Aggregator

In follow-up activity for Operation Endgame, law enforcement tracked down Smokeloader botnet's customers and detained at least five individuals. [...]

黑客兜售440万WooCommerce用户数据，含英伟达等知名机构信息

Forescout announced new Forescout eyeScope cloud visibility and monitoring solution, expanding the Forescout 4D Platform to the cloud. Forescout also announced a new, small footprint, edge data collector for enterprises that require Forescout’s asset intelligence capabilities managed from the cloud for streamlined deployment and faster time to value. Forescout’s asset intelligence and control for managed, unmanaged, and agentless devices has never been more essential. As the latest “Riskiest Connected Devices in 2025” report from Forescout … More →

The post Forescout eyeScope provides organizations with insight into their security posture appeared first on Help Net Security.

#TEMPEST #法拉第笼 #白噪音 #负载均衡器 #AMP #MPP #DCS #SCADA #DCE #HPC #RTOS #SDX #Xaas #MSP #MSSP #iPaaS #Faas

开源安全基金会（OpenSSF）的 C 和 C++ 安全编译指南！

开源安全基金会（OpenSSF）的 C 和 C++ 安全编译指南！

Хотел выступить красиво, но получил публичную отповедь.

Cybercriminals have devised a sophisticated scheme exploiting SourceForge, a popular software hosting platform, to distribute malicious software disguised as legitimate office applications. The attack leverages the platform’s feature that automatically assigns sourceforge.io domains to projects, creating convincing facades for malware distribution campaigns that primarily target Russian-speaking users. The attackers created a project called “officepackage” on […]

The post Attackers Exploits SourceForge Software Hosting Platform to Deliver Malware appeared first on Cyber Security News.

Gcore, the global edge AI, cloud, network, and security solutions provider, has launched Super Transit, a cutting-edge DDoS protection and acceleration feature, designed to safeguard enterprise infrastructure while delivering lightning-fast connectivity.  This comes as organizations face a 56% year-on-year increase in high-volume, complex DDoS attacks that disrupt operations, increase latency, and compromise network security. Traditional solutions often […]

The post Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain Services (AD DS), which could allow attackers to escalate privileges and compromise entire network domains. Rated 7.5 (Important) on the CVSS v3.1 scale, this flaw impacts organizations using Windows Server 2016 through 2025 editions. CVE-2025-29810 Overview Key Detail Description CVE ID CVE-2025-29810 Published […]

The post Windows Active Directory Vulnerability Enables Unauthorized Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Adobe has announced critical security updates for several of its popular software products, addressing vulnerabilities that could potentially be exploited by attackers. The Product Security Incident Response Team (PSIRT) has urged all users to apply these updates immediately to protect their systems and data. These updates are part of Adobe’s ongoing commitment to ensuring the […]

The post Adobe Security Update: Patches Released for Multiple Product Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Enzoic for AD Lite Password Auditor is an innovative tool designed to integrate with an organization’s Active Directory environment seamlessly. Enzoic analyzed the 2024 AD Lite Password Auditor data to produce this report. New mandates and heightened awareness in 2024 have pushed organizations to scan an unprecedented number of AD accounts using the Enzoic AD Lite Password Auditor. Between 2020 and 2024, Enzoic AD Lite Password Auditor user scans increased 315%, highlighting the rapid increase … More →

The post Enzoic AD Lite Password Audit Report appeared first on Help Net Security.

Geopolitical conflict continues to drive up the number of distributed denial-of-service (DDoS) attacks, with spikes of up to 1,900 percent in certain areas correlating with political events. Artificial intelligence/machine learning (Al/ML), automation, and the abuse of enterprise-grade infrastructure are making attacks...

Mismanaging configurations in your multi-cloud environment can put you at an elevated risk for cyber attacks. In the first installment of our “Stronger Cloud Security in Five” blog series, we outline five best practices for boosting your cloud configuration management.

A misconfigured web application firewall. A publicly accessible and unprotected cloud database. An overprivileged user identity. Lax access control to containers. Unchanged default credentials.

Those are just some of the many configuration oversights and mistakes that attackers can leverage to breach your cloud environment, hijack user accounts, steal data and more. In addition, having misconfigured cloud resources puts your organization on the wrong side of regulatory compliance, and thus open to costly penalties, fines and litigation. 

In a vacuum, it would seem simple to button up most cloud misconfigurations. Surely, we can all agree that leaving an Amazon Web Services (AWS) Simple Storage Service (S3) storage bucket open to anyone on the internet is a no-no. Yet, the “Tenable Cloud Risk Report 2024,” based on an analysis of millions of cloud resources scanned through the Tenable Cloud Security platform, found that 74% of organizations have publicly exposed cloud storage.

