Tag: Internet
-
What’s New in Tenable Cloud Security: Multi-cloud Risk Analysis, Attack Surface Assessments, Improved IAM Security and More
Tags: ai, attack, cloud, compliance, data, data-breach, endpoint, gartner, google, governance, iam, identity, infrastructure, Internet, least-privilege, microsoft, mitigation, network, radius, risk, risk-analysis, service, supply-chain, switch, tool, training, vulnerabilityTenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key takeaways Graph-based multi-cloud exploration: We’ve leveraged our unified data model to provide deep visibility across all cloud environments. You…
-
Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes
Tags: attack, authentication, cyber, data-breach, exploit, extortion, hacker, Internet, ransom, ransomware, threatA widespread ransomware campaign targeting misconfigured MongoDB databases continues to compromise thousands of servers worldwide, with attackers exploiting internet-exposed instances that lack basic authentication controls. Recent research reveals that opportunistic threat actors are leveraging automated scripts to wipe databases and demand Bitcoin ransoms, turning configuration negligence into a scalable extortion operation. Attack Resurfaces After Years…
-
NDSS 2025 Alba: The Dawn Of Scalable Bridges For Blockchains
Session 11A: Blockchain Security 2 Authors, Creators & Presenters: Giulia Scaffino (TU Wien), Lukas Aumayr (TU Wien), Mahsa Bastankhah (Princeton University), Zeta Avarikioti (TU Wien), Matteo Maffei (TU Wien) PAPER Alba: The Dawn of Scalable Bridges for Blockchains Over the past decade, cryptocurrencies have garnered attention from academia and industry alike, fostering a diverse blockchain…
-
NDSS 2025 PropertyGPT
Tags: blockchain, bug-bounty, conference, crypto, guide, Internet, LLM, network, oracle, strategy, tool, vulnerability, zero-daySession 11A: Blockchain Security 2 Authors, Creators & Presenters: Ye Liu (Singapore Management University), Yue Xue (MetaTrust Labs), Daoyuan Wu (The Hong Kong University of Science and Technology), Yuqiang Sun (Nanyang Technological University), Yi Li (Nanyang Technological University), Miaolei Shi (MetaTrust Labs), Yang Liu (Nanyang Technological University) PAPER PropertyGPT: LLM-driven Formal Verification of Smart Contracts…
-
NDSS 2025 Silence False Alarms
Tags: blockchain, china, conference, cyber, data, detection, finance, Internet, network, tool, vulnerabilitySession 11A: Blockchain Security 2 Authors, Creators & Presenters: Qiyang Song (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences), Heqing Huang (Institute of Information Engineering, Chinese Academy of Sciences), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of…
-
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of…
-
NDSS 2025 Reinforcement Unlearning
Session 10D: Machine Unlearning Authors, Creators & Presenters: Dayong Ye (University of Technology Sydney), Tianqing Zhu (City University of Macau), Congcong Zhu (City University of Macau), Derui Wang (CSIRO’s Data61), Kun Gao (University of Technology Sydney), Zewei Shi (CSIRO’s Data61), Sheng Shen (Torrens University Australia), Wanlei Zhou (City University of Macau), Minhui Xue (CSIRO’s Data61)…
-
Roughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits
51% have connected AI tools to work systems or apps without the approval or knowledge of IT;63% believe it’s acceptable to use AI when there is no corporate-approved option or IT oversight;60% say speed is worth the security risk;21% think employers will simply “turn a blind eye” as long as they’re getting their work done.And…
-
The ‘staggering’ cybersecurity weakness that isn’t getting enough focus, according to a top Secret Service official
The internet domain registration system is a major weakness that malicious hackers can exploit, but is often being overlooked, a senior Secret Service official said Thursday. “It is staggering to me that we live in a world where domain registrars and registrars will do bulk registration of various spellings of a major institution’s brand name…
-
NDSS 2025 TrajDeleter: Enabling Trajectory Forgetting In Offline Reinforcement Learning Agents
Session 10D: Machine Unlearning Authors, Creators & Presenters: hen Gong (University of Vriginia), Kecen Li (Chinese Academy of Sciences), Jin Yao (University of Virginia), Tianhao Wang (University of Virginia) PAPER TrajDeleter: Enabling Trajectory Forgetting in Offline Reinforcement Learning Agents Reinforcement learning (RL) trains an agent from experiences interacting with the environment. In scenarios where online…
-
Am Safer Internet Day 2026 DsiN-Talk zu Medienkompetenzen in der Schule
Tags: InternetFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/safer-internet-day-2026-dsin-talk-medienkompetenzen-schule
-
NDSS 2025 Recurrent Private Set Intersection For Unbalanced Databases With Cuckoo Hashing
Session 10C: Privacy Preservation Authors, Creators & Presenters: Eduardo Chielle (New York University Abu Dhabi), Michail Maniatakos (New York University Abu Dhabi) PAPER Recurrent Private Set Intersection for Unbalanced Databases with Cuckoo Hashing and Leveled FHE A Private Set Intersection (PSI) protocol is a cryptographic method allowing two parties, each with a private set, to…
-
Crooks are hijacking and reselling AI infrastructure: Report
Tags: access, ai, api, attack, authentication, business, cloud, communications, control, credentials, cybersecurity, data, data-breach, endpoint, exploit, firewall, group, infosec, infrastructure, intelligence, Internet, LLM, malicious, marketplace, risk, service, skills, technology, theft, threat, training, vulnerabilityexposed endpoints on default ports of common LLM inference services;unauthenticated API access without proper access controls;development/staging environments with public IP addresses;MCP servers connecting LLMs to file systems, databases and internal APIs.Common misconfigurations leveraged by these threat actors include:Ollama running on port 11434 without authentication;OpenAI-compatible APIs on port 8000 exposed to the internet;MCP servers accessible without…
