Tag: framework

BloodyAD: Open-source Active Directory privilege escalation framework

Jan 28, 2025 7:03 AM

Tags: framework, open-source

BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/28/bloodyad-active-directory-privilege-escalation/
ISMG Editors: Challenges Ahead for US Cybersecurity Program

Jan 27, 2025 3:03 PM

Tags: cybersecurity, framework, threat

Also: Leadership Choices That Could Reshape Cybersecurity Priorities, Budgets. The Trump administration has inherited a strong cybersecurity framework but faces potential roadblocks from budget cuts and a shifting threat landscape. Jeremy Grant, managing director at Venable LLP joined ISMG editors to discuss the critical issues facing security leaders during the transition. First seen on govinfosecurity.com…
A pickle in Meta’s LLM code could allow RCE attacks

Jan 27, 2025 2:03 PM

Tags: ai, attack, breach, cve, cvss, data, data-breach, exploit, flaw, framework, github, LLM, malicious, ml, network, open-source, rce, remote-code-execution, software, supply-chain, technology, theft, vulnerability

Meta’s large language model (LLM) framework, Llama, suffers a typical open-source coding oversight, potentially allowing arbitrary code execution on servers leading to resource theft, data breaches, and AI model takeover.The flaw, tracked as CVE-2024-50050, is a critical deserialization bug belonging to a class of vulnerabilities arising from the improper use of the open-source library (pyzmq)…
Do We Really Need The OWASP NHI Top 10?

Jan 27, 2025 2:03 PM

Tags: api, application-security, framework, identity

The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents…
New Phishing Framework Attack Multiple Brands Login Pages To Steal Credentials

Jan 27, 2025 12:03 PM

Tags: attack, credentials, cyber, framework, login, phishing, service, theft

Researchers have identified a sophisticated phishing tactic leveraging Cloudflare’s workers.dev, a free domain name service, to execute credential theft campaigns. The modus operandi involves a generic phishing page that can impersonate any brand, with significant technical ingenuity aimed at deceiving unsuspecting users and evading detection. The phishing page, hosted on the URL >>workers-playground-broken-king-d18b.supermissions.workers.dev,
CISOs’ top 12 cybersecurity priorities for 2025

Jan 27, 2025 11:03 AM

Tags: access, ai, api, attack, authentication, automation, awareness, business, cio, ciso, cloud, compliance, control, corporate, cybersecurity, data, detection, framework, governance, identity, incident response, infrastructure, intelligence, jobs, mitigation, monitoring, mssp, oracle, penetration-testing, privacy, risk, risk-management, service, strategy, technology, threat, training, usa, zero-trust

Security chief Andrew Obadiaru’s to-do list for the upcoming year will be familiar to CISOs everywhere: advance a zero-trust architecture in the organization; strengthen identity and access controls as part of that drive; increase monitoring of third-party risks; and expand the use of artificial intelligence in security operations.”Nothing is particularly new, maybe AI is newer,…
New SCAVY Framework to Detect Memory Corruption Privilege Escalation in Linux Kernel

Jan 27, 2025 10:03 AM

Tags: cyber, exploit, framework, linux

A breakthrough framework namedSCAVYhas been introduced to proactively detect memory corruption targets that could potentially lead to privilege escalation in the Linux kernel. Presented at the prestigious USENIX Security Symposium in August 2024, the framework aims to address long-standing gaps in understanding how memory corruption can be exploited to compromise system integrity. SCAVY’s developers have…
Critical Vulnerability in Meta Llama Framework Let Remote Attackers Execute Arbitrary Code

Jan 27, 2025 7:03 AM

Tags: cvss, cyber, flaw, framework, vulnerability

The Oligo Research team has disclosed a critical vulnerability in Meta’s widely used Llama-stack framework. This vulnerability, tracked as CVE-2024-50050, allows remote attackers to execute arbitrary code on servers running the Llama-stack framework. Due to its potential impact, the flaw has been rated ascriticalwith a CVSS score of 9.3 (v4.0) and 9.8 (v3.1). The Meta Llama…
Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

