Tehnika “Revival Hijack” izkorišča ranljivost v procesu odstranjevanja paketov na PyPI Tehnika “Revival Hijack” je nedavno postala aktualna, ker izkorišča ranljivost v procesu odstranjevanja paketov na platformi Python Package Index (PyPI). Ko je priljubljen paket na PyPI odstranjen, njegovo ime takoj postane na voljo za registracijo drugim uporabnikom. Zlonamerni akterji lahko izkoristijo to stanje s…
Novel Side-Channel Attack Exploits Radio Signals from RAM for Data Exfiltration A groundbreaking side-channel attack, dubbed RAMBO by Dr. Mordechai Guri from Ben Gurion University, has surfaced as a potential threat to air-gapped networks. This sophisticated technique capitalizes on radio signals emitted by a device’s RAM as a means for exfiltrating data surreptitiously. Dr. Guri,…
Chinese APT Group Exploits Visual Studio Code for Espionage The notorious China-linked advanced persistent threat (APT) group, Mustang Panda, has been spotted utilizing Visual Studio Code software to carry out espionage activities against government entities across Southeast Asia. This marks a concerning development in the realm of cyber threats, showcasing the group’s evolving tactics. Utilizing…
The Colombian Insurance Sector Under Attack by Blind Eagle Threat Actor The Colombian insurance sector finds itself on the receiving end of a cyber threat orchestrated by a group known as Blind Eagle. This malevolent group has been active since June 2024, with their latest scheme involving the distribution of a modified version of the…
The Illusion of Security in the Age of Proliferating Cybersecurity Tools In today’s digital world, organizations are constantly bombarded with a plethora of cybersecurity tools promising to protect them from cyber threats. However, the sheer number of tools available has created an illusion of security. Many organizations believe that by simply deploying an array of…
The Rise of GenAI: A Double-Edged Sword The integration of General Artificial Intelligence (GenAI) tools into various aspects of business operations has become a common practice in today’s digital landscape. These tools offer significant boosts to productivity and innovation by enabling developers to write code efficiently, allowing finance teams to analyze reports swiftly, and empowering…
Progress Software Addresses Critical Security Vulnerability in LoadMaster and Multi-Tenant Hypervisor Progress Software recently announced the release of security updates to address a severe flaw that impacts LoadMaster and Multi-Tenant (MT) hypervisor systems. The vulnerability, identified as CVE-2024-7591 and carrying a critical CVSS score of 10.0, has been classified as an improper input validation issue…
Introducing SaaS Pulse: Free Continuous SaaS Risk Management Continuous Oversight with Wing Security’s SaaS Pulse In the world of IT security, staying ahead of potential threats and vulnerabilities is crucial. Just like how waiting for a medical issue to become critical before seeing a doctor can have serious consequences, organizations can’t afford to overlook the…
Uvod v Transparentno Šifriranje Podatkov (TDE) Transparentno šifriranje podatkov (TDE) je funkcionalnost, ki omogoča šifriranje občutljivih podatkov, shranjenih v Oracle podatkovnih bazah. TDE šifrira podatke, preden so zapisani na shranjevanje, in jih samodejno dešifrira, ko so zahtevani. Ta proces zagotavlja, da so podatki zaščiteni pred nepooblaščenim dostopom, tudi če so datoteke podatkov ukradene ali dostopne…
Beware Android Users in South Korea: SpyAgent Malware Campaign Targeting Mnemonic Keys Amidst the hustle and bustle of technological advancements, Android device users in South Korea are finding themselves embroiled in a malicious mobile malware campaign. This devious scheme, coined SpyAgent, poses a new and sophisticated threat to unsuspecting users in the region. According to…