Lenny Zeltser

JANUARY 6, 2021

As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started. Review and Learn From Others’ Analysis and Findings. This is one way for you to generate a learning plan. The following resources can help you move forward.

Malware 145

Malware Software Engineering Information Security 145

eSecurity Planet

MARCH 11, 2024

JetBrains released a detailed blog post explaining the specific timeline of discovering the vulnerabilities, the conflict with Rapid7, and JetBrains’ stance on releasing vulnerability information. We’ve seen multiple over the last couple of months, but these are new and not to be confused with CVEs from 2023. LTS) 8.5.5 (LTS)

Authentication 102

Authentication Software VPN Security Defenses 102

Kali Linux

OCTOBER 23, 2022

The following blog post was written by a moderator on the Kali Linux & Friends Discord server, Tristram. A massive thank you to Tristram for writing this blog post and to all of the participants! This past summer we held our first community event on the Kali Linux & Friends Discord.

Penetration Testing 52

Penetration Testing Software Engineering Malware 52

Security Affairs

MAY 4, 2023

The PoC exploit devised by VulnCheck set the auth program to “/usr/sbin/python3” on Linux and “C:WindowsSystem32ftp.exe” on Windows. “Attackers learn from defenders’ public detections, so it’s the defenders’ responsibility to produce robust detections that aren’t easily bypassed.”

Education 92

Education Malware Software Cybersecurity 92

Krebs on Security

NOVEMBER 17, 2022

In a blog post published today to coincide with a Black Hat Dubai talk on their discoveries, James and co-author Joel Lathrop said they were motivated to crack Zeppelin after the ransomware gang started attacking nonprofit and charity organizations. All told, it took his employer two months to fully recover from the attack.

Ransomware 313

Ransomware Encryption Backups Manufacturing 313

Malwarebytes

MARCH 29, 2023

The 3CX Desktop App is a Voice over Internet Protocol (VoIP) type of application which is available for Windows, macOS, Linux and mobile. We will keep you updated here, but as a user you might want to keep an eye on 3CX’s blog and forums to learn about new developments, and when an update is available. TRY NOW

Malware 78

Malware Mobile Encryption Internet 78

Cisco Security

DECEMBER 20, 2021

This blog provides an overview of how Cisco Secure Endpoint helps protect your environment from attackers exploiting this vulnerability. It blocks threats that try to exploit the Log4j vulnerability with multifaceted prevention techniques, including machine learning and behavioral protection. What You Need to Know About Log4j.

Software 85

Software Risk Cybersecurity 85

Security Affairs

JULY 3, 2022

It’s a gift for us security defenders to learn as much as we can and take actions to ensure that that vector can’t be used again. Google Project Zero states that in H1 2022 at least half of zero-day issues exploited in attacks were related to not properly fixed old flaws. ” continues Stone.

Hacking 98

Hacking Information Security 98

Security Boulevard

MARCH 7, 2022

The root is the superuser account in Unix and Linux based systems. SSH machine identities are used in every data center in the world, half of the world’s web servers, and practically every Mac, Unix or Linux computer—whether on-premises or in the cloud. How to Control Root-Level SSH Access. brooke.crothers. Mon, 03/07/2022 - 16:34.

Passwords 119

Passwords Accountability Risk Authentication 119

Malwarebytes

SEPTEMBER 5, 2023

In this blog post, we will provide details on one campaign targeting TradingView, a popular platform and app to track financial markets. com) looks quite authentic and shows three download buttons: one each for Windows, Mac and Linux. Want to learn more about how we can help protect your business? Get a free trial below.

Phishing 81

Phishing Malware Advertising Marketing 81

Security Affairs

JUNE 8, 2020

The toolkits released by IBM are already available for macOS and iOS, the IT company plan to release also Android and Linux versions. ” reads a blog post published by IBM. The FHE toolkits are been released on GitHub for macOS and iOS.

Encryption 101

Encryption Advertising Data privacy Healthcare 101

Anton on Security

JUNE 2, 2023

Have we truly fixed Linux and Windows server misconfiguration? Ultimately, if you had several years to learn how to secure a particular cloud service (even a complex one like say BigQuery or, I dunno, Azure Cosmos DB), the outcome would likely be achieved. Related blogs: “Use Cloud Securely? No, we have not.

Cloud Migration 113

Cloud Migration Data breaches Social Engineering CISO 113

Lenny Zeltser

JULY 22, 2020

This Linux distribution for malware analysis includes hundreds of new and classic tools for examining executables, documents, scripts, and other forms of malicious code. Browse the expanded, categorized listing of the tools to get a sense for what you can do with REMnux and learn about the tools’ authors.