-
Undressed victims file class action lawsuit against xAI for Grok deepfakes
The lawsuit accuses xAI seeking to “capitalize on the internet’s seemingly insatiable appetite for humiliating non-consensual sexual images.” First seen on cyberscoop.com Jump to article: cyberscoop.com/grok-undressed-victims-file-class-action-lawsuit-against-xai-elon-musk/
-
NDSS 2025 Iris: Dynamic Privacy Preserving Search In Authenticated Chord PeerPeer Networks
Session 10C: Privacy Preservation Authors, Creators & Presenters: Angeliki Aktypi (University of Oxford), Kasper Rasmussen (University of Oxford) PAPER Iris: Dynamic Privacy Preserving Search in Authenticated Chord Peer-to-Peer Networks In structured peer-to-peer networks, like Chord, users find data by asking a number of intermediate nodes in the network. Each node provides the identity of the…
-
Wechselrichter am Internet: Europas Solaranlagen brauchen Cyberschutz – Warum Solaranlagen zur neuen Schwachstelle im Stromnetz werden
First seen on security-insider.de Jump to article: www.security-insider.de/solaranlagen-cybersicherheit-nis2-a-d6a358a396812e3f22d49ea54667f27b/
-
NDSS 2025 On the Robustness Of LDP Protocols For Numerical Attributes Under Data Poisoning Attacks
Session 10C: Privacy Preservation Authors, Creators & Presenters: Xiaoguang Li (Xidian University, Purdue University), Zitao Li (Alibaba Group (U.S.) Inc.), Ninghui Li (Purdue University), Wenhai Sun (Purdue University, West Lafayette, USA) PAPER On the Robustness of LDP Protocols for Numerical Attributes under Data Poisoning Attacks Recent studies reveal that local differential privacy (LDP) protocols are…
-
NDSS 2025 Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach
Tags: attack, conference, cyber, detection, exploit, Internet, monitoring, network, phishing, ransomware, risk, windows, zero-daySession 10B: Ransomware Authors, Creators & Presenters: Christian van Sloun (RWTH Aachen University), Vincent Woeste (RWTH Aachen University), Konrad Wolsing (RWTH Aachen University & Fraunhofer FKIE), Jan Pennekamp (RWTH Aachen University), Klaus Wehrle (RWTH Aachen University) PAPER Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach Ransomware attacks have become one of the most widely…
-
Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
Tags: attack, authentication, cve, cybersecurity, data-breach, exploit, flaw, Internet, vulnerabilityShadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 SmarterMail servers are exposed on the internet and likely vulnerable to attacks exploiting a critical authentication bypass flaw tracked as CVE-2026-23760. Cybersecurity firm watchTowr disclosed the vulnerability on January 8,…
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
What It Doxxing? How It Happens, and How to Stay Safe?
In today’s digital world, our private information is more accessible than ever. The benefits of the internet pose a significant threat to our privacy and security. Doxxing is one such threat, which means publicly revealing private, sensitive, or identifying information about an individual without their consent. This information includes home addresses, emails, phone numbers, workplaceRead…
-
CISA publishes a post-quantum shopping list for agencies. Security professionals aren’t sold
A guide aims to help tech buyers navigate their switch to post-quantum encryption, but experts cautioned that most products and backend internet protocols have yet to be updated. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-post-quantum-cryptography-procurement-guide-expert-criticism/
-
NDSS 2025 all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks
Tags: attack, authentication, conference, credentials, finance, group, Internet, network, ransom, ransomware, softwareSession 10B: Ransomware Authors, Creators & Presenters: Kevin van Liebergen (IMDEA Software Institute), Gibran Gomez (IMDEA Software Institute), Srdjan Matic (IMDEA Software Institute), Juan Caballero (IMDEA Software Institute) PAPER all your (data)base are belong to us: Characterizing Database Ransom(ware) Attacks We present the first systematic study of database ransom(ware) attacks, a class of attacks where…
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
Some ChatGPT browser extensions are stealing your data
A threat actor is seeding the internet with AI browser extensions that can intercept a user’s authenticated session tokens and hijack accounts. First seen on cyberscoop.com Jump to article: cyberscoop.com/chatgpt-browser-extensions-steal-your-data/
-
NDSS 2025 ERW-Radar
Tags: antivirus, china, conference, defense, detection, Internet, malicious, network, ransomware, softwareAuthors, Creators & Presenters: Lingbo Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Yuhui Zhang (Institute of Information Engineering, Chinese Academy of Sciences), Zhilu Wang (Institute of Information Engineering, Chinese Academy of Sciences), Fengkai Yuan (Institute of Information Engineering, CAS), Rui Hou (Institute of Information Engineering, Chinese Academy of Sciences) PAPER ERW-Radar: An Adaptive…
-
Nearly 800,000 Telnet servers exposed to remote attacks
Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nearly-800-000-telnet-servers-exposed-to-remote-attacks/
-
NDSS 2025 RContainer
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Qihang Zhou (Institute of Information Engineering, Chinese Academy of Sciences), Wenzhuo Cao (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences), Peng Liu (The Pennsylvania State University,…
-
NDSS 2025 Secure Data Analytics
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution Cloud based Spark platform is a tempting approach for sharing data, as…
-
NDSS 2025 Secure Data Analytics
Session 10A: Confidential Computing 2 Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University) PAPER Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution Cloud based Spark platform is a tempting approach for sharing data, as…