@cyber-security ..
zdroje:
#bleepingcomputer.com
#blog.google-TAG
#csirt.cz
#cyberscoop.com
#cybersecuritynews.com
#darkreading.com
#googleprojectzero.blogspot.com
#kratkespravy.sk
#krebsonsecurity.com
#linuxsecurity.com
#nakedsecurity.sophos.com
#nukib.cz
#scmagazine.com
#security.googleblog.com
#securityaffairs.co
#securityweek.com
#thehackernews.com
#therecord.media
#threatpost.com
#tripwire.com-state-of-security
bleepingcomputer.com
- Cyberattack at French hospital exposes health data of 750,000 patients
- Fintech giant Finastra investigates data breach after SFTP hack
- MITRE shares 2024's top 25 most dangerous software weaknesses
- US charges five linked to Scattered Spider cybercrime gang
- Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
- Microsoft confirms game audio issues on Windows 11 24H2 PCs
- New Ghost Tap attack abuses NFC mobile payments to steal money
- Amazon and Audible flooded with 'forex trading' and warez listings
- Apple fixes two zero-days used in attacks on Intel-based Macs
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
- Ford rejects breach allegations, says customer data not impacted
- Oracle warns of Agile PLM file disclosure flaw exploited in attacks
blog.google-TAG
- TAG Bulletin: Q3 2024
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
- Iranian backed group steps up phishing campaigns against Israel, U.S.
- Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024
- TAG Bulletin: Q2 2024
- A review of zero-day in-the-wild exploits in 2023
- TAG Bulletin: Q1 2024
- Tool of First Resort: Israel-Hamas War in Cyber
- Buying Spying: How the commercial surveillance industry works and what can be done about it
- TAG Bulletin: Q4 2023
- Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
- Zimbra 0-day used to target international government organizations
csirt.cz
- Postřehy z bezpečnosti: pašování škodlivého kódu v metadatech souborů
- Nejen s blížícími se Vánoci je nutné být při online nakupování obezřetnější
- Můj telefon je rozbitý
- Podvodníci s kryptoměnami se začali zaměřovat na novou cílovou skupinu
- Postřehy z bezpečnosti: nula sem, nula tam, aneb zranitelnost nultého dne
- Quishing cílí na majitele elektrických automobilů
- Nové pokyny NIST pro ověřování identity a autentizaci uživatelů
- Nový malware zneužívá režim kiosku pro krádež Google přihlašovacích údajů
- Podvodné SMS cílí na oběti povodní
- Postřehy z bezpečnosti: krádež dat pomocí „mluvících pixelů“
cyberscoop.com
- CISOs can now obtain professional liability insurance
- US charges five men linked to ‘Scattered Spider’ with wire fraud
- Vulnerability disclosure policy bill for federal contractors clears Senate panel
- Sen. Blumenthal wants FCC to get busy on telecom wiretap security rules
- Microsoft launches ‘Zero Day Quest’ competition to enhance cloud and AI security
- Bipartisan Senate bill targets supply chain threats from foreign adversaries
- Rail and pipeline representatives push to dial back TSA’s cyber mandates
- Botnet serving as ‘backbone’ of malicious proxy network taken offline
- Attackers are hijacking Jupyter notebooks to host illegal Champions League streams
- How to remove the cybersecurity gridlock from the nation’s energy lifelines
cybersecuritynews.com
private- Malicious PyPi Package Mimic ChatGPT & Claude Steals Developers Data
- Critical Kubernetes Vulnerability Let Attackers Execute Arbitrary Commands
- macOS WorkflowKit Race Vulnerability Let Malicious Apps Intercept Shortcuts
- DDoS Attack Growing Bigger & Dangerous, New Report Reveals
- MITRE Lists 25 Most Dangerous Software Weaknesses of 2024
- Wireshark 4.4.2: Fixes Vulnerabilities & Enhances Protocol Support
- SquareX Brings Industry’s First Browser Detection Response Solution to AISA Melbourne CyberCon 2024
- ANY.RUN Sandbox Now Let Analysts Automatically Analyse Complex Cyber Attack Chains
- What is Domain-Based Message Authentication, Reporting & Conformance(DMARC)?