Architecture 145

Architecture Malware Software Technology 145

Kali Linux

DECEMBER 5, 2022

Today we are publishing Kali Linux 2022.4. Should you want the default toolset ( kali-linux-default ) or any other combination of metapackages , it should be like any other Kali platform. Instead, we automatically post blog posts thus these accounts are mostly unmonitored! A summary of the changelog since August’s 2022.3

Firmware 52

Firmware Wireless Mobile Media 52

Security Affairs

APRIL 1, 2019

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. 2014), as described on the MMD blog when MMD detected 5 variants active under almost 15 panels scattered in China network. On the MMD blog.

DDOS 84

DDOS Malware Encryption Penetration Testing 84

Security Boulevard

JUNE 14, 2022

Linux Foundation Launches sigstore to Combat Open-Source Supply Chain Attacks. Download the White Paper to Learn More! And, unfortunately, these risks are unlikely to change in the near term because most organizations are just beginning to understand these risks,” Bocek adds. Related Posts. Ask the Experts]. Shelley Boose. UTM Medium.

Cybersecurity 98

Cybersecurity InfoSec Risk Encryption 98

The Last Watchdog

JUNE 7, 2022

A new mobile app, for instance, requires as many lines of code as a 15-year old Linux kernel. The fact of the matter is that people have learned to partially computerize this job, inlining automatic checks into computer programs to detect errors and typos. At the same time, nowadays developers seldom write code from scratch.

Software 233

Software Mobile Accountability Risk 233

Thales Cloud Protection & Licensing

SEPTEMBER 4, 2019

While far and wide claims around AI and machine learning remain a mainstay, there was less emphasis on these technologies then in years past which was great to see. There were some interesting sessions and conversations on APIs, bug bounty programs, deep-learning and behavioral analysis.

IoT 104

IoT Hacking Wireless Risk 104

McAfee

DECEMBER 18, 2019

Under this new partnership, McAfee will tightly integrate its endpoint security solutions for Linux and Windows workloads, as well as its MVISION Cloud for Container Security, on Google Cloud infrastructure. Today, many enterprise customers leverage virtual machines (VMs) running in the cloud to handle key Linux and Windows workloads.

Technology 52

Technology Government 52

Kali Linux

MARCH 12, 2023

Stay tuned for a blog post coming out for more information! Remember what we did a decade ago with Kali Linux? No expensive licenses required, no need for commercial grade infrastructure, no writing code or compiling tools to make it all work… Just download Kali Linux and do your thing. Edit: Its out ! KDE Plasma 5.27

Firmware 52

Firmware Architecture Engineering Technology 52

Kali Linux

AUGUST 8, 2022

In light of “Hacker Summer Camp 2022” (BlackHat USA, BSides LV, and DEFCON) occurring right now, we wanted to push out Kali Linux 2022.3 With the publishing of this blog post, we have the download links ready for immediate access , or you can update any existing installation. as a nice surprise for everyone to enjoy!

Architecture 52

Architecture Education Media Passwords 52

Kali Linux

FEBRUARY 13, 2022

Today we are pushing out the first Kali Linux release of the new year with Kali Linux 2022.1 , and just in time for Valentine’s Day! This release brings various visual updates and tweaks to existing features, and is ready to be downloaded or upgraded if you have an existing Kali Linux installation. Edit: Now out !

DNS 52

DNS Architecture Media Encryption 52

eSecurity Planet

DECEMBER 15, 2021

In addition, Hafnium “has been observed utilizing the vulnerability to attack virtualization infrastructure to extend their typical targeting,” the researchers wrote in the blog post. “In Bitdefender researchers wrote in a blog post that early exploit attempts have involved cryptojacking and botnets, such as the Muhstik botnet.

Ransomware 123

Ransomware Software DNS Internet 123

Google Security

FEBRUARY 21, 2023

For the purposes of this blog, we refer to the software that runs on all these other processors as “Firmware”. Building on top of these successes and lessons learned, we’re applying the same principles to hardening the security of firmware that runs outside of Android per se, directly on the bare-metal hardware.

Firmware 97

Firmware Software Authentication Technology 97

Security Boulevard

AUGUST 3, 2021

Maybe a year of working remotely has given you pause to think about your career goals and take some time to learn new skills. While certifications are not mandatory for most positions, they are a good indicator of your dedication to continuous learning and help prove your skills. Offensive Security OSCP.

