What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-15 13:00:00 | Illicit Crypto-Inflows Set to Top $51bn in a Year (lien direct) | Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024
Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024 |
Threat | ★★★ | |
|
2025-01-15 12:00:00 | Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls (lien direct) | The security provider published mitigation measures to prevent exploitation
The security provider published mitigation measures to prevent exploitation |
Vulnerability Threat | ★★★ | |
 |
2025-01-15 11:44:00 | FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation (lien direct) | The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation."
PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People\'s Republic of China (PRC
The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People\'s Republic of China (PRC |
Malware Threat Legislation | ★★★ | |
|
2025-01-15 11:20:00 | Secureworks Exposes North Korean Links to Fraudulent Crowdfunding (lien direct) | Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests
Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests |
Threat | ★★★ | |
|
2025-01-15 10:45:00 | 3 Actively Exploited Zero-Day Flaws Patched in Microsoft\\'s Latest Security Update (lien direct) | Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks.
Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned |
Vulnerability Threat | ★★★ | |
|
2025-01-15 10:40:00 | Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (lien direct) | Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution.
Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit."
The list of identified flaws is as follows -
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows - |
Threat Technical | ★★★ | |
 |
2025-01-15 05:16:50 | AWS S3 Buckets Under Siege: New Ransomware Exploits SSE-C (lien direct) | Research from the Halcyon RISE Team has revealed that a ransomware actor dubbed “Codefinger” has launched a new campaign on Amazon S3 buckets, leveraging WS\'s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data and render victims powerless to recover data without paying the ransom. New Technique a Systemic Threat Halcyon says this tactic [...]
Research from the Halcyon RISE Team has revealed that a ransomware actor dubbed “Codefinger” has launched a new campaign on Amazon S3 buckets, leveraging WS\'s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data and render victims powerless to recover data without paying the ransom. New Technique a Systemic Threat Halcyon says this tactic [...] |
Ransomware Threat | ★★★★ | |
 |
2025-01-14 21:51:07 | Zero-Day Vulnerability Targets Fortinet FortiGate Firewalls (lien direct) | Cybersecurity firm Arctic Wolf disclosed on Friday that threat actors recently targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public Internet in a suspected zero-day campaign.
According to Arctic Wolf Labs researchers, malicious activity against Fortinet firewalls began in mid-November 2024. Unknown threat actors altered firewall configurations by accessing management interfaces on affected firewalls and extracting credentials using DCSync in compromised environments.
“The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes,” security researchers at Arctic Wolf wrote in a blog post published last week.
While the initial access vector used in this campaign currently remains unknown, Arctic Wolf Labs is highly confident that a zero-day vulnerability’s “mass exploitation campaign” is likely, considering the constricted timelines across affected organizations and the range of affected firmware versions.
The firmware versions ranging from 7.0.14 and 7.0.16 were predominantly affected, which were released in February 2024 and October 2024 respectively.
Arctic Wolf Labs has currently identified four separate attack phases of the campaign that targeted vulnerable FortiGate devices between November 2024 and December 2024:
Phase 1: Vulnerability scanning (November 16, 2024 to November 23, 2024)
Phase 2: Reconnaissance (November 22, 2024 to November 27, 2024)
Phase 3: SSL VPN configuration (December 4, 2024 to December 7, 2024)
Phase 4: Lateral Movement (December 16, 2024 to December 27, 2024)
In the first phase, the threat actors conducted vulnerability scans and made use of jsconsole sessions with connections to and from unusual IP addresses, such as loopback addresses (e.g., 127.0.0.1) and popular DNS resolvers including Google Public DNS and Cloudflare, making them an ideal target for threat hunting.
In the reconnaissance phase, the attackers made the first unauthorized configuration changes across several victim organizations to verify whether they had successfully obtained access to commit changes on exploited firewalls.
During the third phase of the campaign, threat actors made substantial changes to compromised devices to establish SSL VPN access.
In some intrusions, they created new super admin accounts, while in others, they hijacked existing accounts to gain SSL VPN access. Threat actors also created new SSL VPN portals where the user accounts were added directly.
In the last phase, after successfully gaining SSL VPN access within the victim organization’s environment, the threat actors used the DCSync technique to extract credentials for lateral movement.
According to the cybersecurity company, the threat actors have been removed from affected systems before they can proceed.
Artic Wolf Labs notified Fortinet about the activity observed in this campaign on December 12, 2024. FortiGuard Labs PSIRT confirmed on December 17, 2024, that it is aware of the known activity and is actively investigating the issue.
To safeguard against such known security issues, Artic Wolf Labs recommends that organizations immediately disable their firewall management access on public interfaces and limit access to trusted users.
It also advises regularly upgrading the firmware on firewall devices to the latest version to protect against known vulnerabilities.
Cybersecurity firm Arctic Wolf disclosed on Friday that threat actors recently targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public In |
Vulnerability Threat | ★★★ | |
 |
2025-01-14 19:25:12 | RansomHub Ransomware: Darktrace\\'s Investigation of the Newest Tool in ShadowSyndicate\\'s Arsenal (lien direct) | Between September and October 2024, Darktrace investigated several customer networks compromised by RansomHub attacks. Further analysis revealed a connection to the ShadowSyndicate threat group. Read on to discover how these entities are linked and the tactics, techniques, and procedures employed in these attacks.
