Browsing category
In the evolving landscape of container orchestration, Kubernetes has emerged as the de facto standard due to its flexibility, scalability, and robust community support. However, as with any complex system, securing a Kubernetes environment presents unique challenges. Containers, by their very nature, are transient and multi-faceted, making traditional security methods less effective. This is where […]
In a significant development that could reshape the cybersecurity landscape of industrial control systems (ICS), a team of researchers from the Georgia Institute of Technology has unveiled a novel form of malware targeting Programmable Logic Controllers (PLCs). The study, led by Ryan Pickren, Tohid Shekari, Saman Zonouz, and Raheem Beyah, presents a comprehensive analysis of […]
In the interconnected world of modern software development, Application Programming Interfaces (APIs) play a pivotal role in enabling systems to communicate and exchange data. As the linchpins that allow diverse applications to work together, APIs have become indispensable to offering rich, feature-complete software experiences. However, this critical position within technology ecosystems also makes APIs prime […]
In the rapidly evolving landscape of artificial intelligence, generative AI systems have become a cornerstone of innovation, driving advancements in fields ranging from language processing to creative content generation. However, a recent report by the National Institute of Standards and Technology (NIST) sheds light on the increasing vulnerability of these systems to a range of […]
CVE-2023-35628 is a critical remote code execution (RCE) vulnerability affecting the Microsoft Windows MSHTML platform, with a Common Vulnerability Scoring System (CVSS) score of 8.1, indicating a high level of risk. This flaw is particularly concerning because it can be exploited without any interaction from the user. The vulnerability can be triggered when Microsoft Outlook […]
In the ever-evolving landscape of cybersecurity, researchers are continually uncovering new methods that challenge existing defense mechanisms. A recent study by SafeBreach, a leader in cybersecurity research, has brought to light a novel process injection technique that exploits Windows thread pools, revealing vulnerabilities in current Endpoint Detection and Response (EDR) solutions. This groundbreaking research not […]
Kubernetes has become the de facto orchestration platform for managing containerized applications, but with its widespread adoption, the security of Kubernetes clusters has come under greater scrutiny. Central to Kubernetes’ architecture is etcd, a highly-available key-value store used to persist the cluster’s state and its configuration details. While etcd is essential for the Kubernetes cluster’s […]
The Common Vulnerability Scoring System (CVSS) has been updated to version 4.0, which has been formally announced by the Forum of Incident Response and Security Teams (FIRST). This update comes eight years after the debut of CVSS v3.0, the previous version of the system. At its 35th annual conference, which took place in June in […]
Mobile network data might be one of our most recent and thorough dossiers. Our mobile phones are linked to these networks and expose our demographics, social circles, purchasing habits, sleeping patterns, where we live and work, and travel history. Technical weaknesses in mobile communications networks threaten this aggregate data. Such vulnerabilities may reveal private information […]
TeamsPhisher is a Python3 software that was designed to make it easier for phishing messages and attachments to be sent to users of Microsoft Teams whose companies or organizations permit connection with outside parties. It is not feasible to transfer files to users of Teams who are not part of one’s company in most circumstances. […]
Objective In the last chapter we saw on how to add resource to a VNet now in this chapter we will see how we will enable connectivity between two virtual networks. As we know that each virtual network is an isolated environment and for 2 resources in different two virtual network to talk to each […]
Overview In the last chapter (Azure cloud security tutorial series – Chapter 2 [Virtual Network]) we saw on how to create VNet in Azure. Once you have VNet created its time to add resources to it. It like once you have your virtual network created you will add computers, servers and other types of devices […]
Basic Overview Network is combination of many different systems connected together. In the Azure cloud security tutorial series – Chapter 1 [Azure Account] we talked about virtual network is a private space in a network where you can play around within systems in that virtual network. It’s a more secure way of putting your own […]
Basic Overview Azure is the mostly used cloud in IT organizations. Before cloud came into existence many companies or organizations were using Microsoft products in their organization like Windows OS, MS Office and even Microsoft server OS on their servers for running internal authentication server called AD and others. So it is easy for all […]
Mobile patterns are the used by everyone to unlock their mobile phones. Everyone loves to mobile patterns over the pass code or password. One of the most important factor is its ease to unlock the mobile phone. The more stylize your pattern is, more you look cool while unlocking mobile phone. Even this also prevent […]
ChatGPT and its AI cousins have undergone extensive testing and modifications to ensure that they cannot be coerced into spitting out offensive material like hate speech, private information, or directions for making an IED. However, scientists at Carnegie Mellon University recently demonstrated how to bypass all of these safeguards in several well-known chatbots at once […]
This cybersecurity information sheet (CSI) is being released by the National Security Agency (NSA) in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA). The purpose of this document is to provide recommendations and best practices for improving defenses in cloud implementations of development, security, and operations (DevSecOps). This CSI explains how to integrate security […]
Mockingjay is the name of an innovative process injection approach that has the potential to enable threat actors to avoid being detected by EDR (Endpoint Detection and Response). Process injection is a well-known method that malicious software and attackers use to introduce and execute code into the memory area of a process. This may be […]
Researchers from Tsinghua University and George Mason University have discovered a significant weakness in the NPU chipset. By exploiting this flaw, attackers are able to eavesdrop on data being broadcast across 89% of real-world Wi-Fi networks. Hardware acceleration, such as the use of NPU chipsets in Wi-Fi networks, increases the data transmission rate and decreases […]
Researchers from Tencent Labs and Zhejiang University have collaborated to develop a new technique known as “BrutePrint,” which enables the forcible extraction of fingerprints from modern smartphones. This technique was recently shown to the public. This approach sidesteps user authentication, therefore providing unauthorized access and complete control over the device that is the focus of […]
The most important routing protocol for the internet is called BGP. It makes it possible for autonomous systems (ASes), which are groups of IP addresses that are leased to an organization for a certain period of time by a registrar, to share routing and reachability information with one another. When BGP stops working, an autonomous […]