The Red Cross did not name the contractor, based in Switzerland, which it uses to store data nor say what led to the security incident, but said that the data comes from at least 60 Red Cross and Red Crescent national societies. In a statement, the international organization pleaded with the attackers not to publicly share or leak the information given the sensitivity of the data.
The European Parliament has definitively backed major limits on behavioral advertising during a plenary vote on amendments to the pan-EU Digital Services Act (DSA).
A cyberattack targeting a contractor working for the International Committee of the Red Cross has spilled confidential data on more than 515,000 “highly vulnerable” people, many of whom have been separated from their families due to conflict, migration and disaster.
An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory.
The new Global Research on Antimicrobial Resistance (Gram) report estimates deaths linked to 23 pathogens and 88 pathogen-drug combinations across 204 countries and territories in 2019. Statistical modeling was used to produce estimates of the impact of AMR in all locations — including those with no data — using more than 470m individual records obtained from systematic literature reviews, hospital systems, surveillance systems, and other data sources. The analysis shows AMR was directly responsible for an estimated 1.27 million deaths worldwide, and associated with an estimated 4.95 million deaths, in 2019. HIV/Aids and malaria have been estimated to have caused 860,000 and 640,000 deaths, respectively, in 2019. While AMR poses a threat to people of all ages, young children were found to be at particularly high risk, with one in five deaths attributable to AMR occurring in children under the age of five.
Hackable: 3, Vulnhub medium machine was created by Elias Sousa and can be downloaded here.This lab is designed for experienced CTF players who want to put their abilities to the test. We used the machine in the way that it was designed. Also, if you haven’t checked the machine or are having problems, you can attempt every approach you know. The key is port knocking, so let’s get started and discover how to split things down into digestible chunks.
- abusing http
- port knocking
- user flag
- root flag
To begin with, we must use the netdiscover command to scan the network for the IP address of the victim machine.
Our IP address is 192.168.1.185.
To move forward in this process, we are launching Nmap. For open port enumeration.
nmap -sC -sV 192.168.1.185
According to Nmap, we have an SSH server operating on port 22 and an HTTP service (Apache Server) running on port 80.
First, we’ll attempt to use HTTP. Let’s look at port 80 and see if anything interesting comes up. We can immediately verify it in the browser because the Apache Server is listening on port 80.
Nothing in-trusting on the main page. As a result, we examined its source code and discovered some information that will be valuable in this lab.
- We received a link to the login page.
- We chose the username “jubiscleudo.”
- We have gotten a hint that this lab requires port knocking.
To find out more about this laboratory. To uncover certain hidden directory paths, we execute a dirb directory scan.
XDR will amplify the need for MSSP security automation amid the race to respond across a larger attack surface, Cybereason explains.
The PAYG program also creates a competitive advantage for MSSP partners, including: Reduced barriers to entry for MSSPs looking to sell Cybereason …
At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since the beginning of 2019. Further analysis has shown that a single component within the inspected firmware’s image was modified by attackers in a way that allowed them to intercept the original execution flow of the machine’s boot sequence and introduce a sophisticated infection chain.
A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise (BEC) attacks targeting more than 50,000 victims in recent years.
“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” said Robert Mardini, director-general for the International Committee of the Red Cross. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data,” Mardini said. “The people affected include missing people and their families, unaccompanied or separated children, detainees and other people receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters or migration,” the organization said in an email.
Terra Quantum, a Zurich, Switzerland-based startup that aims to build a Quantum-as-a-Service platform (including, eventually, its own proprietary quantum hardware), today announced that it has raised a $60 million Series A round led by Lakestar, which also backed the company’s 2019 seed round. The additional investors in this round prefer to remain anonymous. According to Terra, they include two of the largest and globally renowned German family offices and one of the most influential cryptocurrency investors globally.
Advertorial I’ve seen it countless times. Another CISO walks into a board meeting and muddles through stats showing their compliance status. Great, you’re 75% compliant with ISO 27001, but what does this tell anyone about their level of risk?
For instance, if the algorithm predicted a person’s retina was a year older than their actual age, their risk of death from any cause in the next 11 years went up by 2 percent. At the same time, their risk of death from a cause other than cardiovascular disease or cancer went up by 3 percent. The findings are purely observational, which means we still don’t know what is driving this relationship at a biological level. Nevertheless, the results support growing evidence that the retina is highly sensitive to the damages of aging. Because this visible tissue hosts both blood vessels and nerves, it could tell us important information about an individual’s vascular and brain health.
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets.
The modern digital environment is more risky than ever before, and the incidence of cyberattacks only increased throughout the COVID-19 pandemic. In this day and age, even the most robust security systems may still be penetrated or breached by a sophisticated cyber-attack. This means companies can no longer afford to be complacent about security.
Ingalls MDR Redscan Cybereason Hunters.AI Clearnetwork Symantec CapGemini. CB ThreatSight … Financial Service Education and Public Sector
Trusted-Computing-Group-article-USCM-winter-2022-Issue The number of cyber-attacks attempting to compromise global industry supply chains are on the rise, and a new survey by BlueVoyant found that 97 percent of global firms have been impacted by a cybersecurity breach in their supply chain in the past 12 months. Not only that, but 95 percent of respondents said their … Continue reading “How to Reduce The Risk of Cyber-Attacks on Global Supply Chains”
Finding Log4j Instances in Runtime and Tracking Completed Remediation at a Fortune 100 Company
Time is a funny thing. It’s hard to believe that it’s already been just over a month since Log4Shell, a zero-day vulnerability in the Java logging tool Log4j, was publicly disclosed on December 9th, 2021. The following day, I was contacted by one of our customers, a Fortune 100 company, for assistance with finding and patching Log4j instances amongst the millions of assets they manage. At the onset of the crisis they estimated it would take 2-3 months just to discover instances of Log4j across their environment, and several more months to remediate instances that were vulnerable.
Previous statements from Marszalek and other communications from Crypto.com have been criticized for being vague and unclear. Official messaging from the company referred to a security “incident,” and an early Twitter post mentioned only that a small number of users were “reporting suspicious activity on their accounts.” Marszalek followed up by tweeting that “no customer funds were lost” — a statement some commentators interpreted as meaning that the exchange would take the financial hit rather than passing it on to customers. Shortly afterward, security company PeckShield posted a tweet claiming that, in reality, Crypto.com’s losses amounted to around $15 million in ETH and were being sent to Tornado Cash to be “washed.”