Between September and October 2024, Darktrace investigated several customer networks compromised by RansomHub attacks. Further analysis revealed a connection to the ShadowSyndicate threat group. Read on to discover how these entities are linked and the tactics, techniques, and procedures employed in these attacks. |
Ransomware Tool Threat | ★★★ | |
 |
2025-01-14 18:59:00 | 3 Tips for Eliminating Attack Surface Blind Spots (lien direct) | In today’s rapidly evolving digital landscape, security professionals face many challenges in protecting their organizations from cyber threats. One common problem is the persistence of attack surface blind spots, which can be exploited by attackers and prevent an organization’s ability to stay ahead of threats. For businesses that lack the resources or budget for a full-time, in-house security operations center (SOC) or that struggle to recruit and retain skilled staff, these blind spots can be even more challenging to address. Here are three tips to eliminate attack surface blind spots and strengthen your security posture. 1. Expand Visibility Across Your Attack Surface A common cause of attack surface blind spots is a lack of visibility across an organization’s IT infrastructure. Modern IT environments are diverse and complex, encompassing legacy systems, cloud services, mobile devices, third-party applications, and supply chain touchpoints. Without comprehensive visibility, it’s easy to miss exposures that could lead to significant vulnerabilities. How to Expand Visibility Discover and Categorize Assets: Regularly scanning and monitoring your IT environment with managed vulnerability services paired with managed detection and response (MDR) services ensure new assets are discovered promptly, even as new technology or supply chain touchpoints are added. With these services, you gain comprehensive discovery and categorization of known and unknown assets, applications, and workloads on-premises and in multi-cloud environments for endpoint, OT, IoT, SaaS applications, and other IT infrastructure. With categorization, your data will be enriched with information such as: Criticality of asset to the organization/business, location, maintenance Asset identity, IT address, asset group • Installed software, services that are running, and file integrity Open ports, vulnerabilities, or configuration issues Users and IT or regulatory policy violations Associated alarms and events Fortify Defenses: Using a combination of services, such as MDR with managed endpoint security (MES) and managed vulnerability services significantly expands attack surface visibility. The integration of these services with a centralized technology platform provides a unified view of your attack surface and enriched, extended data collection. You can validate security controls and identify exposures with regular pen testing through managed vulnerability services and complementary consulting services for red/purple team and risk assessments. Leverage Continuous Monitoring: Take advantage of managed security services. Managed services teams that work 24/7 in collaboration across multiple integrated platforms can proactively identify, prioritize, and mitigate or remediate exposures and vulnerabilities, as well as detect and investigate evolving and emerging threats more holistically across your attack surface. By expanding visibility, you’ll not only uncover blind spots but also validate security controls and establish a more proactive approach to identifying threats and managing your cyber risk. 2. Address Vulnerability Overload Through Prioritization Another big challenge for security teams is managing a high volume of vulnerabilities. Without context for prioritization, organizations may be wasting time and resources on vulnerabilities that pose little actual risk while leaving critical exposures unaddressed. How to Overcome Vulnerability Overload Prioritize by Risk and Exploitability: Partner with a security operations team that evaluates vulnerabilities based on their risk of exploitation and potential business impact. For example, LevelBlue integrates threat intelligence and asset criticality into vul | Tool Vulnerability Threat Mobile Industrial Cloud | ★★★ | |
 |
2025-01-14 17:50:24 | (Déjà vu) Zero-Day Security Bug Likely Fueling Fortinet Firewall Attacks (lien direct) | An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.
An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication. |
Vulnerability Threat | ★★★ | |
 |
2025-01-14 15:08:32 | VERT Threat Alert: January 2025 Patch Tuesday Analysis (lien direct) | Today\'s VERT Alert addresses Microsoft\'s January 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1139 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21333 The first of three Hyper-V vulnerabilities this month is a heap-based buffer overflow that leads to privilege escalation to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected. CVE-2025-21334 The second of three Hyper-V vulnerabilities this month is a use-after-free vulnerability that leads to privilege escalation to SYSTEM...
Today\'s VERT Alert addresses Microsoft\'s January 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1139 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21333 The first of three Hyper-V vulnerabilities this month is a heap-based buffer overflow that leads to privilege escalation to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected. CVE-2025-21334 The second of three Hyper-V vulnerabilities this month is a use-after-free vulnerability that leads to privilege escalation to SYSTEM... |
Vulnerability Threat | ★★★ | |
|
2025-01-14 14:43:00 | Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces (lien direct) | Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet.
"The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes," cybersecurity firm
Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes," cybersecurity firm |
Vulnerability Threat | ★★★ | |
|
2025-01-14 14:40:00 | Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (lien direct) | Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin\'s efforts to gather economic and political intelligence in Central Asia.
