Condividi

RSS

Piu’ articoli…

• Da Secure Online Desktop a Cyberfero: il rebranding dell’azienda leader nella cybersecurity
• NIS2 – Come il nuovo regolamento cyber potenzia la sicurezza dell’Europa
• Advanced persistent threat (APT): cosa sono e come difendersi
• Penetration Testing e MFA: Una Strategia Duplice per Massimizzare la Sicurezza
• SOAR e l’automazione della sicurezza informatica
• Penetration Testing: Dove Colpire per Proteggere la Tua Rete Informatica
• Ransomware: una piaga che mette in ginocchio aziende e istituzioni. Pagare o non pagare? Ecco la risposta.
• Perché l’audit IT e il log management sono importanti per la Cybersecurity

Categorie …

• Backup as a Service (25)
  • Acronis Cloud Backup (18)
  • Veeam Cloud Connect (3)
• Cloud CRM (1)
• Cloud Server/VPS (23)
• Conferenza Cloud (4)
• Cyberfero (15)
• Log Management (2)
• Monitoraggio ICT (4)
• Novita' (21)
• ownCloud (7)
• Privacy (8)
• Security (215)
  • Cyber Threat Intelligence (CTI) (9)
  • Deception (4)
  • Ethical Phishing (10)
  • Netwrix Auditor (2)
  • Penetration Test (18)
  • Posture Guard (4)
  • SOCaaS (66)
    • EDR (6)
    • SIEM (12)
    • SOAR (5)
    • UEBA (9)
  • Vulnerabilita' (83)
• Web Hosting (16)

Tags

Feed sconosciuto

darkreading

• Cybersecurity Lags in Middle East Business Development Dicembre 31, 2024
  The fast growing region has its own unique cyber issues — and it needs its own talent to fight them.
• 6 AI-Related Security Trends to Watch in 2025 Dicembre 31, 2024
  AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.
• Chinese State Hackers Breach US Treasury Department Dicembre 30, 2024
  In what's being called a "major cybersecurity incident," Beijing-backed adversaries broke into cyber vendor BeyondTrust to access the US Department of the Treasury workstations and steal unclassified data, according to a letter sent to lawmakers.
• How to Get the Most Out of Cyber Insurance Dicembre 30, 2024
  Cyber insurance should augment your cybersecurity strategy — not replace it.
• What Security Lessons Did We Learn in 2024? Dicembre 30, 2024
  Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.
• Deepfakes, Quantum Attacks Loom Over APAC in 2025 Dicembre 30, 2024
  Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.
• Defining & Defying Cybersecurity Staff Burnout Dicembre 27, 2024
  Sometimes it feels like burnout is an inevitable part of working in cybersecurity. But a little bit of knowledge can help you and your staff stay healthy.
• Hackers Are Hot for Water Utilities Dicembre 27, 2024
  The US water sector suffered a stream of cyberattacks over the past year-and-a-half from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here's how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities.
• Quantum Computing Advances in 2024 Put Security In Spotlight Dicembre 27, 2024
  The work on quantum computing hit some major milestones in 2024, making the path to a workable quantum computer seem closer than ever. Google, Microsoft, and other research efforts hit significant milestones this year, but is the cybersecurity world ready?
• SEC Disclosures Up, But Not Enough Details Provided Dicembre 26, 2024
  While companies have responded to the new SEC rules by disclosing incidents promptly, many of the reports don't meet the SEC's "material" standard.

Full Disclosure

• Multiple vulnerabilities in CTFd versions <= 3.7.4 Dicembre 31, 2024
  Posted by Blazej Adamczyk on Dec 30━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Multiple vulnerabilities in CTFd versions
• IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass Dicembre 31, 2024
  Posted by hyp3rlinx on Dec 30[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor]www.ibm.com [Product] Navigator for i is a Web console interface where you can perform the key tasks to administer your IBM i. IBM Navigator for i supports the vast majority of tasks that […]
• IBMi Navigator / CVE-2024-51463 / Server Side Request Forgery (SSRF) Dicembre 31, 2024
  Posted by hyp3rlinx on Dec 30[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_Server_Side_Request_Forgery_CVE-2024-51463.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor]www.ibm.com [Product] Navigator for i is a Web console interface where you can perform the key tasks to administer your IBM i. IBM Navigator for i supports the vast majority of tasks that...
• CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205 Dicembre 22, 2024
  Posted by Thomas Weber | CyberDanube via Fulldisclosure on Dec 21CyberDanube Security Research 20241219-0 ------------------------------------------------------------------------------- title| Authenticated Remote Code Execution product| Ewon Flexy 205 vulnerable version|
• Stored XSS with Filter Bypass - blogenginev3.3.8 Dicembre 19, 2024
  Posted by Andrey Stoykov on Dec 18# Exploit Title: Stored XSS with Filter Bypass - blogenginev3.3.8 # Date: 12/2024 # Exploit Author: Andrey Stoykov # Version: 3.3.8 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html Stored XSS Filter Bypass #1: Steps to Reproduce: 1. Login as admin and go to "Content" > "Posts" 2. On […]
• [SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269) Dicembre 19, 2024
  Posted by Matthias Deeg via Fulldisclosure on Dec 18Advisory ID: SYSS-2024-085 Product: CA Client Automation (CA DSM) Manufacturer: Broadcom Affected Version(s): 14.5.0.15 Tested Version(s): 14.5.0.15 Vulnerability Type: Improper Privilege Management (CWE-269) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-10-18 Solution Date: 2024-12-17 Public Disclosure:...
• [KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities Dicembre 17, 2024
  Posted by Egidio Romano on Dec 16--------------------------------------------------------------------------- GFI Kerio Control
• RansomLordNG - anti-ransomware exploit tool Dicembre 17, 2024
  Posted by malvuln on Dec 16This next generation version dumps process memory of the targeted Malware prior to termination The process memory dump file MalDump.dmp varies in size and can be 50 MB plus RansomLord now intercepts and terminates ransomware from 54 different threat groups Adding GPCode, DarkRace, Snocry, Hydra and Sage to the ever […]
• APPLE-SA-12-11-2024-9 Safari 18.2 Dicembre 12, 2024
  Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-9 Safari 18.2 Safari 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121846. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Ventura and macOS Sonoma Impact: On a […]
• APPLE-SA-12-11-2024-8 visionOS 2.2 Dicembre 12, 2024
  Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-8 visionOS 2.2 visionOS 2.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121845. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Crash Reporter Available for: Apple Vision Pro Impact: An app may […]