Found 1510 bookmarks
Custom sorting
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
  • In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers. Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched. Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers. * App & API Protector customers who are in automatic mode have existing and updated protections.
#akamai#OrangeTsai#EN#2024#DEVCORE#vulnerabilities#Apache#httpd#CVE-2024-38475#CVE-2024-38472#CVE-2024-39573#CVE-2024-38477
·akamai.com·
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
Microsoft researchers found multiple vulnerabilities in OpenVPN that could lead to an attack chain allowing remote code execution and local privilege escalation. This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information.
#microsoft#EN#2024#OpenVPN#vulnerabilities#discovered#RCE#CVE-2024-27459#CVE-2024-27903
·microsoft.com·
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
A Dive into Earth Baku’s Latest Campaign
A Dive into Earth Baku’s Latest Campaign
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
#trendmicro#EN#2024#APT41#malware#apt-&-targeted-attacks#research#EarthBaku#reports
·trendmicro.com·
A Dive into Earth Baku’s Latest Campaign
Hackers leak 2.7 billion data records with Social Security numbers
Hackers leak 2.7 billion data records with Social Security numbers
Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.
#bleepingcomputer#EN#2024#Class-Action-Lawsuit#Data-Breach#National-Public-Data#Personal-Information#Social-Security-Number#US
·bleepingcomputer.com·
Hackers leak 2.7 billion data records with Social Security numbers
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
  • In early December of 2023, we discovered an open directory filled with batch scripts, primarily designed for defense evasion and executing command and control payloads. These scripts execute various actions, including disabling antivirus processes and stopping services related to SQL, Hyper-V, security tools, and Exchange servers. This report also highlights scripts responsible for erasing backups, wiping event logs, and managing the installation or removal of remote monitoring tools like Atera. Our investigation uncovered the use of additional tools, including Ngrok for proxy services, SystemBC, and two well-known command and control frameworks: Sliver and PoshC2. The observed servers show long term usage by the threat actors, appearing in The DFIR Report Threat Feeds as far back as September 2023. They have been active intermittently since then, with the most recent activity detected in August 2024. Ten new sigma rules were created from this report and added to our private sigma ruleset
#thedfirreport#EN#2024#Toolkit#investigation#open-directory#PoshC2#Batch-Scripts
·thedfirreport.com·
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware
AMD released patches to address the Sinkclose vulnerability, but not all chips are covered. The company also said 'No performance impact expected', which means that its likely still conducting final validation and testing of the patch and how it impacts the overall performance of the system.
#tomshardware#EN#2024#AMD#Sinkclose#no-patch
·tomshardware.com·
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware
Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury
Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury
The United States exposes the identity of and imposes sanctions on two members of the Russian government-aligned hacktivist group.WASHINGTON — Today, the United States designated Yuliya Vladimirovna Pankratova (Pankratova) and Denis Olegovich Degtyarenko (Degtyarenko), two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their roles in cyber operations against U.S. critical infrastructure
#treasury.gov#EN#2024#US#sanctions#Pankratova#Degtyarenko#CARR#Cyber-Army-of-Russia
·home.treasury.gov·
Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
On July 15, 2024, Akamai prevented one of the largest distributed denial-of-service (DDoS) cyberattacks it has ever observed against a major financial services company in Israel. The highly sophisticated, high-volume attack lasted almost 24 hours. The attacker deployed larger-than-usual resources, indicating a serious risk for future attacks. Other Israeli financial institutions reportedly suffered outages and downtimes on the same day, potentially due to the same type of attack and the same aggressor.
#Akamai#EN#2024#Blocked#DDoS#high-volume#attack
·akamai.com·
Akamai Blocked 419 TB of Malicious Traffic in a 24-Hour DDoS Attack
Security Incident | August 2024
Security Incident | August 2024
Mobile Guardian experienced a security incident that involved unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform on the 4th of August. We have halted servers in order to prevent further disruption by the perpetrator. This is not related to an error in configuration that occurred on the 30th of July which affected Mobile Guardian iPads on our Singapore instance only.
#mobileguardian#EN#2024#security#incident#MDM
·mobileguardian.com·
Security Incident | August 2024