Aggregator

保持应急状态运行一段时间

The “Eriakos” info-stealing campaign is using hundreds of fake web shops to defraud victims

Тестовое задание обернулось взломом.

专属SRC放大招，荣誉证书+万元奖金，速来查看活动规则！

Благодаря апгрейду стало удобнее работать всем: ИБ-администраторам, ИТ-специалистам и обычным пользователям.

Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown how altering artifact contents can lead to significant security vulnerabilities, enabling attackers to infiltrate and compromise software supply chains. This is the first in a series of blog posts about the importance of artifact integrity, ... Read more

The post Securing Artifacts: Keyless Signing with Sigstore and CI/MON appeared first on Cycode.

The post Securing Artifacts: Keyless Signing with Sigstore and CI/MON appeared first on Security Boulevard.

In October 2023, Google announced the launch of kvmCTF, a new vulnerability reward program (VRP) designed to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor. This innovative program comes with bounties of up to $250,000 for full VM escape exploits, marking a significant step in fortifying virtual machine (VM) environments against zero-day vulnerabilities. […]

The post kvmCTF: Google’s $250K Bounty for KVM Zero-Day Vulnerabilities appeared first on TuxCare.

The post kvmCTF: Google’s $250K Bounty for KVM Zero-Day Vulnerabilities appeared first on Security Boulevard.

Welcome to ANY.RUN‘s monthly updates, where we share our team’s achievements over the past month.   In July, we introduced new features in Threat Intelligence Lookup, added Windows 10 for free users, reduced task startup time, implemented numerous YARA rules and signatures, and expanded our Suricata ruleset.   Let’s break down what’s new in ANY.RUN […]

The post Release Notes: New IOCs in TI Lookup, Network Threats Tab, Free Windows 10 VM, and More appeared first on ANY.RUN's Cybersecurity Blog.

Users use Voice Over Wi-Fi (VoWiFi) quite frequently nowadays, as it’s a technology that enables them to make voice calls over a Wi-Fi network. This technology does so without relying on traditional cellular networks.  Besides this, doing so allows the users to enhance their call quality and reliability in areas with poor network quality. But, […]

The post Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

译者：知道创宇404实验室翻译组 原文链接：Guest vs Null session on Windows 在对 Active Directory 基础架构进行内部评估时，“空会话”、“访客会话”和“匿名会话”等术语是十分常见的。这些词描述了在 Windows 服务器上用于连接资源并获取计算机或 Active Directory 对象（如用户或 SMB 共享）信息的技术。尽管这些技术广为人...

В Минцифры рассказали, почему изменились условия льготной ипотеки.

KCon大会培训日回归！课程人员有限，先到先得~

经过精心筹备与多方努力KCon 2024 黑客大会敲定举办时间将于8月24日-25日举办本次大会涵盖了网安领域

Delta Air Lines has enlisted the legal expertise of David Boies, chairman of Boies Schiller Flexner, to seek damages from cybersecurity firm CrowdStrike and tech giant Microsoft. This follows a catastrophic system crash on July 19 that resulted in the cancellation of thousands of flights and left millions of computers offline. Delta has suffered significant […]

The post CrowdStrike & Microsoft to Face Lawsuit from Delta Air Lines Following System Crash appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

本周，互联网网络安全态势整体评价为良。

Endpoint management tools streamline the administration and security of an organization’s endpoint devices, such as desktops, laptops, and mobile devices. They provide centralized control over device configuration, software deployment, and policy enforcement, enhancing IT efficiency. These tools ensure compliance with security policies and help mitigate risks by monitoring and managing endpoints‘ health and security status. […]

The post Top 20 Best Endpoint Management Tools – 2024 appeared first on Cyber Security News.

A Vipre study reveals a 20% increase in business email compromise attacks

A vulnerability was found in Dell InsightIQ up to 5.0.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to risky cryptographic algorithm. This vulnerability was named CVE-2024-28972. The attack can be initiated remotely. There is no exploit available.

站在研发视角，去看待如何针对认证进行安全开发，或者说如何选取合适的认证场景来确保应用系统的安全认证。