Aggregator

Аналитики Kaspersky обнаружили двукратный рост числа зараженных IoT-устройств в России.

This post first appeared on blog.netwrix.com and was written by Ian Andersen.
One of the most common ways for attackers to slip into a corporate network is by compromising the username and password of a legitimate user account. Usernames are typically trivial to guess because they follow an established standard in a given organization, such as [email protected]. Unfortunately, compromising basic passwords is also surprisingly easy for threat … Continued

未经身份认证的攻击者可利用漏洞远程执行代码，获取服务器控制权限。

As attack surfaces increase, partner networks widen, and security teams remain stretched, vulnerabilities and errors continue to be a daunting challenge.

这可能是国际象棋历史上的第一次：一位棋手使用来自温度计的液态汞给对手的棋盘下毒。这起事件发生在俄罗斯的 Dagestan 共和国，40 多岁的女棋手 Amina Abakarova 给另一位 30 岁的女棋手 Umayganat Osmanova 的棋盘上及其周围撒上了汞。据 Osmanova 事后的回忆，她在比赛中使用了棋盘逾 5 个小时，注意到有银灰色“珠子”在棋盘上滚落，随着时间她逐渐感到了不舒服，有缺氧感，嘴里有铁味道。这些都是接触汞的症状。根据监控录像，Abakarova 在比赛前 20 分钟进入房间，从包里拿出小瓶，在棋盘上倒了些东西。她后来向警方承认这些汞来自温度计。据当地媒体报道，两人是旧相识，但最近发生了矛盾，原因可能与一次比赛有关，两人得分相同，但 Osmanova 因其它因素赢得了比赛。更详细情况不太清楚。俄罗斯国际象棋联合会主席 Andrey Filatov 已对 Abakarova 处以临时禁赛的惩罚，案件调查结束之后她可能被终身禁赛。

Optimizing Kubernetes security and efficiency of through granular control Kubernetes stands out as a powerful and versatile platform amongst application systems, allowing organizations to efficiently manage containers. However, enterprises face security challenges as they adopt Kubernetes in the context of network segmentation. Microsegmentation, a strategic approach to network security, plays a pivotal role in this...

The post The Role of Microsegmentation in Kubernetes Environments appeared first on TrueFort.

The post The Role of Microsegmentation in Kubernetes Environments appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in SourceCodester Daily Calories Monitoring Tool 1.0. Affected is an unknown function of the file delete-calorie.php. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-40472. It is possible to launch the attack remotely. There is no exploit available.

Исследователи предупреждают о новой волне цифровых атак.

Unsurprisingly, many discussions revolved around the implications of the CrowdStrike outage, including the lessons it may have offered for bad actors

Взлом привел к обвалу токена и приостановке операций.

A popular open-source firewall software pfSense vulnerability has been identified, allowing for remote code execution (RCE) attacks. The vulnerability, tracked as CVE-2022-31814, highlights potential risks in pfSense installations, particularly those using the pfBlockerNG package. pfSense is a widely used, FreeBSD-based firewall and router software that offers enterprise-grade features and security. It is renowned for its […]

The post Open Source Firewall pfsense Vulnerable to Remote Code Execution Attacks appeared first on Cyber Security News.

A sophisticated phishing campaign targeting Windows systems leverages multiple evasion techniques, including Python obfuscation, shellcode generation, and loading, to deploy a payload of malware.  This multi-stage attack, disguised as a customer service request, delivers malicious attachments that, once opened, install XWorm, VenomRAT, AsyncRAT, and PureHVNC, which grant attackers remote system control, posing a significant threat […]

The post Threat Actors Exploiting Windows Systems To Deploy Multiple Malwares appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Apache DolphinScheduler up to 3.2.2. This issue affects some unknown processing of the component Resource File Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-30188. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

In November 2023, hackers from Iran hacked the Municipal Water Authority of Aliquippa, Pennsylvania. They targeted a vulnerable control system and damaged it with anti-Israel statements. Two months later, in January 2024, Russians attacked Muleshoe and Abernathy water facilities, causing minor disruptions such as the overflowing of water storage tanks. These are incidents that reveal […]

The post Thousands Of Internet-Connected ICS Devices Exposes Critical Infrastructure To Cyber Attacks appeared first on Cyber Security News.

A vulnerability classified as critical was found in Apache DolphinScheduler up to 3.2.1. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2024-29831. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Both ZPHP and DarkGate made their first appearance in the Top 10 Malware list for Q2 2024. Here's what else the CIS Cyber Threat Intelligence team observed.

Преступники контролировали компьютеры жертв через программы удаленного доступа.