Security Affairs

FEBRUARY 19, 2025

we have explored a suspicious (and quite common) architecture where authentication is enforced at a proxy later but then the request is passed through a second layer with different behavior. Fundamentally, these sorts of architectures lead to things like header smuggling and path confusion, which can result in many impactful bugs!

Firewall 103

Firewall Authentication Architecture Internet 103

Security Affairs

JANUARY 28, 2025

DeepSeek’s AI model is highly appreciated due to its exceptional performance, low costs, versatility across various industries, and innovative architecture that enhances learning and decision-making. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,AI platform)

Artificial Intelligence 114

Artificial Intelligence DDOS Architecture Marketing 114

Security Affairs

MARCH 20, 2025

The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Ukraine)

Computers and Electronics 105

Computers and Electronics Telecommunications Malware Surveillance 105

eSecurity Planet

OCTOBER 18, 2024

Knowledge of cloud systems architecture and how it interacts with various devices is invaluable. Blockchain: Developed primarily for cryptocurrency applications and maligned for manipulating those markets, blockchain can be a valuable security tool, as its universe of connected nodes is almost impossible to corrupt or destroy.

Cybersecurity 125

Cybersecurity Artificial Intelligence Penetration Testing CISO 125

Security Affairs

JANUARY 21, 2025

The experts used a diagnostic software to analyze the vehicle architecture, scan the Electronic Control Unit (ECU), identify its version, and test diagnostic functions. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,Mercedes)

Software 129

Software Architecture Media Engineering 129

eSecurity Planet

APRIL 7, 2023

These and many other network security solutions are ramped up specifically on the DMZ, making it so network administrators can often detect unusual behavior before unauthorized users try to move past the DMZ to access the LAN. Unfortunately, home networks tend to be easy to hack due to limited security investments on the part of the owner.

Architecture 102

Architecture Firewall Network Security Technology 102

Security Affairs

NOVEMBER 2, 2024

. “The adversaries appear to be well-resourced, patient, creative, and unusually knowledgeable about the internal architecture of the device firmware. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, China-linked threat actors)

Firmware 118

Firmware Government Firewall Malware 118

The Last Watchdog

JULY 7, 2023

Budapest, Hungary, July 07, 2023 — Silent Signal, a leading technology provider of state-of-the-art ethical hacking services and solutions, discovered and reported a vulnerability to IBM, that has been confirmed and identified under CVE-2023-30990. Read more about how to secure your IBM i Servers to meet compliance requirements.

Architecture 179

Architecture Hacking Media Government 179

Security Affairs

MARCH 19, 2025

” Rule files are configuration files that guide AI Agent behavior in code generation and modification, defining coding standards, project architecture, and best practices.

Architecture 95

Architecture Risk Hacking Software 95

Security Affairs

MARCH 2, 2025

DragonForce Ransomware Group is Targeting Saudi Arabia Massive Botnet Targets M365 with Stealthy Password Spraying Attacks Notorious Malware, Spam Host Prospero Moves to Kaspersky Lab ACRStealer Infostealer Exploiting Google Docs as C2 #StopRansomware: Ghost (Cring) Ransomware The GitVenom campaign: cryptocurrency theft using GitHub Silent Killers: (..)

Malware 61

Malware Architecture IoT Ransomware 61

Security Affairs

MAY 27, 2021

. • NASA lacked an Agency-wide risk management framework for information security and an information security architecture. The Security Operations Center lacks visibility and authority to manage information security incident detection and remediation for the entirety of NASA’s IT infrastructure.

Information Security 130

Information Security Cyber Attacks Mobile Architecture 130

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. ” The hacking group initially compromised one of the telecommunication companies by leveraging external DNS (eDNS) servers which are part of the General Packet Radio Service (GPRS) network.

Telecommunications 134

Telecommunications Mobile Hacking Architecture 134

Security Affairs

OCTOBER 5, 2020

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four components, some of which were borrowing the source code a Hacking Team spyware. Pierluigi Paganini.

