Sophos MDR protegge 26.000 clienti in tutto il mondo e svela importanti novità
Credit to Author: Tiziana Carboni| Date: Tue, 14 Jan 2025 07:59:50 +0000
Cresce del 37% il parco clienti mondiale di Sophos MDR nel 2024
Read morePrioritizzazione delle patch: un’analisi approfondita di framework e strumenti – Parte 1: CVSS
Credit to Author: Matt Wixey| Date: Thu, 09 Jan 2025 07:38:33 +0000
Questo è il primo di due articoli che esplorano gli strumenti e i framework che possono aiutare le organizzazioni a stabilire le priorità di rimedio. In questo primo articolo, Sophos X-Ops analizza il Common Vulnerability Scoring System (CVSS)
Read moreCode injection attacks using publicly disclosed ASP.NET machine keys
Credit to Author: Microsoft Threat Intelligence| Date: Thu, 06 Feb 2025 18:00:00 +0000
Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice whereby developers have incorporated various publicly disclosed ASP.NET machine keys from publicly accessible resources, such as code documentation and repositories, which threat actors have used to launch ViewState code injection attacks and perform malicious actions on target servers.
The post Code injection attacks using publicly disclosed ASP.NET machine keys appeared first on Microsoft Security Blog.
Read moreNew scams could abuse brief USPS suspension of inbound packages from China, Hong Kong
News about USPS suspending shipments from China and Hong Kong may give scammers some ideas to defraud consumers
Read moreDOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers
Credit to Author: Andy Greenberg, David Gilbert, Lily Hay Newman| Date: Thu, 06 Feb 2025 07:30:20 +0000
Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.
Read moreThe Collapse of USAID Is Already Fueling Human Trafficking and Slavery at Scammer Compounds
Credit to Author: Matt Burgess, Lily Hay Newman| Date: Wed, 05 Feb 2025 17:33:53 +0000
The dismantling of USAID by Elon Musk’s DOGE and a State Department funding freeze have severely disrupted efforts to help people escape forced labor camps run by criminal scammers.
Read moreUniversity site cloned to evade ad detection distributes fake Cisco installer
Malvertisers got inspired by the website for a German university to bypass ad security and distribute malware.
Read moreScalable Vector Graphics files pose a novel phishing threat
Credit to Author: Andrew Brandt| Date: Wed, 05 Feb 2025 17:01:03 +0000
The SVG file format can harbor malicious HTML, scripts, and malware
Read moreDespite Catastrophic Hacks, Ransomware Payments Dropped Dramatically Last Year
Credit to Author: Andy Greenberg, Lily Hay Newman| Date: Wed, 05 Feb 2025 13:00:00 +0000
Ransomware gangs continued to wreak havoc in 2024, but new research shows that the amounts victims paid these cybercriminals fell by hundreds of millions of dollars.
Read more