cybersecurity

BUILDING A CYBERSECURITY DETECTION AND MONITORING LAB BY LEVERAGING LOCAL VIRTUAL MACHINES (VMs) AND MICROSOFT AZURE
30 Oct

BUILDING A CYBERSECURITY DETECTION AND MONITORING LAB BY LEVERAGING LOCAL VIRTUAL MACHINES (VMs) AND MICROSOFT AZURE

stp2y0 CommentsNews, , , , , , , , ,
Introduction Learning and implementing cybersecurity concepts can be challenging without access to practical and secure infrastructure. These challenges are further complicated by budget constraints that limit the acquisition of necessary hardware resources. To overcome this, this home lab guide provides instructions for provisioning, configuring, optimizing, and securing IT infrastructure using a combination of local virtual machines (VMs) and cloud resources for practical use cases. This approach enables deploying less resource-intensive tools on local VMs while leveraging the cloud for more demanding applications. It simulates both on-premises and cloud environments. The knowledge gained here can aid in production and large-scale, enterprise-level…
Read More
FBI suspects China-linked hackers accessed officials’ call logs and SMS messages, report says
30 Oct

FBI suspects China-linked hackers accessed officials’ call logs and SMS messages, report says

stp2y0 CommentsNews, ,
Late last week, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) they were investigating “the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China.” At the same time, The New York Times that phones used by Donald Trump, JD Vance and Kamala Harris’ campaign staff were among the targets, though it was unclear what data the group may have been able to access.Now, The New York Times has about the extent of the hack, which is reportedly linked to a Chinese group known as “Salt Typhoon.” According to The Times, aides to President…
Read More
How to Encrypt JavaScript Code for Web Security
25 Oct

How to Encrypt JavaScript Code for Web Security

stp2y0 CommentsNews, , , , , , , , ,
JavaScript (JS) is a versatile language for creating interactive websites, but it’s also easily viewable, which can expose sensitive parts of your code to anyone. Encrypting or obfuscating JavaScript is a way to add a layer of protection to your website by making your code harder to understand or reverse-engineer. Here’s a step-by-step guide on why and how to encrypt JavaScript code effectively, and how tools like SafeLine WAF can help protect and secure your web assets. 1. Why Encrypt JavaScript Code? JavaScript encryption is primarily about protecting sensitive logic and securing data from unauthorized access. Some common reasons to…
Read More
Top 10 Web Application Security Threats
22 Oct

Top 10 Web Application Security Threats

stp2y0 CommentsNews, , , , , , , , ,
OWASP is a non-profit organization dedicated to researching application security threats. By surveys and analysis of over 200,000 organizations, OWASP published the report, “Top 10 Web Application Security Risks” approximately every three years, which has become a crucial reference for global enterprises in their web application security efforts. However, a security research team from Kaspersky recently found that OWASP’s rankings differ significantly from the conclusions reached through practical black-box, gray-box, and white-box application risk assessment methods. Organizations should more flexibly evaluate their web application security posture based on the potential impact and exploitability of threats. In this assessment, Kaspersky’s security…
Read More
POC of Grafana Post-Auth DuckDB SQL Injection (File Read) CVE-2024-9264
21 Oct

POC of Grafana Post-Auth DuckDB SQL Injection (File Read) CVE-2024-9264

stp2y0 CommentsNews, , , , , , , ,
(Credit: Timon – stock.adobe.com) This PoC demonstrates how to exploit CVE-2024-9264 to execute DuckDB SQL queries using an authenticated user and read arbitrary files from the file system. Setup: Install the necessary dependencies with the following command: pip install -r requirements.txt Enter fullscreen mode Exit fullscreen mode Usage (File Read Example): python3 CVE-2024-9264.py -u user -p pass -f /etc/passwd http://localhost:3000 Enter fullscreen mode Exit fullscreen mode You can also execute arbitrary DuckDB queries, such as calling getenv to retrieve environment variables: python3 CVE-2024-9264.py -u user -p pass -q "SELECT getenv('PATH')" http://localhost:3000 Enter fullscreen mode Exit fullscreen mode A list of…
Read More
Camouflage-Shield: An Image Encryption Application.
18 Oct

Camouflage-Shield: An Image Encryption Application.

stp2y0 CommentsNews, , , , , , , , ,
Camouflage Shield Camouflage Shield is a Windows Form application designed for sensitive image storage in an encrypted format. The project employs various encryption and hashing algorithms to ensure secure user authentication and image protection. Project Overview Here we have a cryptography based image encryption application made With C# on .NET framework using Visual Studio.It is a Windows Form Application. Link: GitHub Repository Usage: With core Functionality code snippet Here the user will create an account with required details and the user data will be stored in database by using Hash Functions MD5, SHA-1, SHA-256, SHA-384 and SHA-512. These are used…
Read More
This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats
17 Oct

This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats

stp2y0 CommentsAI, , , , ,
The researchers say that if the attack were carried out in the real world, people could be socially engineered into believing the unintelligible prompt might do something useful, such as improve their CV. The researchers point to numerous websites that provide people with prompts they can use. They tested the attack by uploading a CV to conversations with chatbots, and it was able to return the personal information contained within the file.Earlence Fernandes, an assistant professor at UCSD who was involved in the work, says the attack approach is fairly complicated as the obfuscated prompt needs to identify personal information,…
Read More
Two Sudanese brothers accused of launching a dangerous series of DDoS attacks
16 Oct

Two Sudanese brothers accused of launching a dangerous series of DDoS attacks

stp2y0 CommentsNews, , , , , , , , , , , , , ,
Newly unsealed grand jury documents revealed that two Sudanese nationals allegedly attempted to launch thousands of distributed denial of services (DDoS) attacks on systems across the world. The documents allege that these hacks aimed to cause serious financial and technical harm to government entities and companies and even physical harm in some cases. (DoJ) unsealed charges against Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer that resulted in federal grand jury indictments. The two are allegedly connected to more than 35,000 DDoS attacks against hundreds of organizations, websites and networks as part of a “hacktivism” scheme as part of…
Read More
What is the Principle of Least Privilege? A Comprehensive Guide
16 Oct

What is the Principle of Least Privilege? A Comprehensive Guide

stp2y0 CommentsNews, , , , , , , , ,
Introduction to the Principle of Least Privilege Welcome! Today, we’re diving into the Principle of Least Privilege (PoLP). Ever wondered what it is and why it matters? You’re about to find out. We will explore its history, importance in cybersecurity, and more. What is the Principle of Least Privilege? The Principle of Least Privilege (PoLP) is a security concept aimed at giving users, systems, and processes only the permissions they need to perform their tasks—nothing more, nothing less. Why the Principle of Least Privilege is Important in Cybersecurity Why care about PoLP? It minimizes risks, containing potential breaches before they…
Read More
Real-Time Video Deepfake Scams Are Here. This Tool Attempts to Zap Them
15 Oct

Real-Time Video Deepfake Scams Are Here. This Tool Attempts to Zap Them

stp2y0 CommentsAI, , ,
This announcement is not the first time a tech company has shared plans to help spot real-time deepfakes. In 2022, Intel debuted its FakeCatcher tool for deepfake detection. The FakeCatcher is designed to analyze changes in a face’s blood flow to determine whether a video participant is real. Intel’s tool is also not publicly available.Academic researchers are also looking into different approaches to address this specific kind of deepfake threat. “These systems are becoming so sophisticated to create deepfakes. We need even less data now,” says Govind Mittal, a computer science PhD candidate at New York University. “If I have…
Read More
No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.