Aggregator

Career Advice: Cybersecurity Means Business

5 months ago

Understanding the Impact of Security on the Business Makes You More Effective
With cybersecurity now embedded across all industries and functions, the importance of aligning security measures with business objectives has never been greater. Here’s why being business savvy is crucial in cybersecurity - and how you can cultivate it to become a more effective professional.

State Forces ENT Practice to Spend $2.25M on Better Security

BankInfoSecurity.com

5 months ago

NY AG Action and $1M Fine Follow Back-to-Back Hacks That Affected 224,500 in 2023
An upstate New York-based medical practice must spend $2.25 million to improve its data security practices over the next five years, plus pay state regulators up to a $1 million fine following an investigation into two ransomware attacks days apart in 2023 that affected nearly 224,500 people.

CISA Opens Election War Room to Combat Escalating Threats

BankInfoSecurity.com

5 months ago

United States’ Top Cyber Defense Agency Mobilizes Nationwide Election Support Hub
The director of the Cybersecurity and Infrastructure Security Agency said Wednesday the agency is establishing an election operations room to help counter foreign interference and support state officials amid escalating cyber and physical threats to the 2024 vote.

Filigran Expands AI-Driven Threat Intel With $35M Series B

BankInfoSecurity.com

5 months ago

Insight Partners-Led Round Boosts US Growth, Fuels Threat Intelligence for Filigran
Filigran’s $35 million Series B funding, led by Insight Partners, positions the company to scale its threat intelligence and proactive security capabilities while expanding its U.S. footprint. Plans include doubling the engineering team and strengthening breach and attack simulation capabilities.

国家网络安全通报中心：重点防范境外恶意网址和恶意IP

嘶吼

5 months ago

近期，中国国家网络与信息安全信息通报中心发现一批境外恶意网址和恶意IP，有多个具有某大国政府背景的境外黑客组织，利用这些网址和IP持续对中国和其他国家发起网络攻击。

这些恶意网址和IP都与特定木马程序或木马程序控制端密切关联，网络攻击类型包括建立僵尸网络、网络钓鱼、勒索病毒等，以达到窃取商业秘密和知识产权、侵犯公民个人信息等目的，对中国国内联网单位和互联网用户构成重大威胁，部分活动已涉嫌刑事犯罪。相关恶意网址和恶意IP归属地主要涉及：美国、波兰、荷兰、保加利亚、土耳其、日本等。主要情况如下：

一、恶意地址信息

（一）恶意地址：j.foxnointel.ru

关联IP地址：172.235.51.77

归属地：美国/加利福尼亚州/洛杉矶

威胁类型：僵尸网络

病毒家族：fodcha

描述：这是一种DDoS僵尸网络木马，通过N-Day漏洞和Telnet、SSH弱口令进行传播。攻击者可控制被感染的“肉鸡”（联网终端）对互联网上的其它系统或设备发起DDoS攻击，导致关键信息基础设施或重要网络应用瘫痪，干扰破坏国计民生和社会公共秩序。

（二）恶意地址：a.foxnointel.ru

关联IP地址：92.223.30.136

归属地：美国/加利福尼亚州/洛杉矶

威胁类型：僵尸网络

病毒家族：fodcha

（三）恶意地址：93.157.106.238

归属地：保加利亚/索非亚州/索非亚

威胁类型：僵尸网络

病毒家族：mirai

描述：这是一种Linux僵尸网络病毒，通过网络下载、漏洞利用、Telnet和SSH暴力破解等方式进行扩散，入侵成功后可对目标网络系统发起分布式拒绝服务（DDos）攻击。

（四）恶意地址：LOADINGBOATS.DYN

关联IP地址：89.36.160.67

归属地：波兰/马佐夫舍省/华沙

威胁类型：僵尸网络

病毒家族：catddos

描述：Catddos病毒家族主要通过IoT设备的N-Day漏洞进行传播，已公开样本包括CVE-2023-46604、CVE-2021-22205等，该恶意地址是相关病毒家族近期有效活跃的回连地址。

（五）恶意地址：95.214.27.194

归属地：荷兰/北荷兰省/阿姆斯特丹

威胁类型：僵尸网络

病毒家族：moobot

描述：这是一种Mirai僵尸网络的变种，常借助各种IoT设备漏洞例如CVE-2015-2051、CVE-2018-6530、CVE-2022-26258、CVE-2022-28958等进行入侵，攻击者在成功入侵设备后将下载MooBot的二进制文件并执行，进而组建僵尸网络并可能发起分布式拒绝服务（DDos）攻击。

（六）恶意地址：dovahnoh1.duckdns.org

关联IP地址：88.227.180.194

归属地：土耳其/阿达纳省/塞伊汉

威胁类型：网络后门

病毒家族：Asyncrat

描述：该恶意地址关联多个Asyncrat病毒家族样本，部分样本的MD5值为0afe92d70093444605979eafa2afca4d和24d5b4b63fe3f30c9a399f0c76196104。该网络后门采用C#语言编写，主要功能包括屏幕监控、键盘记录、密码获取、文件窃取、进程管理、开关摄像头、交互式SHELL，以及访问特定URL等。该木马通过移动介质、网络钓鱼等方式进行传播，现已发现多个关联变种，部分变种主要针对民生领域的联网系统。

