Geek-Guy.com

Category: Exploits

Explore the latest software exploits, zero-day vulnerabilities, and security PoCs. Geek-Guy provides expert analysis on emerging threats and how to stay protected.

cyber security, Expert insight, Exploits, Global Security News, ISO 27001, Risk Management

How to Select Effective Security Controls

Risk–benefit analysis, defence in depth, information security objectives and proportionality Looking to mitigate your information security risks but not sure how to choose effective controls while staying on budget? Risk–benefit analysis is key, as is defence in depth. You also want to set information security objectives that are aligned to your business objectives, and be…

Read more →

Exploits, Global Security News

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim’s account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found…

Read more →

Exploits, Global Security News

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability in question is CVE-2024-41713 (CVSS score: 9.8), which relates to a case of insufficient input

Read more →

Exploits, Global Security News

Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. “Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a

Read more →

cyber security, data protection, Exploits, Global Security News, phishing

Cyber Threats During the Holidays: How to Stay Safe From Seasonal Scams and Data Breaches

As the year draws to a close, let’s look at: What were some of the biggest breaches in 2024? What threats should you be aware of this Christmas? How can organisations stay safe during the festive season? 3 major data breaches from 2024 COMBs (compilations of many breaches) aside – like the MOAB (mother of…

Read more →

cyber security, data protection, Exploits, Global Security News, phishing

Cyber Threats During the Holidays: How to Stay Safe From Seasonal Scams and Data Breaches

As the year draws to a close, let’s look at: What were some of the biggest breaches in 2024? What threats should you be aware of this Christmas? How can organisations stay safe during the festive season? 3 major data breaches from 2024 COMBs (compilations of many breaches) aside – like the MOAB (mother of…

Read more →

cyber security, data protection, Exploits, Global Security News, phishing

Cyber Threats During the Holidays: How to Stay Safe From Seasonal Scams and Data Breaches

As the year draws to a close, let’s look at: What were some of the biggest breaches in 2024? What threats should you be aware of this Christmas? How can organisations stay safe during the festive season? 3 major data breaches from 2024 COMBs (compilations of many breaches) aside – like the MOAB (mother of…

Read more →

cyber security, data protection, Exploits, Global Security News, phishing

Cyber Threats During the Holidays: How to Stay Safe From Seasonal Scams and Data Breaches

As the year draws to a close, let’s look at: What were some of the biggest breaches in 2024? What threats should you be aware of this Christmas? How can organisations stay safe during the festive season? 3 major data breaches from 2024 COMBs (compilations of many breaches) aside – like the MOAB (mother of…

Read more →

cyber security, Expert insight, Exploits, Global Security News, penetration testing, security testing

Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers

The penetration test process and types of penetration test It may sound counterintuitive, but organisations actually pay people to break into their networks. The reason is simple: to catch a thief, you must think like a thief. Organisations hire ethical hackers – aka ‘penetration testers’ or ‘pen testers’ – to identify weaknesses in their defences…

Read more →

cyber security, Expert insight, Exploits, Global Security News, penetration testing, security testing

Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers

The penetration test process and types of penetration test It may sound counterintuitive, but organisations actually pay people to break into their networks. The reason is simple: to catch a thief, you must think like a thief. Organisations hire ethical hackers – aka ‘penetration testers’ or ‘pen testers’ – to identify weaknesses in their defences…

Read more →

cyber security, Expert insight, Exploits, Global Security News, penetration testing, security testing

Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers

The penetration test process and types of penetration test It may sound counterintuitive, but organisations actually pay people to break into their networks. The reason is simple: to catch a thief, you must think like a thief. Organisations hire ethical hackers – aka ‘penetration testers’ or ‘pen testers’ – to identify weaknesses in their defences…

Read more →

cyber security, Expert insight, Exploits, Global Security News, penetration testing, security testing

