ivanti Endpoint Mobile Management Systems.”

Both sets were designed to establish persistence, allowing the threat actors to inject and execute arbitrary code on the affected server.

This malware acts as a listener, intercepting HTTP requests which could enable the attackers to exfiltrate data and maintain long-term access. The delivery method was stealthy, involving the malware being sent in multiple Base64-encoded segments via separate HTTP GET requests, a technique used to evade detection.

To combat this threat, CISA's report provides specific indicators of compromise (IoCs) along with YARA and SIGMA rules to help network defenders detect the malicious activity. 

Mitigation recommendations include: 

• Immediately upgrade Ivanti EPMM systems to the latest patched version.
• Treat all mobile device management (MDM) systems as high-value assets that warrant beefed-up security monitoring, restricted access and heightened vigilance.
• Require phishing-resistant multifactor authentication (MFA) for all staff and services.

For more information about Ivanti EPMM vulnerabilities:

• “CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution” (Tenable)
• “Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)” (Ivanti)
• “Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations” (Help Net Security)
• “Questions mount as Ivanti tackles another round of zero-days” (Cyberscoop)
• “Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack” (Dark Reading)

4 - U.K.’s cyber agency offers EASM buying advice

If you’re in the market for an external attack surface management (EASM) system, you might be interested in a set of recommendations for how to pick the right one for your organization.

The “External Attack Surface Management (EASM) Buyer's Guide,” published this week by the U.K. National Cyber Security Centre (NCSC), seeks to demystify EASM and offer a structured approach for selecting the most appropriate product.

The NCSC defines EASM as the process of identifying, monitoring and remediating security issues in an organization's internet-accessible assets. EASM systems continuously scan for digital assets – such as websites, servers and cloud services – that may not be in the radar of the organization’s IT and security teams; and they flag vulnerabilities, misconfigurations and other exposures.
 

EASM tools provide a comprehensive and up-to-date view of the organization’s external attack surface, so that they can proactively identify and mitigate security gaps.

“EASM products contribute to maintaining the 'defender’s edge' by ensuring you have the same – or better – visibility of your online systems as potential attackers,” reads an NCSC blog.

The NCSC breaks down essential EASM features into three main categories:

• Visibility and Insight: This includes asset discovery, technology identification and asset relationship mapping.
• Security Analysis: This involves vulnerability scanning, misconfiguration detection and risk prioritization based on severity and exploitability.
• Supporting Functions: These features help integrate the EASM tool into existing workflows, such as ticketing systems, reporting dashboards and alerting mechanisms.

The guide provides a step-by-step process for choosing a product. It encourages organizations to first understand their specific needs by asking key questions, including: 

• What are our primary security concerns?
• Who will be using this tool?
• How will we integrate the information into our existing security operations?
• Do we also need vulnerability assessment?
• How current does our data need to be?

By clearly defining their goals and operational requirements, organizations can more effectively evaluate and select an EASM solution that is best suited to their unique environment and security challenges.

For more information about EASM, check out these Tenable resources:

• “What is External Attack Surface Management?” (cybersecurity guide)
• “Attackers Don't Honor Silos: Five Steps to Prioritize True Business Exposure” (white paper)
• “Visibility of the Unknown: Understanding EASM and How It Can Help” (blog)
• “Understanding Your Attack Surface: The Key to Effective Exposure Management” (blog)
• “Attack Surface Management FAQ” (FAQ)

5 - Local governments: Beware of Qilin ransomware

The Qilin gang has emerged as the top ransomware threat against U.S. state, local, tribal and territorial (SLTT) governments.

Qilin accounted for about 25% of ransomware attacks against these governments during 2025’s second quarter, up sharply from a 9% share in the first quarter, according to the Center for Internet Security (CIS).

The group operates on a double-extortion model, meaning it not only encrypts the victim's data and demands a ransom, but also steals sensitive information and threatens to make it public. Ransom demands from Qilin have been as high as $500,000.

