@cyber-security ↑
zdroje:
#bleepingcomputer.com
#blog.google-TAG
#csirt.cz
#cyberscoop.com
#cybersecuritynews.com
#darkreading.com
#googleprojectzero.blogspot.com
#kratkespravy.sk
#krebsonsecurity.com
#linuxsecurity.com
#nakedsecurity.sophos.com
#nukib.cz
#scmagazine.com
#security.googleblog.com
#securityaffairs.co
#securityweek.com
#thehackernews.com
#therecord.media
#threatpost.com
#tripwire.com-state-of-security
bleepingcomputer.com
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout
- SpyLend Android malware downloaded 100,000 times from Google Play
- Hacker steals record $1.46 billion from Bybit ETH cold wallet
- CISA flags Craft CMS code injection flaw as exploited in attacks
- Apple pulls iCloud end-to-end encryption feature in the UK
- Apiiro unveils free scanner to detect malicious code merges
- Black Basta ransomware gang's internal chat logs leak online
- US healthcare org pays $11M settlement over alleged cybersecurity lapses
- Chinese hackers use custom malware to spy on US telecom networks
- Integrating LLMs into security operations using Wazuh
- Microsoft fixes Power Pages zero-day bug exploited in attacks
- Microsoft testing fix for Windows 11 bug breaking SSH connections
blog.google-TAG
- TAG Bulletin: Q4 2024
- TAG Bulletin: Q3 2024
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
- Iranian backed group steps up phishing campaigns against Israel, U.S.
- Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024
- TAG Bulletin: Q2 2024
- A review of zero-day in-the-wild exploits in 2023
- TAG Bulletin: Q1 2024
- Tool of First Resort: Israel-Hamas War in Cyber
- Buying Spying: How the commercial surveillance industry works and what can be done about it
- TAG Bulletin: Q4 2023
- Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
csirt.cz
- Falešné hovory a umělá inteligence zvyšují úspěšnost nebezpečných útoků
- Pozor na falešné SMS zneužívající číslo 158
- Postřehy z bezpečnosti: běžný den týmu telefonických podvodníků
- Pozor na phishing napodobující službu MojeID
- Ransomwarový útok ochromil služby katastru na Slovensku
- Akt o kybernetické odolnosti je platný. V účinnost vstoupí za dva roky
- Nový rootkit ohrožuje linuxové systémy
- Postřehy z bezpečnosti: zranitelnost v Google Chrome umožňuje vzdálené spuštění kódu
- RomCom zneužila řetězec dvou zero-day zranitelností k rozsáhlým útokům na uživatele v Evropě a Severní Americe
- Postřehy z bezpečnosti: pašování škodlivého kódu v metadatech souborů
cyberscoop.com
- Top House E&C Republicans query public for ideas on data privacy law
- Apple pulls end-to-end encryption feature from UK after demands for law enforcement access
- No, that’s not the acting head of the Social Security Administration. That’s a former CISA employee.
