Author: Admin
February 10, 2025Red LakshmananVulnerability / data protection Zimbra has released software updates to solve critical security deficiencies in its software for cooperation, which can be successfully disclosed under certain conditions. Vulnerability tracked as Cve-2025-25064It carries the CVSS 9.8 with a maximum of 10.0. This has been described as a SQL injection error in the ZimbraSync soap box, which affects the version up to 10.0.12 and 10.1.4. Based on the lack of proper sanitary parameter, the deficiencies may be armed with authenticated attackers to introduce arbitrary SQL requests that could get e -mail metadata by “manipulating a certain parameter in the…
February 10, 2025Red LakshmananVulnerability / malicious software The threatening actors were observed in the use of several disadvantages in different software products, including the progress of Telerik UI for ASP.net Ajax and Advantive Veracore to give up back projectiles and web -columns and maintain permanently distant access to the broken systems. Zero exploitation of security deficiencies in Verakore was associated with the actor threats known as Cable groupA group of cybercrime is probably from Vietnamese origin, which is known to be active since 2010. “The XE group has passed from Skimmymyming Credit to target information about information, which notes a…
February 8, 2025Red LakshmananArtificial intelligence / safety supply chain Cybersecurity researchers found two malicious machine learning models (ML) on the hug that used unusual “broken” salted cucumber files to avoid detection. “Files of salted cucumbers extracted from the mentioned Pytorch archives showed malicious Python content at the beginning of the file,” Carl Zanka ReversingLabs Researcher – Note In a report that shared with Hacker News. “In both cases, the harmful load was a typical reverse platform reverse shell that connects to the tough code.” The approach was named Nullifai because it provides attempts to solve The passage of existing guarantees…
07 February 2025Red LakshmananMobile Security / Artificial Intelligence The new Deepseek mobile application audit for the Apple iOS operating system has found that bright security issues, the main thing that it sends sensitive data over the Internet that allows you to encrypt, exposing it with interception and manipulation. The assessment comes from nowsecure, which also showed that the app does not follow the best security practices and that it collects extensive user data and devices. “DEEPEEK iOS app sends some mobile app registration and devices online without encryption”, company – Note. “This exposes any data on the internet both passive…
07 February 2025Red LakshmananCloud security / web -security Microsoft warns of a dangerous practice in which software developers include publicly disclosed ASP.Net keys from publicly available resources, thus investing their applications into the path of attackers. The Technological Giant Intelligence Team stated that it was observing limited activity in December 2024, which included an unknown threat actor using the ASP.Net’s public static key for imposing malicious code and delivery Godl Frame after operation. He also noted that he identified more than 3,000 publicly discovered keys that could be used for these attacks View the Infrosting Codes. “While many previously known…
07 February 2025Hacker NewsVulnerability / malicious software The US Cybersecurity and infrastructure agencies (CISA) have warned that the lack of security affecting Trimble Urban work Asset management software focused on GIS was actively operating in the wild. The vulnerability in question is the CVE-2025-0994 (CVSS V4: 8.6), desserization of an unreliable data error that can allow the attacker to conduct the removed code. “This can allow authentified users to implement the code implementation on the Microsoft Infort Services (IIS) Customer Customer,” Cisa – Note In an advisory order of February 6, 2025. The disadvantage affects the following versions – CityWorks…
Fundamentals for social engineering attacks – people’s manipulation – may have not changed for many years. These are vectors – how these methods are unfolding – developing. And, like most industries these days, AI accelerates its evolution. This article studies how these changes affect business and how cybersecurity leaders can respond. Establishing attacks: Use a trusted identity Traditional forms of defense have already fought for solving social engineering, “the cause of most data violations”, according to Thomson Reuters. The next generation of cyber-fades working on AI can now start these attacks with unprecedented speed, scale and realism. Old Way: Silicone…
07 February 2025Red LakshmananFinancial security / compliance with regulatory requirements The Central Bank of India, the Indian Reserve Bank (RBI), said it is introducing an exclusive “bank” on the Internet for banks in the country to combat digital financial fraud. “This initiative is aimed at reducing cybersecurity threats and malware, such as phishing; and streamlining safe financial services, thereby increasing the trust in digital banking and payment services,” Irbi – Note in a statement issued today. To this end, the Institute for Development and Studies in Banking Technology (IDRBT) will act as an exclusive registrar. It is expected that registration…
07 February 2025Red LakshmananVulnerability / intelligence threats The actors threatened were observed in the exploitation of recently disclosed security deficiencies in Simplehelp (RMM) software as a predecessor for ransom attack. The invasion applied the vulnerabilities that have now been put to gain initial access and maintain permanently remote access to the uncertain target network, according to the Chapecurity Company Field Effect Effect Effect report, which is shared by Hacker News. “The attack included the rapid and intentional execution of multiple tactics, methods and procedures after compromise (TTPS), including the detection of network and system, creating administrator accounts and creating mechanisms…
06 February 2025Red LakshmananCybercrime / Ransomware In 2024, $ 813.5 million has been raised for a total of $ 813.5 million, which decreased compared to $ 1.25 billion in 2023. The total amount required during the first half of 2024 amounted to $ 459.8 million, Blockchain Intelligence Chenkalysis said, adding paying activities after July 2024 by 3.94%. “The number of ransomers increased in H2, but the chain payments have declined, suggesting that more victims were aimed but less paid,” company company company – Note. Adding to the problems is an increasingly fragmented ransom ecosystem, which, as a result of the…