The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia\'s General Staff Main
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin\'s efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia\'s General Staff Main |
Malware Threat | APT 28 | ★★★ |
 |
2025-01-14 14:00:00 | Backscatter: Automated Configuration Extraction (lien direct) | Written by: Josh Triplett
Executive Summary Backscatter is a tool developed by the Mandiant FLARE team that aims to automatically extract malware configurations. It relies on static signatures and emulation to extract this information without dynamic execution, bypassing anti-analysis logic present in many modern families. This complements dynamic analysis, providing faster threat identification and high-confidence malware family attribution. Google SecOps reverse engineers ensure precise indicators of compromise (IOC) extraction, empowering security teams with actionable threat intelligence to proactively neutralize attacks. Overview The ability to quickly detect and respond to threats has a significant impact on potential outcomes. Indicators of compromise (IOCs) serve as crucial breadcrumbs, allowing cybersecurity teams to identify and mitigate potential attacks while expanding their search for related activity. VirusTotal\'s existing suite of tools to analyze and understand malware IOCs, and thus the Google Threat Intelligence platform by extension, is further enhanced with Backscatter. VirusTotal has traditionally utilized dynamic analysis methods, like sandboxes, to observe malware behavior and capture IOCs. However, these methods can be time-consuming and may not yield actionable data if the malware employs anti-analysis techniques. Backscatter, a service developed by the Mandiant FLARE team, complements these methods by offering a static analysis capability that directly examines malware without executing it, leading to faster and more efficient IOC collection and high-confidence malware family identification. Additionally, Backscatter is capable of analyzing sandbox artifacts, including memory dumps, to improve support for packed and obfuscated malware that does successfully execute in dynamic environments. Within the Google Threat Intelligence platform, Backscatter shines by identifying configuration data, embedded IOCs, and other malicious artifacts hidden within malware uploaded by users. It can pinpoint command-and-control (C2 or C&C) servers, dropped files, and other signs of malware presence, rapidly generating actionable threat intelligence. All of the extracted IOCs and configuration attributes become immediately pivotable in the Google Threat Intelligence platform, allowing users to identify additional malware related to that threat actor or activity. Complementing Dynamic Analysis Backscatter enables security teams to quickly understand and defend against attacks. By leveraging Backscatter\'s extracted IOCs in conjunction with static, dynamic, and reputational data, analysts gain a more comprehensive view of potential threats, enabling them to block malicious communication, detect and remove dropped files, and ultimately neutralize attacks. Backscatter\'s static analysis approach, available in Google Threat Intelligence, provides a valuable addition to the platform\'s existing dynamic analysis capabilities. This combination offers a more comprehensive threat intelligence strategy, allowing users to leverage the strengths of both approaches for a more robust security posture. Backscatter in GTI and VirusTotal Backscatter is available to Google SecOps customers, including |
Ransomware Malware Tool Threat Cloud | ★★★ | |
 |
2025-01-14 13:03:02 | Hackers Using Fake YouTube Links to Steal Login Credentials (lien direct) | Cybercriminals exploit fake YouTube links to redirect users to phishing pages, stealing login credentials via URI manipulation and…
Cybercriminals exploit fake YouTube links to redirect users to phishing pages, stealing login credentials via URI manipulation and… |
Threat | ★★★ | |
 |
2025-01-14 13:00:14 | 5 Key Cyber Security Trends for 2025 (lien direct) | >As the digital world continues to evolve, threats to organizations are becoming more sophisticated, pervasive, and disruptive. Our annual 2025 State of Cyber Security Report is intended to provide cyber security leaders with critical insights into the evolving threat landscape and help them prepare for the advanced threats their organizations may face in the coming year. This year\'s report highlights several key trends that will shape the future of security, from the growing role of AI in cyber warfare to the rising threat of infostealers. Let\'s take a closer look at the five most significant cyber security trends for 2025: […]
>As the digital world continues to evolve, threats to organizations are becoming more sophisticated, pervasive, and disruptive. Our annual 2025 State of Cyber Security Report is intended to provide cyber security leaders with critical insights into the evolving threat landscape and help them prepare for the advanced threats their organizations may face in the coming year. This year\'s report highlights several key trends that will shape the future of security, from the growing role of AI in cyber warfare to the rising threat of infostealers. Let\'s take a closer look at the five most significant cyber security trends for 2025: […] |
Threat | ★★★ | |
 |
2025-01-14 13:00:00 | From Chaos to Clarity: Navigating Threats With Cisco XDR (lien direct) | Cisco XDR transforms cybersecurity with enhanced threat detection and automated responses. Download the Solution Brief for detailed insights and use cases.
