FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ Security – Cisco Blog

AI Threat Intelligence Roundup: February 2025

By: Adam Swanda β€” February 25th 2025 at 13:00
AI threat research is a fundamental part of Cisco’s approach to AI security. Our roundups highlight new findings from both original and third-party sources.
☐ β˜† βœ‡ Security – Cisco Blog

AI Cyber Threat Intelligence Roundup: January 2025

By: Adam Swanda β€” February 1st 2025 at 13:00
AI threat research is a fundamental part of Cisco’s approach to AI security. Our roundups highlight new findings from both original and third-party sources.
☐ β˜† βœ‡ Security – Cisco Blog

The Countdown Has Begun: Getting Started on Your Post-Quantum Journey

By: Mike Luken β€” October 9th 2024 at 12:00
Using existing encryption and key management technologies, enterprises can realize quantum-safe encryption today without waiting for implementations.
☐ β˜† βœ‡ Security – Cisco Blog

Protect Against Adversary-in-the-Middle with Cisco’s User Protection Suite

By: Jennifer Golden β€” July 31st 2024 at 12:00
Learn about how the User Protection Suite uses secure protocols to stop Adversary-in-the-Middle (AiTM) attacks.
☐ β˜† βœ‡ Security – Cisco Blog

User Protection Suite Secures Against Talos Top Ransomware Attack Trends

By: Jennifer Golden β€” July 23rd 2024 at 12:00
Discover Talo’s first episode of Talos Threat Perspective and how Cisco’s User Protection Suite can provide a layered approach to security.
☐ β˜† βœ‡ The Hacker News

Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique

By: Newsroom β€” May 28th 2024 at 10:15
The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples have used a large number of known vulnerabilities to deliver samples," the QiAnXin XLab team 
☐ β˜† βœ‡ The Hacker News

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

By: Newsroom β€” May 23rd 2024 at 17:03
Ransomware attacks targeting VMware ESXi infrastructure follow an established pattern regardless of the file-encrypting malware deployed, new findings show. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,"
☐ β˜† βœ‡ The Hacker News

Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed

By: Newsroom β€” May 23rd 2024 at 11:14
Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor’s activity reveals long-term espionage operations against at least seven governmental entities," Palo Alto Networks
☐ β˜† βœ‡ The Hacker News

Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager

By: Newsroom β€” May 23rd 2024 at 09:21
Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to
☐ β˜† βœ‡ The Hacker News

NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning

By: Newsroom β€” May 21st 2024 at 07:13
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2023-43208 (CVSS score: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete
☐ β˜† βœ‡ The Hacker News

Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days

By: Newsroom β€” May 15th 2024 at 07:17
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity. This is in addition to 30 vulnerabilities&
☐ β˜† βœ‡ The Hacker News

6 Mistakes Organizations Make When Deploying Advanced Authentication

By: The Hacker News β€” May 14th 2024 at 10:51
Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data. When deploying
☐ β˜† βœ‡ The Hacker News

Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version

By: Newsroom β€” May 8th 2024 at 10:58
A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods of time," Zscaler ThreatLabz researcher Muhammed Irfan V A said in a technical report. "Hijack
☐ β˜† βœ‡ The Hacker News

New Case Study: The Malicious Comment

By: The Hacker News β€” May 7th 2024 at 10:42
How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study here.  When is a β€˜Thank you’ not a β€˜Thank you’? When it’s a sneaky bit of code that’s been hidden inside a β€˜Thank You’
☐ β˜† βœ‡ The Hacker News

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

By: Newsroom β€” May 3rd 2024 at 12:35
Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
☐ β˜† βœ‡ The Hacker News

New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials

By: Newsroom β€” May 2nd 2024 at 05:04
A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. "This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent
☐ β˜† βœ‡ The Hacker News

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

By: Newsroom β€” May 1st 2024 at 13:41
Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications. "Wpeeper is a typical backdoor Trojan for Android
☐ β˜† βœ‡ The Hacker News

ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan

By: Newsroom β€” May 1st 2024 at 10:27
The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed. "The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection," Zscaler ThreatLabz researcher Santiago
☐ β˜† βœ‡ The Hacker News

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

By: Newsroom β€” April 30th 2024 at 10:36
The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department of Homeland Security (DHS)&
☐ β˜† βœ‡ The Hacker News

New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

By: Newsroom β€” April 30th 2024 at 05:57
The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024. "The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to
☐ β˜† βœ‡ The Hacker News

North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

By: Newsroom β€” April 25th 2024 at 16:47
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT as part of attacks targeting specific individuals in the Asia region in summer 2023. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL
☐ β˜† βœ‡ The Hacker News

GenAI: A New Headache for SaaS Security Teams

By: The Hacker News β€” April 17th 2024 at 11:07
The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing,
☐ β˜† βœ‡ The Hacker News

