China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games https://www.securityweek.com/china-pursuing-3-alleged-us-operatives-over-cyberattacks-during-asian-games/ #cybersecurity #infosec
Recent searches
Search options
#cybersecurity
572 posts291 participants45 posts today
We’ve all made some embarrassing tech flubs, but a recent spate of questionable decisions, including U.S. Secretary of Defense Pete Hegseth’s sharing of top-secret military plans, facilitates this observation: Government officials are kinda bad at tech. @Techcrunch has more on these cautionary tales and how to avoid some of them:
TechCrunch · Government officials are kind of bad at the internet | TechCrunchPerhaps no one in the world has made such catastrophic tech flubs this year as U.S. Secretary of Defense Pete Hegseth. The saga started when the
Planet Technology Industrial Switch Flaws Risk Full Takeover – Patch Now https://hackread.com/planet-technology-industrial-switch-flaws-full-takeover/ #IndustrialSwitch #PlanetTechnology #Cybersecurity #Vulnerability #Technology #Security
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · Planet Technology Industrial Switch Flaws Risk Full Takeover - Patch NowFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
RightToPrivacy & Tech Tips Cryptowars Update: "Ghost Participant" Encryption Backdoors & More
#cryptowars #encryption #e2ee #backdoors #communication #security #infosec #cybersecurity #policing #Europe #Florida
@QuickMuffin8782 and I decided to make a #GitHub organisation for preserving #Malware and other #Software of sorts. It's quite lackluster at the moment, but will be expanded with time.
I'd advise you check it out:
https://github.com/MalwareDatabaseHub
Please #Boost for visibility, we could use the support!
#Microsoft rolls #Windows #Recall out to the public nearly a year after announcing it
Ars Technica · Microsoft rolls Windows Recall out to the public nearly a year after announcing it
Bluestone Bank reports that data of 7K individuals was leaked due to administrative error
Bluestone Bank in Massachusetts experienced a data leak on February 28, 2025, where an "administrative error" led to sensitive personal information of 7,605 customers being inadvertently emailed to another customer. The bank claims the email has been removed and is offering affected customers identity monitoring services.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/bluestone-bank-reports-that-data-of-7k-individuals-was-leaked-due-to-administrative-error-g-y-x-v-m/gD2P6Ple2L
BeyondMachinesBluestone Bank reports that data of 7K individuals was leaked due to administrative errorBluestone Bank in Massachusetts experienced a data leak on February 28, 2025, where an "administrative error" led to sensitive personal information of 7,605 customers being inadvertently emailed to another customer. The bank claims the email has been removed and is offering affected customers identity monitoring services.
Ever wonder what happens if US border agents copy data from your phone during an "advanced search"? That info can be stored for *15 years* in a database searchable by thousands of CBP employees without needing a separate warrant. Wild, right? #Privacy #Cybersecurity
https://www.washingtonpost.com/technology/2025/03/27/cbp-cell-phones-devices-traveling-us/
Marks & Spencer pauses online orders after cyberattack
Taiwan’s Whole-of-Society Defence Resilience Model and Beijing’s Grey Zone Aggression https://www.internationalaffairs.org.au/australianoutlook/taiwans-whole-of-society-defence-resilience-model-and-beijings-grey-zone-aggression/ #cybersecurity #infosec
www.internationalaffairs.org.auTaiwan’s Whole-of-Society Defence Resilience Model and Beijing’s Grey Zone Aggression - Australian Institute of International Affairs
Mobile provider #MTN says cyberattack compromised customer data
Via #LLRX @psuPete Recommends Weekly highlights on cyber security issues, 4/26/25 Four highlights from this week: How to prevent your streaming device from tracking your viewing habits (and why it makes a difference); Your private health data may have fueled Google’s ads; Businesses Failing to Prevent Cyber Attacks, Says Report; & How to block Meta AI from using your #Instagram or Facebook posts for training. #cybersecurity #privacy #streaming #Meta #AI #Facebook #google https://www.llrx.com/2025/04/pete-recommends-weekly-highlights-on-cyber-security-issues-april-26-2025/
SAP NetWeaver Zero-Day Under Active Exploitation — Patch Immediately
SAP has released an out-of-band emergency update to fix a critical zero-day vulnerability (CVE-2025-31324) in NetWeaver Visual Composer — and it’s already being exploited in the wild.
The flaw (CVSS 10.0) allows unauthenticated remote attackers to upload malicious files and gain full remote code execution — no login required.
Here’s what’s happening:
- Threat actors are abusing the `/developmentserver/metadatauploader` endpoint
- They're dropping JSP web shells and executing commands directly from browsers
- Post-exploitation activity includes tools like Brute Ratel and MSBuild injection for stealth
- Even fully patched systems were compromised — confirming this was a true zero-day
Both ReliaQuest and watchTowr have confirmed active exploitation, with attackers already moving to establish persistence and lateral movement.
Who’s affected:
- SAP NetWeaver Visual Composer 7.50 environments
- Systems exposed to the internet, especially if Visual Composer is enabled
What you need to do:
- Apply the emergency patch from SAP (released after the April 8 update)
- If you can’t patch immediately:
- Restrict access to the vulnerable endpoint
- Disable Visual Composer if unused
- Forward logs to SIEM and scan for unauthorized servlet uploads
Also included in the emergency update:
- CVE-2025-27429 — Code injection in SAP S/4HANA
- CVE-2025-31330 — Code injection in SAP Landscape Transformation
In a world where zero-days are increasingly exploited within hours of discovery, patching isn’t optional — it’s urgent.
SpyCloud, from yesterday: NIST’s Latest Password Update — The Best Practices Enterprises Need to Know https://spycloud.com/blog/new-nist-guidelines/ @spycloud #cybersecurity #infosec
SpyCloud · NIST's Latest Password Update — The Best Practices Enterprises Need to KnowUse the latest NIST best practices and SpyCloud solutions to prevent employees & consumers from using passwords exposed on the dark web.
#Baltimore City Public Schools #DataBreach affects over 31,000 people