Cisco XDR transforms cybersecurity with enhanced threat detection and automated responses. Download the Solution Brief for detailed insights and use cases. |
Threat | ★★★ | |
 |
2025-01-14 11:54:10 | Proofpoint Named a Leader in the 2025 Gartner® Magic Quadrant™ for Digital Communications Governance and Archiving Solutions (lien direct) | When you\'ve got a great thing going, why stop? I\'m pleased to announce that we have been recognized as a Leader. Gartner has named Proofpoint a Leader in the 2025 Magic Quadrant for Digital Communications Governance and Archiving Solutions (DCGA). This recognition by Gartner is exciting. And in our opinion, it gives us momentum as we expand our efforts at helping clients in this space. Two things stand out for me. First, our focus on connectors, which helps customers who are struggling to take control of and manage their diverse communication channels. And second, our focus on customers, which has been part of the Proofpoint DNA for longer than I\'ve been with the company. In this blog post, I want to talk more about why each focus area will help us do even greater things moving forward. Focus on connectors We agree wholeheartedly that the traditional compliance and archiving market has evolved into something much bigger. We even repositioned our Intelligent Compliance portfolio as Proofpoint Digital Communications Governance (DCG) to help us better communicate the discrete value we offer, the use cases we address and the positive outcomes that we help our customers achieve. Digital communications channels-like mobile, SMS, voice, video, virtual meetings, social media and messaging-have rapidly proliferated across organizations everywhere. And this has increased complexity, risk and non-compliance into the business. What you have today is something like a “digital swamp” that introduces more questions than answers for IT, legal and compliance teams. That\'s where Proofpoint can help. We can help you natively capture Microsoft 365 email as well as a wide variety of other digital communications channels including Microsoft Teams, Slack, Zoom and social media platforms like LinkedIn, Facebook and X. We keep a pulse on the market. And at the same time, we continue to listen closely to our customers. That helps us to plan our roadmap and make informed decisions on whether it makes better sense to build, partner or buy. Earlier this year, for example, we launched new native connectors to capture Microsoft OneDrive and SharePoint content in response to customer feedback. But we don\'t just connect all your channels, we also help you capture and store content to various downstream services. To that end, we have signed strategic partnerships that extend our capture capabilities to more than 80 data sources. Have requirements to capture WhatsApp? Text messages? Signal? Webex? NICE? TikTok? Let\'s talk. Today, we can capture content and store to your non-Proofpoint archive. We can improve visibility into your capture stream to reconcile what you believe you\'re storing with what is retained in your non-Proofpoint archive. We can capture and store social media to your non-Proofpoint archive. And we can automatically monitor and remediate non-compliant social profiles and engagement. Plus, we\'re ready whenever you\'re ready to migrate to Proofpoint\'s DCGA solution. Focus on customers I said this in 2022-Proofpoint focuses on driving a world-class customer experience. This was one of our key strategic initiatives in 2024, and it will be moving forward. Our customer-centricity differentiates Proofpoint from other vendors. And our efforts in this area are reflected in many statistics that we\'re proud to share. Year after year, our customer retention rate is more than 90% across all product lines, which is pretty remarkable. We have a 94% customer satisfaction (CSAT) rating (as of July 2024), which is based on surveys completed by customers and conducted by Proofpoint technical support. This further sets us apart from our competitors. In this year\'s report, I was proud to see Gartner recognize us based on our Completeness of Vision and Ability to Execute. We\'re thrilled to hear this and aspire for more recognitions in 2025. Proofpoint offers both depth and breadth I\'ve never been more excited and optimi | Threat Mobile Technical Commercial | ★★★ | |
 |
2025-01-14 10:57:07 | Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (lien direct) | Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...]
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...] |
Threat | ★★★ | |
|
2025-01-14 10:24:27 | Fortinet warns of auth bypass zero-day exploited to hijack firewalls (lien direct) | Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]
Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...] |
Vulnerability Threat | ★★★ | |
|
2025-01-14 09:45:00 | UK Registry Nominet Breached Via Ivanti Zero-Day (lien direct) | The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products
The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products |
Vulnerability Threat | ★★★ | |
|
2025-01-13 21:34:29 | Microsoft Cracks Down on Malicious Copilot AI Use (lien direct) | According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.
According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services. |
Tool Threat | ★★★ | |
 |
2025-01-13 21:13:43 | Scammers Exploit California Wildfires: How to Stay Safe (lien direct) | >
The devastating wildfires sweeping through Southern California have left countless neighborhoods in ruins, forcing thousands to evacuate and destroying homes...
>
The devastating wildfires sweeping through Southern California have left countless neighborhoods in ruins, forcing thousands to evacuate and destroying homes...
|
Threat | ★★★ | |
|
2025-01-13 20:44:00 | Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw (lien direct) | The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.
The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware. |
Malware Vulnerability Threat Cloud | ★★★ | |
|
2025-01-13 19:03:00 | Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (lien direct) | A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners.
Cloud security firm Wiz said it\'s currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it\'s currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in |
Vulnerability Threat Cloud | ★★★ | |
|
2025-01-13 17:26:08 | Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results (lien direct) | Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar.
Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar. |
Malware Threat | ★★★ | |
|
2025-01-13 16:25:00 | How Hackers Steal Your Password (lien direct) | Password Crackers – How Hackers Get Passwords In today’s digital business environment, passwords are often the keys to your organization’s most sensitive assets—from financial records and customer accounts to intellectual property. Unfortunately, hackers are constantly developing methods to steal these passwords and gain unauthorized access. Understanding the techniques they use and how employees can protect themselves is crucial for maintaining digital security. This article explores how hackers crack passwords, the tools and techniques they employ, and the strategies your organization can adopt to safeguard online accounts. Password Hacker Dangers Password hacking, also known as password cracking, refers to the process of uncovering or bypassing passwords to gain unauthorized access to systems, accounts, or data. It stands as one of the most serious cyberthreats today, with hackers using both high-tech tools, such as advanced algorithms and automated software, and low-tech methods, like social engineering or physical observation. These attacks have led to devastating breaches, including the 2016 Democratic Party data leak, underscoring the critical importance of strong password security. Organizations and individuals must remain vigilant against this persistent threat to protect sensitive information. What Motivates Password Crackers Password cracking involves uncovering passwords from stored data or data transfers using specialized software and techniques. Hackers are often financially motivated, seeking to monetize stolen credentials by leaking sensitive information, committing fraud, or selling access to compromised accounts. Additionally, some hackers pursue data theft to disrupt organizations or exploit their intellectual property. By understanding these motivations, organizations can better appreciate the importance of robust password security measures to protect their assets and reputation. Types of Password Cracking To understand the threat, let’s explore the common ways hackers steal passwords: Phishing: Fake websites or deceptive emails trick users into entering their credentials, which hackers then capture for unauthorized access. Social Engineering: Hackers manipulate individuals into revealing passwords by exploiting trust, fear, or curiosity, often posing as IT support or sending urgent alerts. Keylogging: Malware-based keyloggers record every keystroke, including passwords. Brute Force Attacks: Password-cracking tools attempt every possible character combination until the correct password is found. This is particularly effective against weak passwords. Dictionary Attacks: A subset of brute force attacks, these use precompiled lists of common passwords and words to guess credentials. Credential Stuffing: Hackers exploit reused username-password combinations from previous breaches to access multiple accounts. Man-in-the-Middle (MitM) Attacks: Hackers intercept data during transmission, capturing passwords entered during login. Data Breaches: Cyberattacks on companies can expose millions of passwords, which are often sold or published on the dark web. Common Password Cracking Methods Hackers also use advanced techniques, such as: Rainbow Tables: Precomputed information on digital signatures that speed up the decryption of hashed passwords Password Spraying: Testing common passwords across many accounts to avoid detection Offline Cracking: Decrypting encrypted password files without interacting directly with users Shoulder Surfing: Physically observing someone typing their password Malware: Extracting stored pas | Data Breach Tool Vulnerability Threat Cloud | ★★★ | |
|
2025-01-13 15:33:46 | Stolen Path of Exile 2 admin account used to hack player accounts (lien direct) | Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. [...]
Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. [...] |
Hack Threat | ★★★ | |
|
2025-01-13 13:21:11 | Securing the Public Sector: How One County Strengthened Microsoft Email Security with Proofpoint (lien direct) | Public sector organizations are particularly vulnerable to cyber threats. This is largely because so much of the data about their operations and personnel is publicly accessible. Procurement data, departmental contacts and employee details can all be used by attackers to craft highly convincing phishing campaigns as well as other targeted threats. When this is combined with the critical nature of the services that they provide, it\'s no wonder why government entities are prime targets for cybercriminals. In this blog, we explore the recent success story of a county government (referred to here as "the County"), which exemplifies how public sector organizations can overcome these challenges. With advanced threat detection, tailored training and exceptional support, Proofpoint helped the County achieve a robust, human-centric security posture. The scenario The County\'s top concerns included raising awareness about phishing threats and training its employees to recognize and avoid these attacks. While the County was already using Microsoft Defender for Office 365 email security, it also wanted to see if Proofpoint could offer more protection. During initial discussions about security awareness training, the County was steered toward Proofpoint ZenGuide. It found our comprehensive approach to educating users on identifying and responding to phishing threats appealing. That meeting, in turn, led to questions about the County\'s email security posture. Those talks quickly expanded to include evaluating the effectiveness of the County\'s current Microsoft email security measures with a Proofpoint Email Rapid Risk Assessment (RRA). A Rapid Risk Assessment reveals hidden threats Two weeks later, the RRA provided some startling insights. Proofpoint found that about 20% of the emails delivered by Microsoft were malicious. These included phishing attempts that targeted people working in the County\'s most vulnerable and critical departments, mainly payroll and accounting. Proofpoint identified these users as "Very Attacked People" (VAP). The results of the RRA exposed significant gaps in the County\'s existing Microsoft email security. When its leadership saw concrete data about the threats that were reaching its employees, it called for immediate action. As a result, the County ended the RRA early and approved the deployment of Proofpoint Threat Protection. Implementation moves forward quickly Time was of the essence. At their request, Proofpoint sped up implementation and completed it within the same month. To avoid disrupting workflows, Proofpoint seamlessly integrated with the County\'s existing email platform. Our professional services team offered support throughout the process. Not only did it work to simplify the initial configuration, but it also addressed any challenges. Despite the deployment\'s complexity, it delivered rapid and tangible improvements that justified the investment and effort. Why Proofpoint stood out Three key factors were behind the County\'s decision to use Proofpoint: Unmatched threat detection. We demonstrated superior capabilities in identifying and blocking threats that Microsoft Defender missed. The fact that Proofpoint can also pinpoint VAPs and provide detailed insights about threats that are targeting them only strengthened the County\'s confidence. Data-driven decision-making. The RRA provided tangible evidence of gaps in their existing security measures. By showing the CIO exactly how many threats were reaching high-risk employees, Proofpoint made a compelling case for augmenting their Microsoft 365 email security. Outstanding reputation for support. Known for responsiveness and expertise, our professional services team delivered excellent customer support. It ensured a smooth onboarding process and minimized disruption. Looking ahead The successful deployment paved the way for additional projects with Proofpoint. The County is now considering o | Tool Threat Legislation | ★★★ | |
|
2025-01-13 11:50:12 | UK domain registry Nominet confirms breach via Ivanti zero-day (lien direct) | Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...]
