The US Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence Information Technology Company and its employee Guan Tianfeng for their involvement in the April 2020 global firewall compromise, which targeted numerous US critical infrastructure companies. The…
Tag: EN
Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication
Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive potential, as the latest version, 2.9.4.0, introduces a custom DNS tunnel for covert C2 communications, bypassing traditional network security measures. An interactive shell empowers attackers…
Story of the Year: global IT outages and supply chain attacks
While the CrowdStrike incident is still fresh in our minds, Kaspersky experts look back on similar IT outages that happened in 2024 and predict potential threats for 2025. This article has been indexed from Securelist Read the original article: Story…
Cortex XDR Delivers Unmatched 100% Detection in MITRE ATT&CK Round 6
Cortex XDR achieves 100% technique-level detection in the 2024 MITRE ATT&CK evaluation. The post Cortex XDR Delivers Unmatched 100% Detection in MITRE ATT&CK Round 6 appeared first on Palo Alto Networks Blog. This article has been indexed from Palo Alto…
BadRAM Attack Uses $10 Equipment to Break AMD Processor Protections
Academic researchers devise BadRAM, a new attack that uses $10 equipment to break AMD’s latest trusted execution environment protections. The post BadRAM Attack Uses $10 Equipment to Break AMD Processor Protections appeared first on SecurityWeek. This article has been indexed…
Brain Cipher Ransomware Group Claims Deloitte UK Data Breach
Brain Cipher, a ransomware group that emerged in June 2024, has claimed responsibility for breaching Deloitte UK, alleging the exfiltration of over 1 terabyte of sensitive data from the global professional services firm. This claim has raised significant concerns…
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools
A newly devised technique leverages a Windows accessibility framework called UI Automation (UIA) to perform a wide range of malicious activities without tipping off endpoint detection and response (EDR) solutions. “To exploit this technique, a user must be convinced to…
Cyber Incident Disrupting Krispy Kreme Online Orders
Krispy Kreme said the incident is likely to materially affect operations and short-term financial performance This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber Incident Disrupting Krispy Kreme Online Orders
MITRE ATT&CK® Evaluations Highlights Check Point Detection
In the 2024 MITRE ATT&CK® Evaluations, Check Point demonstrated what world-class detection looks like. The results speak for themselves: detection of all 57 applicable tested attack steps, with an impressive 56 detections at technique level. This isn’t just about catching…
Google unveils AI coding assistant ‘Jules,’ promising autonomous bug fixes and faster development cycles
Google launches Jules, an AI coding assistant powered by Gemini 2.0, automating bug fixes and code changes while integrating with GitHub – promising to revolutionize software development by 2025. This article has been indexed from Security News | VentureBeat Read…
Google’s new Trillium AI chip delivers 4X speed and powers Gemini 2.0
Google unveils Trillium, its breakthrough AI chip powering Gemini 2.0, delivering 4x performance boost and reshaping AI economics with unprecedented 100,000-chip network deployment. This article has been indexed from Security News | VentureBeat Read the original article: Google’s new Trillium…
Google Gemini 2.0: Could this be the beginning of truly autonomous AI?
Google launches Gemini 2.0 with autonomous AI agents, native image generation, and multilingual capabilities, doubling performance while introducing Projects Astra, Mariner, and Jules for enhanced task automation and digital assistance. This article has been indexed from Security News | VentureBeat…
Ivanti fixed a maximum severity vulnerability in its CSA solution
Ivanti addressed a critical authentication bypass vulnerability impacting its Cloud Services Appliance (CSA) solution. Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-11639 (CVSS score of 10), in its Cloud Services Appliance (CSA) solution. A remote unauthenticated attacker can…
Google Pays $55,000 for High-Severity Chrome Browser Bug
Google pushes out major Chrome browser updates to fix multiple serious security defects. The post Google Pays $55,000 for High-Severity Chrome Browser Bug appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Google Pays…
BT Group Confirms Cyberattack by Black Basta Ransomware Group
British telecommunications giant BT Group has confirmed it was targeted by the notorious ransomware group Black Basta in a cyberattack on its Conferencing division. The breach forced BT to isolate and shut down parts of its infrastructure to limit the…
CrowdStrike vs Wiz: Which Offers Better Cloud Security and Value?
Compare CrowdStrike and Wiz on cloud security, features, pricing, and performance to find the best cybersecurity solution for your business needs. This article has been indexed from Security | TechRepublic Read the original article: CrowdStrike vs Wiz: Which Offers Better…
Researchers uncover Chinese spyware used to target Android devices
The spyware, called EagleMsgSpy, has been used by Chinese law enforcement, according to cybersecurity firm Lookout. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original article:…
Oasis Security Details MFA Security Flaw Found in Microsoft Cloud Services
Oasis Security today revealed that it worked with Microsoft to fix a flaw in its implementation of multi-factor authentication (MFA) that could have been used by cybercriminals to gain access to every major Microsoft cloud service The post Oasis Security…
ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms
Cybersecurity researchers have discovered a new version of the ZLoader malware that employs a Domain Name System (DNS) tunnel for command-and-control (C2) communications, indicating that the threat actors are continuing to refine the tool after resurfacing a year ago. “Zloader…
Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts
Cybersecurity researchers have flagged a “critical” security vulnerability in Microsoft’s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim’s account. “The bypass was simple: it took around an hour…