Author: Admin
March 21, 2025Red LakshmananCyber -aataka / vulnerability According to the two deficiencies affecting Sans Internet Storm Center. A Two vulnerabilities of a critical evaluation over the question given below – Cve-2024-20439 (CVSS assessment: 9.8) – Having undocumented static account users for an administrative account that the attacker could use to enter the affected system Cve-2024-20440 (CVSS assessment: 9.8) – a vulnerability that arises from -wit the excessively long -word debug log that can apply to access such files by means of a http request and get credentials that can be used to access API Successful exploitation of disadvantages can allow…
March 20, 2025Red LakshmananAnalysis of malicious programs / threats Video on YouTube that promote cheats games Concea Probably focusing on Russian users. “What is intriguing in this malicious program is how much it collects,” Caspersorsky – Note In the analysis. “It seizes information about VPN and gaming customers, as well as all kinds of network utilities such as NGROK, Playit, CyberDuck, Filezilla and Dyndns.” The attack networks provide for the sharing of the links to the archive, protected by the password on the YouTube video, which at the opening unpack the bath.bat package, which is responsible for obtaining another archive…
March 20, 2025Red LakshmananCybersecurity / vulnerability Agency for cybersecurity and US infrastructure (CISA) has added Lack of safety at high speed affectingShip) Catalog, citing evidence of active exploitation. The vulnerability in question is the CVE-2024-48248 (CVSS: 8.6), an absolute traverse mistake that can allow you to read files on the target host, including sensitives, such as “/etc/shadow” through the endpoint “/c/rm.”. This affects all versions of the software to version 10.11.3.86570. “Backup and replication Nakivo contains the absolute path of vulnerability that allows the attackers to read arbitrary files,” Cisa said in the advisory. Successful lack of lack can allow…
March 20, 2025Red LakshmananUpdate vulnerability / software Veeam has released security updates to address a critical security deficiency that affects its backup software and replication, which can lead to the remote code. Vulnerability tracked as Cve-2025-23120Carries CVSS 9.9 out of 10.0. This affects 12.3.0.310 and all previous versions 12. “The vulnerability that allows you – Note in a consultation released on Wednesday. Petr Basidlo Safety Researcher with Watchtowr was credited and the shortage report, which was resolved in version 12.3.1 (collection 12.3.1139). According to Bazydlo and Researcher Sina Hirha, CVE-2025-23120 stems from the inconspicuous management of the VEEAM desserization mechanism,…
Compliance with the regulatory requirements no longer raises concern about large enterprises. Small and medium-sized enterprises (SMB) are increasingly undergoing stiff protection and safety rules such as HIPAA, PCI-DSS, CMMC, GDPR and FTC protection rules. However, many SMB are struggling to comply with the requirements with limited IT resources that develop normative requirements and complex security problems. Recent data show that in the US approximately 33.3 million SMB, and 60% and no longer meet at least one regulatory standard. This means that almost 20 million SMB can be at risk of fines, security violations and reputation damage. For managed service…
Cybersecurity is not just another box in your business business. This is a fundamental pillar of survival. As the organizations are increasingly migrating their activities in the cloud, understanding how to protect their digital assets, it becomes decisive. A Model General LiabilityAttached with the Microsoft 365 approach, it offers the basis for understanding and implementing effective cybersecurity measures. The essence of general liability Think about cloud security as a well -kept building: Property Head processes structural integrity and common areas, while tenants provide their individual units. Similarly, the general responsibility model creates a clear division of security duties between Cloud…
March 20, 2025Red LakshmananSpy Software / Mobile Security Governments of Australia, Canada, Cyprus, Denmark, Israel and Singapore are probably New Report from the civil laboratory. Paragon, founded in 2019, Ehud Barak and Ehud Schneorson, is a maker of an observation tool called Graphite, which is capable of typing sensitive data from instant messages on the device. The interdisciplinary laboratory stated that it determined six governments as “suspected paranas” after displaying the server infrastructure suspected of the spy program. Development occurs nearly two months after WhatsApp meta rumors – Note It reported about 90 journalists and members of civil society that…
March 20, 2025Red LakshmananCybercrime / malicious software Emergency Response Team in Ukraine (CERT-UA) prevention a new company aimed at the defense sector with dark crystals (Aka Endkrat). The company, found earlier this month, was sent to both employees of the defense complex and individual representatives of the Ukrainian defense forces. Activities involves the distribution of malicious messages through the messaging application that contains the intended meeting protocols. Some of these messages are sent from previously violated signal accounts to increase the likelihood of success attacks. The reports are shared as archival files that contain PDF and the executable file specified.…
March 19, 2025Red LakshmananIntelligence threatens / crypto The actors threatens exploit a serious lack of security in PHP to deliver cryptocurrency miners and remote access (rats) like Quasar Rat. Vulnerability assigned to CVE ID Cve-2024-4577Refers to argument vulnerability in PHP that affect Windows -based systems that work in CGI, which can allow distant attackers to run an arbitrary code. Cybersecurity Company Bitdefender – Note Since the end of last year, he observed attempts to operate against the CVE-2024-4577, and a significant concentration was reported in Taiwan (54.65%), Hong Kong (27.06%), Brazil (16.39%), Japan (1.57%) and India (0.33%). About 15% of…
March 19, 2025Red LakshmananCybercrime / Intelligence threats Recently Leak Chat internal magazines Among the members of the Black Basta Ransomware Operation found possible links between the gang of electronic crimes and the Russian authorities. A leak containing more than 200,000 reports from September 2023 to September 2024 was published by Telegram @Exploitwhispers. According to the analysis of the Cybersecurity Company Trellix, allegedly leader Black Basta Oleg Nefedov (aka GG or AA) may have received assistance from Russian officials After his arrest In Yerevan, Armenia, in June 2024, which allowed him to escape in three days. In GG reports he claimed…