Biztonsági szemle

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Thomas Spangler, an ISC intern as part of the SANS.edu BACS program]

The latest draft version of NIST's password guidelines simplifies password management best practices and eliminates those that did not promote stronger security.

Attackers can remotely add rogue admin accounts using the authentication bypass flaw.

The FBI, NSA and CNMF joined forces to warn the public of a looming threat posed by a massive botnet.

The company said the rogue update that caused disruptions on a global scale resulted from a "perfect storm" of issues.

There will be four major categories in the 2025 retread of the hacking competition, with prizes ranging for each challenge, from $20,000 to half a million.

The state-sponsored advanced persistent threat (APT) is going after high-value communications service provider networks in the US, potentially with a dual set of goals.

Though the critical vulnerability was patched in August, Ivanti is reminding customers to update as soon as possible as attacks from unauthenticated threat actors start circulating.

Threat actors are harvesting credentials today to decrypt later when quantum computers are readily available – so now’s the time for teams to start planning.

While these threats remain a valid concern, US government agencies have doubled down on their assurances to the American public that election infrastructure is secure.

The advanced Python-based PysSilon malware can steal data, record keystrokes, and execute remote commands. The attackers behind it are promising to leak details of deleted X posts related to accused rapper and music producer Sean Combs.