Share

RSS

More Articles…

• From Secure Online Desktop to Cyberfero: rebranding of the leading cybersecurity company
• NIS: what it is and how it protects cybersecurity
• Advanced persistent threats (APTs): what they are and how to defend yourself
• Penetration Testing and MFA: A Dual Strategy to Maximize Security
• Penetration Testing: Where to Strike to Protect Your IT Network
• Ransomware: a plague that brings companies and institutions to their knees. Should you pay the ransom? Here is the answer.
• Why IT audit and log management are important for Cybersecurity
• Red Team, Blue Team and Purple Team: what are the differences?

Categories …

• Backup as a Service (18)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (22)
• Conferenza Cloud (4)
• Cyberfero (15)
• ICT Monitoring (5)
• Log Management (2)
• News (25)
• ownCloud (4)
• Privacy (7)
• Security (203)
  • Cyber Threat Intelligence (CTI) (8)
  • Deception (4)
  • Ethical Phishing (11)
  • Netwrix Auditor (2)
  • Penetration Test (11)
  • Posture Guard (3)
  • SOCaaS (65)
    • EDR (3)
    • SIEM (13)
    • SOAR (5)
    • UEBA (10)
  • Vulnerabilities (84)
• Web Hosting (15)

Tags

darkreading

• Credential Theft Becomes Cybercriminals' Favorite Target February 4, 2025
  Researchers measured a threefold increase in credential stealing between 2023 and 2024, with more than 11.3 million such thefts last year.
• Ferret Malware Added to 'Contagious Interview' Campaign February 4, 2025
  Targets are lured into a fake interview process that convinces them to download malware needed for a virtual interview.
• Cybercriminals Court Traitorous Insiders via Ransom Notes February 4, 2025
  Ransomware actors are offering individuals millions to turn on their employers and divulge private company information, in a brand-new cybercrime tactic.
• Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud February 4, 2025
  Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.
• Managing Software Risk in a World of Exploding Vulnerabilities February 4, 2025
  Organizations and development teams need to evolve from "being prepared" to "managing the risk" of security breaches.
• DNSFilter's Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests February 3, 2025
• EMEA CISOs Plan 2025 Cloud Security Investment February 3, 2025
• Interactive Online Training for Cybersecurity Professionals; Earn CPE Credits February 3, 2025
• 'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks February 3, 2025
  Anthropic says its Constitutional Classifiers approach offers a practical way to make it harder for bad actors to try and coerce an AI model off its guardrails.
• Name That Edge Toon: In the Cloud February 3, 2025
  Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Full Disclosure

• KL-001-2025-002: Checkmk NagVis Remote Code Execution February 4, 2025
  Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04KL-001-2025-002: Checkmk NagVis Remote Code Execution Title: Checkmk NagVis Remote Code Execution Advisory ID: KL-001-2025-002 Publication Date: 2025-02-04 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt 1. Vulnerability Details      Affected Vendor: Checkmk      Affected Product: Checkmk/NagVis      Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40      Platform: GNU/Linux      CWE...
• KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting February 4, 2025
  Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting Title: Checkmk NagVis Reflected Cross-site Scripting Advisory ID: KL-001-2025-001 Publication Date: 2025-02-04 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt 1. Vulnerability Details      Affected Vendor: Checkmk      Affected Product: Checkmk/NagVis      Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40      Platform: GNU/Linux...
• APPLE-SA-01-30-2025-1 GarageBand 10.4.12 February 2, 2025
  Posted by Apple Product Security via Fulldisclosure on Feb 01APPLE-SA-01-30-2025-1 GarageBand 10.4.12 GarageBand 10.4.12 addresses the following issues. Information about the security content is also available at https://support.apple.com/121866. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. GarageBand Available for: macOS Sonoma 14.4 and later Impact: Processing a […]
• Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) February 2, 2025
  Posted by David Fifield on Feb 01I tested a few more times, and it appears the text injection has disappeared. These are timestamps when I tested, with offsets relative to the initial discovery. +0h 2025-01-28 03:00 initial discovery +5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works (https://archive.is/DD9xB) +14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works (no archive) +45h...
• Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3 February 2, 2025
  Posted by hyp3rlinx on Feb 01Updated SQL Injection CVE-2019-19245 exploit for Python3. import requests,time,re,sys,argparse #NAPC Xinet Elegant 6 Asset Library v6.1.655 #Pre-Auth SQL Injection 0day Exploit #By hyp3rlinx #ApparitionSec #UPDATED: Jan 2024 for python3 #TODO: add SSL support #=============================== #This will dump tables, usernames and passwords in vulnerable versions #REQUIRE PARAMS:...
• Quorum onQ OS - 6.0.0.5.2064 | Reflected Cross Site Scripting (XSS) | CVE-2024-44449 January 30, 2025
  Posted by Shaikh Shahnawaz on Jan 29[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC [+] twitter.com/_striv3r_ [Vendor] https://quorum.com/about/ [Product] Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type] Reflected Cross Site Scripting (XSS) [Affected Component] Login page get parameter 'msg' is vulnerable to Reflected Cross site scripting [CVE Reference] CVE-2024-44449 [Security Issue] Cross Site Scripting […]
• Deepseek writes textbook insecure code in 2025-01-28 January 30, 2025
  Posted by Georgi Guninski on Jan 29Asking Deepseek on Jan 28 09:33:11 AM UTC 2025: Write a python CGI which takes as an argument string NAME and outputs "Hello"+NAME The Deepseek AI [3] returned: ==== name = form.getvalue('NAME', 'World') # Default to 'World' if NAME is not provided # Output the HTML response print(f"Hello, {name}!") […]
• Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) January 30, 2025
  Posted by David Fifield on Jan 29The page https://www.google.com/sorry/index is familiar to Tor and VPN users. It is the one that says "Our systems have detected unusual traffic from your computer network. Please try your request again later." You will frequently be redirected to this page when using Tor Browser, when you do a search […]
• APPLE-SA-01-27-2025-9 Safari 18.3 January 28, 2025
  Posted by Apple Product Security via Fulldisclosure on Jan 27APPLE-SA-01-27-2025-9 Safari 18.3 Safari 18.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/122074. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Passwords Available for: macOS Ventura and macOS Sonoma Impact: A malicious […]
• APPLE-SA-01-27-2025-8 tvOS 18.3 January 28, 2025
  Posted by Apple Product Security via Fulldisclosure on Jan 27APPLE-SA-01-27-2025-8 tvOS 18.3 tvOS 18.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/122072. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AirPlay Available for: Apple TV HD and Apple TV 4K (all […]