Jan 23, 2025 9:22 PM

Tags: attack, cyber, framework, open-source, threat, vulnerability, xss

A new report has put the spotlight on potential security vulnerabilities within the popular open-source framework Next.js, demonstrating how improper caching mechanisms can lead to critical server-side cache poisoning attacks. Developed by Vercel, Next.js remains a cornerstone for building server-rendered React applications; however, its popularity has also made it a lucrative target for threat actors.…
Treasury Department Breach: A Crucial Reminder for API Security in the Public Sector

Jan 23, 2025 6:22 PM

Tags: access, ai, api, application-security, attack, authentication, breach, china, cve, cyber, data, detection, exploit, finance, flaw, framework, governance, government, hacker, healthcare, infrastructure, injection, malicious, monitoring, network, programming, risk, siem, software, sql, strategy, supply-chain, threat, tool, unauthorized, vpn, vulnerability, zero-day, zero-trust

The recent cyber breach at the U.S. Treasury Department, linked to state-sponsored Chinese hackers, has set off alarm bells in the public sector. As the investigation continues, this incident reveals a pressing issue that all government agencies must confront: securing their APIs (Application Programming Interfaces). APIs are essential connections within our digital infrastructure, facilitating communication…
25 on 2025: APAC security thought leaders share their predictions and aspirations

Jan 22, 2025 8:22 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, business, ciso, cloud, compliance, control, cryptography, csf, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, deep-fake, detection, disinformation, encryption, endpoint, exploit, extortion, finance, framework, fraud, government, group, hacking, Hardware, identity, incident, incident response, infrastructure, injection, intelligence, international, iot, malicious, malware, microsoft, monitoring, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, scam, service, skills, social-engineering, software, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, update, vulnerability, warfare, zero-trust

As threat actors and security teams harness the growing potential of artificial intelligence (AI), who will prevail? From generative AI (GenAI) to agentic AI, we look through the lens of 25 of Asia-Pacific’s thought leaders in security and dive into their predictions and goals for the year. src=”https://b2b-contenthub.com/wp-content/uploads/2025/01/Athikom.jpg?quality=50&strip=all” alt=”athikom” loading=”lazy” width=”400px”>Athikom Kanchanavibhu Chief Information Security…
ENISA: Embedding Resilience in Critical Infrastructure

Jan 22, 2025 8:22 PM

Tags: attack, cybersecurity, framework, infrastructure, nis-2, resilience, supply-chain

ENISA’s Marnix Dekker on Supply Chain Attacks, Harmonizing the New NIS2 Regulations. The European Union Agency for Cybersecurity is at the center of rolling out new cybersecurity frameworks for critical infrastructure providers across Europe. But a major priority, according to ENISA’s Marnix Dekker, is helping smaller vendors withstand supply chain attacks. First seen on govinfosecurity.com…
Developing Security Protocols for Agentic AI Applications

Jan 22, 2025 11:22 AM

Tags: ai, framework

Agentic AI can be an incredibly powerful asset, like another member of the team. However, it can quickly become a liability due to poorly designed frameworks or lax security protocols. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/developing-security-protocols-for-agentic-ai-applications/
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Jan 22, 2025 9:22 AM

Tags: control, cvss, flaw, framework, oracle, update, vulnerability

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services.The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible…
Security chiefs whose companies operate in the EU should be exploring DORA now

Jan 22, 2025 7:22 AM

Tags: attack, business, ciso, compliance, conference, corporate, cyber, cybersecurity, data, detection, dora, finance, framework, GDPR, incident, network, regulation, resilience, risk, service, technology, threat, vulnerability

If your enterprise operates in Europe, you should care about the Digital Operational Resilience Act (DORA), which took effect on January 17. DORA, also known as Directive (EU) 2022/2555 of the European Parliament, aims to enhance and build the EU’s cybersecurity capabilities and it has been hanging like the Sword of Damocles over the heads…
7 top cybersecurity projects for 2025

