NIST

Open Industrial Digital Ecosystem Summit

The Open Industrial Digital Ecosystem Summit is an annual event bringing together thought leaders, experts, practitioners, developers, and users of standards for data semantics. The event is co-hosted by the Systems Integration Division of the

Published on: 2025-04-08 04:00 UTC / Updated on: 2025-04-08 04:00 UTC

NIST

macOS Security Compliance Project Developer Conference

The National Institute of Standards and Technology will host a developer conference on Tuesday, March 25, and Wednesday, March 26, 2025. The event will focus on the macOS Security Compliance Project (mSCP) and is tailored for vendors developing

Published on: 2025-03-25 04:00 UTC / Updated on: 2025-03-25 04:00 UTC

Hacker News

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials."Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws

Published on: 2025-01-27 12:47 UTC / Updated on: 2025-01-27 12:47 UTC

Hacker News

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]

Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention.As we unpack these complex topics, we'll equip you with sharp insights to

Published on: 2025-01-27 11:09 UTC / Updated on: 2025-01-27 11:09 UTC

SANS.edu Internet Storm Center

An unusual "shy z-wasp" phishing, (Mon, Jan 27th)

Published on: 2025-01-27 10:45 UTC / Updated on: 2025-01-27 10:45 UTC

Hacker News

Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents an emerging

Published on: 2025-01-27 09:50 UTC / Updated on: 2025-01-27 09:50 UTC

Hacker News

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.

Published on: 2025-01-27 06:29 UTC / Updated on: 2025-01-27 06:29 UTC

Hacker News

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC."MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"

Published on: 2025-01-27 05:46 UTC / Updated on: 2025-01-27 05:46 UTC

Data Leak

Addresses of 138 donors and others leaked due to erroneous transmission of information e-mail│Animal Fund

Published on: 2025-01-27 00:30 UTC / Updated on: 2025-01-27 00:30 UTC

Data Leak

Information of a different person on the downloaded examination voucher│Fire Examination and Research Center

Published on: 2025-01-27 00:30 UTC / Updated on: 2025-01-27 00:30 UTC

SANS.edu Internet Storm Center

ISC Stormcast For Monday, January 27th, 2025 https://isc.sans.edu/podcastdetail/9296, (Mon, Jan 27th)

Published on: 2025-01-27 00:20 UTC / Updated on: 2025-01-27 00:20 UTC

Hacker News

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a

Published on: 2025-01-26 08:45 UTC / Updated on: 2025-01-26 08:45 UTC

Talos -- Threats

Seasoning email threats with hidden text salting

Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. Cisco Talos observed an increase in the number of email threats leveraging hidden text salting.

Published on: 2025-01-24 20:37 UTC / Updated on: 2025-01-24 20:37 UTC

Hacker News

RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network.The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,

Published on: 2025-01-24 11:28 UTC / Updated on: 2025-01-24 11:28 UTC

Hacker News

2025 State of SaaS Backup and Recovery Report

The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this

Published on: 2025-01-24 09:30 UTC / Updated on: 2025-01-24 09:30 UTC

Hacker News

DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People's Republic of Korea (DPRK) in violation of international sanctions.The action targets Jin Sung-Il (진성일), Pak

Published on: 2025-01-24 08:23 UTC / Updated on: 2025-01-24 08:23 UTC

Hacker News

Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations."When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the

Published on: 2025-01-24 05:50 UTC / Updated on: 2025-01-24 05:50 UTC

Hacker News

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be

Published on: 2025-01-24 04:09 UTC / Updated on: 2025-01-24 04:09 UTC

Talos -- Threat Source newsletter

Everything is connected to security

Joe shares his recent experience presenting at the 32nd Crop Insurance Conference and how it's important to stay curious, be a forever student, and keep learning.

Published on: 2025-01-24 02:05 UTC / Updated on: 2025-01-24 02:05 UTC

Data Leak

Employee Abuse Facility, This Time, Illegally Removed 1,400 Information on Disabled Persons Out of Curiosity

Published on: 2025-01-24 01:00 UTC / Updated on: 2025-01-24 01:00 UTC