Breaking In to Keep Hackers Out: The Essential Work of Penetration Testers

The penetration test process and types of penetration test It may sound counterintuitive, but organisations actually pay people to break into their networks. The reason is simple: to catch a thief, you must think like a thief. Organisations hire ethical hackers – aka ‘penetration testers’ or ‘pen testers’ – to identify weaknesses in their defences…

Read more →

Exploits, Global Security News, Google TAG, Microsoft Patch Tuesday November 2024, Satnam Narang, Security Tools, Tenable, Time to Patch

Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today. The zero-day flaw tracked as CVE-2024-49039 is…

Read more →

AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy, Malware and Vulnerabilities, Network Security, privacy, Risk Management

Xerox Printers Vulnerability Puts Data Security at Risk

Cybersecurity experts are raising concerns over a newly discovered vulnerability in Xerox printers that could potentially compromise sensitive information. The vulnerability, which affects a variety of Xerox printer models, has the potential to allow unauthorized access to both the device and any data it handles. With businesses increasingly relying on digital solutions, this vulnerability poses…

Read more →

Exploits, Global Security News

#StopRansomware: RansomHub Ransomware

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see…

Read more →

Exploits, Global Security News

#StopRansomware: RansomHub Ransomware

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see…

Read more →

Exploits, Global Security News

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign organizations. This includes organizations across…

Read more →

Exploits, Financial organizations cyber security, Global Security News

How to Secure Banking Apps

Securing banking applications is crucial for banking institutions to protect financial data and maintain customer trust. Cybercriminals continuously evolve their tactics, making it essential for banks to stay ahead of potential threats. Here are some essential tips to boost the security of your banking applications. Understand the Threat Landscape Before diving into security measures, it’s…

Read more →

Exploits, Global Security News

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. Cybersecurity and Infrastructure Security Agency…

Read more →

Exploits, Global Security News

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and…

Read more →

Exploits, Global Security News

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS),…

Read more →

AI, APAC, Apps, Cybersecurity, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, trending topics

What is Malware and its types?

The term “malicious software” is shortened to “malware.” Malware is invasive software that is purposefully created to harm computers and computer networks. On the other hand, software that unintentionally causes harm is typically called a software bug. Occasionally, inquiries are made regarding the distinction between malware and viruses. The distinction is that ransomware, which encompasses…

Read more →

AI, APAC, Apps, Cloud Security, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management, trending topics

What is meant by “cybersecurity”?

The process of protecting networks, computers, servers, mobile devices, electronic systems, and data from malicious attacks is known as cybersecurity. It is also referred to as electronic information security or information technology security. The term can be categorized into a few common categories and is used in various contexts, including business and mobile computing. The…

Read more →

AI, Exploits, Global Security News, Government & Policy, Network Security, privacy, Risk Management, Russia, trending topics

Understanding Signaling System 7 (SS7)

The Signaling System 7 (SS7) is a set of protocol suite telecommunication networks used to share information across the global public switched telephone network (PSTN). It was developed in the 1980s and has been used ever since. The SS7 protocol is crucial to the functioning of telecom networks, as it helps to set up and…

Read more →

Cybersecurity News, Exploits, Global Security News, Tips & Best Practices

log4shell

Last Update: December 28, 2021 If you are reading this, you likely have heard about Log4Shell, the December, 2021 critical zero-day remote-code execution vulnerability, and subsequent vulnerabilities in the popular Log4j software library that is developed and maintained by the Apache Software Foundation. Apache has patched these vulnerabilities in version 2.17.1, however vendors who use…

Read more →

Cybersecurity News, Exploits, Global Security News, Tips & Best Practices

log4shell

Last Update: December 28, 2021 If you are reading this, you likely have heard about Log4Shell, the December, 2021 critical zero-day remote-code execution vulnerability, and subsequent vulnerabilities in the popular Log4j software library that is developed and maintained by the Apache Software Foundation. Apache has patched these vulnerabilities in version 2.17.1, however vendors who use…