（七）恶意地址：134.122.138.230:7021

归属地：日本/东京都/东京

威胁类型：网络后门

病毒家族：SilverFox

描述：该恶意地址关联SilverFox病毒家族样本，其MD5值为bfc4b93fade57ead4fa15d37aef94760，相关样本通过钓鱼邮件进行传播，经变种伪装成企业内部应用软件诱骗用户下载点击。

二、排查方法

（一）详细查看分析浏览器记录以及网络设备中近期流量和DNS请求记录，查看是否有以上恶意地址连接记录，如有条件可提取源IP、设备信息、连接时间等信息。

（二）在本单位应用系统中部署网络流量检测设备进行流量数据分析，追踪与上述网络和IP发起通信的设备网上活动痕迹。

（三）如果能够成功定位到遭受攻击的联网设备，可主动对这些设备进行勘验取证，进而组织技术分析。

三、处置建议

（一）对所有通过社交平台或电子邮件渠道接收的文件和链接保持高度警惕，重点关注其中来源未知或不可信的情况，不要轻易信任或打开相关文件。

（二）及时在威胁情报产品或网络出口防护设备中更新规则，坚决拦截以上恶意网址和恶意IP的访问。

（三）向有关部门及时报告，配合开展现场调查和技术溯源。

文章来源自：国家网络安全通报中心

企业资讯

The Top React Spreadsheet Tools

不安全

5 months ago

If you’re a front-end developer, React is a popular JavaScript framework you can use to create the U

IoT needs more respect for its consumers, creations, and itself

Help Net Security

5 months ago

Yet again, connected devices are in the news for all the wrong reasons. In October, security researchers found that robot vacuums from Chinese company, Ecovacs, can be compromised via a backdoor. In one case, hackers gained control over the device and shouted slurs at the homeowners. Worse still: the company doesn’t take responsibility and tells users they “do not need to worry excessively” about the vulnerability. This hack is another unfortunate example of connected device … More →

The post IoT needs more respect for its consumers, creations, and itself appeared first on Help Net Security.

Help Net Security

Code Smell 277 - UPPERCASE Acronyms

不安全

5 months ago

Avoid Jumbled Acronyms for ClarityTL;DR: Treat acronyms like normal words to improve human readabi

Dossieraggio, dipendenti infedeli e mercato nero dei dati. Coinvolte anche figure dell’ACN

不安全

5 months ago

Il recente scandalo di intercettazioni e dossieraggi a livello nazionale

How agentic AI handles the speed and volume of modern threats

Help Net Security

5 months ago

In this Help Net Security interview, Lior Div, CEO at Seven AI, discusses the concept of agentic AI and its application in cybersecurity. He explains how it differs from traditional automated security systems by offering greater autonomy and decision-making capabilities. Div emphasizes that agentic AI is particularly well-suited to combat modern AI-driven threats, such as AI-generated phishing or malware, by processing vast volumes of alerts in real time. How would you differentiate agentic security from … More →

The post How agentic AI handles the speed and volume of modern threats appeared first on Help Net Security.

Mirko Zorz

ZDI-CAN-25567: Tungsten Automation

ZDI: Upcoming Advisories

5 months ago

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-10-31, 41 days ago. The vendor is given until 2025-02-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25315: Hewlett Packard Enterprise

ZDI: Upcoming Advisories

5 months ago

A CVSS score 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-10-31, 91 days ago. The vendor is given until 2025-02-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25476: Ashlar-Vellum

ZDI: Upcoming Advisories

5 months ago

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2024-10-31, 91 days ago. The vendor is given until 2025-02-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25557: PDF-XChange

ZDI: Upcoming Advisories

5 months ago

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2024-10-31, 91 days ago. The vendor is given until 2025-02-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25516: Amazon

ZDI: Upcoming Advisories

5 months ago

A CVSS score 6.6 AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Yash Verma' was reported to the affected vendor on: 2024-10-31, 91 days ago. The vendor is given until 2025-02-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25564: Tungsten Automation

ZDI: Upcoming Advisories

5 months ago

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-10-31, 41 days ago. The vendor is given until 2025-02-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25566: Tungsten Automation

ZDI: Upcoming Advisories

5 months ago

ZDI-CAN-25524: Trend Micro

ZDI: Upcoming Advisories

5 months ago

A CVSS score 7.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N severity vulnerability discovered by 'Abdessamad Lahlali and Smile Thanapattheerakul of Trend Micro' was reported to the affected vendor on: 2024-10-31, 91 days ago. The vendor is given until 2025-02-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-25560: Tungsten Automation

ZDI: Upcoming Advisories

5 months ago

ZDI-CAN-25565: Tungsten Automation

ZDI: Upcoming Advisories

5 months ago

Aggregator

Managed ad