- Salt Typhoon gained initial access to telecoms through Cisco devices
- SEC rebrands cryptocurrency unit to focus on emerging technologies
- Russia-aligned threat groups dupe Ukrainian targets via Signal
- Energy CISO: Agencies can’t implement zero trust alone
- Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says
- Edge device vulnerabilities fueled attack sprees in 2024
- Java security: If you ain’t cheatin,’ you ain’t tryin’
cybersecuritynews.com
private- Salt Typhoon Hackers Exploit Cisco Vulnerability To Gain Access To U.S. Telecom Networks
- Auto-Generated Password Vulnerability In Sitevision Leaks Signing Key
- China Claim That NSA Allegedly Hacked Northwestern Polytechnical University
- ACRStealer Malware Exploiting Google Docs as C2 To Steal Login Credentials
- Darcula 3.0 Tool Automatically Generates Phishing Kit For Any Brand
- CL0P Ransomware Attacking Telecommunications & Healthcare Sectors In Large Scale
- Cyber Threat Actors Leveraging Exploits To Attack Financial Sector With Advanced Malware
- CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits
- Pegasus Spyware Used Widely to Target Individuals in Private Industry & Finance Sectors
- SPAWNCHIMERA Malware Exploiting Ivanti Buffer Overflow Vulnerability By Applying A Fix
darkreading.com
- Black Basta Goes Dark Amid Infighting, Chat Leaks Show
- Cisco Confirms Salt Typhoon Exploitation in Telecom Hits
- Nations Open 'Data Embassies' to Protect Critical Info
- 4 Low-Cost Ways to Defend Your Organization Against Deepfakes
- Data Suggests It's Time to Rethink Cloud Permissions
- Ghost Ransomware Targets Orgs in 70+ Countries
- Google Adds Quantum-Resistant Digital Signatures to Cloud KMS
- ZEST Security's Cloud Risk Exposure Impact Report Reveals 62% of Incidents are Related to Risks Known to the Organization
- When Brand Loyalty Trumps Data Security
- Signs Your Organization's Culture Is Hurting Your Cybersecurity
- 'Darcula' Phishing Kit Can Now Impersonate Any Brand
- Australian Critical Infrastructure Faces 'Acute' Foreign Threats
googleprojectzero.blogspot.com
- Windows Bug Class: Accessing Trapped COM Objects with IDispatch
- Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
- The Windows Registry Adventure #5: The regf file format
- The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
- Windows Tooling Updates: OleView.NET
- Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
- From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
- The Windows Registry Adventure #4: Hives and the registry layout
- Effective Fuzzing: A Dav1d Case Study
- The Windows Registry Adventure #3: Learning resources
- Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
- Driving forward in Android drivers
kratkespravy.sk
- Zo sveta IT bezpečnosti, 1/2025
- Zo sveta IT bezpečnosti, 12/2024
- Zo sveta IT bezpečnosti, 11/2024
- Zo sveta IT bezpečnosti, 10/2024
- Zo sveta IT bezpečnosti, 9/2024
- Oslo: Návod na použitie
- Zo sveta IT bezpečnosti, 8/2024
- Zo sveta IT bezpečnosti, 7/2024
- Zo sveta IT bezpečnosti, 6/2024
- Zo sveta IT bezpečnosti, 5/2024
krebsonsecurity.com
- How Phished Data Turns into Apple & Google Wallets
- Nearly a Year Later, Mozilla is Still Promoting OneRep
- Microsoft Patch Tuesday, February 2025 Edition
- Teen on Musk’s DOGE Team Graduated from ‘The Com’
- Experts Flag Security, Privacy Risks in DeepSeek AI App
- Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?
- FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
- Infrastructure Laundering: Blending in with the Cloud
- A Tumultuous Week for Federal Cybersecurity Efforts
- MasterCard DNS Error Went Unnoticed for Years
linuxsecurity.com
- Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
- Open Source AI: Risks & Mitigation Strategies for Security Admins
- The Rust Debate: Enhancing Security and Stability in the Linux Kernel
- The Silent Threat of Fedora Linux Lockdown Mode Being Disabled by Default
- Debian LTS: DLA-4064-1: libxml2 Security Advisory Updates
- Fedora 40: chromium 2025-c0c371a0b6 Security Advisory Updates
- Fedora 40: proftpd 2025-d37ad923f5 Security Advisory Updates
- Fedora 41: proftpd 2025-835949b994 Security Advisory Updates
- Debian LTS: DLA-4063-1: gnutls28 Security Advisory Updates
- SUSE: 2025:0639-1 important: webkit2gtk3 Security Advisory Updates
nakedsecurity.sophos.com
-
[kanál neteče]
nukib.cz
- Upozornění na podvodné telefonáty
- Senátorská návštěva sídla NÚKIB