Read more →

Cybersecurity News, Exploits, Global Security News, Tips & Best Practices

log4shell

Last Update: December 28, 2021 If you are reading this, you likely have heard about Log4Shell, the December, 2021 critical zero-day remote-code execution vulnerability, and subsequent vulnerabilities in the popular Log4j software library that is developed and maintained by the Apache Software Foundation. Apache has patched these vulnerabilities in version 2.17.1, however vendors who use…

Read more →

Cybersecurity News, Exploits, Global Security News, Tips & Best Practices

log4shell

Last Update: December 28, 2021 If you are reading this, you likely have heard about Log4Shell, the December, 2021 critical zero-day remote-code execution vulnerability, and subsequent vulnerabilities in the popular Log4j software library that is developed and maintained by the Apache Software Foundation. Apache has patched these vulnerabilities in version 2.17.1, however vendors who use…

Read more →

CloudFlare, cyber crime, Cybersecurity, DDoS, Exploits, Global Security News, Network Attacks

Cloudflare reports record-breaking HTTP-request DDoS attack

Cloudflare reports thwarting the largest known HTTP-request distributed denial of service attack in history, approximately three times larger than any other previously reported. The attack in July reached 17.2 million requests per second, the company wrote in a blog post. For scale, the entirety of the Cloudflare network typically sees around 25 million requests per second…

Read more →

Apple, data breach, Exploits, Global Security News, Huawei, patching, smartphone

How to Ensure Security when Buying a Refurbished or Second-Hand Smartphone

Last year, a Which? investigation found that 31% of resold smartphone models from three of the major used and refurbished handset stores are no longer receiving security updates. Phone manufacturers only schedule data updates for a certain period after the release of a model, so those looking for an additional bargain in older devices could…

Read more →

Apple, data breach, Exploits, Global Security News, Huawei, patching, smartphone

How to Ensure Security when Buying a Refurbished or Second-Hand Smartphone

Last year, a Which? investigation found that 31% of resold smartphone models from three of the major used and refurbished handset stores are no longer receiving security updates. Phone manufacturers only schedule data updates for a certain period after the release of a model, so those looking for an additional bargain in older devices could…

Read more →

Apple, data breach, Exploits, Global Security News, Huawei, patching, smartphone

How to Ensure Security when Buying a Refurbished or Second-Hand Smartphone

Last year, a Which? investigation found that 31% of resold smartphone models from three of the major used and refurbished handset stores are no longer receiving security updates. Phone manufacturers only schedule data updates for a certain period after the release of a model, so those looking for an additional bargain in older devices could…

Read more →

Apple, data breach, Exploits, Global Security News, Huawei, patching, smartphone

How to Ensure Security when Buying a Refurbished or Second-Hand Smartphone

Last year, a Which? investigation found that 31% of resold smartphone models from three of the major used and refurbished handset stores are no longer receiving security updates. Phone manufacturers only schedule data updates for a certain period after the release of a model, so those looking for an additional bargain in older devices could…

Read more →

Apple, data breach, Exploits, Global Security News, Huawei, patching, smartphone

How to Ensure Security when Buying a Refurbished or Second-Hand Smartphone

Last year, a Which? investigation found that 31% of resold smartphone models from three of the major used and refurbished handset stores are no longer receiving security updates. Phone manufacturers only schedule data updates for a certain period after the release of a model, so those looking for an additional bargain in older devices could…

Read more →

Exploits, Global Security News, hacking, Network Security, penetration test, SecureTeam, Vulnerability Management

Which is more Important: Vulnerability Scans Or Penetration Tests?

Which Is Better? A Vulnerability Scan Or A Penetration Test? Vulnerability scanning and penetration tests are two very different ways to test your system for any vulnerabilities. Despite this, they are often confused about the same service, which leads to business owners purchasing one service when they are really in need of the other. In…

Read more →