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...] |
Vulnerability Threat | ★★★★ | |
|
2025-01-13 11:31:00 | Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems (lien direct) | No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain.
Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use for command-and-control (C2). In partnership with the
No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use for command-and-control (C2). In partnership with the |
Threat | ★★★ | |
|
2025-01-13 11:22:47 | Hackers Breach Telefonica Network, Leak 2.3 GB of Data Online (lien direct) | Telefónica faces a data breach impacting its internal systems, linked to hackers using compromised credentials. Learn more about this alarming cyber threat.
Telefónica faces a data breach impacting its internal systems, linked to hackers using compromised credentials. Learn more about this alarming cyber threat. |
Data Breach Threat | ★★★ | |
|
2025-01-13 09:41:18 | 13th January– Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The International Civil Aviation Organization (ICAO), that is part of the UN, confirmed a compromise of its recruitment database that exposed 42,000 recruitment applications. The data contains records from April 2016 to […]
>For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The International Civil Aviation Organization (ICAO), that is part of the UN, confirmed a compromise of its recruitment database that exposed 42,000 recruitment applications. The data contains records from April 2016 to […] |
Threat | ★★ | |
 |
2025-01-13 08:36:52 | Singapore\\'s CSA issues urgent advisory on Mirai botnet threat to industrial routers, smart home devices (lien direct) | The Cyber Security Agency of Singapore (CSA) addressed reports of an ongoing Mirai-based botnet campaign targeting security flaws...
The Cyber Security Agency of Singapore (CSA) addressed reports of an ongoing Mirai-based botnet campaign targeting security flaws... |
Threat Industrial | ★★★ | |
|
2025-01-13 04:15:00 | What Is Vulnerability Management? (lien direct) | Enterprise networks frequently experience changes in endpoint devices, software, and files, which can introduce risk to the organization. To mitigate this, companies can implement foundational security controls like file integrity monitoring (FIM), which tracks changes to essential files and helps restore them if unauthorized. Additionally, organizations may use these controls to monitor for vulnerabilities introduced by new devices. However, FIM alone is not enough. Companies need a vulnerability management program to ensure comprehensive risk assessment, threat minimization, and compliance...
Enterprise networks frequently experience changes in endpoint devices, software, and files, which can introduce risk to the organization. To mitigate this, companies can implement foundational security controls like file integrity monitoring (FIM), which tracks changes to essential files and helps restore them if unauthorized. Additionally, organizations may use these controls to monitor for vulnerabilities introduced by new devices. However, FIM alone is not enough. Companies need a vulnerability management program to ensure comprehensive risk assessment, threat minimization, and compliance... |
Vulnerability Threat | ★★★ | |
|
2025-01-13 04:14:57 | The $55 Billion Wake-Up Call: Cybersecurity Challenges Facing UK Businesses (lien direct) | Organizations of all types must consider and prioritize cybersecurity in order to protect against a wide range of attacks and prevent potentially catastrophic consequences. With the evolution of the threat landscape and most businesses relying more and more on technological pillars for everyday operations, cyberattacks can have impacts that extend far beyond monetary losses. However, the financial cost alone is staggering, highlighting the pressing need for improved cybersecurity across the board. A recent publication from international insurance intermediary group Howden analyzes the results...
Organizations of all types must consider and prioritize cybersecurity in order to protect against a wide range of attacks and prevent potentially catastrophic consequences. With the evolution of the threat landscape and most businesses relying more and more on technological pillars for everyday operations, cyberattacks can have impacts that extend far beyond monetary losses. However, the financial cost alone is staggering, highlighting the pressing need for improved cybersecurity across the board. A recent publication from international insurance intermediary group Howden analyzes the results... |
Threat | ★★★ | |
|
2025-01-11 21:03:20 | [Zero-day] (lien direct) | Researchers at Google Project Zero on Friday disclosed a now-patched zero-click vulnerability that could allow remote attackers to execute arbitrary code on Samsung devices without any user interaction.
The vulnerability tracked as CVE-2024-49415 (CVSS score: 8.1) is an out-of-bounds write issue in the saped_rec function of the libsaped.so library, a library of C2 media service responsible for audio playback. It affected the Monkey\'s Audio (APE) decoder used in Samsung\'s flagship Galaxy S23 and S24 devices running Android versions 12, 13, and 14.
“Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. The patch adds proper input validation,” read the advisory for the flaw released in December 2024 as part of Samsung\'s monthly security updates.
How the attack could be performed?
Natalie Silvanovich, a Google Project Zero researcher who identified and reported the vulnerability to Samsung on September 21, 2024, said that the attack could be carried out by sending a malicious audio file that does not require any user involvement (zero-click), making it potentially dangerous.
The flaw occurred due to Samsung\'s handling of RCS (rich communication services) messages, specifically in how incoming audio messages are parsed and processed through the Google Messages app in Android. This setting is enabled by default on the Galaxy S23 and S24 models.
“The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000. While the maximum blocksperframe value extracted by libsapedextractor is also limited to 0x120000, saped_rec can write up to 3 * blocksperframe bytes out, if the bytes per sample of the input is 24. This means that an APE file with a large blocksperframe size can substantially overflow this buffer,” Silvanovich wrote in her bug report.
“Note that this is a fully remote (0-click) bug on the Samsung S24 if Google Messages is configured for RCS (the default configuration on this device), as the transcription service decodes incoming audio before a user interacts with the message for transcription purposes.”
In a hypothetical attack scenario, an attacker can exploit the vulnerability by sending a specially crafted audio message on RCS-enabled devices, causing the device\'s media codec process (“samsung.software.media.c2”) to crash and open a way for further exploitation.
In addition to the above flaw, Samsung’s December 2024 update also fixed another vulnerability: CVE-2024-49413 (CVSS score: 7.1), involving the SmartSwitch app. This flaw allowed local attackers allowed local attackers to install malicious applications by exploiting insufficient cryptographic signature verification.
While Samsung has fixed the flaws, it is recommended that users update their RCS-enabled devices with the latest security updates. Additionally, it is advisable to disable RCS in Google Messages to reduce the risk of zero-click exploits further.
Researchers at Google Project Zero on Friday disclosed a now-patched zero-click vulnerability that could allow remote attackers to execute arbitrary code on Samsung devices without any user interaction. The vulnerability tracked as CVE-2024 |
Vulnerability Threat Mobile | ★★★ | |
|
2025-01-11 13:47:03 | Fake PoC Exploit Targets Cybersecurity Researchers with Malware (lien direct) | A fake proof-of-concept (PoC) exploit designed to lure cybersecurity researchers into downloading malicious software. This deceptive tactic leverages a recently patched critical vulnerability in Microsoft\'s Windows LDAP service (CVE-2024-49113), which can cause denial-of-service attacks.
A fake proof-of-concept (PoC) exploit designed to lure cybersecurity researchers into downloading malicious software. This deceptive tactic leverages a recently patched critical vulnerability in Microsoft\'s Windows LDAP service (CVE-2024-49113), which can cause denial-of-service attacks. |
Malware Vulnerability Threat | ★★★ | |
|
2025-01-11 13:24:00 | Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (lien direct) | Microsoft has revealed that it\'s pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content.
The tech giant\'s Digital Crimes Unit (DCU) said it has observed the threat actors "develop
Microsoft has revealed that it\'s pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content. The tech giant\'s Digital Crimes Unit (DCU) said it has observed the threat actors "develop |
Threat | ★★★ | |
|
2025-01-11 10:21:31 | Fake LDAPNightmware exploit on GitHub spreads infostealer malware (lien direct) | A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [...]
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [...] |
Malware Threat | ★★★ | |
|
2025-01-10 22:37:54 | Threat Actors Exploit a Critical Ivanti RCE Bug, Again (lien direct) | New year, same story. Despite Ivanti\'s commitment to secure-by-design principles, threat actors - possibly the same ones as before - are exploiting its edge devices for the nth time.
New year, same story. Despite Ivanti\'s commitment to secure-by-design principles, threat actors - possibly the same ones as before - are exploiting its edge devices for the nth time. |
Threat | ★★★ | |
 |
2025-01-10 17:42:31 | Renforcer la cybersécurité grâce à la formation de sensibilisation (lien direct) | La sécurité informatique repose autant sur la technologie que sur la vigilance humaine. Former vos collaborateurs est essentiel pour contrer les menaces modernes et limiter les erreurs humaines....
La sécurité informatique repose autant sur la technologie que sur la vigilance humaine. Former vos collaborateurs est essentiel pour contrer les menaces modernes et limiter les erreurs humaines.... |
Threat | ★★★ | |
 |
2025-01-10 15:23:32 | Vulnérabilité zero-day impactant un outil VPN pour entreprise (lien direct) | Une vulnérabilité zero-day critique affecte les appliances Ivanti Connect Secure VPN (ICS), largement utilisées pour assurer la connectivité sécurisée des entreprises.
Une vulnérabilité zero-day critique affecte les appliances Ivanti Connect Secure VPN (ICS), largement utilisées pour assurer la connectivité sécurisée des entreprises. |
Vulnerability Threat | ★★★ | |
|
2025-01-10 15:17:00 | Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices (lien direct) | Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey\'s Audio (APE) decoder on Samsung smartphones that could lead to code execution.
