Tag: sans
-
SANS Institute startet dritte Staffel des ‘Cyber Leaders”-Podcasts
Die wöchentlichen Episoden dieser Staffel bieten Gespräche mit Experten aus dem öffentlichen, privaten und Forschungssektor wie Heather Barnhart, Paul Chichester und Curtis Dukes. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sans-institute-startet-dritte-staffel-des-cyber-leaders-podcasts/a42875/
-
SANS Institute startet Sicherheitstraining für Entwickler
Die Schulung ist in mehreren Sprachen verfügbar und richtet sich sowohl an Junior- als auch an Senior-Entwickler. Unternehmen können das Programm mit einer kostenlosen 7-Tage-Demo kennenlernen, sodass Sicherheits- und Technikverantwortliche die Eignung, Wirksamkeit und Compliance-Bereitschaft bewerten können. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sans-institute-startet-sicherheitstraining-fuer-entwickler/a42842/
-
Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques
A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during malware investigations. When teaching malware reverse-engineering in courses like SANS FOR610, it’s critical to addressed that reverse engineering applies to every component in the infection chain, not just PE or…
-
Google asks US court to shut down Lighthouse phishing-as-a-service operation
Tags: control, crime, cyber, cybercrime, cybersecurity, email, google, government, incident response, law, malicious, network, phishing, risk, sans, scam, service, smishing, technology, threatWill have ‘minimal impact’: Ed Dubrovsky, chief operating officer of incident response firm Cypher, is skeptical of the effectiveness of court action. Phishing-as-a-service operations don’t have to be on American soil, he explained, so court orders and legislation will likely have minimal impact on smishing or phishing attacks.”However,” he added, “I can understand that even…
-
Business continuity and cybersecurity: Two sides of the same coin
Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trustWhy traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
-
Business continuity and cybersecurity: Two sides of the same coin
Tags: access, ai, attack, backup, breach, business, cloud, control, corporate, credentials, cyber, cybercrime, cybersecurity, data, data-breach, detection, email, finance, framework, google, incident response, infrastructure, intelligence, Internet, network, nist, ransomware, RedTeam, resilience, risk, sans, service, strategy, tactics, threat, tool, training, veeam, vulnerability, zero-trustWhy traditional business continuity plans fail against modern threats: I’ve implemented change management processes in environments requiring 99.99% uptime and I can tell you that most business continuity plans were designed for a different era. They assume that your backup systems, communication channels and recovery procedures will be available when you need them. Today’s threat…
-
SANS Institute startet Holiday Hack Challenge 2025
Tags: sansWährend des gesamten Spiels kann ein holografischer Weihnachtsmann herbeigerufen werden, der Hinweise, Anleitungen und Aufmunterungen gibt, ohne den Teilnehmern den Spaß zu verderben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sans-institute-startet-holiday-hack-challenge-2025/a42647/
-
Hackers Actively Scanning TCP Ports 8530/8531 for WSUS CVE-2025-59287
Security researchers at the SANS Internet Storm Center have detected a significant spike in suspicious network traffic targeting Windows Server Update Services (WSUS) infrastructure worldwide. The reconnaissance activity focuses specifically on TCP ports 8530 and 8531, which correspond to unencrypted and encrypted communication channels for WSUS servers vulnerable to the recently disclosed CVE-2025-59287. This coordinated…
-
Hackers Actively Scanning TCP Ports 8530/8531 for WSUS CVE-2025-59287
Security researchers at the SANS Internet Storm Center have detected a significant spike in suspicious network traffic targeting Windows Server Update Services (WSUS) infrastructure worldwide. The reconnaissance activity focuses specifically on TCP ports 8530 and 8531, which correspond to unencrypted and encrypted communication channels for WSUS servers vulnerable to the recently disclosed CVE-2025-59287. This coordinated…
-
SANS Institute prognostiziert OT-Cyberbedrohungen für 2026
Die Zunahme von OT-Bedrohungen, bekannten Angriffen, Regularien und Versicherungsprämien wird zu Diskussionen auf Vorstandsebene führen. Die Erkenntnisse über die OT-Sicherheitslage und die damit verbundenen Risiken wird auf die gleiche Ebene wie die IT-Risiken gebracht. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sans-institute-prognostiziert-ot-cyberbedrohungen-fuer-2026/a42588/
-
What does aligning security to the business really mean?
Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
-
What does aligning security to the business really mean?
Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
-
What does aligning security to the business really mean?
Indicators of alignment: One barometer of security-business alignment in action, Thielemann says, is when security teams engage with the business and use business metrics to determine security’s effectiveness.As an example, she points to the partnership between security and engineering at a manufacturing plant that had devices using software no longer supported by the vendor. The…
-
Preventing DNS filtering bypass by Encrypted DNS (DoT, DoH, DoQ)
DNS over HTTPS (DoH) and other encrypted DNS protocols like DNS over TLS (DoT) & DNS over QUIC (DoQ) enhances user privacy and security by encrypting DNS queries in transit, shielding them from eavesdropping, tampering, and censorship on untrusted networks. This prevents ISPs and local attackers from logging or manipulating domain resolutions, fostering a more…
-
Vermeintliche Behörden als Köder: SANS Institute warnt vor Zunahme überzeugender Betrugsfälle und erläutert -taktiken
Tags: sansFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/behoerden-koeder-sans-institute-warnung-zunahme-betrug-erlaeuterung-taktiken
-
Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems
Tags: access, ai, attack, authentication, awareness, best-practice, breach, business, chatgpt, china, ciso, cloud, computing, container, control, credentials, crime, cve, cyber, cyberattack, cybersecurity, data, defense, detection, email, exploit, extortion, finance, flaw, framework, fraud, google, governance, government, group, guide, hacker, hacking, healthcare, iam, identity, incident response, intelligence, LLM, malicious, malware, mitigation, monitoring, network, open-source, openai, organized, phishing, ransom, risk, risk-management, russia, sans, scam, service, skills, soc, strategy, supply-chain, technology, theft, threat, tool, training, vulnerability, zero-trustAs organizations eagerly adopt AI, cybersecurity teams are racing to protect these new systems. In this special edition of the Cybersecurity Snapshot, we round up some of the best recent guidance on how to fend off AI attacks, and on how to safeguard your AI systems. Key takeaways Developers are getting new playbooks from groups…
-
Der Weg zur CPS-Resilienz
Lesen Sie, welche Schritte notwendig sind, damit Cyber-physische Systemen (CPS) resilienter gegen Cyberangriffe werden.Cyber-physische Systeme (CPS) steuern und überwachen die physischen Prozesse, die die Basis des modernen Lebens bilden. Sie sind in der Industrie, im Gesundheitssektor und in Gebäuden allgegenwärtig. Als Grundlage unserer (kritischen) Infrastruktur sorgen sie für ein reibungsloses, ‘unterbrechungsfreies” Leben. Dies zu gewährleisten,…
-
Der Weg zur CPS-Resilienz
Lesen Sie, welche Schritte notwendig sind, damit Cyber-physische Systemen (CPS) resilienter gegen Cyberangriffe werden.Cyber-physische Systeme (CPS) steuern und überwachen die physischen Prozesse, die die Basis des modernen Lebens bilden. Sie sind in der Industrie, im Gesundheitssektor und in Gebäuden allgegenwärtig. Als Grundlage unserer (kritischen) Infrastruktur sorgen sie für ein reibungsloses, ‘unterbrechungsfreies” Leben. Dies zu gewährleisten,…
-
Self-propagating worm found in marketplaces for Visual Studio Code extensions
Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, wormMarketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
-
US NSA alleged to have launched a cyber attack on a Chinese agency
Tags: access, attack, authentication, breach, china, ciso, cloud, communications, control, country, cyber, cybersecurity, defense, finance, hacker, infrastructure, international, login, malicious, mfa, monitoring, network, RedTeam, resilience, sans, service, spy, supply-chain, technology“NSA does not confirm nor deny allegations in the media regarding its operations. Our core focus is countering foreign malign activities persistently targeting American interests, and we will continue to defend against adversaries wishing to threaten us.”The Chinese post says the country “shattered the US cyber attack plot of stealing secrets and infiltration and sabotage,…
-
US NSA alleged to have launched a cyber attack on a Chinese agency
