Author: Admin

04 February 2025Red LakshmananVulnerability / cyber -hpion Recently fixed Safety vulnerability The 7-Zip Archiver tool was used in the wild to deliver Diplomat malicious software. The deficiency Cve-2025-0411 (CVSS assessment: 7.0), allows the distant attackers to bypass the Mark-Warriors (Strong) Protection and execute an arbitrary code in the context of the current user. It was addressed to 7-ZIP in November 2024 with Version 24.09. “The vulnerability is actively exploited – Note. It is suspected that the CVE-2025-0411 is probably armed with focused state and non-governmental organizations in Ukraine as part of a cyber-spy-based campaign established against the background of the…

04 February 2025Hacker NewsFinding a threat / cloud security As the cloud develops in 2025 and beyond the organization, both new and developing realities should be adapted, including increasing dependence on cloud infrastructure for AI workflows, as well as a huge amount of data transferred to the cloud. But there are other developments that can affect your organizations and provide the need for an even more reliable security strategy. Let’s see … No. 1: Increased Landshaft threats encourages market consolidation Cyberattacks aimed at cloudy conditions are becoming increasingly sophisticated, emphasizing the need for safety decisions beyond detection. Organizations will need…

04 February 2025Red LakshmananVulnerability / safety equipment AMD’s securely encrypted virtualization revealed security vulnerability (SEV), which can allow the attacker to load a malicious processor microcode under certain conditions. The downside, tracked as Cve-2024-56161Carnate CVSS 7.2 out of 10.0, indicating high severity. “Incorrect signature checking in the Microcode Micro-Patching Patch CPU ROM may allow an attacker with a local privilege administrator to load microcode processor, leading to the loss of confidentiality and integrity of the confidential guest operating under AMD Sev-SNP”, AMD – Note In advisory. Discharges are attributed to Google Safety Researchers Josh Edsa, Christopher Jake, Eduard Vela, Tavis…

Taiwan has become the last country that prohibits the state bodies to use the Chinese Startup Deepseek (AI) platform, citing security risk. “State institutions and critical infrastructure should not use Deepseek because it jeopardizes national information security,” a statement published by the Taiwanese Ministry of Digital Affairs said, Perer Radio Free Asia. “Deepseek Ai Service is a Chinese product. Its operation includes a cross-border transfer, as well as information leak and other information security issues.” Chinese origin Deepseek proposed Authorities from different countries to study the use of personal service data. Last week it was clogs In Italy, citing the…

04 February 2025Red LakshmananVulnerability / mobile security Google has Starting patches To solve 47 security deficiencies in his Android operating system, including one he said, was actively exploited in the wild. Vulnerability in question Cve-2024-53104 (CVSS assessment: 7.8), which was described as a case of escalation privileges in a core component known as a USB -video class (UVC) the driver. Google noted that successful exploitation of the shortage could lead to physical escalation of privileges, noting that it may be “limited, focused exploitation”. Although no other technical details were offered, the Linux kernel developer Greg Croo-Hartman in early December 2024…

04 February 2025Hacker NewsVulnerability / cloud security Microsoft has released patches to address two security deficiencies that affect the Azure AI Face and Microsoft account that can allow malicious actors to escalate their privileges under certain conditions. Disadvantages are below – Cve-2025-21396 (CVSS assessment: 7.5) – Exaltation of Microsoft account vulnerability Cve-2025-21415 (CVSS assessment: 9.9) – Azure AI Personal Exaltation Vulinity “Bypass authentication by fake Azure AI Face Service allows the authorized attackers to raise privileges over the network,” Microsoft in CV-2025-21415, counted an anonymous researcher for the shortage of the deficiency. The CVE-2025-21396, on the other hand, stems from…

04 February 2025Red LakshmananVulnerability / SharePoint Cybersecurity researchers have revealed details of the vulnerability affecting Microsoft affecting Microsoft Connector SharePoint upon Platform of Power This, if used successfully, can allow the threat to gather the user’s powers and subsequent next attacks. This may manifest as actions after operation that allows the attacker to send requests to API SharePoint on behalf of the withdrawal user, allowing unauthorized access to sensitive data, the said. “This vulnerability can be used via Power Automate, Power Apps, Copilot Studio and Copilot 365, which greatly expands the scale of potential damage,” said the senior security researcher…

Attack surfaces grow faster than they may keep up with security teams – you need to know what the attackers are most likely to struck. Given the adoption cloud, the ease of exposing new systems and services on the Internet dramatically increases, the priority threats and the control of the attack in terms of the attacker have never been more important. In this guide we consider why the attack surfaces grow and how to properly control and manage them properly Tools like an attacker. Let’s plunge. What is your surface surface? First, it is important to understand what we mean…

03 February 2025Red LakshmananFinancial security / malicious software Windows Brazilian users are the purpose of the company that provides a bank malicious software called Coyote. “After the deployment of Trojan Coyote Banking can carry out various malicious activities, including keys, screenshots and displaying the submitted phisching for theft of sensitive credentials,” – Researcher Fortinet Fortiguard Labs Cara Lin – Note in an analysis published last week. Cybersecurity company has stated that a few Windows (LNK) artifacts that contain PowerShell teams responsible for the delivery of malware have been identified over the last month. Coyote was First documented In early 2024,…

03 February 2025Red LakshmananOpen Source / Software The Python Python registry registry registry has announced a new feature that allows the packages to archive the project within the framework of efforts to improve the safety of the supply chain. “Now supporters can archive a project that informs users that the project will not receive more updates,” Facundo Tutca, Senior Engineer at Trail Of Bits, – Note. Doing this, the idea is to clearly inform the developers that Python libraries are no longer actively supported and no future security fixes should be expected. Given this, the projects marked as archival will…