F5 je vodilni ponudnik rešitev za upravljanje aplikacij in varnost, ki se osredotoča na optimizacijo delovanja in zaščito spletnih aplikacij, zlasti v okolju oblačnih storitev. S hitrim prehodom na oblak in naraščajočimi zahtevami po varnosti in dostopnosti je F5 razvil vrsto rešitev, ki omogočajo organizacijam, da učinkovito izkoristijo prednosti oblačnih tehnologij. V tem blogu bomo…
A Decade of NIST’s Cybersecurity Framework: Evolution and Impact It has been ten years since the inception of the National Institute of Standards and Technology’s (NIST) groundbreaking Cybersecurity Framework (CSF) 1.0. This framework was born out of a 2013 Executive Order which mandated NIST to craft a voluntary cybersecurity toolkit aimed at assisting organizations in…
Threat actors using Red Team tool for malicious purposes New research from Cisco Talos suggests that threat actors are utilizing a payload generation framework known as MacroPack for nefarious activities. Originally designed for red teaming exercises, MacroPack enables the creation of various file formats such as Office documents, Visual Basic scripts, and Windows shortcuts, commonly…
The Rise of KTLVdoor: A New Backdoor Targeting Chinese Trading Companies The cybersecurity landscape continues to evolve with new threats emerging regularly. One such threat is the Chinese-speaking threat actor, Earth Lusca, who has been identified using a new backdoor called KTLVdoor in a recent cyber attack against an undisclosed trading company in China. The…
Akter grožnje, “Voldemort”, je izvedel sofisticirano kampanjo, usmerjeno proti različnim organizacijam po vsem svetu, z uporabo nove verige napadov, v katero je vključil Google Sheets za poveljevanje in nadzor ter druge nenavadne taktike. “Voldemort” je bil prilagojen program za dostop v hrbtno dver napisan v C, z zmožnostmi za izčrpavanje podatkov in dostavo dodatnih vsebin,…
Cisco Addresses Critical Security Flaws in Smart Licensing Utility Cisco, a leading networking and IT company, recently addressed major security vulnerabilities in its Smart Licensing Utility. These critical flaws had the potential to be exploited by malicious actors to elevate their privileges or access sensitive information without authentication. Overview of Identified Vulnerabilities One of the…
North Korean Threat Actors Disguise Malware as Video Conferencing App In the fast-paced world of cybersecurity, staying ahead of threat actors is crucial. Recently, a concerning development emerged as North Korean threat actors utilized a deceptive tactic to breach developer systems. By disguising malware as a fake Windows video conferencing application, masquerading as the legitimate…
Google Addresses Critical Security Flaw in Android Operating System Google has taken a proactive approach to address a critical security flaw in its Android operating system by releasing its monthly security updates. The company identified a high-severity vulnerability, known as CVE-2024-32896 with a CVSS score of 7.8. This vulnerability involves privilege escalation within the Android…
The Revival Hijack Supply Chain Attack on PyPI Recently, a new supply chain attack technique named Revival Hijack has been making waves in the IT security realm. This attack targets the Python Package Index (PyPI) registry, a popular repository of Python packages used by developers worldwide. The goal of this attack is to compromise downstream…
Zyxel Addresses Critical Security Flaw in AP and Security Router Versions Zyxel, a prominent networking solutions provider, recently rolled out essential software updates to rectify a critical security flaw affecting specific access point (AP) and security router versions. This vulnerability has the potential to allow threat actors to execute unauthorized commands, highlighting the importance of…