Author: Admin
Open Web Application Security Project recently submitted new 10 best projects – Non -Human Identity (NHI) Top 10. Over the years Owasp provides safety specialists and developers basic recommendations and effective structures through the 10 best projects, including widely used security lists API and web applications. The security of inhuman identification causes new interests in the cybersecurity industry, covering the risks and lack of supervision associated with API keys, Service AccountsOauth programs, SSH keys, Iam roles, secrets and other machine credentials and workload IDs. Given that the flagship top 10 Owasp projects are already covering a wide range of safety…
January 27 2025 gRavi LakshmananCybershlpion / Intelligence threats Previously unknown actor threats were noticed by copying the trade associated with the Kremlin Homoredon A hacker group in their cyberattacks aimed at Russian -speaking objects. The company was attributed to the cluster threats dubbed Gamacopywhich is estimated to match another Hackers Group Core WerewolfAlso tracked both Awaken Likho and Pseudogamredon. According to the KnownSec 404 Advanced Threat Intelligence team, the attacks use the contents associated with military facilities as a Ultravnc’s deployment, which allows the threat to the subjects to obtain distant access to hacked knots. “TTPs (tactics, methods and procedures)…
January 27 2025 gRavi LakshmananPoisoning malicious programs / SEO Hunting threats described in detail the current company that uses the loader’s malware called MINTSLOAADER to spread secondary useful loads such as Stealc Information kidnapper and legitimate network computing with open source called Brain. “MINSLOAADER is a PowerShell malware boot, which was delivered through spam, citing Kongtuke/Clickfix pages or JScript file,” the Esentire cybers safety said. said In the analysis. The company was aimed at the electricity, oil and gas and legal services sector in the United States and Europe, according to a company that discovered activities in early January 2025.…
As part of the Llama Mange (LLM), a high-speed security disadvantage (LLM) Llama Llama, which can allow the attacker to execute an arbitrary code on the llama-stack output. Vulnerability tracked as Cve-2024-50050CVSS 6.3 out of 10.0 was assigned. On the other hand, SNYK’s Security Country Firm appointed This is a critical severity of 9.3. “The affected versions are vulnerable to the desserization of unreliable data, that is, the attacker can execute an arbitrary code by sending malicious data that are deasserized,”-Avi Lumenski Research – Note In the analysis earlier this week. Disadvantage, according to Llama stackwhich determines API interfaces to…
January 24 2025 gRavi LakshmananSecurity / vulnerability of telecommunications A group of scientists has revealed details of more than 100 security vulnerabilities that affect the LTE and 5G introduction that can be used by the attacker to disrupt access to the service and even fixed in the main cellular network. The 119 vulnerabilitiesAppointed 97 unique CVE ID, cover seven LTE – Open5gs. Magma. Openair interface. Atonate. Sd-core. NEXTEPC. SRSR – and three 5G – Open5gs, Magma, Openairinterface, according to researchers at Florida University and North Carolina State University. The conclusions were described in detail in a study called “Ransacked: Domain-informed…
The US Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national and two Mexican nationals for their alleged involvement in an ongoing information technology (IT) worker fraud scheme aimed at generating revenue for the People’s Democratic Party. The Republic of Korea (DPRK) is in violation of international sanctions. The action focuses on Jin Sung Il, Park Jin Sung, Pedro Ernest Alonso De Los Reyes, Eric Ntekarese Prince and Emmanuel Ashtar. Alonso, who lives in Sweden, was arrested in the Netherlands on January 10, 2025 after a warrant was issued. All five defendants were charged with…
January 24 2025 gRavi LakshmananBiometric / Mobile Security Google has launched a new feature called Verifying personality For supported Android devices, blocking confidential biometric settings when being out of trusted places. “If you turn on the face check, your device will need obvious biometric authentication to access certain confidential resources if you are out of trusted places,” Google. said in a posting message. In doing so, biometric authentication will required for the following – Enable Saved Passwords and Key using Google Password Manager Autovging Passwords in programs with Google Password Manager, except Chrome Change screen lock, eg PIN, Template and…
January 24, 2025Ravi LakshmananVulnerability / JavaScript The US Cybersecurity and Infrastructure Agency (CISA) on Thursday to place Currently there is a security flaw that affectsTransport) Catalog based on evidence of active exploitation. Vulnerability of medium and CVE-2020-11023 (CVSS Score: 6.1/6.9), a nearly five-year-old cross-platform scripting (XSS) that can be used to achieve arbitrary code execution. “Transmitting HTML that contains elements from untrusted sources – even after sanitizing them – to one of jQuery’s DOM manipulation methods (ie Github Advisory released for lack. There was a problem to address jQuery version 3.5.0 was released in April 2020. The solution for CVE-2020-11023…
January 23, 2025Ravi LakshmananMalware / Enterprise Security Juniper Networks’ enterprise-class routers have been targeted by a custom backdoor in a campaign called J-magic. According to the Black Lotus Labs team at Lumen Technologies, this activity got its name because the backdoor continuously tracks the “magic packet” sent by the threat in TCP traffic. “J-magic is reporting a rare case of malware specifically designed for JunoOS, which serves a similar market but relies on a different operating system, a variant of FreeBSD,” the company said in a statement. said in a report shared with The Hacker News. Data collected by the…
January 23, 2025Ravi LakshmananPhishing / Malware Cybersecurity researchers are turning their attention to a new malware campaign that uses fake CAPTCHA checks to deliver the infamous Lamma information stealer. “The campaign is global, and Netskope Threat Labs is tracking victims in Argentina, Colombia, the United States, the Philippines, and other countries around the world,” said the report shared with The Hacker News. “The campaign also spans multiple industries, including healthcare, banking and marketing, with the telecommunications industry having the largest number of targeted organizations.” The attack chain begins when the victim visits a compromised website that directs them to a…