The open-source penetration testing toolkit Metasploit has unveiled a major update, introducing four new modules, including a highly anticipated exploit targeting Erlang/OTP SSH servers and a scanner for OPNSense firewalls. The release also enhances diagnostic tools and addresses critical bugs,…
Category: EN
Britain’s cyber agents and industry clash over how to tackle shoddy software
Providers argue that if end users prioritized security, they’d get it CYBERUK Intervention is required to ensure the security market holds vendors to account for shipping insecure wares – imposing costs on those whose failures lead to cyberattacks and having…
German Authorities Take Down Crypto Swapping Service eXch
German authorities seized the servers of crypto-swapping service eXch for laundering approximately $1.9 billion in fraudulent assets. The post German Authorities Take Down Crypto Swapping Service eXch appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Ensuring High Availability and Resilience in the ‘Everything App’ Era
This critical shift of social media apps becoming “mission-critical” everything apps requires a different approach when it comes to resiliency. The post Ensuring High Availability and Resilience in the ‘Everything App’ Era appeared first on Security Boulevard. This article…
Resecurity One simplifies cybersecurity operations
Resecurity launched Resecurity One, the next-generation cybersecurity platform designed to improve how organizations approach cybersecurity. Resecurity One combines Digital Risk Management, Cyber Threat Intelligence, Endpoint Protection, Identity Protection, Supply Chain Risk Monitoring, and xDR capabilities into a unified solution, providing…
Japanese Account Hijackers Make $2bn+ of Illegal Trades
Hackers have compromised Japanese trading accounts in an apparent attempt to manipulate the stock market This article has been indexed from www.infosecurity-magazine.com Read the original article: Japanese Account Hijackers Make $2bn+ of Illegal Trades
Google Researchers Use Mach IPC to Uncover Sandbox Escape Vulnerabilities
Google Project Zero researchers have uncovered new sandbox escape vulnerabilities in macOS using an innovative approach that leverages Mach Interprocess Communication (IPC) mechanisms-core components of Apple’s operating system. Their public research details how low-level message passing between privileged and sandboxed…
A Subtle Form of Siege: DDoS Smokescreens as a Cover for Quiet Data Breaches
DDoS attacks have long been dismissed as blunt instruments, favored by script kiddies and hacktivists for their ability to overwhelm and disrupt. But in today’s fragmented, hybrid-cloud environments, they’ve evolved into something far more cunning: a smokescreen. What looks like…
Assessment Frameworks for NIS Directive Compliance
According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across the EU and enhance the overall level of security of operators providing essential services…
PoC Exploit Released For Linux Kernel’s nftables Subsystem Vulnerability
A critical Proof-of-Concept (PoC) exploit has been released for a significant vulnerability in the Linux kernel’s nftables subsystem, tracked as CVE-2024-26809. This flaw, rooted in the kernel’s netfilter infrastructure, exposes affected systems to local privilege escalation through a sophisticated double-free…
New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis
Cybersecurity experts have identified a sophisticated phishing technique that exploits blob URIs (Uniform Resource Identifiers) to evade detection by Secure Email Gateways (SEGs) and security analysis tools. This emerging attack method leverages the unique properties of blob URIs, which are…
US Announces Botnet Takedown, Charges Against Russian Administrators
Anyproxy and 5socks, websites offering proxy services through devices ensnared by a botnet, have been disrupted in a law enforcement operation. The post US Announces Botnet Takedown, Charges Against Russian Administrators appeared first on SecurityWeek. This article has been indexed…
Hackers Exploit Legacy Protocols in Microsoft Entra ID to Bypass MFA and Conditional Access
A sophisticated and highly coordinated cyberattack campaign came to light, as tracked by Guardz Research. This operation zeroed in on legacy authentication protocols within Microsoft Entra ID, exploiting outdated methods to sidestep modern security measures like Multi-Factor Authentication (MFA) and…
Cybercriminals Hide Undetectable Ransomware Inside JPG Images
A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image files to deliver fully undetectable (FUD) ransomware, according to a recent disclosure by cybersecurity researchers. This technique, which bypasses traditional antivirus systems, highlights an alarming evolution in…
Unending ransomware attacks are a symptom, not the sickness
We need to make taking IT systems ‘off the books’ a problem for corporate types Opinion It’s been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due…
Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. “Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms…
German Police Shutter “eXch” Money Laundering Service
Germany’s BKA has seized the infrastructure behind the crypto swapping service eXch This article has been indexed from www.infosecurity-magazine.com Read the original article: German Police Shutter “eXch” Money Laundering Service
Mitel SIP Phone Flaws Allow Attackers to Inject Malicious Commands
A pair of vulnerabilities in Mitel’s 6800 Series, 6900 Series, and 6900w Series SIP Phones-including the 6970 Conference Unit-could enable attackers to execute arbitrary commands or upload malicious files to compromised devices, posing significant risks to enterprise communication systems. The…
Defendnot: A Tool That Disables Windows Defender by Registering as Antivirus
Cybersecurity developers have released a new tool called “defendnot,” a successor to the previously DMCA-takedown-affected “no-defender” project. This innovative utility leverages undocumented Windows Security Center APIs to disable Windows Defender by registering itself as a third-party antivirus solution. The developer…
Hackers Abuse Copilot AI in SharePoint to Steal Passwords and Sensitive Data
Microsoft’s Copilot for SharePoint, designed to streamline enterprise collaboration through generative AI, has become an unexpected weapon for cybercriminals targeting organizational secrets. Recent findings from cybersecurity researchers reveal that attackers are exploiting AI agents embedded in SharePoint sites to bypass…