IM
IronMonkey Threat Research
LIVE
|
Articles 27,087
|
CVEs 348,613
|
APT Groups 800
|
Tools 2,196
|
Updated recently
Today Yesterday All 27,055 articles — Page 845 of 902
Threat Intelligence ·

Written by: Kelli Vanderlee, Jamie Collier Executive Summary The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract...

Government Facilities Information Technology Security & Identity Threat Intelligence
Fox-IT International blog ·

Authored by Willem Zeeman and Yun Zheng Hu This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik...

Blog
Fox-IT International blog ·

Authored by Willem Zeeman and Yun Zheng Hu This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik...

Healthcare and Public Health Blog
Wiz Blog | RSS feed ·

Detect and mitigate CVE-2024-4040, a critical vulnerability in CrushFTP exploited in the wild. Organizations should patch urgently.

Maxwell Dulin's Resources ·

Hedgey Finance is a token vesting and locking tool. I linked one article but I also like the Rekt News article. During a campaign creation, the user transfers the locked tokens to a smart contract...

Healthcare and Public Health Defense Industrial Base
Cloud Threat Landscape ·

Cisco reported two zero-day vulnerabilities in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls that have been exploited by a state-backed hacking group known as...

Wiz Blog | RSS feed ·

Ensure that your Kubernetes environments are secure and follow OWASP's Kubernetes Top 10 framework. Generate reports quickly and easily and remediate any issues with actionable insights.

Chemical Energy
Pulsedive Blog ·

In part 2 of this series, discover where practitioners share during CTI collaboration - from peer to peer trust groups to paid memberships.

Threat Intelligence ·

Attackers are taking greater strides to evade detection. This is one of the running themes in our latest release: M-Trends 2024. This edition of our annual report continues our tradition of...

Information Technology Security & Identity Threat Intelligence
GreyNoise Labs ·

Introduction Decrypting Fortinet’s FortiGate FortiOS firmware is a topic that has been thoroughly covered, in part because of the many variants and permutations of FortiOS firmware, all differing...

fortinet vulnerabilities
Maxwell Dulin's Resources ·

Gains is a leverage-trading platform. In particular, users can provide small amount of funds yet still gain high exposure to a given asset. The leverage portion allows for gains or losses of...

Financial Services
Threat Intelligence ·

Written by: Beleswar Prasad Padhi, Tina Johnson, Michael Bailey, Elliot Chernofsky, Blas Kojusner FakeNet-NG is a dynamic network analysis tool that captures network requests and simulates network...

Information Technology Threat Intelligence
security – Ars Technica ·

Accounts with stored payment information went for as little as $0.50 each.

Nuclear Communications
Cloud Threat Landscape ·

On 2024-04-19, an incident was reported, involving UNC5221, gaining initial access via 1-day vulnerability, while using Session hijacking, Webshell deployment, targeting Ivanti Connect Secure VPN...

Orange Cyberdefense ·

If you have been doing internal assessments on Active Directory infrastructure you may have heard the following words: “Null session”, “Guest session” and “Anonymous session”. These words describe...

Wiz Blog | RSS feed ·

Wiz announces its Runtime Sensor for Linux, expanding coverage of threat detection and response for cloud workloads.

Financial Services Transportation Systems
McAfee Labs | McAfee Blogs ·

Authored by Mohansundaram M and Neil Tyagi A new packed variant of the Redline Stealer trojan was observed in the... The post Redline Stealer: A Novel Approach appeared first on McAfee Blog.

Financial Services Commercial Facilities
Threat Intelligence ·

Written by: Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom With Russia's full-scale...

Sandworm Government Facilities Defense Industrial Base Threat Intelligence
Virus reviews ·

April 17, 2024 In 2023, ad-displaying trojans were the most common Android threats. Compared with the year prior, spyware trojans were less active and ranked second in terms of the number of times...

Energy Financial Services
Cloud Threat Landscape ·

Researchers observed attackers exploiting critical vulnerabilities in the OpenMetadata platform to infiltrate Kubernetes environments for cryptomining. OpenMetadata, an open-source platform for...

Maxwell Dulin's Resources ·

While fuzzing the Global Protect firewall, they noticed some interesting behavior in the logs. If they attached a semicolon to the SESSID parameter, some strange logs showed up - failed to...

Government Facilities
Maxwell Dulin's Resources ·

Apache Allura is used by many popular products. It is a site that managers source code, bug reports, discussions and many other things. SourceForge uses this under the hood. Within the discussion...

Maxwell Dulin's Resources ·

Many point of sale (POS) devices are going towards Android based systems instead of obscure custom made things. The authors of this post decided to review the PAX POS system for vulnerabilities....

Financial Services
Wiz Blog | RSS feed ·

Wiz introduces AI-remediation steps powered by Amazon Bedrock to empower customers to remediate risks quickly.

Information Technology
security – Ars Technica ·

Microsoft continues to get a free pass after series of cybersecurity failures.

Government Facilities Defense Industrial Base
Maxwell Dulin's Resources ·

The digital signature algorithm (DSA) requires a number used once (nonce). If this number isn't random, then it's trivial to recover the private key. This is how Geo Hotz hacked the Playstation 3...

Information Technology
security – Ars Technica ·

New features, security updates, and Linux support are all on a long to-do list.

Critical Manufacturing Nuclear
Cloud Threat Landscape ·

On 2024-04-14, an incident was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, with unknown impact.

Information Technology
Maxwell Dulin's Resources ·

In the Cosmos ecosystem, there is a cross chain communication framework called Interblockchain Communcation or IBC for short. On top of IBC, there is a middleware called Packet Forwarding Module...

Maxwell Dulin's Resources ·

Preventing the replay of previous transactions is important for the security of Solana and most blockchain systems. The obvious way would be to check if a signature had already been seen. However,...