Aggregator

新发现的恶意软件活动已经危害了 4,000 多家互联网服务提供商 (ISP)，使黑客能够远程访问关键基础设施。

欢迎关注安全圈求职社群！！

Fix Inventory is an open-source tool for detecting compliance and security risks in cloud infrastructure accounts. It was built from the ground up for cloud-native environments and provides broad support for over 300 cloud services, including AWS, Google Cloud Platform, Azure, DigitalOcean, Hetzner, Kubernetes, and GitHub. How Fix Inventory works The tool operates in three key phases to help organizations manage their cloud security: Collect inventory data – The tool queries cloud infrastructure APIs in … More →

The post Fix Inventory: Open-source cloud asset inventory tool appeared first on Help Net Security.

The Health Sector Coordinating Council is kicking off a health sector mapping initiative aimed at helping the ecosystem avoid massive disruptions in the event of major cyber incidents, said Greg Garcia, executive director for cybersecurity at the Health Sector Coordinating Council.

The majority of significant attacks hitting the health sector involve unpatched vulnerabilities dating back years, a situation cybercriminals are more easily and swiftly able to exploit using AI-based tools, said Health Information Sharing and Analysis Center President and CEO Denise Anderson.

As clinicians move to a model of working anywhere - on many types of devices and under a variety of different internet environments - web browser security is a heightened concern, said John Frushour, vice president and CISO at New York-Presbyterian Hospital, and CyberEdBoard member.

RansomHub, Play, Akira and Clop Among the Groups Claiming the Most Victims
Ransomware operations have collectively claimed what amounts to a surge in new victims. Researchers trace much of this activity to RansomHub, Play and Akira, as well as Clop, which continues to drip-feed details about its attack on users of Cleo Communications' managed file-transfer software.

Fake Error Messages Trick Users Into Deploying a C2 Framework Via PowerShell
A newly discovered phishing campaign is using social engineering to dupe victims into copying, pasting and running the Havoc command-and-control framework on their computers, warn researchers from Fortinet. "ClickFix" displays a fake error message and instructions for its supposed resolution.

Hiatus Could Embolden Moscow
Reports suggesting that the U.S. federal government is going soft on Russia in cyberspace sent shockwaves through the cybersecurity community. Resuming computer network attacks and other exploitation efforts after a pause isn't as simple as flipping a switch.

Code of Practice for Software Vendors Sets Baseline Security Expectations
A British government proposal to strengthen software supply chain security received positive feedback from vendors who said voluntary best practices could strengthen cyber defenses. The guidelines suggest requiring multifactor authentication for developers and timely vulnerability patching.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Andrea Micalizzi aka rgod (@rgod777)' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Andrea Micalizzi aka rgod (@rgod777)' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mark Vincent Yason (markyason.github.io)' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mark Vincent Yason (markyason.github.io)' was reported to the affected vendor on: 2025-03-05, 5 days ago. The vendor is given until 2025-07-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.