The reality is that cloud misconfigurations are prevalent. In fact, misconfigurations and inadequate change controls ranked first on the Cloud Security Alliance’s “Top Threats to Cloud Computing 2024" report. “Given a cloud’s persistent network access and infinite capacity, misconfigurations can have wide-reaching impacts across an organization,” the CSA tells us in that report. 

Why do even large multinationals – with massive resources and stellar IT, cybersecurity and compliance staff – routinely fail to properly configure their cloud environments?

In a nutshell: With cloud environments having myriad moving parts and being so dynamic, managing configurations is complicated if you lack the proper processes and tools. 

Here are five best practices you can apply immediately to harden your cloud configurations.

1 - Centralize and automate the configuration management of your multi-cloud environment

If your organization is like most others, it uses multiple cloud security providers (CSPs) — each with its own configuration settings and with its own shared responsibility model for divvying up security tasks with customers.

That’s why you need a vendor-agnostic, centralized cloud-native application protection platform (CNAPP) with a strong cloud security posture management (CSPM) component.

With CSPM tools, you’ll be able to centrally harden configurations across your multi-cloud environment by consistently and continuously adopting, monitoring and enforcing security policies in areas such as access control and data encryption.

Without an automated, centralized system, you won’t have holistic and comprehensive visibility of your configurations across all your clouds and your organization will be at heightened risk of cyber attacks.

CSPM allows you to continuously scan all your cloud assets and resources and get an unobstructed view of all your detected misconfigurations. Then you can prioritize and document their remediation in compliance reports for your leaders, auditors and regulators.

2 - Implement least-privilege access across your multi-cloud environment

User and machine identities with excessive privileges pose a major risk in cloud environments because during a breach attackers can leverage those permissions to move deeper into your network. “Initial malicious access attempts on cloud resources frequently target user credentials,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) points out in its publication “Use Secure Cloud Identity and Access Management Practices.”

Thus, your CNAPP should have a comprehensive cloud infrastructure entitlement management (CIEM) component with granular identity and access management (IAM) capabilities. That’ll allow you to audit your multi-cloud identities and ensure they have the minimum access rights and capabilities they need. This is the concept of least privilege.

At a high level, you need to continuously discover all of your cloud infrastructure’s human and machine identities; understand their scope of cloud-resource access and permissions; assess identities’ level of risk; and make necessary least-privilege adjustments.

3 - Automatically check configurations against compliance frameworks 

Offering policy-as-code (PaC), your CNAPP should automate the process of codifying policies; regularly checking how compliant your multi-cloud environment is with industry, regulatory and internal compliance frameworks; and of generating in-depth audit reports. It should provide actionable findings and automate the process of fixing insecure and faulty configurations.

This will yield multiple benefits for your organization, including:

• Quieting alert noise 
• Proactively managing compliance
• Prioritizing remediation based on risk
• Boosting security operations

4 - Secure your Kubernetes clusters

Trying to manually assess the security of your Kubernetes clusters and fix configuration issues is a losing proposition, especially because many Kubernetes resources are ephemeral and come with default configurations. As Tenable Senior Principal Product Marketing Manager Lior Zatlavi explains in a blog: "The complexity of Kubernetes, combined with its dynamic and distributed nature, makes it a daunting task to ensure that clusters are secure from threats.” 

That’s why your CNAPP should have a Kubernetes security posture management (KSPM) tool that gives you:

• Complete, deep and contextual visibility into your Kubernetes resources, including nodes, namespaces, deployments, servers and service accounts 
• An admission controller that facilitates deployment and management by enforcing policy-as-code
• Detection of misconfigurations by scanning Helm charts
• UI-driven container workload protection

5 - Ingest and enrich log data from your CSPs

Organizations often overlook the importance of monitoring and analyzing the event and activity logs from their cloud environments that their CSPs collect. In fact, logs are critical for configuration management. 

To gain granular insights into the causes and impacts of cloud misconfigurations and to respond appropriately, you need a CNAPP that enriches the logging data from your CSPs with security data and continuously analyzes risk. 

This enriched log data will give you context and actionable information to maintain consistent and secure configurations that reduce your risk and keep you compliant.

Learn how you can take action to boost your cloud security in just five minutes.

While ransomware attack claims are at an all-time high, financial losses from actual attacks may be reducing

WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that makes all WhatsApp for Windows versions prior to v2.2450.6 display sent attachments according to their MIME (media) type – i.e., the metadata that says what kind of file it is: audio, image, message, text, application, etc. – but … More →

The post WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) appeared first on Help Net Security.