LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers https://firewall.firm.in/wp-content/uploads/2025/01/exploit-poc.png Jan 03, 2025Ravie LakshmananWindows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by ...

What is pig butchering scam that is targeting users on whatsApp, facebook and other social media platforms – ET CISO https://etimg.etb2bimg.com/thumb/msid-116903031,imgsize-1296916,width-1200,height=765,overlay-etciso/cybercrime-fraud/what-is-pig-butchering-scam-that-is-targeting-users-on-whatsapp-facebook-and-other-social-media-platforms.jpg A new cyber fraud scheme, commonly referred to as the “pig butchering scam” or “investment scam,” is targeting vulnerable groups such as unemployed youths, housewives, students, and financially distressed individuals. According to the Union Home Ministry’s latest annual report, ...

New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60% https://firewall.firm.in/wp-content/uploads/2025/01/ai-jailbreak.png Jan 03, 2025Ravie LakshmananMachine Learning / Vulnerability Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model’s (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has ...

How new RTGS, NEFT verification facility would help prevent cyber frauds – ET CISO https://etimg.etb2bimg.com/thumb/msid-116903118,imgsize-2204011,width-1200,height=765,overlay-etciso/cybercrime-fraud/how-new-rtgs-neft-verification-facility-would-help-prevent-cyber-frauds.jpg The Reserve Bank of India (RBI) has introduced a new beneficiary bank account name look-up facility for the Real Time Gross Settlement (RTGS) and National Electronic Funds Transfer (NEFT) systems, aimed at enhancing the security and accuracy of digital transactions. This move is designed to ...

Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption https://firewall.firm.in/wp-content/uploads/2025/01/NET.png Jan 03, 2025Ravie LakshmananDevOps / Software Development Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. “We expect that most users will not be directly affected, however, ...

New national AI regulation in India: What can tech companies expect? – ET CISO https://etimg.etb2bimg.com/thumb/msid-116884639,imgsize-163218,width-1200,height=765,overlay-etciso/corporate/new-national-ai-regulation-in-india-what-can-tech-companies-expect.jpg It is estimated that by 2030, AI could contribute USD 15.7 trillion to the global economy. In India and other developing Asian countries, Africa, and Oceania, AI is expected to add as much as USD 1.2 trillion to the GDP of these nations. AI is ...

here are 20 passwords you should stop using right now, ET CISO With the dawn of a new year comes a fresh start for your online security. Cybersecurity experts warn against using weak passwords, as they leave you vulnerable to hackers. An annual report by NordPass highlighted the most commonly used passwords in India, revealing that several of them can ...

Chinese hack of US treasury breached sanctions office: Report – ET CISO https://etimg.etb2bimg.com/thumb/msid-116871307,imgsize-726250,width-1200,height=765,overlay-etciso/data-breaches/chinese-hack-of-us-treasury-breached-sanctions-office-report.jpg Chinese government hackers breached the U.S. Treasury office that administers economic sanctions, the Washington Post reported on Wednesday, identifying targets of a cyberattack Treasury disclosed earlier this week. Citing unnamed U.S. officials, the Washington Post said hackers compromised the Office of Foreign Assets Control and the Office ...

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them https://firewall.firm.in/wp-content/uploads/2025/01/cs.png Jan 02, 2025The Hacker NewsCloud Security / Threat Intelligence In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate ...

Kaspersky discovers new scam scheme targeting businesses on social media – ET CISO https://etimg.etb2bimg.com/thumb/msid-116786381,imgsize-10679,width-1200,height=765,overlay-etciso/corporate/kaspersky-discovers-new-scam-scheme-targeting-businesses-on-social-media.jpg Experts have uncovered a new phishing scam targeting businesses that promote their pages on Facebook. Scammers send emails allegedly on behalf of Meta for Business – Facebook’s platform for businesses – claiming the recipient’s page contains prohibited content. The email suggests users provide explanations in order ...