“The ransomware group’s mature operation and high attack tempo present a near-term threat to U.S. SLTTs for significant disruptions due to network-wide encryption and associated recovery efforts,” reads the CIS blog “Qilin Top Ransomware Threat to SLTTs in Q2 2025.”

CIS attributes Qilin's rise partly to the recent inactivity of the previously dominant RansomHub group, with many of its affiliates believed to have moved over to Qilin's ransomware-as-a-service (RaaS) operation.

Qilin typically gains initial access through phishing campaigns, exploiting vulnerabilities in public-facing applications and using remote services. Following the initial breach, Qilin conducts further exploitation and data theft.

For more information about Qilin:

• “CISA reaffirms to safeguard US critical infrastructure against escalating threats from Qilin ransomware group” (Industrial Cyber)
• “Attackers exploit Fortinet flaws to deploy Qilin ransomware” (Security Affairs)
• “Hackers start leaking New Orleans sheriff ransomware data” (Axios)
• “Qilin ransomware steals credentials stored in Google Chrome” (Security Affairs)
• “Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures” (The Hacker News)

A critical security vulnerability has been discovered in HubSpot’s Jinjava template engine, potentially exposing thousands of websites and applications to remote code execution attacks. The flaw, tracked as CVE-2025-59340, carries the maximum CVSS score of 10.0, indicating the severity of the security risk. Sandbox Bypass Enables Dangerous Exploits The vulnerability stems from a sandbox bypass mechanism […]

The post HubSpot’s Jinjava Engine Flaw Exposes Thousands of Sites to RCE Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability described as critical has been identified in Microsoft Windows. Affected is an unknown function of the component SMB Witness Service. Executing manipulation can lead to improper privilege management. This vulnerability is registered as CVE-2023-21549. It is possible to launch the attack remotely. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability marked as critical has been reported in Microsoft Windows. This impacts an unknown function of the component Secure Socket Tunneling Protocol. Performing manipulation results in Remote Code Execution. This vulnerability is cataloged as CVE-2023-21548. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to install a patch to address this issue.

A vulnerability labeled as critical has been found in Microsoft Windows up to Server 2022. This affects an unknown function of the component Internet Key Exchange. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2023-21547. The attack may be performed from remote. There is no available exploit. Applying a patch is advised to resolve this issue.

Искусственный разум переплюнул 4 миллиарда лет эволюции.

Since January, Trend Micro has tracked a surge in phishing campaigns using AI-powered platforms (Lovable, Netlify, Vercel) to host fake captcha pages that lead to phishing websites. This ploy misleads users and evades security tools. Victims are first shown a captcha, lowering suspicion, while automated scanners only detect the challenge page, missing the hidden credential-harvesting […]

The post AI-Driven Phishing Attacks: Deceptive Tactics to Bypass Security Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ImmuniWeb has released a free online tool that checks whether websites are protected by post-quantum cryptography (PQC). The tool analyzes SSL/TLS configurations and verifies their compliance with the latest quantum-resilient encryption standards from NIST. It also checks for adherence to PCI DSS, HIPAA, and other NIST cryptographic requirements. Available via both web interface and API, the tool is aimed at organizations looking to assess their preparedness for quantum-era threats. The tool is designed to simplify … More →

The post ImmuniWeb offers free tool to test quantum resilience of TLS stacks appeared first on Help Net Security.

Researchers at Radware found a zero-click flaw in ChatGPT Deep Research agent when connected to Gmail and browsing

A vulnerability categorized as critical has been discovered in Microsoft Windows. The affected element is an unknown function of the component Layer 2 Tunneling Protocol. The manipulation results in Remote Code Execution. This vulnerability is identified as CVE-2023-21543. The attack can be executed remotely. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability identified as critical has been detected in Microsoft Windows. The impacted element is an unknown function of the component Layer 2 Tunneling Protocol. This manipulation causes race condition. This vulnerability is tracked as CVE-2023-21546. The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as critical. This issue affects some unknown processing of the component Task Scheduler. Executing manipulation can lead to privilege escalation. The identification of this vulnerability is CVE-2023-21541. The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.