Geek-Guy.com

Category: Uncategorized

Why a Layered Approach Is Essential for Cybersecurity and Zero Trust 

Today’s cybersecurity landscape is complex and unforgiving. Remote work, Saas, AI Agents, cloud migration, and ever-evolving cyber threats have exposed the limitations of relying on standalone security measures. To reduce risk, CISOs and IT leaders must embrace a layered cybersecurity … Read More The post Why a Layered Approach Is Essential for Cybersecurity and Zero…

European authorities disrupt top drug marketplace, arrest leader

Authorities across Europe toppled Archetyp Market, the longest-standing online drug marketplace, and arrested its lead administrator, Europol announced Monday. The coordinated takedown brought an end to a prolific drug marketplace that accumulated more than $290 million in transaction volume since operations began in 2020. The website for Archetyp Market was seized and its alleged administrator,…

Canada’s second-largest airline WestJet is containing a cyberattack

Canada’s airline WestJet has suffered a cyberattack that impactd access to some internal systems and the company app. WestJet is a Canadian airline that operates both domestic and international flights. Founded in 1996, it started as a low-cost carrier and has grown to become Canada’s second-largest airline, after Air Canada. WestJet is investigating a cybersecurity…

Security Affairs newsletter Round 527 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found 4 billion user records online, the largest known leak of Chinese personal data from…

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify…

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify…

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify…

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify…

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify…

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify…

Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in cloud deployments of Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud Infrastructure allows unauthenticated remote attackers to access sensitive data, perform limited administrative actions, modify…

Vibe coding is here to stay. Can it ever be secure? 

Software powers the world, and soon, the bulk of the work making it may be done by machines. As generative AI tools have gotten more proficient at coding, their use in software development has exploded. Proponents say the tools have made it dramatically easier for individual entrepreneurs or companies to create the kind of slick,…

Vibe coding is here to stay. Can it ever be secure? 

Software powers the world, and soon, the bulk of the work making it may be done by machines. As generative AI tools have gotten more proficient at coding, their use in software development has exploded. Proponents say the tools have made it dramatically easier for individual entrepreneurs or companies to create the kind of slick,…

Vibe coding is here to stay. Can it ever be secure? 

Software powers the world, and soon, the bulk of the work making it may be done by machines. As generative AI tools have gotten more proficient at coding, their use in software development has exploded. Proponents say the tools have made it dramatically easier for individual entrepreneurs or companies to create the kind of slick,…

CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution

CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups.  The alliance between the longstanding competitors doesn’t…

CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution

CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups.  The alliance between the longstanding competitors doesn’t…

CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution

CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry’s naming taxonomies and acknowledge when both companies identify the same threat groups.  The alliance between the longstanding competitors doesn’t…

Large-scale sting tied to Operation Endgame disrupts ransomware infrastructure

Law enforcement agencies from Europe and North America have dismantled key infrastructure behind several leading malware strains used in ransomware attacks, the latest action in a yearslong effort to combat cybercriminals.  The operation, conducted as part of Operation Endgame, targeted the early stages of the cybercrime chain, focusing on initial access malware. The coordinated effort…

Lumma Stealer toppled by globally coordinated takedown

Lumma Stealer, a widely used infostealer malware linked to cybercrime sprees and multiple high-profile attacks, was dismantled through a coordinated global operation meant to seize its core infrastructure. The infostealer’s central command, malicious domains and marketplaces where the tool was sold to other cybercriminals have been seized or suspended, Steven Masada, assistant general counsel at…

Stopping Chargeback Abuse: How Device Identification Protects Your Bottom Line

Every day, online merchants lose thousands of dollars to a growing challenge: chargeback abuse. What started as consumer protection has become a favorite tactic for fraudsters. The numbers are stark: each chargeback costs merchants nearly $200 in combined expenses, according to a report from LexisNexis Risk Solutions. That adds up to billions in lost merchandise,…

Proofpoint to acquire Hornetsecurity for over $1 billion

Proofpoint has entered into an agreement to acquire Hornetsecurity Group, a Germany-based provider of Microsoft 365 security services, in a deal reportedly valued at more than $1 billion. The acquisition, described as the largest in Proofpoint’s history, comes amid accelerating consolidation in the cybersecurity industry as companies seek to broaden their offerings to enterprise customers…

Seceon Wins Three Global Infosec Awards at RSAC 2025

At Seceon, we’ve always believed that solving cybersecurity isn’t about adding more tools but building smarter ones. That belief was validated in a big way this year at RSAC 2025, where we proudly took home three Global Infosec Awards. 🏆 Best Comprehensive Cybersecurity Platform🏆 Best SMB Managed Security Services Platform (for aiSecurity-CGuard)🏆 Best XDR Platform…