Firmware 145

Firmware Spyware Surveillance Hacking 145

Security Affairs

DECEMBER 15, 2023

The malicious code can target various architectures, it supports both flooder and backdoor capabilities. The primary target of NKAbuse is Linux desktops, however, it can target MISP and ARM architecture. NKN (New Kind of Network) is a decentralized peer-to-peer network protocol that relies on blockchain technology.

Malware 138

Malware Architecture Technology DDOS 138

Security Affairs

DECEMBER 9, 2021

TPLINK #cybersecurity #rce #cve #hacking #routerhacking #kpmghungary I found an RCE vulnerability in a TP-Link TL-WR840N EU V5 router (CVE-2021-41653). Like the Mirai botnet, Dark Mirai determines the victim’s architecture to fetch and download the matching payload. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

Firmware 145

Firmware Architecture Malware Hacking 145

Security Affairs

NOVEMBER 1, 2021

The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. This architecture was implemented to make the botnet resilient to takedowns by law enforcement and security firms with the support of the vendors of the infected devices. Pierluigi Paganini.

Architecture 145

Architecture DDOS Advertising DNS 145

Security Affairs

JANUARY 27, 2025

“As we saw, text-based protocols are often vulnerable to injection, and a small architecture flaw can lead to a big security issue.” “I hope that this research helped the Git community to improve its security, and I am looking forward to seeing further research on Git-related projects.”

Architecture 64

Architecture Hacking Information Security 64

Security Boulevard

NOVEMBER 20, 2023

Permalink The post DEF CON 31 – Panel: ‘Hack the Future – Why Congress & White House Support AI Red Teaming’ appeared first on Security Boulevard. Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel.

Hacking 105

Hacking Architecture Education Information Security 105

Security Affairs

JUNE 22, 2020

If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.” SecurityAffairs – hacking, chips). Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware 132

Firmware Architecture Advertising Manufacturing 132

SecureWorld News

FEBRUARY 27, 2025

As global cybersecurity threats continue to rise, information security professionals must enroll in continuous education and training programs to acquire current knowledge and skills that help organizations thwart these costly risks. Which cybersecurity certification should I get first?

Cybersecurity 67

Cybersecurity Information Security Penetration Testing Backups 67

Security Affairs

MARCH 15, 2025

It is based on a microkernel architecture, designed for high availability, scalability, and modularity. The company’s Product Security Incident Response Team (PSIRT) is not aware of attacks in the wild exploiting this vulnerability.

Software 67

Software Architecture Hacking Risk 67

Security Affairs

OCTOBER 23, 2021

Cisco SD-WAN is a cloud-delivered overlay WAN architecture that enables digital and cloud transformation at enterprises, it allows to connect disparate office locations via the cloud. SecurityAffairs – hacking, Cisco SD-WAN). appeared first on Security Affairs. ” states CISA’s advisory. Pierluigi Paganini.

Architecture 144

Architecture Authentication Hacking Software 144

Security Affairs

AUGUST 25, 2022

We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password. SecurityAffairs – hacking, data breach). The post LastPass data breach: threat actors stole a portion of source code appeared first on Security Affairs. Pierluigi Paganini.

Data breaches 144

Data breaches Password Management Passwords Architecture 144

Security Affairs

OCTOBER 6, 2024

Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0

Malware 115

Malware Architecture Cryptocurrency Cyber Attacks 115

Security Affairs

JULY 19, 2021

Threat actors that goes online with the moniker ZeroX claim to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant end it is offering for sale it on multiple hacking forums. SecurityAffairs – hacking, Saudi Aramco). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Engineering 143

Engineering Data breaches Telecommunications Wireless 143

Security Affairs

JUNE 9, 2024

. “However, since PHP CGI is an outdated and problematic architecture, it’s still recommended to evaluate the possibility of migrating to a more secure architecture such as Mod-PHP, FastCGI, or PHP-FPM.”

