Author: Admin

04 February 2025Red LakshmananVulnerability / safety equipment AMD’s securely encrypted virtualization revealed security vulnerability (SEV), which can allow the attacker to load a malicious processor microcode under certain conditions. The downside, tracked as Cve-2024-56161Carnate CVSS 7.2 out of 10.0, indicating high severity. “Incorrect signature checking in the Microcode Micro-Patching Patch CPU ROM may allow an attacker with a local privilege administrator to load microcode processor, leading to the loss of confidentiality and integrity of the confidential guest operating under AMD Sev-SNP”, AMD – Note In advisory. Discharges are attributed to Google Safety Researchers Josh Edsa, Christopher Jake, Eduard Vela, Tavis…

Taiwan has become the last country that prohibits the state bodies to use the Chinese Startup Deepseek (AI) platform, citing security risk. “State institutions and critical infrastructure should not use Deepseek because it jeopardizes national information security,” a statement published by the Taiwanese Ministry of Digital Affairs said, Perer Radio Free Asia. “Deepseek Ai Service is a Chinese product. Its operation includes a cross-border transfer, as well as information leak and other information security issues.” Chinese origin Deepseek proposed Authorities from different countries to study the use of personal service data. Last week it was clogs In Italy, citing the…

04 February 2025Red LakshmananVulnerability / mobile security Google has Starting patches To solve 47 security deficiencies in his Android operating system, including one he said, was actively exploited in the wild. Vulnerability in question Cve-2024-53104 (CVSS assessment: 7.8), which was described as a case of escalation privileges in a core component known as a USB -video class (UVC) the driver. Google noted that successful exploitation of the shortage could lead to physical escalation of privileges, noting that it may be “limited, focused exploitation”. Although no other technical details were offered, the Linux kernel developer Greg Croo-Hartman in early December 2024…

04 February 2025Hacker NewsVulnerability / cloud security Microsoft has released patches to address two security deficiencies that affect the Azure AI Face and Microsoft account that can allow malicious actors to escalate their privileges under certain conditions. Disadvantages are below – Cve-2025-21396 (CVSS assessment: 7.5) – Exaltation of Microsoft account vulnerability Cve-2025-21415 (CVSS assessment: 9.9) – Azure AI Personal Exaltation Vulinity “Bypass authentication by fake Azure AI Face Service allows the authorized attackers to raise privileges over the network,” Microsoft in CV-2025-21415, counted an anonymous researcher for the shortage of the deficiency. The CVE-2025-21396, on the other hand, stems from…

04 February 2025Red LakshmananVulnerability / SharePoint Cybersecurity researchers have revealed details of the vulnerability affecting Microsoft affecting Microsoft Connector SharePoint upon Platform of Power This, if used successfully, can allow the threat to gather the user’s powers and subsequent next attacks. This may manifest as actions after operation that allows the attacker to send requests to API SharePoint on behalf of the withdrawal user, allowing unauthorized access to sensitive data, the said. “This vulnerability can be used via Power Automate, Power Apps, Copilot Studio and Copilot 365, which greatly expands the scale of potential damage,” said the senior security researcher…

Attack surfaces grow faster than they may keep up with security teams – you need to know what the attackers are most likely to struck. Given the adoption cloud, the ease of exposing new systems and services on the Internet dramatically increases, the priority threats and the control of the attack in terms of the attacker have never been more important. In this guide we consider why the attack surfaces grow and how to properly control and manage them properly Tools like an attacker. Let’s plunge. What is your surface surface? First, it is important to understand what we mean…

03 February 2025Red LakshmananFinancial security / malicious software Windows Brazilian users are the purpose of the company that provides a bank malicious software called Coyote. “After the deployment of Trojan Coyote Banking can carry out various malicious activities, including keys, screenshots and displaying the submitted phisching for theft of sensitive credentials,” – Researcher Fortinet Fortiguard Labs Cara Lin – Note in an analysis published last week. Cybersecurity company has stated that a few Windows (LNK) artifacts that contain PowerShell teams responsible for the delivery of malware have been identified over the last month. Coyote was First documented In early 2024,…

03 February 2025Red LakshmananOpen Source / Software The Python Python registry registry registry has announced a new feature that allows the packages to archive the project within the framework of efforts to improve the safety of the supply chain. “Now supporters can archive a project that informs users that the project will not receive more updates,” Facundo Tutca, Senior Engineer at Trail Of Bits, – Note. Doing this, the idea is to clearly inform the developers that Python libraries are no longer actively supported and no future security fixes should be expected. Given this, the projects marked as archival will…

03 February 2025Red LakshmananVulnerability / safety network Up to 768 vulnerabilities with the designated CVE ID has been reported as exploited in the wild in 2024, which compared to 639 CE in 2023, registering by 20% increased compared to last year. Describing 2024 as “another banner for threats aimed at operating vulnerabilities”, Vulncheck – Note It is known that 23.6% of the well -known exploited vulnerabilities (KEV) were armed either a day or before the day when CVE was publicly disclosed. This means a slight decrease from 26.8%2023, indicating that attempts can occur at any time in the vulnerability cycle.…

Russian gang on cybercrime, known as insane evil, has been associated with more than 10 scams in social media that use a wide range of individuals StealAtomic MacOS Theft (aka Amos), and An angel drain. “Specializing in fraud with identity, theft of cryptocurrency and malicious software involved in information, Crazy Eal – Note In the analysis. The use of a variety of Arsenal Cryptoscam group is a sign that the actor threatens on users of both Windows and MacOS systems, which creates a risk to a decentralized financing ecosystem. Crazy evil was rated active, at least since 2021, functioning in…