Tags: access, attack, authentication, breach, china, ciso, cloud, communications, control, country, cyber, cybersecurity, defense, finance, hacker, infrastructure, international, login, malicious, mfa, monitoring, network, RedTeam, resilience, sans, service, spy, supply-chain, technology“NSA does not confirm nor deny allegations in the media regarding its operations. Our core focus is countering foreign malign activities persistently targeting American interests, and we will continue to defend against adversaries wishing to threaten us.”The Chinese post says the country “shattered the US cyber attack plot of stealing secrets and infiltration and sabotage,…
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…
-
Source code and vulnerability info stolen from F5 Networks
Tags: access, apt, attack, automation, best-practice, breach, ceo, ciso, control, credentials, crowdstrike, cybercrime, data, data-breach, detection, edr, endpoint, exploit, group, guide, incident response, infrastructure, intelligence, mitigation, monitoring, network, programming, risk, sans, software, threat, tool, update, vulnerabilityF5 mitigations: IT and security leaders should make sure F5 servers, software, and clients have the latest patches. In addition, F5 has added automated hardening checks to the F5 iHealth Diagnostics Tool, and also suggests admins refer to its threat hunting guide to strengthen monitoring, and its best practices guides for hardening F5 systems.As a…
-
Source code and vulnerability info stolen from F5 Networks
Tags: access, apt, attack, automation, best-practice, breach, ceo, ciso, control, credentials, crowdstrike, cybercrime, data, data-breach, detection, edr, endpoint, exploit, group, guide, incident response, infrastructure, intelligence, mitigation, monitoring, network, programming, risk, sans, software, threat, tool, update, vulnerabilityF5 mitigations: IT and security leaders should make sure F5 servers, software, and clients have the latest patches. In addition, F5 has added automated hardening checks to the F5 iHealth Diagnostics Tool, and also suggests admins refer to its threat hunting guide to strengthen monitoring, and its best practices guides for hardening F5 systems.As a…
-
Sans 2025 SOC Survey – 42 Prozent der SOCs sind ohne Daten-Strategie
First seen on security-insider.de Jump to article: www.security-insider.de/effektive-strategien-fuer-verwaltung-analyse-von-soc-daten-fehlen-a-d543f6b159491ca9fed0c649ce401a45/
-
SANS veröffentlicht das Toolkit -Secure the Generations-
Tags: sansDas Toolkit enthält individuelle Informationsblätter, die auf Kinder, Jugendliche, die Generation X/Millennials und Senioren zugeschnitten sind, ein Cheatsheet-Poster und ein Quiz zum Thema digitale Sicherheit. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sans-veroeffentlicht-das-toolkit-secure-the-generations/a42242/
-
Hackers Actively Probe Palo Alto PAN-OS GlobalProtect Vulnerability for Exploitation
An uptick in internet-wide scanning activity indicates that threat actors are actively probing for systems vulnerable toCVE-2024-3400, a critical GlobalProtect flaw in Palo Alto Networks PAN-OS. Security researchers at SANS ISC observed a single source IP address 141.98.82.26, systematically targeting the GlobalProtect portal’s file-upload endpoint in an attempt to place and retrieve session files on…
-
Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI
Join Picus Security, SANS, Hacker Valley, and leading CISOs at The BAS Summit 2025 to learn how AI is redefining Breach and Attack Simulation (BAS) and why it’s becoming the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/30/webinar-picus-security-the-state-of-bas-2025/
-
Meet ShadowLeak: ‘Impossible to detect’ data theft using AI
Tags: ai, attack, business, ciso, cybersecurity, data, data-breach, email, exploit, gartner, governance, injection, LLM, malicious, RedTeam, resilience, risk, sans, service, sql, supply-chain, technology, theft, tool, update, vulnerabilityWhat CSOs should do: To blunt this kind of attack, he said CSOs should:treat AI agents as privileged actors: apply the same governance used for a human with internal resource access;separate ‘read’ from ‘act’ scopes and service accounts, and where possible sanitize inputs before LLM (large language model) ingestion. Strip/neutralize hidden HTML, flatten to safe…