Aggregator

​On Monday, the United Nations' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident." [...]

SecWiki周刊（第566期) by ourren

使用协议状态模糊测试分析DTLS实现 by ourren

更多最新文章，请访问SecWiki

The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.

分析认知框架：全源情报分析指南为情报分析师提供一个系统且灵活的指导框架，以应对全源情报分析中遇到的复杂、非结构化和高度迭代的工作。报告涵盖了从分析师个体认知到情报问题陈述开发、分析计划制定、信息计划制定、信息获取以及分析技术等多个方面内容。

miyako is Allegedly Selling Access to an Unidentified City Government in Germany

Philadelphia, Pennsylvania, 7th January 2025, CyberNewsWire

The post Security Risk Advisors joins the Microsoft Intelligent Security Association appeared first on Security Boulevard.

Threat actors breached Argentina’s airport security police (PSA) payroll, stealing data and deducting 2,000-5,000 pesos from salaries. Threat actors have breached Argentina’s airport security police (PSA) and compromised the personal and financial data of its officers and civilian personnel. Threat actors deducted from 2,000 to 5,000 pesos under false charges like “DD mayor” and “DD […]

Новые функции обещают много, но реальность остаётся сложной.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. [...]

FireScam is multi-stage malware disguised as a fake “Telegram Premium” app that steals data and maintains persistence on compromised devices and leverages phishing websites to distribute its payload and infiltrate Android devices.   It is Android malware disguised as a fake Telegram Premium app distributed via a phishing website mimicking RuStore, which steals user data like […]

The post New FireScam Android Malware Abusing Firebase Services To Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Какие технологии помогут человечеству достичь ближайшей звезды?

Over the past year, malicious actors have been abusing OAST services for data exfiltration, C2 channel establishment, and multi-stage attacks by leveraging compromised JavaScript, Python, and Ruby packages. OAST tools, initially designed for ethical researchers to perform network interactions, can also be exploited by threat actors for malicious purposes such as data exfiltration and pivot […]

The post Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit. [...]

We can't put defense on hold until Inauguration Day.

A phishing campaign spoofing the United States Social Security Administration emerged in September 2024, delivering emails with embedded links to a ConnectWise Remote Access Trojan (RAT) installer.  These emails, disguised as updated benefits statements, employed various techniques, including mismatched links and “View Statement” buttons, to deceive recipients.  It initially leveraged ConnectWise infrastructure for its command […]

The post Hackers Mimic Social Security Administration To Deliver ConnectWise RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.