@cyber-security ↑
zdroje:
#bleepingcomputer.com
#blog.google-TAG
#csirt.cz
#cyberscoop.com
#cybersecuritynews.com
#darkreading.com
#googleprojectzero.blogspot.com
#kratkespravy.sk
#krebsonsecurity.com
#linuxsecurity.com
#nakedsecurity.sophos.com
#nukib.cz
#scmagazine.com
#security.googleblog.com
#securityaffairs.co
#securityweek.com
#thehackernews.com
#therecord.media
#threatpost.com
#tripwire.com-state-of-security
bleepingcomputer.com
- BitoPro exchange links Lazarus hackers to $11 million crypto heist
- Microsoft investigates OneDrive bug that breaks file search
- Cloudflare blocks record 7.3 Tbps DDoS attack against hosting provider
- Aflac discloses breach amidst Scattered Spider insurance attacks
- Can users reset their own passwords without sacrificing security?
- Microsoft to remove legacy drivers from Windows Update for security boost
- No, the 16 billion credentials leak is not a new data breach
- Godfather Android malware now uses virtualization to hijack banking apps
- Webinar: Stolen credentials are the new front door to your network
- OpenAI’s Sam Altman discusses GPT-5 release date
- US recovers $225 million of crypto stolen in investment scams
- Special Webinar: Key Insights from Verizon’s 2025 DBIR
blog.google-TAG
- TAG Bulletin: Q1 2025
- TAG Bulletin: Q4 2024
- TAG Bulletin: Q3 2024
- State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
- Iranian backed group steps up phishing campaigns against Israel, U.S.
- Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024
- TAG Bulletin: Q2 2024
- A review of zero-day in-the-wild exploits in 2023
- TAG Bulletin: Q1 2024
- Tool of First Resort: Israel-Hamas War in Cyber
- Buying Spying: How the commercial surveillance industry works and what can be done about it
- TAG Bulletin: Q4 2023
csirt.cz
- Bezpečnostní analytik CSIRT.CZ objasnil principy phishingu v České televizi
- Postřehy z bezpečnosti: nařízení vlády k novému ZKB jsou v připomínkovém řízení
- Veškeré konverzace uživatelů s ChatGPT budou uchovávány. Včetně těch smazaných.
- Pozor na nový phishing cílící na uživatele Microsoft Planneru
- Závažná zranitelnost v Google Chrome
- Výzkumníci odhalili tisíce zneužitelných zařízení jsou mezi nimi i České
- Postřehy z bezpečnosti: rootkit Curing ukazuje slabiny detekce
- Zranitelnosti v protokolu AirPlay umožňují vzdálené spuštění kódu přes Wi-Fi
- Nová verze ransomwaru WormLocker
- Distribuovaný FTP bruteforcer
cyberscoop.com
- Financial deepfake scams targeted in bipartisan Senate bill
- Aflac duped by social-engineering attack, marking another hit on insurance industry
- Iran’s financial sector takes another hit as largest crypto exchange is targeted
- Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers
- Researchers say AI hacking tools sold online were powered by Grok, Mixtral
- Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group
- Cyber experts call for supercharging volunteer network to protect community organizations
- Federal cyber insurance backstop should be tied to expiring terrorism insurance law, report recommends
- Scattered Spider, fresh off retail sector attack spree, pivots to insurance industry
- SEC withdraws cyber rules for investment companies, advisers
cybersecuritynews.com
private- Critical OpenVPN Driver Vulnerability Allows Attackers to Crash Windows Systems
- DuckDuckGo Rolls Out New Scam Blocker to Protect Users from Online Threats
- How Smart Timesheet Software Is Changing the Way of Work
- Microsoft Warns of OneDrive Bug that Causes Searches to Appear Blank
- Microsoft Announces New Security Defaults for Windows 365 Cloud PCs
- Prometei Botnet Attacking Linux Servers to Mine Cryptocurrency
- Beware of Weaponized MSI Installer Mimic as WhatsApp Delivers Modified XWorm RAT
- Record Breaking 7.3 Tbps DDoS Attack Blasting 37.4 Terabytes in Just 45 Seconds
