Aggregator

Почему миллионы Android-устройств остаются уязвимыми к этой атаке.

A vulnerability was found in techthemes AuraMart Plugin up to 2.0.7 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-26922. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Andy Moyle Church Admin Plugin up to 5.0.18 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-26941. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in designingmedia Hostiko Plugin up to 30.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-27014. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Evilginx: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

ESET researchers have published an in-depth analysis highlighting significant shifts within the ransomware landscape, spotlighting the rise of RansomHub. This relatively new ransomware-as-a-service operation has quickly come to dominate the scene. “The fight against ransomware reached two milestones in 2024: LockBit and BlackCat, formerly the top two gangs, dropped out of the picture. And for the first time since 2022, recorded ransomware payments dropped significantly by a stunning 35%. On the other hand, the recorded … More →

The post Enemies with benefits: RansomHub and rival gangs share EDRKillShifter tool appeared first on Help Net Security.

ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, they made an unexpected discovery in the victim’s system: malicious tools belonging to FamousSparrow, a China-aligned APT group. The group was considered inactive, as there had been no publicly documented activity by FamousSparrow since 2022. Overview of the compromise chain used in this FamousSparrow campaign. Source: … More →

The post China-linked FamousSparrow APT group resurfaces with enhanced capabilities appeared first on Help Net Security.

Authors/Presenters: Sick.Codes, Casey John Ellis

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – IATC – Hungry, Hungry Hackers appeared first on Security Boulevard.

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

根据德勤的数字媒体趋势年度调查报告，消费者越来越多地选择将时间花在创作者驱动的娱乐和社交平台，而不是优质内容上。调查发现，56% 的 Z 世代和 43% 的千禧一代认为社交媒体内容“比传统电视节目和电影更有意义”，约半数人感觉相比电视名人或演员他们与社交媒体创作者建立了更紧密的个人联系。德勤会计师事务所副主席 China Widener 表示，想想传统媒体和社交媒体之间为争夺注意力和时间而展开的战争，Z 世代在社交平台上花费的时间增加了 54%，相当于平均每天约 50 分钟，而在传统电视和媒体上花费的时间减少了约 43 分钟。消费者同时使用这种两种服务，但在社交媒体平台上花费了更多的时间。调查发现，年轻消费者更信任创作者，与他们有更个人化的联系，这反过来又促进了广告参与度。调查还发现，消费者对付费流媒体服务所提供的价值越来越不满意，41% 的人表示内容达不到其价值。

Highlights:

• Understanding Canadian API Standards: Key principles for secure government API development.
• Critical Importance of API Security: Why robust protection is vital for citizen data.
• Compliance and Trust: How adherence to standards builds public confidence.
• Key Security Considerations: Essential practices for Canadian organizations.
• Salt Security's Alignment: How the Salt API Security Platform supports Canadian government API security regulations.

Introduction:

Canada's digital infrastructure relies heavily on APIs, facilitating a range of services from citizen interactions to vital government data exchanges. This interconnectedness, though revolutionary, brings forth intricate security challenges. Comprehending and complying with the Government of Canada's API standards is now imperative rather than optional. We will delve into these standards, the increasing threat landscape, and examine how solutions like Salt Security can protect your APIs.

Understanding the API Standards Set by the Government of Canada:

The Digital Standards from the Government of Canada provide a well-defined framework for public sector API development. These standards highlight crucial elements that ensure APIs are effective, secure, and sustainable:

• RESTful architecture for uniformity.
• Clear message schemas for seamless interaction.
• A "Security First" approach.

These guidelines are essential for efficient government service delivery, concentrating on lifecycle management and optimizing performance.

The Importance of API Security in Canada:

Canadian government APIs are often responsible for handling sensitive citizen data, making them attractive targets for cyber threats. Non-compliance with government standards and security best practices can lead to severe consequences, including:

• Data breaches and violations of privacy.
• Disruptions in essential government operations.
• Loss of public confidence.

Thus, protecting these key interfaces is crucial for safeguarding citizen information and ensuring operational reliability.