Penetration Testing 98

Penetration Testing Education Government Information Security 98

ForAllSecure

SEPTEMBER 4, 2020

The researchers at VDA Labs said in a blog post “a bad actor could use this bug to develop an exploit, which could result in something like the compromise of a workstation running MP3Gain.” In this blog, we will cover: 1) VDA Labs. Mayhem has a CLI available to download and that was used on a local Linux host.

IoT 52

IoT Technology 52

Malwarebytes

APRIL 17, 2023

Indicators in the malware's code suggest it's Linux-based but compiled for macOS with basic configuration settings included. Want to learn more about how we can help protect your business? Wardle further confirmed this theory, stating the malware is far from complete. Get a free trial below.

Ransomware 87

Ransomware Backups Malware Encryption 87

SecureList

DECEMBER 13, 2023

To learn more about our crimeware reporting service, you can contact us at crimewareintel@kaspersky.com. C2 address Akira Akira is a relatively new ransomware variant, first detected in this past April and written in C++, that can run in Windows and Linux environments. AMOS Stealers are growing in popularity.

Ransomware 89

Ransomware Passwords Malware Encryption 89

Kali Linux

APRIL 24, 2017

We’re happy to announce the availability of the Kali Linux 2017.1 These drivers are not part of the standard Linux kernel, and have been modified to allow for injection. For more information about this new feature, check out the related blog post and updated official documentation. Finally, it’s here!

Wireless 52

Wireless Penetration Testing Passwords 52

Security Boulevard

JUNE 2, 2023

Have we truly fixed Linux and Windows server misconfiguration? Ultimately, if you had several years to learn how to secure a particular cloud service (even a complex one like say BigQuery or, I dunno, Azure Cosmos DB), the outcome would likely be achieved. Related blogs: “Use Cloud Securely? No, we have not.

Cloud Migration 64

Cloud Migration Data breaches Social Engineering CISO 64

Thales Cloud Protection & Licensing

APRIL 16, 2018

We’ve also made significant updates to other products in our portfolio including VTE supporting Microsoft Azure Files, and Amazon Linux. Vormetric Cloud Encryption Gateway (VCEG) now supports Google Cloud Storage, and Vormetric Application Encryption now offers RESTful API support (more on that in my colleague Eric Wolff’s Wednesday blog).

Encryption 91

Encryption Big data Backups Threat Reports 91

Security Boulevard

SEPTEMBER 1, 2021

They ran CPG-assisted SAST tests on a well-known open-source project, the Linux kernel. It can quickly discover new vulnerabilities but also helps developers learn how to write more secure code by highlighting where mistakes were made. For example, the Linux kernel is worked on by over one thousand developers every year.

Software 59

Software Cyber Attacks Cybersecurity Marketing 59

ForAllSecure

SEPTEMBER 3, 2020

The researchers at VDA Labs said in a blog post “a bad actor could use this bug to develop an exploit, which could result in something like the compromise of a workstation running MP3Gain.” In this blog, we will cover: 1) VDA Labs. Mayhem has a CLI available to download and that was used on a local Linux host.

IoT 52

IoT 52

ForAllSecure

SEPTEMBER 3, 2020

The researchers at VDA Labs said in a blog post “a bad actor could use this bug to develop an exploit, which could result in something like the compromise of a workstation running MP3Gain.” In this blog, we will cover: 1) VDA Labs. Mayhem has a CLI available to download and that was used on a local Linux host.

IoT 52

IoT 52

Duo's Security Blog

JANUARY 12, 2023

In her blog , Shilpa Viswambharan discusses how a manual integration feature based on the Device Health app enables IT administrators to manage macOS, Windows and Linux endpoints that are not enrolled in a management system by adding them to their list of trusted devices. Organizations can use the DHA to extend trust to them as well.

Software 53

Software Data breaches Mobile Authentication 53

McAfee

OCTOBER 4, 2021

When I was introduced to Linux, I immediately fell in love with it, and this increased my curiosity. I started to learn more about how the Internet worked and one thing led to the other. Yes, I’m working on making sure my kids learn to eat a wide variety of healthy and fresh food, instead of processed and refined stuff.

InfoSec 83

InfoSec System Administration Cybersecurity Engineering 83

Security Boulevard

MARCH 15, 2022

In the case of Nvidia , the gang stole and leaked the credentials of more than 71,000 Nvidia employees, source code of Nvidia’s DLSS (Deep Learning Super Sampling) AI rendering technology and information about six supposed unannounced GPUs. The group is also asking Nvidia to open source its GPU drivers for macOS, Windows, and Linux devices.

Ransomware 128

Ransomware Telecommunications Firmware Media 128