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

By: Newsroom β€” April 15th 2024 at 09:04
Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. "The latest iteration of LightSpy, dubbed 'F_Warehouse,' boasts a modular framework with extensive spying features," the BlackBerry Threat Research and Intelligence Team said in a report published last
☐ β˜† βœ‡ The Hacker News

Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker

By: Newsroom β€” April 12th 2024 at 05:09
Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel. "
☐ β˜† βœ‡ The Hacker News

China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations

By: Newsroom β€” April 2nd 2024 at 11:00
A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today. "It has been observed to
☐ β˜† βœ‡ The Hacker News

Harnessing the Power of CTEM for Cloud Security

By: The Hacker News β€” April 2nd 2024 at 11:27
Cloud solutions are more mainstream – and therefore more exposed – than ever before. In 2023 alone, a staggering 82% of data breaches were against public, private, or hybrid cloud environments. What’s more, nearly 40% of breaches spanned multiple cloud environments. The average cost of a cloud breach was above the overall average, at $4.75 million. In a time where cloud has become the de facto
☐ β˜† βœ‡ The Hacker News

Detecting Windows-based Malware Through Better Visibility

By: The Hacker News β€” April 1st 2024 at 11:20
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren't just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national security at risk. But if that wasn’t enough – North Korea appears to be using revenue from cyber
☐ β˜† βœ‡ The Hacker News

The Golden Age of Automated Penetration Testing is Here

By: The Hacker News β€” March 29th 2024 at 11:19
Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to
☐ β˜† βœ‡ The Hacker News

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

By: Newsroom β€” March 28th 2024 at 17:02
A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET&nbsp
☐ β˜† βœ‡ The Hacker News

Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection

By: Newsroom β€” March 28th 2024 at 14:43
A sophisticated phishing-as-a-service (PhaaS) platform called Darcula has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale. "Using iMessage and RCS rather than SMS to send text messages has the side effect of bypassing SMS firewalls, which is being used to great
☐ β˜† βœ‡ Security – Cisco Blog

Cisco and Nvidia: Redefining Workload Security

By: Jana Radhakrishnan β€” March 20th 2024 at 12:00

There has been an exponential increase in breaches within enterprises despite the carefully constructed and controlled perimeters that exist around applications and data. Once an attacker can access… Read more on Cisco Blogs

☐ β˜† βœ‡ The Hacker News

Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT

By: Newsroom β€” March 11th 2024 at 05:59
A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. β€œThreat actor group Magnet Goblin’s hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, particularly targeting
☐ β˜† βœ‡ The Hacker News

Secrets Sensei: Conquering Secrets Management Challenges

By: The Hacker News β€” March 8th 2024 at 09:49
In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management β€” the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's dispense with the pleasantries; this isn't a simple 'set it and forget it' scenario. It's
☐ β˜† βœ‡ The Hacker News

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion

By: Newsroom β€” March 1st 2024 at 10:56
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said. BIFROSE is one of the long-standing
☐ β˜† βœ‡ The Hacker News

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

By: Newsroom β€” February 29th 2024 at 15:21
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML β€œenables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce,” Semperis
☐ β˜† βœ‡ KitPloit - PenTest Tools!

Associated-Threat-Analyzer - Detects Malicious IPv4 Addresses And Domain Names Associated With Your Web Application Using Local Malicious Domain And IPv4 Lists

By: Zion3R β€” September 3rd 2023 at 11:30


Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.


Installation

From Git

git clone https://github.com/OsmanKandemir/associated-threat-analyzer.git
cd associated-threat-analyzer && pip3 install -r requirements.txt
python3 analyzer.py -d target-web.com

From Dockerfile

You can run this application on a container after build a Dockerfile.

Warning : If you want to run a Docker container, associated threat analyzer recommends to use your malicious IPs and domains lists, because maintainer may not be update a default malicious IP and domain lists on docker image.
docker build -t osmankandemir/threatanalyzer .
docker run osmankandemir/threatanalyzer -d target-web.com

From DockerHub

docker pull osmankandemir/threatanalyzer
docker run osmankandemir/threatanalyzer -d target-web.com

Usage

-d DOMAIN , --domain DOMAIN Input Target. --domain target-web1.com
-t DOMAINSFILE, --DomainsFile Malicious Domains List to Compare. -t SampleMaliciousDomains.txt
-i IPSFILE, --IPsFile Malicious IPs List to Compare. -i SampleMaliciousIPs.txt
-o JSON, --json JSON  JSON output. --json

DONE

  • First-level depth scan your domain address.

TODO list

  • Third-level or the more depth static files scanning for target web application.
Other linked github project. You can take a look.
Finds related domains and IPv4 addresses to do threat intelligence after Indicator-Intelligence v1.1.1 collects static files

https://github.com/OsmanKandemir/indicator-intelligence

Default Malicious IPs and Domains Sources

https://github.com/stamparm/blackbook

https://github.com/stamparm/ipsum

Development and Contribution

See; CONTRIBUTING.md



❌