Jan 21, 2025 12:22 PM

Tags: access, advisory, ai, backup, best-practice, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, encryption, framework, google, governance, infrastructure, intelligence, law, mitigation, monitoring, network, resilience, risk, risk-management, service, strategy, technology, threat, tool, vulnerability

As 2025 dawns, CISOs face the grim reality that the battle against cyberattackers never ends. Strong and carefully planned cybersecurity projects are the best way to stay a step ahead of attackers and prevent them gaining the upper hand.”Urgency is the mantra for 2025,” says Greg Sullivan, founding partner of cybersecurity services firm CIOSO Global.…
Apache CXF Vulnerability Triggers DoS Attack

Jan 21, 2025 12:22 PM

Tags: apache, attack, cve, cyber, dos, framework, risk, service, vulnerability

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services. This issue, documented as CVE-2025-23184, poses a significant risk as it can lead to a Denial of Service (DoS) attack due to improper handling of temporary files. The vulnerability has been confirmed in specific versions…
Information Security Manual (ISM)

Jan 20, 2025 11:22 PM

Tags: cyber, cybersecurity, data, defense, finance, framework, government, healthcare, technology

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats. The ISM is relevant to industries like government, defense, finance, healthcare, and other sectors where sensitive……
CISA unveils ‘Secure by Demand’ guidelines to bolster OT security

Jan 15, 2025 2:02 PM

Tags: attack, authentication, breach, ceo, cisa, compliance, cyber, cybersecurity, encryption, flaw, framework, infrastructure, international, network, office, resilience, risk, service, software, strategy, technology, threat, update, vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA), along with its international cybersecurity allies, has unveiled the “Secure by Demand” guidelines to safeguard operational technology (OT) environments. The framework provides a blueprint for OT owners and operators to prioritize cybersecurity when procuring digital products.This initiative addresses growing concerns about vulnerabilities in critical infrastructure, including energy…
Fortinet confirms zero-day flaw used in attacks against its firewalls

Jan 15, 2025 5:02 AM

Tags: access, advisory, attack, authentication, control, credentials, cve, cvss, cybersecurity, dns, exploit, firewall, flaw, fortinet, framework, google, group, login, malicious, microsoft, network, password, service, threat, update, vpn, vulnerability, zero-day

Fortinet has confirmed the existence of a critical authentication bypass vulnerability in specific versions of FortiOS firewalls and FortiProxy secure web gateways. The flaw has been exploited in the wild since early December in what appears to be an indiscriminate and widespread campaign, according to cybersecurity firm Arctic Wolf.The fix for this zero-day is part…
Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

Jan 15, 2025 5:02 AM

Tags: access, advisory, ai, attack, authentication, best-practice, cloud, cve, defense, email, exploit, flaw, framework, github, group, intelligence, Internet, malicious, marketplace, microsoft, mitigation, ntlm, office, rce, remote-code-execution, saas, service, social-engineering, software, technology, threat, update, vulnerability, windows, zero-day

10Critical 147Important 0Moderate 0Low Microsoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever with three CVEs exploited in the wild, and five CVEs publicly disclosed prior to patches being made available. Microsoft patched 157 CVEs in its January 2025 Patch Tuesday release, with 10 rated…
Biden’s final push: Using AI to bolster cybersecurity standards

Jan 13, 2025 12:26 PM

Tags: access, ai, attack, china, cisa, compliance, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, finance, framework, government, hacker, incident, infrastructure, intelligence, office, privacy, programming, resilience, risk, software, strategy, technology, threat, vulnerability

In a decisive move to strengthen national cybersecurity, President Joe Biden is poised to sign an executive order imposing stringent security standards for federal agencies and contractors. Scheduled for publication in the coming days, the directive will emphasize integrating artificial intelligence (AI) into cyber defense strategies while addressing systemic vulnerabilities in software security, reported Reuters.This…
What is PCI DSS 4.0: Is This Still Applicable For 2024?

