The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S.…
IT Security News Hourly Summary 2025-06-24 21h : 6 posts
6 posts were published in the last hour 18:34 : The U.S. House banned WhatsApp on government devices due to security concerns 18:34 : Here’s Why Using SMS Two-Factor Authentication Codes Is Risky 18:34 : Microsoft is named a Leader…
Quick Password Brute Forcing Evolution Statistics, (Tue, Jun 24th)
We have collected SSH and telnet honeypot data in various forms for about 10 years. Yesterday's diaries, and looking at some new usernames attempted earlier today, made me wonder if botnets just add new usernames or remove old ones from…
ControlID iDSecure On-Premises
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: ControlID Equipment: iDSecure On-premises Vulnerabilities: Improper Authentication, Server-Side Request Forgery (SSRF), SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to…
Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025
Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support SOC’s critical mission. The post Microsoft is named a Leader in…
The U.S. House banned WhatsApp on government devices due to security concerns
The U.S. House banned WhatsApp on official devices over security concerns, citing risks flagged by the Chief Administrative Officer. The U.S. House has banned WhatsApp on government devices due to data security concerns. Similar restrictions apply to AI tools like…
Here’s Why Using SMS Two-Factor Authentication Codes Is Risky
We’ve probably all received confirmation codes via text message when trying to enter into an account. These codes are intended to function as two-factor verification, confirming our identities and preventing cybercriminals from accessing our accounts solely through a password.…
Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025
Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support SOC’s critical mission. The post Microsoft is named a Leader in…
AT&T customer? You might get a cut of $177 million data breach settlement
Millions of customers had their data stolen. Now AT&T is offering compensation. This article has been indexed from Latest stories for ZDNET in Security Read the original article: AT&T customer? You might get a cut of $177 million data breach…
Multifactor authentication: 5 examples and strategic use cases
Before implementing MFA, conduct a careful study to determine which security factors offer the strongest protection. Passwords and PINs aren’t cutting it any longer. This article has been indexed from Search Security Resources and Information from TechTarget Read the original…
Gonjeshke Darande Threat Actors Pose as Hacktivist Infiltrated Iranian Crypto Exchange
In a significant escalation of cyber warfare in the Middle East, suspected Israeli state-sponsored threat actors operating under the name “Gonjeshke Darande” (Predatory Sparrow) successfully infiltrated Nobitex, Iran’s largest cryptocurrency exchange, on June 18, 2025. Rather than extracting funds for…
New FileFix Attack Abuses Windows File Explorer to Execute Malicious Commands
A novel social engineering technique called “FileFix” that exploits Windows File Explorer’s address bar functionality to execute malicious commands, presenting a dangerous alternative to the increasingly popular ClickFix attack method. The technique, discovered by security researcher mr.d0x, leverages browser file…
Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025
Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support SOC’s critical mission. The post Microsoft is named a Leader in…
OpenAI Removes Mention Of Jony Ive Partnership After Trademark Dispute
Trademark dispute sees OpenAI removing mention of AI deal with legendary Apple designer Sir Jony Ive and his io Products venture This article has been indexed from Silicon UK Read the original article: OpenAI Removes Mention Of Jony Ive Partnership…
Androxgh0st Botnet Expands Reach, Exploiting US University Servers
New CloudSEK findings show Androxgh0st botnet evolving. Academic institutions, including UC San Diego, hit. Discover how this sophisticated… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Androxgh0st Botnet…
Beware of fake SonicWall VPN app that steals users’ credentials
A good reminder not to download apps from non-vendor sites Unknown miscreants are distributing a fake SonicWall app to steal users’ VPN credentials.… This article has been indexed from The Register – Security Read the original article: Beware of fake…
Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025
Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support SOC’s critical mission. The post Microsoft is named a Leader in…
Waymo Partners Uber To Launch Atlanta Robotaxi Service
Ride-hailing service from Uber and Waymo launched in Atlanta, as Alphabet unit increases robotaxi expansion in US This article has been indexed from Silicon UK Read the original article: Waymo Partners Uber To Launch Atlanta Robotaxi Service
Bank of America, Netflix, and Microsoft Hacked to Inject Fake Phone Numbers
Jérôme Segura, cybercriminals are exploiting search parameter vulnerabilities to inject fake phone numbers into the legitimate websites of major brands like Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. This sophisticated attack, technically termed a “search parameter injection…
How to get Windows 10 extended security updates for free: 2 options
Don’t want to fork over $30 for a one-year subscription to Windows 10 Extended Security Updates? Microsoft is offering a couple of ways to avoid the fee. But there is a catch. This article has been indexed from Latest stories…
Anton’s Security Blog Quarterly Q2 2025
Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the…
WhatsApp BANNED by House Security Goons — But Why?
New phone—who dis? Office of the Chief Administrative Officer (CAO) offers hazy reasoning. The post WhatsApp BANNED by House Security Goons — But Why? appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original…
Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025
Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support SOC’s critical mission. The post Microsoft is named a Leader in…
Kali Linux 2025.1c Fixes Key Issue, Adds New Tools and Interface Updates
Kali Linux 2025.1c includes a new signing key to fix update errors, adds new tools, a redesigned menu with MITRE ATT&CK, and major system upgrades. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI &…
New DRAT V2 Update Enhances C2 Protocol with Shell Command Execution Capabilities
A new variant of the DRAT remote access trojan (RAT), dubbed DRAT V2, has been uncovered as part of a TAG-140 campaign targeting Indian government entities. This threat actor, believed to overlap with SideCopy and linked to Transparent Tribe (aka…
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems (ICS) advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-175-01 Kaleris Navis N4 Terminal Operating System ICSA-25-175-02 Delta Electronics CNCSoft ICSA-25-175-03 Schneider Electric…
Delta Electronics CNCSoft
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code within the context of the…