Recent Discovery of Malicious npm Packages Cybersecurity researchers have uncovered several suspicious packages in the npm registry aimed at harvesting Ethereum private keys and gaining unauthorized remote access to victims' machines. These malicious packages pose a significant risk to developers and users in the cryptocurrency space. Understanding how these threats manifest is crucial for protecting…
Bumblebee and Latrodectus Malware: New Phishing Campaigns Resurface Bumblebee and Latrodectus are two malware families that experienced setbacks following a major law enforcement operation known as Endgame. These malware loaders are notorious for stealing personal data and downloading additional payloads onto compromised systems. Recently, both have reappeared in new phishing campaigns, raising concerns among cybersecurity…
Napredno upravljanje omrežne prometnosti: tržno področje, ki bo vredno 4,3 milijarde dolarjev V današnjem svetu, kjer se digitalna infrastruktura nenehno širi in delo na daljavo postaja norma, predstavlja omrežno upravljanje ključno orodje za moderna podjetja. Omrežno upravljanje ne omogoča le spremljanja, temveč tudi analizo obsežne prometnosti. To prinaša tako priložnosti kot izzive, ki jih moramo…
VMware Releases Urgent Security Update for vCenter Server VMware has recently issued crucial software updates to address a significant security flaw in vCenter Server. This vulnerability, tracked as CVE-2024-38812, has a high CVSS score of 9.8, indicating its severe implications. It concerns a heap-overflow vulnerability in the implementation of the DCE/RPC protocol. This flaw is…
CISA Flags Critical Security Flaw in ScienceLogic SL1 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2024-9537, has a high severity score of 9.3 (CVSS v4), indicating that organizations need to address this issue…
V nedavnem kibernetskem napadu je skupina Kill Security napadla ugledno veterinarsko storitev AskVet, ki ima sedež v Združenih državah Amerike. To dejstvo je povzročilo veliko skrbi glede varnostnega incidenta in zaščite občutljivih podatkov v industriji veterinarskih storitev. Ekipa je na družbenih omrežjih delila informacije o uspešnem vdoru ter trdila, da so pridobili obsežno količino občutljivih…
The prolific Chinese nation-state actor known as APT41, also referred to as Brass Typhoon, Earth Baku, Wicked Panda, or Winnti, has made headlines once again. This sophisticated cyber group has been linked to a significant cyber attack focused on the gambling and gaming industry. Over a period of at least six months, APT41 stealthily gathered…
Your Quick Update on the Latest in Cybersecurity Cybersecurity is an ever-evolving field where threats constantly change, and it's vital for us to stay updated. Recently, hackers have been using new tricks to break into systems that we once thought were secure. These tactics resemble finding hidden doors in locked houses. Fortunately, security experts are…
Why Pentest Checklists Matter In today’s digital world, the attack surface of organizations is expanding rapidly. As attackers become more sophisticated, penetration testing checklists are more important than ever. They ensure comprehensive assessments of an organization's security, both internally and externally. By offering a structured approach, these checklists help testers systematically identify vulnerabilities and risks,…
### Uvod Za zaščito vašega poslovanja pred grožnjami je ključna izbira pravih rešitev za varnost omrežja. Ena od najpomembnejših področij je kar se tiče DNS (Domain Name System), DHCP (Dynamic Host Configuration Protocol) in upravljanja IP naslovov (IP Address Management – IPAM). Dva najbolj pomembna igralca v tej kategoriji sta Infoblox in EfficientIP. V tem…