Essential API Security Considerations for Canadian Organizations:

Organizations in Canada should embrace a layered security approach. This strategy includes strong authentication and authorization, data encryption, and thorough input validation to ward off attacks. Ongoing monitoring and logging of API traffic are essential for detecting anomalies and responding to issues. Additionally, regular vulnerability assessments and timely patches are critical. Incorporating security at every stage of the API lifecycle, as advocated by the "Security First" principle, is vital.

How Salt Security Safeguards Canadian APIs:

Salt Security provides a tailored solution that aligns with the Canadian government's Digital Standards. By offering comprehensive visibility and proactive security measures, Salt Security aids organizations in maintaining compliance and safeguarding sensitive data. The key features, along with their direct correlations to Canadian regulations, include:

Automated API Discovery:

• Alignment: Fundamental for "Security First" principles and lifecycle management.
• Outcome: Guarantees a complete inventory of APIs as required.

Posture Governance:

• Alignment: Ensures secure configurations crucial for lifecycle and performance management.
• Outcome: Preserves secure APIs throughout their lifecycle in accordance with standards.

AI-Driven Threat Detection:

• Alignment: Reinforces "Security First" with behavior-based, real-time prevention.
• Outcome: Actively identifies anomalies, in line with security-first strategies.

Sensitive Data Visibility:

• Alignment: Safeguards citizen data in transit, a primary concern for the government.
• Outcome: Oversees data flow through APIs to protect sensitive information.

Business Logic Flaw Detection:

• Alignment: Blocks attacks that target API functionality.
• Outcome: Reducing risks to service reliability and data protection.

Automated Executive Level Reporting:

• Alignment: Facilitates audits and ensures continued compliance.
• Outcome: Enhances compliance reporting to satisfy government requirements.

Conclusion:

Securing APIs is an essential responsibility for Canadian organizations, especially in government. By understanding and complying with the Digital Standards of the Government of Canada and employing cutting-edge API security solutions like Salt Security, organizations can safeguard sensitive data, maintain public trust, and support critical digital services.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture governance, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Securing Canada’s Digital Backbone: Navigating API Compliance appeared first on Security Boulevard.

D&S Electrical Contractors Inc Falls Victim to RansomHub Ransomware

The NPM package repository remains active, and despite a decline in malware numbers between 2023 and 2024, this year’s numbers don’t seem to continue that downward trend. Recently, security researchers discovered two intriguing packages ethers-provider2 and ethers-providerz, which employed sophisticated techniques to conceal their malicious intentions. These packages act as downloaders, injecting malicious code into […]

The post New NPM Attack Infecting Local Packages With Cleverly Hidden Malicious Payload appeared first on Cyber Security News.

This post first appeared on blog.netwrix.com and was written by Joe Dibley.
Introduction to NTLM and Kerberos Connecting all your company resources in a network for sharing is valuable, but you need a way to verify that only authorized users and devices can access these resources. Authentication serves this purpose by providing methods for users and devices to prove their identity. In Windows environments, two main authentication … Continued

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

Oscilar launched AI Agent platform, reshaping how organizations manage online risk. Built around a network of specialized AI agents, Oscilar’s platform addresses key challenges in fraud prevention, compliance, credit underwriting, and customer verification. Unlike traditional static AI models that require continuous human oversight and intervention, Oscilar’s AI Agents operate autonomously, proactively identifying risks, executing complex risk analyses, and dynamically adapting to evolving threat landscapes. “Traditional approaches to risk management are simply unable to keep pace … More →

The post Oscilar AI Agent improves risk analysis and fraud prevention appeared first on Help Net Security.

Resecurity found an LFI flaw in the leak site of BlackLock ransomware, exposing clearnet IPs and server details. Resecurity has identified a Local File Include (LFI) vulnerability in Data Leak Site (DLS) of BlackLock Ransomware.  Cybersecurity experts were able to exploit misconfiguration in vulnerable web-app used by ransomware operators to publish victims’ data – leading […]

产品研发团队负责建设，安全研究团队负责赋能。