Architecture 140

Architecture Hacking Risk Cybersecurity 140

Security Affairs

NOVEMBER 30, 2022

Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” ” reads the notice of security incident published by the company. The company pointed out that customers’ passwords were not compromised due to LastPass’s Zero Knowledge architecture. . Pierluigi Paganini.

Architecture 100

Architecture Passwords Data breaches Password Management 100

Security Affairs

SEPTEMBER 27, 2020

The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019. It extracts the binary for the relevant architecture in /tmp/udev2 and executes it. SecurityAffairs – hacking, FinSpy). Pierluigi Paganini.

Spyware 144

Spyware Surveillance Advertising Mobile 144

Joseph Steinberg

JULY 13, 2022

Not all of the elements within Lockdown Mode are completely new – some have been available and enabled by users (including me) for years – but, Lockdown mode does dramatically simplify the process of enabling better security on Apple devices. Also concerning is the fact that in Apple’s Lockdown announcement, Ivan Krsti?,

Cybersecurity 258

Cybersecurity Artificial Intelligence Government Social Engineering 258

Security Affairs

SEPTEMBER 18, 2024

“The investigation has yielded insights into the botnet’s network architecture, exploitation campaigns, malware components, and operational use, illuminating the evolving tactics and techniques employed by the threat actors. “This botnet has targeted entities in the U.S. ” concludes the report.

IoT 135

IoT Wireless DDOS Architecture 135

Security Affairs

NOVEMBER 12, 2020

The modular architecture of ModPipe consists of the basic components and downloadable modules: initial dropper that contains binaries (both 32-bit and 64-bit) of the next stage persistent loader and installs the appropriate version to the compromised machine. SecurityAffairs – hacking, PoS malware). ” continues the analysis.

Malware 141

Malware Architecture Passwords Software 141

Security Affairs

JULY 28, 2021

“The group boasted about having the ability to encrypt different operating system versions and architectures. SecurityAffairs – hacking, ransomware). The post BlackMatter ransomware group claims to be Darkside and REvil succesor appeared first on Security Affairs. ” reported The Record. Pierluigi Paganini.

Ransomware 132

Ransomware Encryption Architecture Healthcare 132

Security Affairs

OCTOBER 7, 2020

Researchers from from Netlab, the network security division of Chinese tech giant Qihoo 360, have discovered a new botnet, tracked as HEH, that contains the code to wipe all data from infected systems, such as routers, IoT devices, and servers. SecurityAffairs – hacking, HEH botnet). ” concludes the post. Pierluigi Paganini.

Architecture 132

Architecture IoT Malware Advertising 132

Security Affairs

AUGUST 18, 2024

This extortion campaign involved several security failures, including exposing environment variables, using long-lived credentials, and the lack of a least privilege architecture. This indicates that these threat actor groups are both skilled and knowledgeable in advanced cloud architectural processes and techniques.”

Architecture 139

Architecture Internet Internet Media 139

Security Affairs

SEPTEMBER 25, 2024

The analysis of Happy SDK likely revealed a different variant of Necro that doesn’t have a modular architecture. Between August 26th and September 15th, security solutions blocked over 10,000 Necro attacks globally, with most of the infections in Russia, Brazil, and Vietnam. ” concludes the report.

Architecture 131

Architecture Malware Mobile Advertising 131

Security Affairs

APRIL 19, 2021

For example, a sample with the MD5 hash sum 914e49921c19fffd7443deee6ee161a4 contains two architectures: x86_64 and ARM64.” The first one corresponds to previous-generation, Intel-based Mac computers, but the second one is compiled for ARM64 architecture, which means that it can run on computers with the new Apple M1 chip.”.

Malware 135

Malware Cryptocurrency Architecture Engineering 135

Security Affairs

MAY 12, 2021

Experts also warn of weaknesses in the 5G architecture that could be exploited by threat actors as attack vectors. 5G system architectures use a growing number of ICT designed to meet increasing data, capacity, and communications requirements. 5G Systems Architecture Sub-Threat Vectors. .”As ” reads the report.

Risk 110

Risk Architecture Technology Software 110