Condividi

RSS

Piu’ articoli…

• Da Secure Online Desktop a Cyberfero: il rebranding dell’azienda leader nella cybersecurity
• NIS2 – Come il nuovo regolamento cyber potenzia la sicurezza dell’Europa
• Advanced persistent threat (APT): cosa sono e come difendersi
• Penetration Testing e MFA: Una Strategia Duplice per Massimizzare la Sicurezza
• SOAR e l’automazione della sicurezza informatica
• Penetration Testing: Dove Colpire per Proteggere la Tua Rete Informatica
• Ransomware: una piaga che mette in ginocchio aziende e istituzioni. Pagare o non pagare? Ecco la risposta.
• Perché l’audit IT e il log management sono importanti per la Cybersecurity

Categorie …

• Backup as a Service (25)
  • Acronis Cloud Backup (18)
  • Veeam Cloud Connect (3)
• Cloud CRM (1)
• Cloud Server/VPS (23)
• Conferenza Cloud (4)
• Cyberfero (15)
• Log Management (2)
• Monitoraggio ICT (4)
• Novita' (21)
• ownCloud (7)
• Privacy (8)
• Security (215)
  • Cyber Threat Intelligence (CTI) (9)
  • Deception (4)
  • Ethical Phishing (10)
  • Netwrix Auditor (2)
  • Penetration Test (18)
  • Posture Guard (4)
  • SOCaaS (66)
    • EDR (6)
    • SIEM (12)
    • SOAR (5)
    • UEBA (9)
  • Vulnerabilita' (83)
• Web Hosting (16)

Tags

Feed sconosciuto

darkreading

• Credential Theft Becomes Cybercriminals' Favorite Target Febbraio 4, 2025
  Researchers measured a threefold increase in credential stealing between 2023 and 2024, with more than 11.3 million such thefts last year.
• Ferret Malware Added to 'Contagious Interview' Campaign Febbraio 4, 2025
  Targets are lured into a fake interview process that convinces them to download malware needed for a virtual interview.
• Cybercriminals Court Traitorous Insiders via Ransom Notes Febbraio 4, 2025
  Ransomware actors are offering individuals millions to turn on their employers and divulge private company information, in a brand-new cybercrime tactic.
• Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud Febbraio 4, 2025
  Funnull CDN rents IPs from legitimate cloud service providers and uses them to host criminal websites, continuously cycling cloud resources in and out of use and acquiring new ones to stay ahead of cyber-defender detection.
• Managing Software Risk in a World of Exploding Vulnerabilities Febbraio 4, 2025
  Organizations and development teams need to evolve from "being prepared" to "managing the risk" of security breaches.
• DNSFilter's Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests Febbraio 3, 2025
• EMEA CISOs Plan 2025 Cloud Security Investment Febbraio 3, 2025
• Interactive Online Training for Cybersecurity Professionals; Earn CPE Credits Febbraio 3, 2025
• 'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks Febbraio 3, 2025
  Anthropic says its Constitutional Classifiers approach offers a practical way to make it harder for bad actors to try and coerce an AI model off its guardrails.
• Name That Edge Toon: In the Cloud Febbraio 3, 2025
  Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Full Disclosure

• KL-001-2025-002: Checkmk NagVis Remote Code Execution Febbraio 4, 2025
  Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04KL-001-2025-002: Checkmk NagVis Remote Code Execution Title: Checkmk NagVis Remote Code Execution Advisory ID: KL-001-2025-002 Publication Date: 2025-02-04 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt 1. Vulnerability Details      Affected Vendor: Checkmk      Affected Product: Checkmk/NagVis      Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40      Platform: GNU/Linux      CWE...
• KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting Febbraio 4, 2025
  Posted by KoreLogic Disclosures via Fulldisclosure on Feb 04KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting Title: Checkmk NagVis Reflected Cross-site Scripting Advisory ID: KL-001-2025-001 Publication Date: 2025-02-04 Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-001.txt 1. Vulnerability Details      Affected Vendor: Checkmk      Affected Product: Checkmk/NagVis      Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40      Platform: GNU/Linux...
• APPLE-SA-01-30-2025-1 GarageBand 10.4.12 Febbraio 2, 2025
  Posted by Apple Product Security via Fulldisclosure on Feb 01APPLE-SA-01-30-2025-1 GarageBand 10.4.12 GarageBand 10.4.12 addresses the following issues. Information about the security content is also available at https://support.apple.com/121866. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. GarageBand Available for: macOS Sonoma 14.4 and later Impact: Processing a […]
• Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) Febbraio 2, 2025
  Posted by David Fifield on Feb 01I tested a few more times, and it appears the text injection has disappeared. These are timestamps when I tested, with offsets relative to the initial discovery. +0h 2025-01-28 03:00 initial discovery +5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works (https://archive.is/DD9xB) +14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works (no archive) +45h...
• Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3 Febbraio 2, 2025
  Posted by hyp3rlinx on Feb 01Updated SQL Injection CVE-2019-19245 exploit for Python3. import requests,time,re,sys,argparse #NAPC Xinet Elegant 6 Asset Library v6.1.655 #Pre-Auth SQL Injection 0day Exploit #By hyp3rlinx #ApparitionSec #UPDATED: Jan 2024 for python3 #TODO: add SSL support #=============================== #This will dump tables, usernames and passwords in vulnerable versions #REQUIRE PARAMS:...
• Quorum onQ OS - 6.0.0.5.2064 | Reflected Cross Site Scripting (XSS) | CVE-2024-44449 Gennaio 30, 2025
  Posted by Shaikh Shahnawaz on Jan 29[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC [+] twitter.com/_striv3r_ [Vendor] https://quorum.com/about/ [Product] Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type] Reflected Cross Site Scripting (XSS) [Affected Component] Login page get parameter 'msg' is vulnerable to Reflected Cross site scripting [CVE Reference] CVE-2024-44449 [Security Issue] Cross Site Scripting […]
• Deepseek writes textbook insecure code in 2025-01-28 Gennaio 30, 2025
  Posted by Georgi Guninski on Jan 29Asking Deepseek on Jan 28 09:33:11 AM UTC 2025: Write a python CGI which takes as an argument string NAME and outputs "Hello"+NAME The Deepseek AI [3] returned: ==== name = form.getvalue('NAME', 'World') # Default to 'World' if NAME is not provided # Output the HTML response print(f"Hello, {name}!") […]
• Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) Gennaio 30, 2025
  Posted by David Fifield on Jan 29The page https://www.google.com/sorry/index is familiar to Tor and VPN users. It is the one that says "Our systems have detected unusual traffic from your computer network. Please try your request again later." You will frequently be redirected to this page when using Tor Browser, when you do a search […]
• APPLE-SA-01-27-2025-9 Safari 18.3 Gennaio 28, 2025
  Posted by Apple Product Security via Fulldisclosure on Jan 27APPLE-SA-01-27-2025-9 Safari 18.3 Safari 18.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/122074. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Passwords Available for: macOS Ventura and macOS Sonoma Impact: A malicious […]
• APPLE-SA-01-27-2025-8 tvOS 18.3 Gennaio 28, 2025
  Posted by Apple Product Security via Fulldisclosure on Jan 27APPLE-SA-01-27-2025-8 tvOS 18.3 tvOS 18.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/122072. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AirPlay Available for: Apple TV HD and Apple TV 4K (all […]