Ransomware Attack Update for the 14th of August 2025
Ransomware Attack Update for the 14th of August 2025
Aggregator
SDL 83/100问:上传图片的API,除了常见web漏洞外,是否还会有风险?
10 months 1 week ago
这是一个合规问题,在软件开发的需求阶段,以安全需求的形式提出来,让业务方放到需求池中排期做。
在此之前我也没有关注这方面的意识,直到SRC收到白帽子提交的涉H图片漏洞,才意识到这方面应该纳入考虑,应用场景主要是:图片上传并展示到公众页面的功能,比如上传头像、论坛中允许发图片等。
在选择时,应该首选大厂,定期测试接口的可用性以及是否正常,避免过度信任带来内容安全风险。
-------------更多内容,请访问-------------
1、SDL 100问
SDL100问:我与SDL的故事
SAST误报太高,如何解决?
SDL需要哪些人参与?
大家都有哪些SDL运营指标?
业务系统是否可以带漏洞上线?
日常的漏洞运营,也应该是SDL团队来做吗?
关于开发安全BP,对开展SDL有哪些帮助?
SDL 79/100问:如何塑造开发安全文化?
SDL 80/100问:怎样算是IAST扫描,都有哪些模式?
SDL 81/100问:如何快速应急开源组件漏洞,比如fastjson?
SDL 82/100问:说到供应链,有没有第三方信息安全相关的法规或者标准?
2、SDL创新实践
首发!“ 研发安全运营 ” 架构研究与实践
DevSecOps实施关键:研发安全团队
DevSecOps实施关键:研发安全流程
DevSecOps实施关键:研发安全规范
DevSecOps实施关键:研发安全工具
从安全视角,看研发安全
数字化转型下研发安全痛点
一个思考:安全测试驱动产品安全?
3、SDL最初实践
【SDL最初实践】开篇
【SDL最初实践】安全培训
【SDL最初实践】安全需求
【SDL最初实践】安全设计
【SDL最初实践】安全开发
【SDL最初实践】安全测试
【SDL最初实践】安全审核
【SDL最初实践】安全响应
4、安全运营实践
基于实践的安全事件简述
安全事件运营SOP:钓鱼邮件
安全事件运营SOP:网络攻击
安全事件运营SOP:蜜罐告警
安全事件运营SOP:webshell事件
安全事件运营SOP:接收漏洞事件
应急能力提升:实战应急困境与突破
应急能力提升:挖矿权限维持攻击模拟
Qilin
10 months 1 week ago
You must login to view this content
cohenido
Qilin
10 months 1 week ago
You must login to view this content
cohenido
MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations
10 months 1 week ago
A new HTTP/2 denial-of-service (DoS) vulnerability called MadeYouReset was recently disclosed by security researchers. Cloudflare HTTP DDoS mitigation, already protects from MadeYouReset.
Alex Forster
Dire Wolf
10 months 1 week ago
You must login to view this content
cohenido
Qilin
10 months 1 week ago
You must login to view this content
cohenido
The Cost of NYDFS Cybersecurity Noncompliance: What You Need to Know in 2025
10 months 1 week ago
The New York State Department of Financial Services (NYDFS) has long been a leader in setting cybersecurity standards for the financial services and insurance sectors. Under 23 NYCRR Part 500, regulated entities are required to implement a comprehensive cybersecurity program that addresses governance, access controls, incident response, and ongoing risk management.
The post The Cost of NYDFS Cybersecurity Noncompliance: What You Need to Know in 2025 appeared first on Security Boulevard.
Roman Kadinsky, Cofounder, President & COO, HYPR
Middle Eastern Organizations Targeted With Charon Ransomware
10 months 1 week ago
New Ransomware Possibly Linked to Earth Baxia
A previously uncatalogued ransomware strain is targeting public sector and aviation organizations in the Middle East. The threat actor uses techniques similar to a previously documented hacking group tracked as Earth Baxia and likely based in China.
A previously uncatalogued ransomware strain is targeting public sector and aviation organizations in the Middle East. The threat actor uses techniques similar to a previously documented hacking group tracked as Earth Baxia and likely based in China.