- Microsoft Ignite New 360-Degree Details Attacker Tooling and Methodology
darkreading.com
- It's Near-Unanimous: AI, ML Make the SOC Better
- China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data
- Alleged Ford 'Breach' Encompasses Auto Dealer Info
- Apple Urgently Patches Actively Exploited Zero-Days
- Small US Cyber Agencies Are Underfunded & That's a Problem
- 'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse
- African Reliance on Foreign Suppliers Boosts Insecurity Concerns
- DeepTempo Launches AI-Based Security App for Snowflake
- RIIG Launches With Risk Intelligence Solutions
- SWEEPS Educational Initiative Offers Application Security Training
- Linux Variant of Helldown Ransomware Targets VMware ESXi Systems
- Russian Ransomware Gangs on the Hunt for Pen Testers
googleprojectzero.blogspot.com
- From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
- The Windows Registry Adventure #4: Hives and the registry layout
- Effective Fuzzing: A Dav1d Case Study
- The Windows Registry Adventure #3: Learning resources
- Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
- Driving forward in Android drivers
- The Windows Registry Adventure #2: A brief history of the feature
- The Windows Registry Adventure #1: Introduction and research results
- First handset with MTE on the market
- An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
- Analyzing a Modern In-the-wild Android Exploit
- MTE As Implemented, Part 1: Implementation Testing
kratkespravy.sk
- Zo sveta IT bezpečnosti, 10/2024
- Zo sveta IT bezpečnosti, 9/2024
- Oslo: Návod na použitie
- Zo sveta IT bezpečnosti, 8/2024
- Zo sveta IT bezpečnosti, 7/2024
- Zo sveta IT bezpečnosti, 6/2024
- Zo sveta IT bezpečnosti, 5/2024
- Zo sveta IT bezpečnosti, 4/2024
- Zo sveta IT bezpečnosti, 3/2024
- Zo sveta IT bezpečnosti, 2/2024
krebsonsecurity.com
- Fintech Giant Finastra Investigating Data Breach
- An Interview With the Target & Home Depot Hacker
- Microsoft Patch Tuesday, November 2024 Edition
- FBI: Spike in Hacked Police Emails, Fake Subpoenas
- Canadian Man Arrested in Snowflake Data Extortions
- Booking.com Phishers May Leave You With Reservations
- Change Healthcare Breach Hits 100M Americans
- The Global Surveillance Free-for-All in Mobile Ad Data
- Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach
- Sudanese Brothers Arrested in ‘AnonSudan’ Takedown
linuxsecurity.com
- The Dual Edge of Open Source: Examining Key Benefits and Security Challenges
- Containerizing WordPress: Best Practices for Robust Security and Management
- AlmaLinux 9.5 Released: Exploring Key Updates & Improvements
- Analyzing the Emergence of Helldown Ransomware Targeting Linux & VMware Systems
- Mageia 2024-0365: thunderbird Security Advisory Updates
- Fedora 41: llvm-test-suite 2024-6d9aba8c3c Security Advisory Updates
- Fedora 40: llvm-test-suite 2024-300397332b Security Advisory Updates
- Fedora 39: chromium 2024-9c44ad3527 Security Advisory Updates
- Ubuntu 7123-1: Linux kernel (Azure) Security Advisory Updates
- Ubuntu 7121-2: Linux kernel (Azure) Security Advisory Updates
nakedsecurity.sophos.com
-
[kanál neteče]
nukib.cz
- Aktuality z bezpečnosti satelitních služeb
- Národní úřad pro kybernetickou a informační bezpečnost posílil spolupráci s Kanadou
- Upozorňujeme na zneužívání identit Amazon, Microsoft a státních institucí
- Prováděcí nařízení k NIS2 je tady
- Platforma pro výzkum a vývoj v kybernetické a informační bezpečnosti spouští nové webové stránky a mění název
- Vydali jsme Přehled kybernetických incidentů za září 2024
- Upozornění na zvýšené riziko DDoS útoků během voleb do Evropského parlamentu
- Upozornění na kompromitaci routerů Ubiquity Edge OS aktérem sponzorovaným ruským státem
- Upozorňujeme na dvě kritické zranitelnosti v operačním systému FortiOS
- Upozorňujeme na hrozbu Terrapin útoku mířícího na SSH protokol
