well...
news
latest news about cyber-security
news
>
@cyber-security
↑
HOT:
@ukraine
,
@russia
,
@israel
,
@palestine
zdroje:
#bleepingcomputer.com
#blog.google-TAG
#csirt.cz
#cyberscoop.com
#cybersecuritynews.com
#darkreading.com
#googleprojectzero.blogspot.com
#kratkespravy.sk
#krebsonsecurity.com
#linuxsecurity.com
#nakedsecurity.sophos.com
#nukib.cz
#scmagazine.com
#security.googleblog.com
#securityaffairs.co
#securityweek.com
#thehackernews.com
#therecord.media
#threatpost.com
#tripwire.com-state-of-security
bleepingcomputer.com
Microsoft: Hackers steal emails in device code phishing attacks
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS
SonicWall firewall bug leveraged in attacks after PoC exploit release
PirateFi game on Steam caught installing password-stealing malware
PostgreSQL flaw exploited as zero-day in BeyondTrust breach
Chinese hackers breach more US telecoms via unpatched Cisco routers
Microsoft fixes bug causing Windows Server 2025 boot errors
whoAMI attacks give hackers code execution on Amazon EC2 instances
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
Hacker leaks account data of 12 million Zacks Investment users
Chinese espionage tools deployed in RA World ransomware attack
blog.google-TAG
TAG Bulletin: Q4 2024
TAG Bulletin: Q3 2024
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
Iranian backed group steps up phishing campaigns against Israel, U.S.
Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024
TAG Bulletin: Q2 2024
A review of zero-day in-the-wild exploits in 2023
TAG Bulletin: Q1 2024
Tool of First Resort: Israel-Hamas War in Cyber
Buying Spying: How the commercial surveillance industry works and what can be done about it
TAG Bulletin: Q4 2023
Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
csirt.cz
Pozor na falešné SMS zneužívající číslo 158
Postřehy z bezpečnosti: běžný den týmu telefonických podvodníků
Pozor na phishing napodobující službu MojeID
Ransomwarový útok ochromil služby katastru na Slovensku
Akt o kybernetické odolnosti je platný. V účinnost vstoupí za dva roky
Nový rootkit ohrožuje linuxové systémy
Postřehy z bezpečnosti: zranitelnost v Google Chrome umožňuje vzdálené spuštění kódu
RomCom zneužila řetězec dvou zero-day zranitelností k rozsáhlým útokům na uživatele v Evropě a Severní Americe
Postřehy z bezpečnosti: pašování škodlivého kódu v metadatech souborů
Nejen s blížícími se Vánoci je nutné být při online nakupování obezřetnější
cyberscoop.com
Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts
In Paris, U.S. signals shift from AI safety to deregulation
Salt Typhoon remains active, hits more telecom networks via Cisco routers
CyberArk acquires Zilla Security in $175 million deal
Russian state threat group shifts focus to US, UK targets
Trump picks Sean Cairncross for national cyber director
U.S. adversaries increasingly turning to cybercriminals and their malware for help
Microsoft fixes 63 vulnerabilities, including 2 zero-days
Bipartisan Senate bill would strengthen cybercrime penalties
U.S. sanctions bulletproof hosting provider for supplying LockBit infrastructure
cybersecuritynews.com
private
SonicWall Firewall Authentication Bypass Vulnerability Exploited in Wild Following PoC Release
New Go-Based Malware Exploits Telegram and Use It as C2 Channel
Beware of Fake BSOD Delivered by Malicious Python Script
Elon Musk’s DOGE Website Database Vulnerability Let Anyone Make Entries Directly
Lazarus Group Infostealer Malwares Attacking Developers In New Campaign
XELERA Ransomware Attacking Job Seekers With Weaponized Word Documents
EarthKapre APT Drops Weaponized PDF to Compromise Windows Systems
Lazarus Group Using New Malware Tactic To Attack Developers Globally
North Korean IT Workers Infiltrate International Companies To Plant Backdoors on Systems
Beware of Malicious Browser Updates That Installs SocGholish Malware
darkreading.com
This Security Firm's 'Bias' Is Also Its Superpower
How Banks Can Adapt to the Rising Threat of Financial Crime
Open Source AI Models: Perfect Storm for Malicious Code, Vulnerabilities
Salt Typhoon Exploits Cisco Devices in Telco Infrastructure
Warning: Tunnel of Love Leads to Scams
CyberArk Makes Identity Security Play With Zilla Acquisition
Roundtable: Is DOGE Flouting Cybersecurity for US Data?
Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware
How Public & Private Sectors Can Better Align Cyber Defense
Japan Goes on Offense With New 'Active Cyber Defense' Bill
President Trump to Nominate Former RNC Official as National Cyber Director
Content Credentials Technology Verifies Image, Video Authenticity
googleprojectzero.blogspot.com
Windows Bug Class: Accessing Trapped COM Objects with IDispatch
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
The Windows Registry Adventure #5: The regf file format
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Windows Tooling Updates: OleView.NET
Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
The Windows Registry Adventure #4: Hives and the registry layout
Effective Fuzzing: A Dav1d Case Study
The Windows Registry Adventure #3: Learning resources
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Driving forward in Android drivers
kratkespravy.sk
Zo sveta IT bezpečnosti, 1/2025
Zo sveta IT bezpečnosti, 12/2024
Zo sveta IT bezpečnosti, 11/2024
Zo sveta IT bezpečnosti, 10/2024
Zo sveta IT bezpečnosti, 9/2024
Oslo: Návod na použitie
Zo sveta IT bezpečnosti, 8/2024
Zo sveta IT bezpečnosti, 7/2024
Zo sveta IT bezpečnosti, 6/2024
Zo sveta IT bezpečnosti, 5/2024
krebsonsecurity.com
Nearly a Year Later, Mozilla is Still Promoting OneRep
Microsoft Patch Tuesday, February 2025 Edition
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Experts Flag Security, Privacy Risks in DeepSeek AI App
Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
Infrastructure Laundering: Blending in with the Cloud
A Tumultuous Week for Federal Cybersecurity Efforts
MasterCard DNS Error Went Unnoticed for Years
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
linuxsecurity.com
Transparency in AI: How Open-Source LLMs Can Prevent Hidden Vulnerabilities
Navigating AI-Driven Security Challenges in Linux Environments
CISA Warns of Exploited Linux Kernel Bug in UVC Driver
Automating Open Source: How AI is Shaping the Future of Linux Administration
Fedora 40: chromium 2025-a87a6cd2a7 Security Advisory Updates
Fedora 41: microcode_ctl 2025-c99f9d789a Security Advisory Updates
Fedora 41: chromium 2025-d83e49a948 Security Advisory Updates
Debian LTS: DLA-4055-1: trafficserver Security Advisory Updates
Debian LTS: DLA-4054-1: tryton-client Security Advisory Updates
Debian LTS: DLA-4053-1: freerdp2 Security Advisory Updates
nakedsecurity.sophos.com
[kanál neteče]
nukib.cz
Senátorská návštěva sídla NÚKIB
NÚKIB aktualizoval Minimální požadavky pro kryptografické algoritmy
NÚKIB se zahraničními partnery spolupodepsal dokumenty o bezpečnosti hraničních síťových prvků
Kybernetická bezpečnost obcí – podpůrné materiály z pera NÚKIB
NÚKIB v roce 2024 zaznamenal více kybernetických incidentů než v předchozích letech
Upozorňujeme na zneužívání identit Amazon, Microsoft a státních institucí
Upozornění na zvýšené riziko DDoS útoků během voleb do Evropského parlamentu
Upozornění na kompromitaci routerů Ubiquity Edge OS aktérem sponzorovaným ruským státem
Upozorňujeme na dvě kritické zranitelnosti v operačním systému FortiOS
Upozorňujeme na hrozbu Terrapin útoku mířícího na SSH protokol
Doporučení v oblasti kryptografických prostředků verze 3.0
Doporučení k používání protokolu TLP ke sdílení chráněných informací
scmagazine.com
[kanál neteče]
security.googleblog.com
[kanál neteče]
securityaffairs.co
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33
Security Affairs newsletter Round 511 by Pierluigi Paganini – INTERNATIONAL EDITION
U.S. CISA adds Apple iOS and iPadOS and Mitel SIP Phones flaws to its Known Exploited Vulnerabilities catalog
Attackers exploit recently disclosed Palo Alto Networks PAN-OS firewalls bug
U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog
China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks
Valve removed the game PirateFi from the Steam video game platform because contained a malware
The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets
China-linked APTs’ tool employed in RA World Ransomware attack
securityweek.com
SailPoint IPO Signals Bright Spot for Cybersecurity
Industry Moves for the week of February 10, 2025 - SecurityWeek
Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems
Sean Cairncross is Trump Nominee for National Cyber Director
Rising Tides: Lesley Carhart on Bridging Enterprise Security and OT—and Improving the Human Condition
Meta Paid Out Over $2.3 Million in Bug Bounties in 2024
In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool
SonicWall Firewall Vulnerability Exploited After PoC Publication
Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
New Windows Zero-Day Exploited by Chinese APT: Security Firm
SGNL Raises $30 Million for Identity Management Solution
thehackernews.com
Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
AI-Powered Social Engineering: Ancillary Tools and Techniques
Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts
RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally
PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks
Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams
RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
AI and Security - A New Puzzle to Figure Out
therecord.media
Sweden’s PM on suspected cable sabotage: ‘We don’t believe random things suddenly happen quite often’
Zelensky calls to build ‘army of Europe’ to counter future Russian threats
Texas investigating DeepSeek for violating data privacy law
Police risk losing society’s trust in fight against cybercrime, warns Europol chief
USAID staff accuses DOGE of jeopardizing safety, accessing security clearance data
threatpost.com
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
tripwire.com-state-of-security
US Coast Guard Urged to Strengthen Cybersecurity Amid $2B Daily Port Risk
IIoT Security Threats Reshape Factory Protection Strategies
CIS Control 02: Inventory and Control of Software Assets
Holding the Tide Against the Next Wave of Phishing Scams
VERT Threat Alert: February 2025 Patch Tuesday Analysis
Building a Vulnerability Management Program from Scratch
“Quishing” - The Emerging Threat of Fake QR Codes
Key Takeaways from the NCSC Annual Review 2024
Research Reveals Data Breaches On The Rise at UK Law Firms
How CISOs Can Build a Cybersecurity-First Culture