Biztonsági szemle

While Sirius XM has allegedly engaged in the sharing of sensitive user data with unaffiliated third parties and other groups without notifying users and obtaining their consent, the MyRadar weather app, Miles travel rewards app, and Tapestri...

Under the proposed FCC rule, telecommunications entities would not only need to ensure their networks' defenses against "unlawful access and interception" but also be required to undergo yearly cybersecurity risk management plan certifications.

Such a crackdown on Manson Market — which commenced in late 2022 following a reported increase in fake phone calls spoofing bank employees — also resulted in the seizure of more than 50 of its servers containing over 200 TB of data, as well as the...

Nearly 150 employees of the financial entity have been compromised by Ogletree in a phishing campaign between October and November 2023 that sought to exfiltrate account credentials via company-spoofing phishing sites, the complaint alleged.

Intrusions leveraging CVE-2024-41713, which stems from insufficient input validation in MiCollab's NuPoint Unified Messaging component, could facilitate not only unauthenticated provisioning data access but also unauthenticated admin task execution...

Most severe of the vulnerabilities is the undocumented features inclusion issue, tracked as CVE-2024-52564, which could be exploited to facilitate remote firewall deactivation, device setting manipulation, and arbitrary OS command execution...

After compromising the Romanian Permanent Electoral Authority's IT infrastructure on Nov. 19, threat actors went on to expose the account credentials for several of the country's election sites while deploying persistent intrusions that sought to...

Earth Minotaur leverages instant messaging apps to send messages with malicious links purporting to be Tibetan or Uyghur music and dance-related videos, which redirected to dozens of MOONSHINE exploit kit servers that would enable the download of a...

Aside from luring children into providing sexually explicit photos of themselves, such methods have also been used to force youths into harming family members and animals, as well as committing suicide, an intelligence report from the Joint Regional...

Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I get a daily report from my honeypots for Cowrie activity [1], which includes telnet and SSH sessions attempted on the honyepot. One indicator I use to find sessions of interest is the number of commands run. Most of the time there are about 20...