Tag: detection
-
Russian hackers abuse Hyper-V to hide malware in Linux VMs
The Russian hacker group Curly COMrades has been abusing Microsoft’s Hyper-V virtualization technology in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-abuse-hyper-v-to-hide-malware-in-linux-vms/
-
The Real Cost of Cryptojacking
Cryptojacking silently hijacks compute power, inflates cloud bills, and erodes performance. Beyond financial losses, it exposes deep security risks, damages reputation, and drains productivity”, making proactive detection and prevention essential for every organization. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/the-real-cost-of-cryptojacking/
-
Louvre delayed Windows security updates ahead of burglary
No updates for eight security applications: The newspaper also examined calls for tender and other public procurement documents issued by the musem in the years since the audits.Twenty years of technical debt weighed heavily on security at the Louvre, as it steadily accumulated systems for analogue video surveillance, digital video surveillance, intrusion detection, and access…
-
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
-
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
-
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
SesameOp: Using the OpenAI Assistants API for Covert C2 Communication
Microsoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries are rapidly adapting to leverage legitimate cloud services for malicious purposes, making detection significantly more challenging for security teams. The discovery highlights the evolving tactics…
-
NDSS 2025 Statically Discover Cross-Entry Use-After-Free Vulnerabilities In The Linux Kernel
SESSION Session 1D: System-Level Security Authors, Creators & Presenters: Hang Zhang (Indiana University Bloomington), Jangha Kim (The Affiliated Institute of ETRI, ROK), Chuhong Yuan (Georgia Institute of Technology), Zhiyun Qian (University of California, Riverside), Taesoo Kim (Georgia Institute of Technology) PAPER Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel Use-After-Free (UAF) is one of…
-
NDSS 2025 Statically Discover Cross-Entry Use-After-Free Vulnerabilities In The Linux Kernel
SESSION Session 1D: System-Level Security Authors, Creators & Presenters: Hang Zhang (Indiana University Bloomington), Jangha Kim (The Affiliated Institute of ETRI, ROK), Chuhong Yuan (Georgia Institute of Technology), Zhiyun Qian (University of California, Riverside), Taesoo Kim (Georgia Institute of Technology) PAPER Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel Use-After-Free (UAF) is one of…
-
Security leaders say AI can help with governance, threat detection, SOC automation
Executives and technical leaders differ on AI priorities, according to a report from Amazon. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/amazon-ai-security-cloud-migration-report/804502/
-
The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations
Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the…
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
EDR-Redir V2 Evades Detection on Windows 11 by Faking Program Files
Security researcher TwoSevenOneT has released EDR-Redir V2, an upgraded evasion tool that exploits Windows bind link technology to bypass endpoint detection and response solutions on Windows 11. The new version demonstrates a sophisticated approach to redirecting security software by manipulating parent directories rather than directly targeting protected EDR folders. Novel Attack Methodology Targets Parent Folders…
-
Microsoft Edge gets scareware sensor for faster scam detection
Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-scareware-sensor-for-faster-scam-detection/
-
AI-powered bug hunting shakes up bounty industry, for better or worse
Tags: access, ai, authentication, automation, bug-bounty, business, ciso, cloud, control, credentials, data, detection, exploit, flaw, guide, identity, infrastructure, injection, intelligence, risk, risk-management, sql, strategy, supply-chain, threat, tool, vulnerabilityFirehose of ‘false positives’: Gunter Ollmann, CTO at Cobalt.io, warns that AI is exacerbating the existing problem that comes from vendors getting swamped with often low-quality bug submissions.Security researchers turning to AI is creating a “firehose of noise, false positives, and duplicates,” according to Ollmann.”The future of security testing isn’t about managing a crowd of…
-
AI-powered bug hunting shakes up bounty industry, for better or worse
Tags: access, ai, authentication, automation, bug-bounty, business, ciso, cloud, control, credentials, data, detection, exploit, flaw, guide, identity, infrastructure, injection, intelligence, risk, risk-management, sql, strategy, supply-chain, threat, tool, vulnerabilityFirehose of ‘false positives’: Gunter Ollmann, CTO at Cobalt.io, warns that AI is exacerbating the existing problem that comes from vendors getting swamped with often low-quality bug submissions.Security researchers turning to AI is creating a “firehose of noise, false positives, and duplicates,” according to Ollmann.”The future of security testing isn’t about managing a crowd of…
-
Researchers Develop Linux Rootkit That Evades Elastic EDR Protections
Security researchers have unveiled a sophisticated Linux rootkit capable of bypassing Elastic Security’s advanced detection mechanisms, demonstrating critical vulnerabilities in endpoint detection and response solutions. The Singularity rootkit employs multiple obfuscation and evasion techniques to defeat static signature analysis and behavioral monitoring systems that typically identify malicious kernel modules. Elastic Security’s endpoint detection framework typically…
-
Researchers Develop Linux Rootkit That Evades Elastic EDR Protections
Security researchers have unveiled a sophisticated Linux rootkit capable of bypassing Elastic Security’s advanced detection mechanisms, demonstrating critical vulnerabilities in endpoint detection and response solutions. The Singularity rootkit employs multiple obfuscation and evasion techniques to defeat static signature analysis and behavioral monitoring systems that typically identify malicious kernel modules. Elastic Security’s endpoint detection framework typically…
-
Responding to Breaches: How NSPM Accelerates Incident Containment
When a breach happens, seconds matter. Every moment between detection and containment gives an attacker time to move laterally, exfiltrate data, or escalate privileges. Yet, most organizations still rely on… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/responding-to-breaches-how-nspm-accelerates-incident-containment/
-
Malicious packages in npm evade dependency detection through invisible URL links: Report
Tags: ai, application-security, attack, control, detection, edr, endpoint, exploit, flaw, github, governance, hacker, malicious, malware, microsoft, open-source, programming, service, software, supply-chain, threat, tool, trainingCampaign also exploits AI: The names of packages uploaded to npm aren’t typosquats of common packages, a popular tactic of threat actors. Instead the hackers exploit AI hallucinations. When developers ask AI assistants for package recommendations, the chatbots sometimes suggest plausible-sounding names that are close to those of legitimate packages, but that don’t actually exist.…
-
How Can Generative AI Transform the Future of Identity and Access Management
Generative AI is transforming identity and access management by enabling adaptive authentication, real-time threat detection, and smarter cybersecurity. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/how-can-generative-ai-transform-the-future-of-identity-and-access-management/
-
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence
Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
-
Cybersecurity management for boards: Metrics that matter
Tags: ai, attack, automation, breach, business, cloud, compliance, control, cyber, cybersecurity, data-breach, deep-fake, detection, dora, finance, firewall, governance, insurance, jobs, metric, mitigation, nis-2, nist, phishing, ransomware, regulation, resilience, risk, scam, soc, threat, trainingWhy does this matter? Resilience aligns with your actual business goals: continuity, trust and long-term value. It reflects your appetite for risk and your ability to adapt. And with regulations like DORA and NIS2 pushing accountability higher up the ladder, your board is on the hook. Financial impact and continuity metrics: You can’t fight cyber…