Author: Admin
February 13, 2025Red LakshmananSecurity on the Internet / Security Cloud Was marked with extensive phishing Web The content shipping network (CDN) with the aim of stealing credit card information and financial fraud. “The attacker aims at the victims seeking documents on the search engines, leading to access to the malicious PDF, which contains the image of CAPTCHA, is built with a phishing link that makes them provide tangible information,” – a researcher at the threat of Netskope Jan Michael Alcantara – Note. Activities, which continued since the second half of 2024, entails users looking for book titles, documents and graphics…
February 13, 2025Red LakshmananThe United States The North Korea -related actor was associated with a permanent campaign aimed at the South Korean business, government and cryptocurrencies. The Atacine Company is named Deep#drive Securonix was attributed to a hacking group known as Kimaswhich is also tracked under the names of APT43, Black Banshee, cheeky sleet, shiny fish, springtail, ta427 and velvet Chollima. “Use, taking into account the phishing possessive possessive and disguised legal documents, the attackers successfully penetrated the target environment,” – Safety Researchers Den Iuzvyk and Tim Peck – Note In a report that is shared with Hacker News, describing…
February 13, 2025Hacker NewsApplication security / devops Did you feel that your team was stuck in a permanent battle? Developers are in a hurry to add new functions, and security people are worried about vulnerabilities. What if you could collect both sides without harming the second? We invite you to our upcoming webinar, “Opening a quick strip for safe deployment” This is not another technological conversation full of fashion words is a ground-down session that shows you the practical ways to strengthen your security in your projects from the beginning. Many teams face the usual problem: the security security at…
In November 2024, in November 2024, focused on the unnamed Asian software program and services, it provided for the use of a malicious tool used exclusively cyber spying used in China. “During the attack at the end of 2024, the attacker opened a clear set of tools previously used by a Chinese actor in classical espionage attacks,” the hunting team on Symantec, part Broadcom, – Note In a report that shared with Hacker News. “In all previous invasions related to the instruments, the attacker seemed to be engaged in classical espionage seemingly interested solely in maintaining permanent presence in the…
February 13, 2025Red LakshmananNetwork security / vulnerability Palo Alto Networks turned to high-speed security lack in its Pan-OS software, which could lead to bypass authentication. Vulnerability tracked as Cve-2025-0108Carries CVSS 7.8 out of 10.0. However estimate is reduced to 5.1 if access to management interface is limited jump. “Authentication software on Palo Alto Setworks Pan-OS networks allows unauthorized attackers with network access to the management web interface to get around authentication, otherwise requires Pan-OS web interface and causes certain scenarios”, “Palo Alto Networks” – Note In advisory. “When referring to these PHP scenarios, the removed code does not allow, it…
February 13, 2025Red LakshmananMalicious software / cyber -beno Senior hunting shed light on a new company aimed at the Ministry of Foreign Affairs of the unnamed South American nation with ordered malicious software capable of providing remote access to infected hosts. The activity revealed in November 2024 was referred to as an elastic security laboratory with the cluster threats he monitored as Ref7707. Some other goals include telecommunications connections and university located in Southeast Asia. “While Ref7707 is characterized by a well-engine, highly capable, new penetration set, companies have shown poor management companies and inconsistent evading practices,” Andrew PiS and…
Subgroup in a shameful Russian state group known as Pepperner was associated with a long -standing initial access operation called Badpilot, which stretched around the world. “This subgroup conducted a globally diverse compromise of the infrastructure that stands on the Internet to allow SEASHELL snowstorms to be stored on high values and maintain individual network operations,” Microsoft intelligence team is threatened. – Note In a new report that shared with Hacker News on the eve of the publication. The geographical distribution of the initial access goals includes all North America, several European countries, as well as others, including Angola, Argentina,…
February 12, 2025Red LakshmananThe safety of the container / vulnerability Cybersecurity researchers have found a bypass for the NVIDIA container’s safety vulnerability, which can be used to escape the container and gain full access to the main host. New vulnerability is tracked as Cve-2025-2359 (CVSS assessment: 8.3). This affects the following versions – Nvidia Container Toolkit (all versions up to 1.17.3) – recorded in version 1.17.4 GPU Nvidia operator (all versions up to 24.9.1) – recorded in version 24.9.2 ‘NVIDIA container’s tools for Linux contains time of use (Bakery) Vulnerability when used with the default configuration where a container image…
February 12, 2025Hacker NewsAI safety / data protection Ciso relies themselves more involved in AI team, often leading interfunctional efforts and AI strategy. But not much resources that will guide them on how their role should look like and how they should bring to these meetings. We have assembled the basis for security leaders to help push AI Committees and Committees further in accepting II – providing them with the necessary visibility and fences to succeed. Get acquainted with a clear basis. If security groups want to play a key role in traveling on the II organization, they must take…
February 12, 2025Red LakshmananPatch on Tuesday / vulnerability Microsoft on Tuesday released fixes for 63 security deficiencies The impact on its software products, including two vulnerabilities, which, he said, came into active exploitation in the wild. Of the 63 vulnerabilities, three are evaluated critical, 57 – important, one is estimated moderately and two are low. It is besides 23 flaws Microsoft appealed to her browser based on Chromium from last month’s exit Update on Tuesday patch. The update is characteristic of correction of two actively exploited disadvantages – Cve-2025-21391 (CVSS assessment: 7.1) – Exaltation of storage Windows vulnerability Cve-2025-21418 (CVSS…