- CodeSign Secure v3.02: Future of Code Signing with PQC
- Mocha Manakin Using Paste and Run Technique to Trick Users Into Downloading Malicious Payloads
darkreading.com
- AWS Enhances Cloud Security With Better Visibility Features
- Hackers Post Dozens of Malicious Copycat Repos to GitHub
- Telecom Giant Viasat Is Latest Salt Typhoon Victim
- How Cyber Warfare Changes the Face of Geopolitical Conflict
- How to Lock Down the No-Code Supply Chain Attack Surface
- Security Evolution: From Pothole Repair to Road Building
- Scammers Spread False Support Info Using Legitimate Websites
- Paragon Commercial Spyware Infects Prominent Journalists
- Iran-Israel War Triggers a Maelstrom in Cyberspace
- OpenAI Awarded $200M Contract to Work With DoD
- The Triple Threat of Burnout: Overworked, Unsatisfied, Trapped
- GodFather Banking Trojan Debuts Virtualization Tactic
googleprojectzero.blogspot.com
- The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
- The Windows Registry Adventure #7: Attack surface analysis
- Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
- The Windows Registry Adventure #6: Kernel-mode objects
- Blasting Past Webp
- Windows Bug Class: Accessing Trapped COM Objects with IDispatch
- Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
- The Windows Registry Adventure #5: The regf file format
kratkespravy.sk
- Zo sveta IT bezpečnosti, 5/2025
- Zo sveta IT bezpečnosti, 4/2025
- Zo sveta IT bezpečnosti, 3/2025
- Zo sveta IT bezpečnosti, 2/2025
- Zo sveta IT bezpečnosti, 1/2025
- Zo sveta IT bezpečnosti, 12/2024
- Zo sveta IT bezpečnosti, 11/2024
- Zo sveta IT bezpečnosti, 10/2024
- Zo sveta IT bezpečnosti, 9/2024
- Oslo: Návod na použitie
krebsonsecurity.com
- Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
- Patch Tuesday, June 2025 Edition
- Proxy Services Feast on Ukraine’s IP Address Exodus
- U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
- Pakistan Arrests 21 in ‘Heartsender’ Malware Service
- Oops: DanaBot Malware Devs Infected Their Own PCs
- KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
- Breachforums Boss to Pay $700k in Healthcare Breach
- Patch Tuesday, May 2025 Edition
- Pakistani Firm Shipped Fentanyl Analogs, Scams to US
linuxsecurity.com
- Secure RHEL Clones Chart Diverging Paths
- Optimizing Linux Security in 2025: Key Strategies & Best Practices
- How to Secure Linux Servers in SaaS: Essential Security Guide for 2025
- Critical GitHub Actions Vulnerabilities Expose Open-Source Risks
- Oracle9: ELSA-2025-9114: apache-commons-beanutils Important
- Oracle8: ELSA-2025-9188: idm:DL1 Important
- Oracle8: ELSA-2025-9165: gimp:2.8 Important
- Oracle8: ELSA-2025-9142: container-tools:ol8 Moderate
- Oracle8: ELSA-2025-8696: perl-FCGI:0.78 Important
- Oracle7: ELSA-2025-3978: postgresql Important
nakedsecurity.sophos.com
-
[kanál neteče]
nukib.cz
- Návrh nového zákona o kybernetické bezpečnosti je v cílové rovince
- NÚKIB a Microsoft stvrdily spolupráci v oblasti kybernetické bezpečnosti podpisem memoranda
- NÚKIB a Senát ČR podepsaly Memorandum o spolupráci v oblasti kybernetické a informační bezpečnosti
- NÚKIB představuje nové profesní kvalifikace v oblasti kybernetické bezpečnosti
- Vydali jsme přehled kybernetických incidentů za květen 2025
- Upozorňujeme na metodu „harvest now, decrypt later“
- Upozornění na možnou zvýšenou aktivitu kyberútočníků v souvislosti s EXPO 2025
- Upozorňujeme na zneužívání identit Amazon, Microsoft a státních institucí
- Upozornění na zvýšené riziko DDoS útoků během voleb do Evropského parlamentu
- Upozornění na kompromitaci routerů Ubiquity Edge OS aktérem sponzorovaným ruským státem
- Doporučení v oblasti kryptografických prostředků verze 3.0
- NÚKIB a Ministerstvo vnitra vydaly bezpečnostní doporučení pro vývoj otevřeného softwaru
scmagazine.com
-
[kanál neteče]
security.googleblog.com
-
[kanál neteče]