Man Charged in Cyberstalking the Widow of Slain UHC CEO
10 months 1 week ago
Experts Warn of Expanding Intersection of Digital and Physical Threats to Victims
Federal prosecutors have charged a New York man with criminal cyberstalking the widow of murdered UnitedHealthCare CEO Brian Thompson. Experts say the case spotlights the ongoing convergence of physical violence and digital threats facing executives, their families and others.
Federal prosecutors have charged a New York man with criminal cyberstalking the widow of murdered UnitedHealthCare CEO Brian Thompson. Experts say the case spotlights the ongoing convergence of physical violence and digital threats facing executives, their families and others.
Breach Roundup: Russian Hackers Attacked Norwegian Dam
10 months 1 week ago
Also: Spain Defies Pressure to Eject Huawei, Hackers Leak North Korea Kimsuky Data
This week, Norway said Russian hackers attacked a flood gate, Spain defied pressure to eject Huawei, a cyberattack against the Office of the Pennsylvania Attorney General. Hackers leaked stolen North Korean Kimsuky data, Microsoft patched a Kerberos zero-day and a big Chrome bug bounty.
This week, Norway said Russian hackers attacked a flood gate, Spain defied pressure to eject Huawei, a cyberattack against the Office of the Pennsylvania Attorney General. Hackers leaked stolen North Korean Kimsuky data, Microsoft patched a Kerberos zero-day and a big Chrome bug bounty.
Downgrade Attack Allows Phishing Kits to Bypass FIDO
10 months 1 week ago
You probably can't break FIDO authentication. Still, researchers have shown that there are ways to get around it.
Nate Nelson, Contributing Writer
State and Local Leaders Lobby Congress for Cybersecurity Resources
10 months 1 week ago
Federal funding cuts to the Multi-State Information Sharing and Analysis Center (MS-ISAC) are about to leave more than 18,000 state and local organizations without access to basic cybersecurity resources they need to protect US national security, a letter sent to Congressional appropriators warns.
Becky Bracken
CVE-2025-6558
10 months 1 week ago
Currently trending CVE - Hype Score: 7 - Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Post-Incident CRM Forensics: Why Deploying AppOmni Is a Best Practice
10 months 1 week ago
OAuth abuse exposes SaaS data. AppOmni’s threat detection and security posture management shut it down.
The post Post-Incident CRM Forensics: Why Deploying AppOmni Is a Best Practice appeared first on AppOmni.
The post Post-Incident CRM Forensics: Why Deploying AppOmni Is a Best Practice appeared first on Security Boulevard.
Sam Morrison, Threat Detection - Product Manager, AppOmni
Boosting Independence with Advanced Secrets Scanning
10 months 1 week ago
Is Your Organization Truly Independent in Terms of Security? A sense of independence can often be elusive for organizations expressing intent to have complete control over their cybersecurity. To achieve this, businesses must consider an oft-overlooked aspect of their network security: Non-human Identities (NHIs) and Secrets security management. My role involves providing insights. Without a […]
The post Boosting Independence with Advanced Secrets Scanning appeared first on Entro.
The post Boosting Independence with Advanced Secrets Scanning appeared first on Security Boulevard.
Alison Mack
Adapting to New Cloud Security Challenges
10 months 1 week ago
Are Organizations Truly Prepared for New Cloud Security Challenges? With businesses increasingly shift to cloud-based infrastructures, the question lingers: are organizations genuinely adapting to emerging cloud security challenges? The rise of Non-Human Identities (NHIs) and the growing reliance on Secret Security Management presents a complex landscape requiring robust strategies and innovative solutions. A New Era […]
The post Adapting to New Cloud Security Challenges appeared first on Entro.
The post Adapting to New Cloud Security Challenges appeared first on Security Boulevard.
Alison Mack
New Malvertising Attack Spreads Crypto Stealing PS1Bot Malware
10 months 1 week ago
Cisco Talos researchers have discovered a dangerous new malware framework called PS1Bot. Active since early 2025, this sophisticated…
Deeba Ahmed
US widens sanctions on Russian crypto exchange Garantex, its successor and affiliate firms
10 months 1 week ago
The State Department also announced financial rewards totaling up to $6 million for information leading to the arrest or conviction of Garantex’s leaders.
The post US widens sanctions on Russian crypto exchange Garantex, its successor and affiliate firms appeared first on CyberScoop.
Matt Kapko
N-able security advisory (AV25-517)
10 months 1 week ago
Canadian Centre for Cyber Security