- NÚKIB aktualizoval Minimální požadavky pro kryptografické algoritmy
- NÚKIB se zahraničními partnery spolupodepsal dokumenty o bezpečnosti hraničních síťových prvků
- Kybernetická bezpečnost obcí – podpůrné materiály z pera NÚKIB
- Upozorňujeme na zneužívání identit Amazon, Microsoft a státních institucí
- Upozornění na zvýšené riziko DDoS útoků během voleb do Evropského parlamentu
- Upozornění na kompromitaci routerů Ubiquity Edge OS aktérem sponzorovaným ruským státem
- Upozorňujeme na dvě kritické zranitelnosti v operačním systému FortiOS
- Upozorňujeme na hrozbu Terrapin útoku mířícího na SSH protokol
- Doporučení v oblasti kryptografických prostředků verze 3.0
- Doporučení k používání protokolu TLP ke sdílení chráněných informací
scmagazine.com
-
[kanál neteče]
security.googleblog.com
-
[kanál neteče]
securityaffairs.co
- Apple removes iCloud encryption in UK following backdoor demand
- B1ack’s Stash released 1 Million credit cards
- U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog
- Atlassian fixed critical flaws in Confluence and Crowd
- Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
- NailaoLocker ransomware targets EU healthcare-related entities
- Microsoft fixed actively exploited flaw in Power Pages
- Citrix addressed NetScaler console privilege escalation flaw
- Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks
- Russia-linked APTs target Signal messenger
securityweek.com
- Bybit Hack Drains $1.5 Billion From Cryptocurrency Exchange
- Industry Moves for the week of February 17, 2025 - SecurityWeek
- Freelance Software Developers in North Korean Malware Crosshairs
- Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand
- Cisco Details ‘Salt Typhoon’ Network Hopping, Credential Theft Tactics
- In Other News: Black Basta Chats Leaked, New SEC Cyber Unit, DOGE Site Hacked
- Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers
- How China Pinned University Cyberattacks on NSA Hackers
- CISA Warns of Attacks Exploiting Craft CMS Vulnerability
- Second Recently Patched Flaw Exploited to Hack Palo Alto Firewalls
- Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines
thehackernews.com
- Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
- OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns
- Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands
- Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations
- Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3
- Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
- AI-Powered Deception is a Menace to Our Societies
- Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware
- China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
- PCI DSS 4.0 Mandates DMARC By 31st March 2025
therecord.media
- GOP megadonor becomes new Clearview AI co-CEO
- Hackers drained $1.4 billion of cryptocurrency from Bybit exchange, CEO confirms
- Top Polish anti-corruption official resigns amid spyware probe
- Feds fine Warby Parker $1.5 million for failing to protect customer health data
- Apple turns off iCloud encryption feature in UK following reported government legal order
threatpost.com
- Student Loan Breach Exposes 2.5M Records
- Watering Hole Attacks Push ScanBox Keylogger
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
- Ransomware Attacks are on the Rise
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
- Twitter Whistleblower Complaint: The TL;DR Version
- Firewall Bug Under Active Attack Triggers CISA Warning
- Fake Reservation Links Prey on Weary Travelers
- iPhone Users Urged to Update to Patch 2 Zero-Days
- Google Patches Chrome’s Fifth Zero-Day of the Year
tripwire.com-state-of-security
- Cybersecurity for Electricity Distribution [2025 Update]
- CIS Control 01: Inventory and Control of Enterprise Assets
- Malaysia's Data Sharing Bill 2024: Pioneering Secure and Efficient Government Collaboration
- Monitoring Applications vs. Operating Systems: Why It Matters
- Ransomware: The $270 Billion Beast Shaping Cybersecurity—Insights from Cyentia's Latest Report
- Got a Microsoft Teams invite? Storm-2372 Gang Exploit Device Codes in Global Phishing Attacks
- Advanced Ransomware Evasion Techniques in 2025
- #TripwireBookClub - Black Hat Bash: Creative Scripting for Hackers and Pentesters
- US Coast Guard Urged to Strengthen Cybersecurity Amid $2B Daily Port Risk
- IIoT Security Threats Reshape Factory Protection Strategies