The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14.
"Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey\'s Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote |
Vulnerability Threat Mobile | ★★★ | |
|
2025-01-10 15:01:00 | RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns (lien direct) | Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.
"The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an |
Malware Threat | ★★★ | |
 |
2025-01-10 13:31:54 | Cyber Certainty: Threat Reduction For Business Leaders (lien direct) | >This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in TechRound Sausalito, Calif. – Jan. 10, 2025 TechRound, the voice of UK startups, reports that cybercrime will cost the world more than $10 trillion annually by 2025, according to Cybersecurity Ventures.
>This week in cybersecurity from the editors at Cybercrime Magazine –Read the Full Story in TechRound Sausalito, Calif. – Jan. 10, 2025 TechRound, the voice of UK startups, reports that cybercrime will cost the world more than $10 trillion annually by 2025, according to Cybersecurity Ventures. |
Threat | ★★★ | |
|
2025-01-10 13:12:17 | New Web3 attack exploits transaction simulations to steal crypto (lien direct) | Threat actors are employing a new tactic called "transaction simulation spoofing" to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. [...]
Threat actors are employing a new tactic called "transaction simulation spoofing" to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. [...] |
Threat | ★★★ | |
|
2025-01-10 09:59:30 | Training Your LLM Dragons-Why DSPM is the Key to AI Security (lien direct) | The transformative potential of AI comes at a price. Because it\'s complex and relies on sensitive data, it\'s a prime target for bad actors. Notably, two AI implementations-custom large language models (LLMs) and tools like Microsoft Copilot-pose unique challenges for most organizations. Custom LLMs often need to be trained extensively on an organization\'s data. This creates risks that the data will be embedded into models. And Microsoft Copilot integrates with enterprise applications and processes. So, if it\'s not governed properly, then personal, financial and proprietary data might get exposed. To prevent data from being exposed and ensure compliance, organizations need to take a robust approach to security when it comes to their AI implementations. What follows are some tips for securing LLMs and AI tools like Copilot as well as details about how data security posture management (DSPM) can help. What is DSPM-and why is it critical for AI implementations? Data security posture management (DSPM) is both a strategy and set of tools. Its role is to discover, classify and monitor valuable and sensitive data as well as user access. It does this across an organization\'s cloud and on-premises environments. For AI implementations like custom LLMs and Microsoft Copilot, DSPM is crucial for ensuring that sensitive or regulated data is properly governed. This reduces the risk of data leaking or being misused. Here are some key threats to AI implementations: Prompt injection attacks. Crafty prompts can trick models into indirectly disclosing sensitive data. This enables bad actors to bypass traditional security measures. Training data poisoning. Threat actors can embed sensitive or biased data into training sets. This can lead to unethical or insecure model outputs. Data leakage in outputs. Poorly configured models may inadvertently expose private data during user interactions or as part of their outputs. Compliance failures. AI systems that mishandle regulated data risk steep fines under laws like GDPR, CCPA or HIPAA. When this happens, customer trust is lost. Use case 1: securing custom LLMs Custom LLMs allow organizations to fine-tune AI models to meet their specific business needs. However, they also create significant risks. Sensitive data can enter the model during training or through other interactions, which can lead to data being disclosed inadvertently. Custom LLMs can introduce these risks: Sensitive data being embedded in models during training Inadvertent data leakage in model outputs Compliance failures if regulated data, like personally identifiable information (PII), is mishandled Security vulnerabilities that lead to training data poisoning or prompt injection attacks These risks highlight why it\'s so important to audit training data, monitor data flows and enforce strict access controls. Tips for securing custom LLMs Audit and sanitize training data Regularly review data sets. Look for sensitive or regulated data before using that data in training. Anonymize data with masking or encryption techniques. This will help to protect PII and other critical data. Monitor data lineage Use tools like Proofpoint to map how data flows from ingestion to model training and outputs. Ensure traceability to maintain compliance and quickly address vulnerabilities. Set strict access controls Enforce role-based permissions for data scientists and engineers who are interacting with training data sets. Limit access to sensitive data sets to only those who absolutely need it. Proactively monitor outputs Analyze model responses to ensure that they don\'t reveal sensitive data. This is particularly important after updates or retraining cycles. How Proofpoint helps The Proofpoint DSPM solution can automatically disco | Tool Vulnerability Threat Cloud | ★★★ | |
|
2025-01-10 09:46:31 | Detecting and Mitigating Adversary-in-the-Middle Phishing Attacks with Darktrace Services (lien direct) | Threat actors often use advanced phishing toolkits and Adversary-in-the-Middle (AitM) attacks in Business Email Compromise (BEC) campaigns, Discover how Darktrace detected and mitigated a sophisticated attack leveraging Dropbox, highlighting the importance of robust cybersecurity measures.
Threat actors often use advanced phishing toolkits and Adversary-in-the-Middle (AitM) attacks in Business Email Compromise (BEC) campaigns, Discover how Darktrace detected and mitigated a sophisticated attack leveraging Dropbox, highlighting the importance of robust cybersecurity measures. |
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
