Infosec News

InfoSec News 20250129

  • Publicado: Qua, 29/01/2025 - 13:58

Top News

  • New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits

"A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome."

Link

TLP1 : Green

InfoSec News 20250127

  • Publicado: Seg, 27/01/2025 - 14:33

Top News

  • Stealthy and Persistent: New Ransomware Tactics Target VMware ESXi

"Sygnia’s latest report reveals the evolving tactics of ransomware groups targeting VMware ESXi appliances. By exploiting these critical virtualized infrastructure components, attackers aim to disrupt operations and maintain stealthy persistence within compromised networks."

Link

InfoSec News 20250124

  • Publicado: Sex, 24/01/2025 - 13:39

Top News

  • TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

"Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks."

Link

TLP1 : Green

InfoSec News 20250123

  • Publicado: Qui, 23/01/2025 - 14:16

Top News

  • DLL Sideloading & Proxying: New Campaign Delivers Sliver Implants to German Targets

"Cyble Research and Intelligence Labs (CRIL) has uncovered an ongoing cyber campaign targeting German organizations using sophisticated tactics like DLL sideloading, proxying, and the deployment of the Sliver implant, an open-source red-teaming framework adapted for malicious purposes."

Link

InfoSec News 20250122

  • Publicado: Qua, 22/01/2025 - 13:41

Top News

  • ChatGPT Crawler Vulnerability: DDoS Attacks via HTTP Requests

"The behavior of ChatGPT’s web crawler can be exploited through a discovered vulnerability: under specific query conditions, OpenAI’s bot may inadvertently execute DDoS attacks on arbitrary websites."

Link

TLP1 : Green

InfoSec News 20250121

  • Publicado: Ter, 21/01/2025 - 15:00

Top News

  • CVE-2025-0411: 7-Zip Security Vulnerability Enables Code Execution – Update Now

"Popular file archiver, 7-Zip, contained a flaw that could have allowed attackers to slip malware past Windows’ security defenses."

Link

TLP1 : Green

InfoSec News 20250120

  • Publicado: Seg, 20/01/2025 - 14:04

Top News

  • TikTok shuts down in the US as Trump throws the company a lifeline

"TikTok shut down in the U.S. late Saturday night following the Supreme Court's decision to uphold the law that banned the company over national security concerns."

Link

TLP1 : Green

InfoSec News 20250117

  • Publicado: Sex, 17/01/2025 - 14:53

Top News

  • Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions

"Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration."

Link

TLP1 : Green

InfoSec News 20250115

  • Publicado: Qua, 15/01/2025 - 19:19

Top News

  • Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.

Link

TLP1 : Green

Páginas