Implementing Risk-Based Vulnerability Discovery and Remediation

Implementing Risk-Based Vulnerability Discovery and Remediation,

In this day and age, vulnerabilities in software and systems pose a considerable danger to businesses, which is why it is essential to have an efficient vulnerability management program in place. To stay one step ahead of possible breaches and reduce the damage they may cause, it is crucial to automate the process of finding and fixing vulnerabilities depending on the level of danger they pose.

,

In this day and age, vulnerabilities in software and systems pose a considerable danger to businesses, which is why it is essential to have an efficient vulnerability management program in place. To stay one step ahead of possible breaches and reduce the damage they may cause, it is crucial to automate the process of finding and fixing vulnerabilities depending on the level of danger they pose.

, ,
https://thehackernews.com/2023/05/implementing-risk-based-vulnerability.html

Android TV : Google réagit au scandale des malwares préinstallés sur des boîtiers

Android TV : Google réagit au scandale des malwares préinstallés sur des boîtiers,

Android TV

Certains boîtiers, mensongèrement estampillés Android TV, cachent des malwares. Pour aider les utilisateurs à se protéger, Google a tenu à faire le point sur la situation et sur les bonnes pratiques à adopter avant l’achat.

,

Android TV

Certains boîtiers, mensongèrement estampillés Android TV, cachent des malwares. Pour aider les utilisateurs à se protéger, Google a tenu à faire le point sur la situation et sur les bonnes pratiques à adopter avant l’achat.

, ,
https://www.01net.com/actualites/android-tv-google-reagit-au-scandale-des-malwares-preinstalles-sur-des-boitiers.html

Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users

Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users,

A new open source remote access trojan (RAT) called DogeRAT targets Android users primarily located in India as part of a sophisticated malware campaign.
The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of YouTube, Netflix, and Instagram.
« Once installed on a victim’s device, the

,

A new open source remote access trojan (RAT) called DogeRAT targets Android users primarily located in India as part of a sophisticated malware campaign.
The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of YouTube, Netflix, and Instagram.
« Once installed on a victim’s device, the

, ,
https://thehackernews.com/2023/05/sneaky-dogerat-trojan-poses-as-popular.html

Attention aux fichiers .zip, ils cachent peut-être une attaque phishing

Attention aux fichiers .zip, ils cachent peut-être une attaque phishing,

Phishing

Prenez garde aux fichiers .zip ! D’après des experts en sécurité, cette extension est susceptible d’être utilisée par des pirates pour orchestrer d’astucieuses attaques phishing…

,

Phishing

Prenez garde aux fichiers .zip ! D’après des experts en sécurité, cette extension est susceptible d’être utilisée par des pirates pour orchestrer d’astucieuses attaques phishing…

, ,
https://www.01net.com/actualites/attention-fichiers-zip-cachent-peut-etre-attaque-phishing.html

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force

New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force,

Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices.
The approach, dubbed BrutePrint, bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA

,

Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices.
The approach, dubbed BrutePrint, bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA

, ,
https://thehackernews.com/2023/05/new-bruteprint-attack-lets-attackers.html

AceCryptor: Cybercriminals’ Powerful Weapon, Detected in 240K+ Attacks

AceCryptor: Cybercriminals’ Powerful Weapon, Detected in 240K+ Attacks

,

A crypter (alternatively spelled cryptor) malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016.
Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per month.
Some of the prominent malware families contained within AceCryptor are SmokeLoader, RedLine

,

A crypter (alternatively spelled cryptor) malware dubbed AceCryptor has been used to pack numerous strains of malware since 2016.
Slovak cybersecurity firm ESET said it identified over 240,000 detections of the crypter in its telemetry in 2021 and 2022. This amounts to more than 10,000 hits per month.
Some of the prominent malware families contained within AceCryptor are SmokeLoader, RedLine

, ,
https://thehackernews.com/2023/05/acecryptor-cybercriminals-powerful.html

3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them

3 Challenges in Building a Continuous Threat Exposure Management (CTEM) Program and How to Beat Them,

If you’re a cybersecurity professional, you’re likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day.
In this article, we’ll look at another trending acronym – CTEM, which stands for Continuous Threat Exposure Management – and the often-surprising challenges that come

,

If you’re a cybersecurity professional, you’re likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day.
In this article, we’ll look at another trending acronym – CTEM, which stands for Continuous Threat Exposure Management – and the often-surprising challenges that come

, ,
https://thehackernews.com/2023/05/3-challenges-in-building-continuous.html

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan,

Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT.
« Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT, » the JPCERT Coordination Center (JPCERT/CC) said in a report published today.
The compromise of an internet-exposed router is followed by the

,

Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT.
« Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT, » the JPCERT Coordination Center (JPCERT/CC) said in a report published today.
The compromise of an internet-exposed router is followed by the

, ,
https://thehackernews.com/2023/05/new-gobrat-remote-access-trojan.html

Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims

Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims

,

A new phishing technique called « file archiver in the browser » can be leveraged to « emulate » a file archiver software in a web browser when a victim visits a .ZIP domain.
« With this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a .zip domain to make it appear more legitimate, » security researcher mr.d0x disclosed last week.
Threat actors, in a

,

A new phishing technique called « file archiver in the browser » can be leveraged to « emulate » a file archiver software in a web browser when a victim visits a .ZIP domain.
« With this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a .zip domain to make it appear more legitimate, » security researcher mr.d0x disclosed last week.
Threat actors, in a

, ,
https://thehackernews.com/2023/05/dont-click-that-zip-file-phishers.html

PyPI Implements Mandatory Two-Factor Authentication for Project Owners

PyPI Implements Mandatory Two-Factor Authentication for Project Owners,

The Python Package Index (PyPI) announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication (2FA) by the end of the year.
« Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage, » PyPI administrator Donald Stufft said. « In addition

,

The Python Package Index (PyPI) announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication (2FA) by the end of the year.
« Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage, » PyPI administrator Donald Stufft said. « In addition

, ,
https://thehackernews.com/2023/05/pypi-implements-mandatory-two-factor.html