InfoSec News 20250415
Top News
-
SSL/TLS certificate lifespans reduced to 47 days by 2029
"The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029."
TLP1 : Green
-
New ResolverRAT malware targets pharma and healthcare orgs worldwide
"A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors."
TLP1 : Green
-
Meta to resume AI training on content shared by Europeans
"Meta announced today that it will soon start training its artificial intelligence models using content shared by European adult users on its Facebook and Instagram social media platforms."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Cybersecurity firm buying hacker forum accounts to spy on cybercriminals
"Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals."
TLP1 : Green
-
China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games
"China accuses three alleged U.S. NSA operatives of cyberattacks targeting critical infrastructure and the Asian Games in Harbin."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
US lab testing provider exposed health data of 1.6 million people
"Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
"A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date."
TLP1 : Green
-
Chrome 136 fixes 20-year browser history privacy risk
"Google is fixing a long-standing privacy issue that, for years, enabled websites to determine users' browsing history through the previously visited links."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Enhance your resume with this Microsoft Azure certification course deal
"Microsoft Azure is an extremely common tool in the tech industry, but it can be difficult to learn on your own. Free tutorials are out, but many of them are quickly outdated by a constantly evolving industry. If you want up-to-date Azure tutorials to prepare for jobs and professional certifications, check out the 2025 Microsoft Azure Architect and Administrator Exam Prep Bundle."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
"Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) is a North Korean state-sponsored threat group primarily focused on generating revenue for the DPRK regime, typically by targeting large organizations in the cryptocurrency sector. This article analyzes their campaign that we believe is connected to recent cryptocurrency heists."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.