securityaffairs.co
- Iran confirmed it shut down internet to protect the country against cyberattacks
- Godfather Android trojan uses virtualization to hijack banking and crypto apps
- Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider
- Linux flaws chain allows Root access across major distributions
- A ransomware attack pushed the German napkin firm Fasana into insolvency
- Researchers discovered the largest data breach ever, exposing 16 billion login credentials
- China-linked group Salt Typhoon breached satellite firm Viasat
- Iran experienced a near-total national internet blackout
- Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers
- Healthcare services company Episource data breach impacts 5.4 Million people
securityweek.com
- Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks
- Industry Moves for the week of April 14, 2025 - SecurityWeek
- Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
- Kidney Dialysis Services Provider DaVita Hit by Ransomware
- Conduent Says Names, Social Security Numbers Stolen in Cyberattack
- 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
- China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games
- Blockchain, Quantum, and IoT Firms Unite to Secure Satellite Communications Against Quantum Threats
- NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
- Hertz Discloses Data Breach Linked to Cleo Hack
- CISO Conversations: Maarten Van Horenbeeck, SVP & Chief Security Officer at Adobe
thehackernews.com
- Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages
- Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms
- Iran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
- 6 Steps to 24/7 In-House SOC Success
- Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
- 200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
- New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud, and NFC Theft
- BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware
- Secure Vibe Coding: The Complete New Guide
- Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
- Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
- Meta Adds Passkey Login Support to Facebook for Android and iOS Users
therecord.media
- Judge overturns Biden-era HHS rule on HIPAA protections for those seeking reproductive care
- Tonga Ministry of Health hit with cyberattack affecting website, IT systems
- Krispy Kreme: Over 160,000 people had data stolen during November 2024 cyberattack
- Russian dairy supply disrupted by cyberattack on animal certification system
- Aflac says it stopped attack launched by ‘sophisticated cybercrime group’
threatpost.com
- Student Loan Breach Exposes 2.5M Records
- Watering Hole Attacks Push ScanBox Keylogger
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
- Ransomware Attacks are on the Rise
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
- Twitter Whistleblower Complaint: The TL;DR Version
- Firewall Bug Under Active Attack Triggers CISA Warning
- Fake Reservation Links Prey on Weary Travelers
- iPhone Users Urged to Update to Patch 2 Zero-Days
- Google Patches Chrome’s Fifth Zero-Day of the Year
tripwire.com-state-of-security
- Interlock ransomware: what you need to know
- NIST’s Responsibilities Under the January 2025 Executive Order
- Proposed HIPAA Update Makes Yearly Pen Testing Mandatory
- The Unique Cybersecurity Risks in the Manufacturing Sector
- What the UK’s New Cyber Resilience Bill Means for Businesses—and How to Stay Ahead
- 3AM Ransomware Attackers Pose as IT Support to Compromise Networks
- Health-ISAC 2025 Report: Ransomware Still Reigns as #1 Threat to Healthcare
- Key Takeaways from the IBM X-Force 2025 Threat Intelligence Index
- Government Organizations Lose Nearly a Month in Downtime for Every Ransomware Attack
- How IoT Security Cameras Are Susceptible to Cyber Attacks