Why do hackers target service desks? It’s "quicker and easier" to manipulate a person than to carry out a technical breach. Via @BleepingComputer. #Cybersecurity #ServiceDesk #Hack #Technology #Tech https://flip.it/bVT08q
Recherches récentes
Options de recherche
#cybersecurity
262 messages126 participants30 messages aujourd’hui
May was packed with new updates at Tailscale! 
From usability enhancements to performance improvements, see what’s new in our latest product update.
Dive in now: https://tailscale.com/blog/may-25-product-update
Minutes from the CVE Board teleconference meeting on April 30 are now available
https://cve.mitre.org/community/board/meeting_summaries/30_April_2025.pdf
#CVE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA #Infosec #Cybersecurity
#Arla Foods confirms #cyberattack disrupts production, causes delays
Minutes from the CVE Board teleconference meeting on April 16 are now available
https://cve.mitre.org/community/board/meeting_summaries/16_April_2025.pdf
#CVE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA #Infosec #Cybersecurity
New Podcast Drop!
Episode 31 of What’s in the SOSS? features Clyde Seepersad from LF Education. Learn about the #Cybersecurity Skills Framework, why it matters, and how it helps secure every tech role — not just security teams. 
Vulnerability in ChatGPT allowed for malicious SVG that is sent to victims in chat shares
OpenAI had a stored cross-site scripting (XSS) vulnerability in ChatGPT (CVE-2025-43714) that allowed attackers to embed malicious SVG files containing executable JavaScript within shared conversations. This flaw enables phishing attacks and potentially harmful content delivery when chats are reopened (by sending the link to the chat to a victim).
**Be VERY VERY careful about clicking on links that lead to ChatGPT chats - especially from unknown sources or in unexpected messages. They may be embedding malicious XSS code. Also ALWAYS patch your web browser, and run script blockers like Ublock Origin and Privacy Badger.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerability-in-chatgpt-allowed-for-malicious-svg-injection-q-6-w-t-a/gD2P6Ple2L
BeyondMachinesVulnerability in ChatGPT allowed for malicious SVG that is sent to victims in chat sharesOpenAI had a stored cross-site scripting (XSS) vulnerability in ChatGPT (CVE-2025-43714) that allowed attackers to embed malicious SVG files containing executable JavaScript within shared conversations. This flaw enables phishing attacks and potentially harmful content delivery when chats are reopened (by sending the link to the chat to a victim).
New investigation out from our @DomainTools investigations team - our researchers identified over a hundred domains and Chrome browser extensions mimicking legitimate services, but also enabling malicious backend connections and code execution.
https://dti.domaintools.com/dual-function-malware-chrome-extensions/
#infosec #cybersecurity #threatintel
edit: ARGH WRONG LINK. coffee.
DomainTools Investigations | DTI · Hidden Threats of Dual-Function Malware Found in Chrome Extensions - DomainTools Investigations | DTIMalicious Chrome extensions mimic tools to steal data, inject code, and hijack sessions. Learn how to spot and avoid these evolving threats.
Bypass di Microsoft Defender mediante Defendnot: Analisi Tecnica e Strategie di Mitigazione
Link all'articolo : https://www.redhotcyber.com/post/bypass-di-microsoft-defender-mediante-defendnot-analisi-tecnica-e-strategie-di-mitigazione/
il blog della sicurezza informatica · Bypass di Microsoft Defender mediante Defendnot: Analisi Tecnica e Strategie di MitigazioneDefendnot: malware avanzato che disattiva Microsoft Defender usando solo funzioni legittime di Windows, eludendo EDR e senza privilegi elevati.
Thoughts on LEV…a new enhancement to KEV overall?
Microsoft prepara Windows agli attacchi quantistici. Il programma prende vita nelle build di test
Link all'articolo : https://www.redhotcyber.com/post/microsoft-prepara-windows-agli-attacchi-quantistici-il-programma-prende-vita-nelle-build-di-test/
il blog della sicurezza informatica · Microsoft prepara Windows agli attacchi quantistici. Il programma prende vita nelle build di testMicrosoft introduce la crittografia post-quantistica su Windows e Linux con ML-KEM e ML-DSA: protezione contro i futuri attacchi quantistici.
Singapore is looking to develop stronger cyber and digital links with Japan, as both countries mark 60 years of diplomatic relations in 2026, the city-state's envoy says. https://www.japantimes.co.jp/business/2025/05/20/tech/singapore-japan-digital-cyber/?utm_medium=Social&utm_source=mastodon #business #tech #singapore #singaporejapanrelations #cybersecurity #internet #computers #digitalization
The Japan Times · Singapore envoy eyes stronger cyber and digital links with Japan
Our Red Team found multiple ways to get around SharePoint’s “Restricted View” and exfiltrate data. Here's how...
Jack walks through Red Team methods using OCR and screenshots, Copilot, browser tricks, and HTML scraping to keep and collect data.
No matter the file type (TXT, PPTX, XLSX), there's a way...
Read here: https://www.pentestpartners.com/security-blog/bypassing-sharepoint-restricted-view-to-exfiltrate-data/
If you’re relying on “Restricted View” to protect sensitive data, it’s time to rethink.
#redteam #cybersecurity #infosec #sharepoint #microsoft365 #datasecurity #restrictedview #copilot
BYTE THE SILENCE – Episodio 4 in arrivo! Il #Cyberbullismo come non l’hai mai visto prima.
Acquista la versione cartacea ad alta qualità : https://www.redhotcyber.com/rhc/shopping/ Acquista la versione elettronica : https://academy.redhotcyber.com/collections?q=bettiPersonalizza i fumetti e diffondili nella tua azienda o presso i tuoi clienti : https://www.redhotcyber.com/post/formare-i-dipendenti-alla-cybersecurity-con-un-fumetto-ora-lo-puoi-fare-con-betti-rhc/ Sponsorizza la realizzazione di un fumetto della collana Betti-RHC : https://www.redhotcyber.com/post/sponsorizza-la-sicurezza-con-betti-rhc-scopri-come-far-brillare-la-tua-azienda/
The #NSA’s “Fifty Years of Mathematical #Cryptanalysis (1937–1987)”
Schneier on Security · The NSA's "Fifty Years of Mathematical Cryptanalysis (1937–1987)" - Schneier on SecurityIn response to a FOIA request, the NSA released “Fifty Years of Mathematical Cryptanalysis (1937-1987),” by Glenn F. Stahly, with a lot of redactions. Weirdly, this is the second time the NSA has declassified the document. John Young got a copy in 2019. This one has a few less redactions. And nothing that was provided in 2019 was redacted here. If you find anything interesting in the document, please tell us about it in the comments.
Falso Mito: Se uso una VPN, sono completamente al sicuro anche su reti WiFi Aperte e non sicure
Link all'articolo : https://www.redhotcyber.com/post/falso-mito-se-uso-una-vpn-sono-completamente-al-sicuro-anche-su-reti-wifi-aperte-e-non-sicure/
il blog della sicurezza informatica · Falso Mito: Se uso una VPN, sono completamente al sicuro anche su reti WiFi Aperte e non sicureLa VPN è solo l'inizio. Scopri come adottare una postura di sicurezza proattiva con strategie efficaci che analizzeremo nei prossimi articoli.