Author: Admin
01 April 2025Red LakshmananCrypto -Hockey / Security Cloud Open PostgreSQL specimens are the goal of a current company designed to obtain unauthorized access and deploying cryptocurrency miners. Wiz Wiz Cloud Security said the activity is a penetration recruitment that was first indicated by Aqua Security in August 2024 Pg_mem. The company was related to the “Wizard” track, which threatens as Jinx-0126. “Since then, the actor threatens developed, introducing the methods of evading protection, such as the deployment of binary files with a unique hash on the target and performing a useful miner load, probably evading (platform Cloud Worker loads), which…
01 April 2025Red LakshmananEncryption / email safety Upon 21st birthday gmailGoogle has announced the main update that allows the enterprise users to send encrypted to the end (E2EE) to any user in any mailbox in several clicks. This feature is unfolding from today in beta -version, allowing users to send E2ee emails to Gmail users to the organization, planning to send E2ee emails to any Gmail mailbox in the coming weeks and to any mailbox at the end of this year. Making a new encryption model – an alternative to safe/multifunctional Internet extension (S/mime) Protocol – is distinguished in that…
Cybersecurity researchers shed light on a new actor associated with China, called Earth Alux This is aimed at various key sectors such as government, technology, logistics, production, telecommunications, IT services and retail trade in the Asia-Pacific regions (APAC) and Latin American (Latam). “The first observation of his activities took place in the second quarter of 2023; then the APAC region was noted,” – Trend Micro Researchers Lenart Bermejj, Ted Lee and Theo Cheen – Note In a technical report published on Monday. “He was also spotted in Latin America near the mid -2024.” The main goals of the countries on…
The new complex PHISHING-AS-A-Service (Phaas) Platform, called Lucid, has sent 169 legal entities in 88 countries that use broken messages distributed via Apple IMessage and Rich Communication Services (RCS) for Android. The unique Lucid outlet is in its armament legal communication platforms to overcome the traditional SMS detection mechanisms. “Its scalable model based on subscriptions allows cybercriminals to conduct large -scale phishing companies to collect credit card data for financial fraud,” Swiss Cybersecurity Company – Note In a technical report that is shared with Hacker News. “Lucid uses Apple Imessage and RCS Android technology, bypassing traditional SMS filters and greatly…
01 April 2025Hacker NewsWeb -security / matching GDPR Are your safety tokens? Learn how reflectiz has helped giant retailers put pixel on Facebook, which hidden tracking sensitive CSRF tokens with the erroneous errors. Learn about the detection process, response strategy and steps to mitigate this critical question. Download full case study there. Introducing Reflectiz Recommendations, retail trade avoided the following: Potential GDPR fines (up to 20 million euros or 4% turn) The cost of data violation is $ 3.9 million (average) 5% of buyers Introduction You may not know much about CSRF tokens, but as an Internet shop, you need…
01 April 2025Red LakshmananNetwork security / vulnerability Cybersecurity researchers warn about a spike in a suspicious login focused on Palo Alto Networks Pan-Os GlobalProt GateWays, with almost 24,000 unique IPs trying to access these portals. “This picture suggests that the concerted efforts to check the protection of the network and the detection of exposed or vulnerable systems, potentially as a predecessor of purposeful operation”, “threatened intelligence firm Greynoise – Note. It is said that the overstretch began on March 17, 2025, supporting almost 20,000 unique IPs a day before being rejecting on March 26. At the peak of 23 958…
Critical Corrections Apple Backports for the last three days affecting old iOS and MacOS devices
01 April 2025Red LakshmananMobile security / vulnerability Apple corrected three vulnerabilities on Monday, which were actively operating in the wild to old models and previous versions of operating systems. The vulnerabilities in question are below – Cve-2025-24085 (CVSS assessment: 7.3) -des using error-based media companies that can allow the malicious application already installed on the device to raise privileges Cve-2025-24200 (CVSS assessment: 4.6) – The problem with the resolution in the availability that can make possible Cve-2025-24201 (CVSS assessment: 8.8)–problem of the account out of the restriction Updates are now available for the following versions of the operating system -…
01 April 2025Red LakshmananData protection / privacy Apple suffered a fine of 150 million euros (162 million dollars) of France’s competition for the implementation of its scope of application tracking (ATT). Autorité de La Concess said he invest against Apple for abuse of a dominant position as a mobile app distributor for iOS and iPados devices between April 26, 2021 to July 25, 2023. Yes, introduce According to iPhone manufacturer with iOS 14.5, iPados 14.5 and TVOS 14.5, this frame This requires mobile applications to look for obvious users’ consent to access IDFA) and track them by apps and sites…
It was found in Microsoft Windows found Silence and Darkwisp. Activities was linked to a Russian hacking group called Water Hamayunwhich is also known as Encrypthub and larva-208. “The Threat Actor Deploy Payloads Primarily by Melicious Provisioning Packages, Signed .msi Files, and Windows Msc Files, Using Techniques Like The Intellij Runnerw.exe for Command Execution,” Trend Micro Researchers Aliakbar Zahravi and Ahmed Mohamed Ibrahim – Note In the following analysis published last week. Water Gamayun has been associated with the active operation of the CVE-2025-2633 (aka MSc Eviltwin), vulnerability within Microsoft Cancole (MMC) to perform malicious software using the Microsoft Console…
March 31, 2025Hacker NewsDetection of invasion / vulnerability If you are using AWS, it is easy to assume that your cloud security is handled – but it’s a dangerous misconception. AWS provides its own infrastructure but security inside The cloud is the client’s responsibility. Think about AWS safety, such as building protection: AWS provides strong walls and firm roofs, but clients depend on the processing of the locks, install the alarm and make sure the values do not remain subjected. In this blog we will clarify what AWS does not provide vulnerability in the real world, and like cloud safety…