Over Security

Over Security

33580 bookmarks
Custom sorting
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
CISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker's systems.
·bleepingcomputer.com·
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
Oltre la trasmissione sicura: acceleratori crittografici per proteggere i dati in uso
Oltre la trasmissione sicura: acceleratori crittografici per proteggere i dati in uso
Nei sistemi cyber-fisici e IoT la protezione del dato non può più fermarsi al canale o al repository: la vera frontiera è difenderlo anche mentre viene elaborato, su edge e cloud che non possono essere considerati affidabili per definizione, grazie agli acceleratori crittografici
·cybersecurity360.it·
Oltre la trasmissione sicura: acceleratori crittografici per proteggere i dati in uso
Critical Microsoft SharePoint flaw now exploited in attacks
Critical Microsoft SharePoint flaw now exploited in attacks
A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned.
·bleepingcomputer.com·
Critical Microsoft SharePoint flaw now exploited in attacks
New ‘Perseus’ Android malware checks user notes for secrets
New ‘Perseus’ Android malware checks user notes for secrets
A new Android malware called Perseus is checking user-curated notes to steal  sensitive information, like passwords, recovery phrases, or financial data.
·bleepingcomputer.com·
New ‘Perseus’ Android malware checks user notes for secrets
China Sits at the Top of America’s Cyber Threat List
China Sits at the Top of America’s Cyber Threat List
The IC's assessment reserves its sharpest language for China. Beijing is the most active and persistent cyber threat to U.S. government, private-sector, and
·thecyberexpress.com·
China Sits at the Top of America’s Cyber Threat List
Everyday tools, extraordinary crimes: the ransomware exfiltration playbook
Everyday tools, extraordinary crimes: the ransomware exfiltration playbook
Attackers use trusted tools for data theft, making traditional detection unreliable. The Exfiltration Framework enables defenders to spot exfiltration by focusing on behavioral signals across endpoints, networks, and cloud environments rather than static tool indicators.
·blog.talosintelligence.com·
Everyday tools, extraordinary crimes: the ransomware exfiltration playbook
LLM in guerra: il Pentagono aprirà alle aziende la possibilità di training AI con dati riservati
LLM in guerra: il Pentagono aprirà alle aziende la possibilità di training AI con dati riservati
I modelli di IA generativa utilizzati in ambienti riservati sono in grado di rispondere alle domande, ma al momento non imparano dai dati che analizzano. La situazione potrebbe cambiare presto. Ecco perché il Pentagono sta pianificando di consentire alle aziende specializzate in AI di addestrare i propri modelli utilizzando dati riservati
·cybersecurity360.it·
LLM in guerra: il Pentagono aprirà alle aziende la possibilità di training AI con dati riservati
DarkSword: exploit chain iOS tra zero-day, spyware e cybercrime finanziario
DarkSword: exploit chain iOS tra zero-day, spyware e cybercrime finanziario
Google Threat Intelligence Group, un’unità specializzata di Google Cloud dedicata alla cybersicurezza, ha appena rilasciato un blogpost quantomeno preoccupante. Il toolkit noto come DarkSword propone una catena di exploit completa capace di compromettere interamente dispositivi iOS sfruttando vulnerabilità multiple, inclusi zero-day, e viene sfruttata sia in operazioni di cyberspionaggio sia in attività criminali orientate al …
·securityinfo.it·
DarkSword: exploit chain iOS tra zero-day, spyware e cybercrime finanziario
Aura confirms data breach exposing 900,000 marketing contacts
Aura confirms data breach exposing 900,000 marketing contacts
Identity protection company Aura has confirmed that an authorized party gained access to nearly 900,000 customer records containing names and email addresses.
·bleepingcomputer.com·
Aura confirms data breach exposing 900,000 marketing contacts
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).
·bleepingcomputer.com·
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
ConnectWise patches new flaw allowing ScreenConnect hijacking
ConnectWise patches new flaw allowing ScreenConnect hijacking
ConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation.
·bleepingcomputer.com·
ConnectWise patches new flaw allowing ScreenConnect hijacking
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Ransomware gang exploits Cisco flaw in zero-day attacks since January
The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late January.
·bleepingcomputer.com·
Ransomware gang exploits Cisco flaw in zero-day attacks since January
Storm-2561 e il SEO poisoning: così con falsi client VPN rubano credenziali
Storm-2561 e il SEO poisoning: così con falsi client VPN rubano credenziali
È stata identificata una campagna malevola che, mediante la tecnica del SEO poisoning, mira a indirizzare le vittime verso siti controllati dagli attaccanti inducendole a scaricare finti client VPN che nascondono un infostealer progettato per sottrarre credenziali di accesso alle reti aziendali. Tutti i dettagli e come difendersi
·cybersecurity360.it·
Storm-2561 e il SEO poisoning: così con falsi client VPN rubano credenziali
Marquis: Ransomware gang stole data of 672K people in cyberattack
Marquis: Ransomware gang stole data of 672K people in cyberattack
Marquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States.
·bleepingcomputer.com·
Marquis: Ransomware gang stole data of 672K people in cyberattack
Apple corregge WebKit senza aggiornare iOS: debuttano i Background Security Improvements
Apple corregge WebKit senza aggiornare iOS: debuttano i Background Security Improvements
Usati per la prima volta i Background Security Improvements per correggere una vulnerabilità nel motore WebKit. Ecco cos’è e come funziona il nuovo meccanismo di aggiornamento silenzioso per la sicurezza e perché rivoluziona il patch management su iOS e macOS
·cybersecurity360.it·
Apple corregge WebKit senza aggiornare iOS: debuttano i Background Security Improvements
Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites
Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites
Shortly after our publication on the Coruna exploit kit, a collaborating researcher at Lookout flagged a suspicious-looking URL possibly related to the threat actor from Russia linked with Coruna.
Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites
·iverify.io·
Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites
New “Darksword” iOS exploit used in infostealer attack on iPhones
New “Darksword” iOS exploit used in infostealer attack on iPhones
A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app.
·bleepingcomputer.com·
New “Darksword” iOS exploit used in infostealer attack on iPhones
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
Refund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model.
·bleepingcomputer.com·
The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms