Biztonsági szemle
![SC Media](/sites/default/files/styles/narrow_1x/public/2023-10/sc-media.png.webp?itok=ZnyJkSlZ)
2024. júl. 15.
Biztonsági szemle
Alleged Disney breach admitted by suspected LockBit-linked hacktivist group
Allegedly included in the data dump were messages, files, and data sent by Disney's development team via Slack.
![SC Media](/sites/default/files/styles/narrow_1x/public/2023-10/sc-media.png.webp?itok=ZnyJkSlZ)
2024. júl. 15.
Biztonsági szemle
Medusa ransomware claims American Golf Corporation hack
Infiltration of American Golf's systems has purportedly enabled the exfiltration of members' information, user IDs, passwords, and secret keys, as well as emails, licenses, passports, reports, and financial details.
![SC Media](/sites/default/files/styles/narrow_1x/public/2023-10/sc-media.png.webp?itok=ZnyJkSlZ)
2024. júl. 15.
Biztonsági szemle
Samba file shares leveraged to facilitate DarkGate malware delivery
Malicious Microsoft Excel files have been used by threat actors to facilitate the execution of a Samba file share-hosted VBS code.
![SC Media](/sites/default/files/styles/narrow_1x/public/2023-10/sc-media.png.webp?itok=ZnyJkSlZ)
2024. júl. 15.
Biztonsági szemle
Squarespace-registered DeFi platforms subjected to DNS hijacking
Several decentralized finance platforms, including Compound Finance, Celer Network, and Pendle, had domains registered with Squarespace impacted by DNS hijacking attacks on Thursday.
![](/sites/default/files/styles/narrow_1x/public/feeds/37/logo_nki_fb_1200x630.png.webp?itok=VyX_pPZy)
2024. júl. 15.
Biztonsági szemle
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
![SC Media](/sites/default/files/styles/narrow_1x/public/2023-10/sc-media.png.webp?itok=ZnyJkSlZ)
2024. júl. 15.
Biztonsági szemle
Five security risks from Generative AI
GenAI has created great excitement and promise, but security teams still must grapple with the risks.
![](/sites/default/files/styles/narrow_1x/public/feeds/37/logo_nki_fb_1200x630.png.webp?itok=VyX_pPZy)
2024. júl. 15.
Biztonsági szemle
Protected OOXML Spreadsheets, (Mon, Jul 15th)
I was asked a question about the protection of an .xlsm spreadsheet. I've written before on the protection of .xls spreadsheets, for example in diary entries " Unprotecting Malicious Documents For Inspection" and " 16-bit Hash Collisions in .xls Spreadsheets"; and blog post " Quickpost: oledump.py plugin_biff.py: Remove Sheet Protection From Spreadsheets".
![](/sites/default/files/styles/narrow_1x/public/feeds/37/logo_nki_fb_1200x630.png.webp?itok=VyX_pPZy)
2024. júl. 15.
Biztonsági szemle
ISC Stormcast For Monday, July 15th, 2024 https://isc.sans.edu/podcastdetail/9052, (Mon, Jul 15th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
![SANS ISC](/sites/default/files/styles/narrow_1x/public/2023-10/sans-isc.png.webp?itok=Z9IbWF3o)
2024. júl. 14.
Biztonsági szemle
Wireshark 4.2.6 Released, (Sun, Jul 14th)
Wireshark release 4.2.6 fixes 1 vulnerability ( SPRT parser crash) and 10 bugs.
![](/sites/default/files/styles/narrow_1x/public/feeds/37/logo_nki_fb_1200x630.png.webp?itok=VyX_pPZy)
2024. júl. 13.
Biztonsági szemle
16-bit Hash Collisions in .xls Spreadsheets, (Sat, Jul 13th)
A couple years ago, in diary entry " Unprotecting Malicious Documents For Inspection" I explain how .xls spreadsheets are password protected (but not encrypted). And in follow-up diary entry " Maldocs: Protection Passwords", I talk about an update to my oledump plugin plugin_biff.py to crack these passwords using password lists (by default, an embedded password list is used that is taken from the 2011 public-domain default password list used by John The Ripper).
![SC Media](/sites/default/files/styles/narrow_1x/public/2023-10/sc-media.png.webp?itok=ZnyJkSlZ)
2024. júl. 12.
Biztonsági szemle
‘Shadow SaaS’ used by two-thirds of security pros, survey finds
Many organizations lack policies and training to address the risk of shadow IT, including GenAI.
![Dark Reading](/sites/default/files/styles/narrow_1x/public/2023-10/dark_reading.png.webp?itok=qZqhLpY9)
2024. júl. 12.
Biztonsági szemle
Lineaje Awarded Contract by the Department of the US Air Force
Oldalszámozás
- Előző oldal ‹‹
- 20. oldal
- Következő oldal ››