Author: Admin
April 17, 2025Red LakshmananVulnerability / safety network US Cybersecurity Agency and US Infrastructure (CISA) added Lack of security affecting safe mobile access Sonicwall (Fat) 100 gateway series to known exploited vulnerabilities (Ship) A catalog based on evidence of active operation. High-speed vulnerability, tracked as the CVE-2021-20035 (CVSS: 7.2), is due to the case of the operating system injection, which may lead to the code. “Incorrect neutralization of special elements in the SMA100 control interface allows for remote authentic attackers to enter arbitrary commands as a” no one “that can potentially lead to code,” Sonicwall – Note In a consultation published…
April 17, 2025Red LakshmananZero day / vulnerability Apple on Wednesday liberated Security updates for iOS, iPados, MacOS Sequoia, TVOS and Visionos to solve the two disadvantages of security, which, he said, came under active exploitation in the wild. The vulnerabilities in question are below – Cve-2025-31200 (CVSS assessment: 7.5) – Memory corruption vulnerability Main audio Frame that can allow the execution of the code when processing audio potato in the abused media file Cve-2025-31201 (CVSS assessment: 6.8) – Vulnerability in the RPAC component that can be used by an attacker with an arbitrary reading and recording capacity Checking of the…
April 16, 2025Red LakshmananSecurity / vulnerability of the final points Cybersecurity researchers described in detail four different vulnerabilities mainly Windows components Task Planning Service This can be used by local attackers to escalate privileges and erasing magazines to cover evidence of malicious activity. Problems have been identified in binary specified “Schtasks.exe”Which allows the administrator to create, remove, request, change, work and conclude planned tasks on a local or remote computer. “A (Managing User Account) vulnerability was found in Microsoft Windows, allowing the attackers to bypass the user account control, allowing them to perform highly accelerated (system) teams without approval -…
Introduction: Why crack when you can log in? SAAS applications are the basis of modern organizations, nutrition and performance performance. But each new application introduces critical safety risks through application integration and multiple users, creating simple access points for threat subjects. As a result of the SAAS violations increased, and according to cyber -posts in May 2024, identity and credentials caused by incorrect conditions 80% of security impact. The subtle signs of the compromise are lost in the noise, and then the multi-stage attacks unfold unnoticed due to the canceled solutions. Think about the accounting of the account in Entra…
April 16, 2025Red LakshmananArtificial Intelligence / Violation Google on Wednesday disclosed that it suspended more than 39.2 million advertisers in 2024, most of them discovered and blocked by their systems before they could serve as a harmful advertisement for users. In general, the technological giant said he had stopped 5.1 billion bad ads, restricted 9.1 billion ads, and blocked or restricted advertising for 1.3 billion pages last year. He also suspended more than 5 million scam violations. Six best AD policy violations included an AD network abuse (793.1 million), improper use of the brand (503.1 million), personalized advertising (491.3 million),…
Actors threats use the specified artificial intelligence platform (AI) Range In phishing attacks to direct unburable users to fake Microsoft. “The attackers are armed with Gamma, a relatively new AI -based presentation tool to deliver a link to a fake portal Microsoft SharePoint Login,” Pathological Researchers Hinman Baron and Piotr Wojtyla – Note Tuesday analysis. The attack network begins with a phishing email, in some cases sent from legitimate, broken e -mail accounts to attract the recipients of messages to open the built -in PDF document. In reality, pdf attachment is nothing but a hyperlink that, when pressed, retains the…
April 16, 2025Red LakshmananCyber -bue / network security Cybersecurity researchers have discovered a new component of the controller associated with the famous back called Bpfdoor Within the framework of cyber -departments aimed at the telecommunications, finance and retail sector in South Korea, Hong Kong, Myanmar, Malaysia and Egypt in 2024. “The controller can open the backward shell”, “Trend Micro Descrinere Fernando Mercês” – Note In a technical report published earlier the week. “This can allow lateral motion, allowing the attackers to enter deeper into the impaired networks, allowing them to control more systems or access sensitive data. The company has…
Cheap Android smartphones made by Chinese companies The functionality of clipper As part of the campaign since June 2024. When using applications laid from malware for theft of financial information, it is not a new phenomenon, new results of the Russian antivirus supplier Doctor Webb-talking to a significant escalation where the participants of the threat are directly Earning for a supply chain Different Chinese manufacturers who pre -load brand new devices with malicious applications. “Fraudal applications have been detected directly in the software pre -installed by phone,” the company – Note. “In this case, the malicious code was added to…
April 16, 2025Red LakshmananOffice of vulnerability / incident reaction Funding for the US Government for the Non-Profit Research Giant Miter for the operation and maintenance of common vulnerabilities and expositions (Cve) The program will end on Wednesday, unprecedented development, which can shake one of the main pillars of the world ecosystem cybersecurity. The 25-year CVE program is a valuable tool for vulnerability management, which offers the actual standard for detection, definition and directory, publicly reveals security deficiencies using IDS CVE. Josry Barsum, Vice -President Mitter and Director of the Homeland Security Center (CSH) said he financing for “development, work and…
April 15, 2025Red LakshmananAttack of supply chain / malicious software Cybersecurity researchers revealed a malicious package loaded to the Python Package repository designed to execute trading orders on Mexc Exchange cryptocurrency on a malicious server and theft of tokens. Package, CCXT-MEXC-FUTURS, suggests being an extension built on the popular Python library called ccxt (Short for cryptocurrency exchange trading) used to connect and trade with several cryptocurrency exchanges and facilitate payments processing services. The malicious package is no longer available on Pypi but statistics on Pepy.Tech shows that it was loaded at least 1065 times. “The authors of the CCXT-MEXC-Futures package…