Jan 12, 2025 3:26 PM

Tags: cyber, data, framework, PCI, threat

In a time when cyber threats continuously evolve, a security standard or framework is essential for protecting digital assets. The Payment Card Industry Data Security Standard (PCI DSS), developed by the PCI Security Standards Council, empowers organisations to safeguard cardholder data globally. PCI DSS offers technical guidance and practical steps to effectively protect cardholder data……
2025 Cybersecurity and AI Predictions

Jan 11, 2025 11:42 AM

Tags: access, ai, api, attack, backdoor, backup, browser, business, chrome, communications, compliance, control, corporate, crowdstrike, crypto, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, exploit, finance, firmware, flaw, framework, fraud, GDPR, hacker, Hardware, identity, intelligence, international, korea, LLM, malicious, mitigation, monitoring, network, open-source, privacy, regulation, resilience, risk, risk-assessment, scam, service, skills, supply-chain, switch, technology, threat, tool, training, unauthorized, vulnerability

The cybersecurity and AI landscape continues to evolve at a breathtaking pace, and with it, the associated risks. Snowballing cybercrime costs are compounded by a cybersecurity workforce gap of nearly 4.8 million professionals, as reported by ISC2. Meanwhile, ISACA’s end-2024 State of Cybersecurity Report shows that nearly half of those surveyed claim no involvement in…
QSC: Multi-Plugin Malware Framework Installs Backdoor on Windows

Jan 10, 2025 1:18 PM

Tags: backdoor, cyber, framework, malware, service, windows

The QSC Loader service DLL named >>loader.dll>drivers\msnet>n_600s.sys
New NonEuclid RAT Evades Antivirus and Encrypts Critical Files

Jan 10, 2025 1:18 PM

Tags: access, antivirus, cyber, detection, framework, malware, rat

A NonEuclid sophisticated C# Remote Access Trojan (RAT) designed for the.NET Framework 4.8 has been shown to pose a significant and ever-evolving cyber threat. The malware leverages a multifaceted approach to evade detection and maintain persistence, employing advanced techniques such as antivirus bypass, anti-detection mechanisms, anti-virtual machine checks, rootkit-like capabilities to conceal its presence, and…
8 Cyber Predictions for 2025: A CSO’s Perspective

Jan 10, 2025 1:18 AM

Tags: access, ai, attack, authentication, business, ceo, ciso, cloud, compliance, computing, control, credentials, cryptography, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, encryption, exploit, extortion, firewall, framework, governance, group, hacker, hacking, healthcare, identity, intelligence, international, law, leak, malicious, mfa, microsoft, network, north-korea, organized, phishing, privacy, ransom, ransomware, regulation, risk, risk-management, service, social-engineering, software, strategy, supply-chain, theft, threat, tool, update, wifi, zero-trust

As we step into 2025, the cyberthreat landscape is once again more dynamic and challenging than the year before. In 2024, we witnessed a remarkable acceleration in cyberattacks of all types, many fueled by advancements in generative AI. For security leaders, the stakes are higher than ever. In this post, I’ll explore cyberthreat projections and…
Breach Roundup: Finland Detains Tanker Tied to Cable Sabotage

Jan 9, 2025 10:21 PM

Tags: botnet, breach, data, data-breach, exploit, flaw, framework, russia, zero-day

Also, Alleged Gravy Analytics Breach Exposes Location Data. This week, a Russian tanker linked to cable sabotage detained in Finland, a claimed Gravy Analytics breach exposed location data, a Mirai-based botnet exploited zero-day flaws, Dell updated framework flaws and a court sentenced a Florida woman for laundering millions in romance scams. First seen on govinfosecurity.com…
India Readies Overhauled National Data Privacy Rules

Jan 9, 2025 4:18 PM

Tags: country, data, framework, india, privacy

The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data, and recognizes a right to personal privacy. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/india-overhauled-national-data-privacy-rules
The OpenID Shared Signals Framework

Jan 9, 2025 5:18 AM

Tags: framework

This post will clarify what SSF is, describe its approach, explain the roles of the CAEP and RISC, and outline”¯the ways to work together. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/the-openid-shared-signals-framework/