security – OWASP Jakarta

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make Read more

By adminowasp, 7 months ago

News

FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance

FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. “IoT products can be susceptible to a range of security vulnerabilities,” the U.S. Federal Read more

By adminowasp, 7 months ago

News

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. “The Illumina iSeq 100 used a very outdated Read more

By adminowasp, 7 months ago

News

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May Read more

By adminowasp, 7 months ago

News

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate Read more

By adminowasp, 7 months ago

News

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: What Are Koobface Botnet Masters Leded (Ded Mazai) and Anton Nikolaevich Korotchenko (Антон Николаевич Коротченко) Koobface Botnet Master KrotReal Up To?

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: What Are Koobface Botnet Masters Leded (Ded Mazai) and Anton Nikolaevich Korotchenko (Антон Николаевич Коротченко) Koobface Botnet Master KrotReal Up To? Dear blog readers, In this post I’ll post some recent actionable intelligence on the Koobface botnet’s master Leded (Ded Read more

By adminowasp, 7 monthsJanuary 2, 2025 ago

News

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Exposing the Rogue Cyberheaven Compromised Chrome VPN Extensions Ecosystem

Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge: Exposing the Rogue Cyberheaven Compromised Chrome VPN Extensions Ecosystem Here we go. It appears that the individuals behind the successful compromise of the Cyberheaven VPN Chrome extensions are currently busy or at least have several other upcoming and in the Read more

By adminowasp, 7 monthsJanuary 1, 2025 ago

News

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. “Recent cybersecurity Read more

By adminowasp, 7 months ago

News

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. “Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks,” Morphisec Read more

By adminowasp, 7 months ago

News

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows – CVE-2024-11639 (CVSS Read more

By adminowasp, 8 months ago