Aggregator

Почему всё тормозит, если по всем цифрам идеальное подключение?

Специалисты бьют тревогу, а корпорации делают вид, что всё под контролем.

Threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders, according to Fortinet.

The post AI and automation shift the cybersecurity balance toward attackers appeared first on Help Net Security.

Ellis of YL Ventures on How Modern CISOs Must Lead, Not Master Every Discipline
There were never many 'do everything' CISOs. Today there are even fewer. But with a specialist area, strong overview and ability to channel expertise, CISOs can align with business goals, embrace the business enabler role, demonstrate quick wins, and ensure their organization makes better risk decisions.

4 Breaches Appear to Potentially Affect Hundreds of Thousands Across Several States
Catholic hospital chain Ascension Health is notifying hundreds of thousands of individuals across several states of at least four hacking incidents in recent months involving third-parties. Ascension reported one of the breaches this week, another in mid-April and the others in March and February.

CISA Staff Told to Prepare for Cuts and Crowded Work Locations Amid Growing Turmoil
Top officials at the nation's cyber defense agency want to give President Donald Trump's pick to lead the agency time to assess major restructuring plans - a move that is reportedly delaying the timeline for reductions in force while causing growing concerns for job stability among staffers.

Retailer Continues to Recover From Ransomware Incident
British retailer Marks & Spencer was reportedly targeted by financial crime group Scattered Spider, who deployed ransomware on the company's VMware ESXi server. The retailer continues to recover from a cyber incident that disrupted operations in its online and offline stores.

Почему вредонос на JavaScript и C# остаётся невидимкой для антивирусов?

Архив весом 1 МБ превращается в гигабайтную ловушку для сканеров.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered and actively exploited vulnerability in the widely used Apache HTTP Server. The flaw, catalogued as CVE-2024-38475, affects the server’s mod_rewrite module and poses significant risks to organizations worldwide. Details of the Vulnerability CVE-2024-38475 is classified as an “improper escaping […]

The post CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Профессор из Сиднея переворачивает представление о решениях полиномов.

Phone theft is a rising issue worldwide, and it’s more than just a property crime. It’s a serious cybersecurity threat. In the UK alone, the Metropolitan Police seizes 1,000 phones each week. Stolen phones don’t just go to local black markets. They often get funneled into larger criminal operations. For example, stolen phones can be used to bypass security features or be reprogrammed and resold. In 2024, Europol uncovered a massive phishing network that affected … More →

The post Phone theft is turning into a serious cybersecurity risk appeared first on Help Net Security.

Sessionless Sessionless is a Burp Suite extension for editing, signing, verifying, and attacking signed tokens: Django TimestampSigner, ItsDangerous Signer, Express cookie-session middleware, OAuth2 Proxy, and Tornado’s signed cookies. It provides automatic detection and in-line editing of tokens within HTTP...

The post sessionless: Burp Suite extension for editing, signing, verifying various signed web tokens appeared first on Penetration Testing Tools.

在真实的安全运营场景中，我们往往是在“事情已经发生之后”才介入：告警触发、业务异常、用户反馈异常登录……随后启阅读更多

Искусственный сценарист всегда точно знает, когда пошутить и с кем поспорить.

SentryPeer A distributed list of bad IP addresses and phone numbers was collected via a SIP Honeypot. This is basically a fraud detection tool. It lets bad actors try to make phone calls and...

The post SentryPeer: distributed list of bad IP addresses and phone numbers appeared first on Penetration Testing Tools.

A vulnerability, which was classified as problematic, has been found in Libraryvideocompany SAFARI Montage 8.3/8.5. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2021-45425. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Wireshark up to 3.4.10/3.6.0. This affects an unknown part of the component Sysdig Event Dissector. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2021-4181. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Wireshark up to 3.4.10 and classified as problematic. Affected by this issue is some unknown functionality of the component Gryphon Dissector. The manipulation leads to denial of service. This vulnerability is handled as CVE-2021-4186. The attack may be launched remotely. There is no exploit available.