- Doporučení v oblasti kryptografických prostředků verze 3.0
- Doporučení k používání protokolu TLP ke sdílení chráněných informací
scmagazine.com
-
[kanál neteče]
security.googleblog.com
-
[kanál neteče]
securityaffairs.co
- Decade-old local privilege escalation bugs impacts Ubuntu needrestart package
- Ford data breach involved a third-party supplier
- Hacker obtained documents tied to lawsuit over Matt Gaetz’s sexual misconduct allegations
- Apple addressed two actively exploited zero-day vulnerabilities
- Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events
- Russian Phobos ransomware operator faces cybercrime charges
- China-linked actor’s malware DeepData exploits FortiClient VPN zero-day
- U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog
- Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals
- Recently disclosed VMware vCenter Server bugs are actively exploited in attacks
securityweek.com
- US Gathers Allies to Talk AI Safety as Trump’s Vow to Undo Biden’s AI Policy Overshadows Their Work
- Industry Moves for the week of November 18, 2024 - SecurityWeek
- Risk Intelligence Startup RIIG Raises $3 Million
- Twine Snags $12M for AI-Powered ‘Digital Employees’ Tech
- Surf Security Adds Deepfake Detection Tool to Enterprise Browser
- D-Link Warns of RCE Vulnerability in Legacy Routers
- CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation
- GitHub Launches Fund to Improve Open Source Project Security
- Cyera Raises $300 Million at $3 Billion Valuation
- Oracle Patches Exploited Agile PLM Zero-Day
- Ford Blames Third-Party Supplier for Data Breach
thehackernews.com
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects
- NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data
- Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
- NHIs Are the Future of Cybersecurity: Meet NHIDR
- Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity
- China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
- Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation
- Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices
- Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts
- Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority
therecord.media
- FBI says BianLian based in Russia, moving from ransomware attacks to extortion
- Phobos ransomware indictment sheds light on long-running, quietly successful scheme
- Five alleged members of Scattered Spider cybercrime group charged for breaches, theft of $11 million
- Two brothers indicted for operating illegal sports streaming service that netted $7 million
- UK says a new law banning social media for under-16s is 'on the table'
threatpost.com
- Student Loan Breach Exposes 2.5M Records
- Watering Hole Attacks Push ScanBox Keylogger
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
- Ransomware Attacks are on the Rise
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
- Twitter Whistleblower Complaint: The TL;DR Version
- Firewall Bug Under Active Attack Triggers CISA Warning
- Fake Reservation Links Prey on Weary Travelers
- iPhone Users Urged to Update to Patch 2 Zero-Days
- Google Patches Chrome’s Fifth Zero-Day of the Year
tripwire.com-state-of-security
- The Role of Security Configuration Management in Achieving Zero Trust Security Architectures
- CIS Control 12: Network Infrastructure Management
- Essential Security Best Practices for Remote Work
- BEC Cost Citizens Worldwide Over $55bn in Last 10 Years
- The Future of Cybersecurity: Why Vendor Consolidation is the Next Big Trend
- Identity Fraud and the Cost of Living Crisis: New Challenges for 2024
- Cyberbiosecurity: Where Digital Threats Meet Biological Systems
- ShrinkLocker Ransomware: What You Need To Know
- Exploring the Security Risks of VR and AR
- CIS Control 13: Network Monitoring and Defense