A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation https://firewall.firm.in/wp-content/uploads/2024/10/main.png Sherlock Holmes is famous for his incredible ability to sort through mounds of information; he removes the irrelevant and exposes the hidden truth. His philosophy is plain yet brilliant: “When you have eliminated the impossible, whatever remains, however improbable, must be the truth.” Rather than following every ...

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 – Oct 27) https://firewall.firm.in/wp-content/uploads/2024/10/recap.png Oct 28, 2024Ravie LakshmananCyber Security / Hacking News Cybersecurity news can sometimes feel like a never-ending horror movie, can’t it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, ...

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors https://firewall.firm.in/wp-content/uploads/2024/10/intel.png Oct 29, 2024Ravie LakshmananHardware Security / Vulnerability More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks. The attack, disclosed by ETH Zürich ...

Italian politicians express alarm at latest data breach allegedly affecting 800,000 citizens – ET CISO https://etimg.etb2bimg.com/thumb/msid-114715707,imgsize-112418,width-1200,height=765,overlay-etciso/data-breaches/italian-politicians-express-alarm-at-latest-data-breach-allegedly-affecting-800000-citizens.jpg Italian politicians called Monday for better protection of citizens’ online data following a probe into a hacking scheme that allegedly breached law enforcement, tax authority and other sensitive public data. According to prosecutors in Milan, the data of at least 800,000 Italians was compromised ...

U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing https://firewall.firm.in/wp-content/uploads/2024/10/white-house.png Oct 29, 2024Ravie LakshmananDigital Security / Data Privacy The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle the threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies. “The USG follows TLP markings ...

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services https://firewall.firm.in/wp-content/uploads/2024/10/machine.png Oct 28, 2024Ravie LakshmananCloud Security / Cyber Attack A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. “The CloudScout toolset is capable of retrieving ...

FIR filed over suspected data breach on Manav Sampada portal – ET CISO https://etimg.etb2bimg.com/thumb/msid-114611079,imgsize-75886,width-1200,height=765,overlay-etciso/data-breaches/fir-filed-over-suspected-data-breach-on-manav-sampada-portal.jpg Concerns have emerged over a potential security breach involving the Uttar Pradesh government’s Manav Sampada portal, leading to the filing of an FIR. The alert was raised by Rajeev Kumar Mishra, deputy registrar of the Institute of Engineering and Technology (IET), through an official email dated ...

Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite https://firewall.firm.in/wp-content/uploads/2024/10/wifi.png Oct 25, 2024Ravie LakshmananVulnerability / Wi-Fi Security A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found ...

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection https://firewall.firm.in/wp-content/uploads/2024/10/trojan.png New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. “Only part of this ...

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans https://firewall.firm.in/wp-content/uploads/2024/10/cisco.png Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. “The campaign involves modular infection chains that are either Maldoc or HTML-based infections and ...