Biztonsági szemle

Blind Eagle's intrusions commence with the distribution of government and financial organization-spoofing phishing emails with malicious attachments containing links that redirect to a website hosting a compressed ZIP archive as an initial dropper...

New AnvilEcho PowerShell trojan distribution has been sought by Iranian state-backed threat operation TA453 in a spear phishing attack campaign against a major Jewish personality that commenced late last month.

Infiltration of vulnerable systems via the security issue, which was addressed by PHP maintainers in early June, was followed by the deployment of Msupedge as a pair of dynamic link libraries, an analysis from Symantec's Threat Hunter Team showed.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-33044 Dahua IP Camera Authentication Bypass Vulnerability CVE-2021-33045 Dahua IP Camera Authentication Bypass...

Executive Summary This publication defines a baseline for event logging best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in cooperation with the following...

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners are releasing Best Practices for Event Logging and Threat Detection. This guide will assist organizations in...

The healthcare supply chain has been under attack for the last decade – it will take a national effort to keep our medical systems secure.

A server-side request forgery (SSRF) bug in Microsoft's tool for creating custom AI chatbots potentially exposed info across multiple tenants within cloud environments.

This World Entrepreneurs Day, discover how Cisco's non-profit partners are empowering underserved communities and fostering sustainable growth.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Michael Tigges, an ISC intern as part of the SANS.edu BACS program]

CodeBreaker technique can create code samples that poison the output of code-completing large language models, resulting in vulnerable — and undetectable — code suggestions.