Author: Admin

March 19, 2025Red LakshmananCloud security / web -security The threats of the actors standing for Transparent The company uses fake checks Recaptcha or Cloudflare turnstile as bait to fool users in download malicious programs such as theft Lumma and Vidar Ctyler. Transparentfirst Fake web -browsers update baits on compromised WordPress as a vector of malware. The company is also known for relying on another technique known as Essential To get a useful load on the next stage using Smart Chain Binance contracts (BSC) as a way to make an attack chain more elastic. The ultimate purpose of these infection networks…

Read More

March 19, 2025Hacker NewsIdentity Safety / Webinar In today’s digital world, security disorders are too common. Despite the many available safety and curriculum tools, identity-based attacks, phishing, opponent on average and bypassing the MFA is the main problem. Instead of taking these risks and pouring resources in correcting problems after they arise, why not interfere with the attacks in the first place? Our upcoming webinar, “How to exclude threats based on the individual” will show you how, showing Outside the identity expert Jing Reichan (Director of product marketing) and Louis Moraskio (Senior architect of products). Join them to learn how…

Read More

March 19, 2025Hacker NewsDetection of security / threats Saas Identity -based attacks are increasing. The attackers aim at identity with violated powers, abducted by authentication and privileges abuse. While many decisions on detection threats focus on cloud, end and network threats, they ignore the unique risks that cause Saas identity ecosystems. This blind place applies chaos for large and small Saas organizations. The question is, what can the security teams do? Don’t be afraid because Identification and reaction of the threat of identity (ITDR) here to keep the day. It is necessary to have visibility and response mechanisms to stop…

Read More

March 19, 2025Red LakshmananVulnerability / safety network Cybersecurity researchers revealed details Two important flaws Impact on Myscada myproData Control and Collection System (Scada) used surrounded by operational technology (OT) that can allow malicious subjects to control susceptable systems. “These vulnerabilities, when exploited, can give unauthorized access to industrial control networks, which will potentially lead to serious operational disruptions and financial losses,” Swiss Prodaft security company – Note. List of disadvantages, both valued 9.3 in the CVSS V4 assessment system, below – below – Cve-2025-20014 – vulnerability of the operating system teams that can allow the attacker to perform arbitrary commands…

Read More

March 19, 2025Red LakshmananVulnerability / Devecap Cybersecurity and US Infrastructure Agency (CISA) added vulnerability associated with A compromise chain of supplies GITHUB Actions, TJ-Actions/Change-Files, to known exploited vulnerabilities (KEV). The lack of high degree is tracked as Cve-2025-30066 (CVSS assessment: 8.6), provides for a GITHUB action for imposing a malicious code that allows a distant attacker to access sensitive data through action logs. “The GitHub action in TJ-Actions/Change-Files contains a built-in malicious vulnerability of the code that allows remote attackers to reveal secrets by reading action magazines,” Cisa – Note In warning. “These secrets can include, but without limitation, the…

Read More

March 18, 2025Red LakshmananCyber ​​-Ataka / malicious software At least four different threatening subjects have been identified as involved in an updated version Badbox. These include Salestracker Group, Moyu Group, Lemon Group and Longtv, according to the national team and research group on Human Satori, published in collaboration with Google, Trend Micro, Shadowserver and other partners. “Complex and Expanded Fraud Operation” was named BadBox 2.0. It was described as the largest bott -infected connected TVs (CTV), which when they were disclosed. “Badbox 2.0, like its predecessor, begins with the back of inexpensive consumer devices that allow remotely loading fraud modules,”-the…

Read More

March 18, 2025Red LakshmananVulnerability / firmware safety The critical safety vulnerability has been disclosed in the MEGARAC AMI (BMC) software management software, which can allow the attacker to bypass authentication and carry out actions after operation. Vulnerability tracked as Cve-2024-54085Carnate CVSS V4 10.0, indicating the maximum burden. “Local or remote attacker can use vulnerability by accessing remote control (Redfish) or internal host BMC (Redfish)”, “Company Showare Security Company Eclypsium – Note In a report that shared with Hacker News. “The operation of this vulnerability allows the attacker to remotely control the compromised server, remotely deploy malicious software, required software, firmware…

Read More

March 18, 2025Red LakshmananAI / safety software safety Cybersecurity researchers have revealed details about the new vector of the supply chain called “sourdough”, which affects artificial intelligence (AI), which is supported by code editor such as GitHub Copilot and Cersor, which will introduce a malicious code. “This technique allows hackers silently endangered AI-Zeented code by introducing hidden malicious instructions into the seemingly innocent file – Note In a technical report that is shared with Hacker News. “Using hidden Unicode characters and sophisticated evading methods in the model facing useful load, threatening subjects can manipulate AI to insert a malicious code…

Read More

March 18, 2025Red LakshmananCloud security / security of businesses Google makes the biggest acquisition in its history by acquiring Wiz Company Company Wiz in a $ 32 billion transaction. “This acquisition is an investment of Google Cloud to speed up two big and growing trends in the AI ​​era: improved cloud security and the ability to use multiple clouds (multi),” technological giant – Note Today. He added the acquisition, which is subject to normative approval, designed to provide customers of the “comprehensive security platform”, which provides a modern IT -year. CEO of Google Cloud Thomas Curian – Note Combining your…

Read More

March 18, 2025Red LakshmananVulnerability / safety windows The unobtrusive lack of security that affects Microsoft Windows was used by 11 state groups from China, Iran, North Korea and Russia as part of data theft, espionage and financially motivated companies dating from 2017. A zero day vulnerability, tracked by Trend Micro’s Nero Day (Zdi) initiative as Appear-CAN-25373refers to a problem that allows bad actors to perform hidden malicious teams on the victim car using the created Windows or Shell Link (.lnk). “Attacks use the hidden command line arguments in .lnk files to perform malicious loads, complicating the detection,” said security researchers…

Read More