Aggregator

投稿截止日为8月5日

黑暗天使一跃成为今年最值得关注的勒索软件团伙

One critical method employed by security professionals to test systems’ strength and resilience is penetration testing. Gray-box testing is a balanced and practical approach that combines black-box and white-box testing elements. This blog explains the nuances of gray-box testing in cybersecurity and explores its characteristics, advantages, and techniques. What Is Gray Box Testing In Cybersecurity? […]

The post Gray Box Testing in Cybersecurity: Finding the Right Balance for Security first appeared on StrongBox IT.

The post Gray Box Testing in Cybersecurity: Finding the Right Balance for Security appeared first on Security Boulevard.

A vulnerability was found in Dell Inventory Collector. It has been classified as critical. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-37129. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell Peripheral Manager up to 1.7.5 and classified as critical. This issue affects some unknown processing of the component Symbolic Links Handler. The manipulation leads to uncontrolled search path. The identification of this vulnerability is CVE-2024-37127. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Dell Peripheral Manager up to 1.7.5 and classified as critical. This vulnerability affects unknown code of the component Symbolic Links Handler. The manipulation leads to uncontrolled search path. This vulnerability was named CVE-2024-32857. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A significant remote code execution (RCE) vulnerability was identified in the Ghostscript library, a widely used tool on Linux systems. This vulnerability, tracked as CVE-2024-29510, is currently being exploited in attacks, posing a severe risk to numerous applications and services. Ghostscript is a powerful and versatile tool used for processing PostScript and PDF files. It […]

The post Ghostscript Vulnerability Actively Exploited in Attacks appeared first on TuxCare.

The post Ghostscript Vulnerability Actively Exploited in Attacks appeared first on Security Boulevard.

Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla, Formbook, and Remcos RAT. ESET researchers detected nine notable phishing campaigns during May 2024 in Poland, Romania, and Italy. […]

Zscaler warns of copycat attacks after revealing one ransomware victim paid $75m

根据 Zscaler ThreatLabz 的一份报告，一家财富 50 强企业今年初向勒索软件组织 Dark Angels 支付了创纪录的 7500 万美元赎金。此前已知金额最高的赎金是保险公司 CNA 向 Evil Corp 组织支付的 4000 万美元赎金。报告没有披露是哪家公司，但根据财富 50 强和攻击时间可以推断是制药巨头 Cencora。Cencora 在今年 2 月遭到了网络攻击，但没有一个组织宣布对此负责，这可能意味着该公司已经支付了赎金，Cencora 在财富 50 强企业中排名第 10。Dark Angels 专门瞄准少数高价值的目标以获取高额赎金，而不是同时针对多家公司获取多笔金额较小的赎金。它通常一次只攻击一个大公司，运作模式与大多数勒索软件组织不相同。

Бета-релиз ожидается совсем скоро. Как можно проследить за обновлениями?

A vulnerability, which was classified as problematic, was found in libcURL. This affects the function GTime2str of the component ASN1 Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2024-7264. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Dell Peripheral Manager up to 1.7.5. Affected by this issue is some unknown functionality of the component Symbolic Links Handler. The manipulation leads to uncontrolled search path. This vulnerability is handled as CVE-2024-37142. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

近日，eSentire威胁响应小组（TRU）发现网络犯罪分子正利用生成式人工智能（GenAI）平台的普及，通过在暗网市场销售被盗账户凭证来牟利。 据eSentire介绍，每天大约有400个GenAI账户凭证在暗网平台上交易，包括GPT、Quillbot、Notion、HuggingFace和Replit等平台的凭证。这些凭证通常从感染了信息窃取恶意软件的企业用户计算机中获取，该软件会收集用户在互联网浏览器中输入的所有数据。 一个名为LLM Paradise的地下市场专门销售被盗的GPT-4和Claude API密钥。该市场已于最近关闭，但它的存在突显了问题的严重性，被盗密钥的广告价格低至15美元。 LLM Paradise的关闭并没有遏制这一趋势，网络犯罪分子仍在利用盗取的GenAI凭证来开展网络钓鱼活动、开发恶意软件和生成恶意聊天机器人。 eSentire警告，这一现象对企业数据的潜在影响极为严重。被盗的GenAI凭证可能使攻击者获得公司敏感信息的访问权，包括客户数据、财务记录、知识产权和员工的个人可识别信息（PII）。 此外，针对GenAI平台提供商的攻击者能够从企业用户那里获取大量数据，这加剧了整体的威胁态势。 eSentire在其的报告中还指出了与GenAI相关的几个关键威胁，包括LLM劫持、滥用被盗凭证进行网络犯罪以及通过即时注入攻击绕过平台防护措施。 报告还提到了激进的数据收集行为和供应链风险，比如OpenAI在2023年遭遇的数据泄露事件，凸显了这些平台的脆弱性。OpenAI的凭证成为最常被盗和出售的，平均每天有200个账户在暗网上挂牌。 为了降低这些风险，公司必须实施强有力的安全措施，如使用监控、先进的多因素认证（MFA）方法和暗网监控服务。   转自Freebuf，原文链接：https://www.freebuf.com/articles/407427.html 封面来源于网络，如有侵权请联系删除

On July 30, 2024, Microsoft experienced a significant global outage affecting its Azure cloud services and Microsoft 365 products. The incident, which lasted nearly 10 hours, was triggered by a Distributed Denial-of-Service (DDoS) attack and impacted users worldwide. The outage began at approximately 11:45 UTC and was resolved by 19:43 UTC. During this period, users […]

The post DDoS Attack Leads to Microsoft Azure Global Outage appeared first on Cyber Security News.

ESET раскрывает детали новой волны кибератак сразу на 3 страны.

A vulnerability classified as critical was found in Dell BSAFE Micro Edition Suite and BSAFE Crypto-C Micro Edition. Affected by this vulnerability is an unknown functionality. The manipulation leads to integer overflow. This vulnerability is known as CVE-2023-28074. An attack has to be approached locally. There is no exploit available.

A vulnerability classified as critical has been found in Bitdefender GravityZone Update Server up to 6.38.1-4. Affected is an unknown function of the component Proxy Service. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-6980. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.