Privacy for Agentic AI

Sooner or later, it’s going to happen. AI systems will start acting as agents, doing things on our behalf with some degree of autonomy. I think it’s worth thinking about the security of that now, while its still a nascent idea. In 2019, I joined Inrupt, a company that is commercializing Tim Berners-Lee’s open protocol…

NCSC Guidance on “Advanced Cryptography”

The UK’s National Cyber Security Centre just released its white paper on “Advanced Cryptography,” which it defines as “cryptographic techniques for processing encrypted data, providing enhanced functionality over and above that provided by traditional cryptography.” It includes things like homomorphic encryption, attribute-based encryption, zero-knowledge proofs, and secure multiparty computation. It’s full of good advice. I…

Use AI-Driven Reconnaissance to Identify Cyber Threats

Surviving in the digital world is not about stopping the next attack. It’s about preventing any new attack from surfacing. It’s about cyberdefense – predictively and not just reactively. Like the time when GPS revolutionized navigation by showing us what lies ahead, today, AI-Driven Reconnaissance provides security teams a real-time, evolving map of threats before…

News alert: Case dismissed against VPN executive, affirms no-logs policy as a valid legal defense

Toronto, Canada, Apr. 28, 2025, CyberNewswire — Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak … (more…) The post News alert: Case dismissed against VPN executive, affirms no-logs policy as a…

To Catch A Thief | Rubrik

For this special live recording of To Catch a Thief at The New York Stock Exchange, host and former lead cybersecurity and digital espionage reporter for The New York Times, Nicole Perlroth sits down with those who have been directly targeted by, traced, or directly engaged China’s state-sponsored hackers, diplomatically, or in the cyber domain:…

Regulating AI Behavior with a Hypervisor

Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.” Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats…

Outside experts pick up the slack on safety testing on OpenAI’s newest model release

GPT-4.1, the latest family of generative AI models from OpenAI, was released earlier this month with promised improvements around coding, instruction following and context. It’s also the first model released by the company since it announced changes to the way it tests and evaluates products for safety. Unlike its previous fine-tuned models, OpenAI did not…

News alert: AcceleTrex unveils referral exchange that turns trusted conversations into scalable growth

Miami, FL, Apr. 14, 2025 — Today, AcceleTrex Corporation officially emerged from stealth, unveiling a first-of-its-kind platform that transforms expert referrals into a powerful growth engine for innovators. Grounded in the belief that genuine relationships drive meaningful results, AcceleTrex combines … (more…) The post News alert: AcceleTrex unveils referral exchange that turns trusted conversations into scalable growth first appeared…

Arguing Against CALEA

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that…

Google Is Helping the Trump Administration Deploy AI Along the Mexican Border

Five years after Google Cloud CEO Thomas Kurian assured employees that the company was “not working on any projects associated with immigration enforcement at the southern border,” federal contract documents reviewed by The Intercept show that the tech giant is at the center of project to upgrade the so-called virtual wall. U.S. Customs and Border…

DOJ charges hacker for 2021 Texas GOP website defacement

The Department of Justice unsealed charges against Canadian citizen Aubrey Cottle, a hacker who goes by the handle “Kirtaner,” for a 2021 incident that resulted in the defacement of the Texas Republican Party’s website. Prosecutors have charged Cottle, an early member of the hacktivist group Anonymous, for the defacement, as well as downloading contents from…

The rise of identity and access management: How IAM evolved to being the new perimeter of cybersecurity

The story of Identity and Access Management (IAM) could be made into a movie with all the drama. The industry and its players have gone from behind-the-scenes underdogs to starring roles. IAM, once just a part of IT, is now arguably the essential element in the security strategies of every organization today, navigating through a……

Intelligence chiefs insist Signal chat was a simple mistake

U.S. intelligence leaders found themselves under intensified scrutiny from Congress for a second straight day, following revelations that significant military plans were discussed over text messaging application Signal.  Both Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe apologized during a House Intelligence Committee hearing Wednesday, yet continued to claim that no sources,…

Despite challenges, the CVE program is a public-private partnership that has shown resilience

In 1999, Dave Mann and Steve Christey, two researchers from the nonprofit R&D corporation MITRE,  debuted a concept for security vulnerabilities that laid the groundwork for the common vulnerability and exposures framework (CVE) that organizes information around computer vulnerabilities. Twenty-five years later, the CVE program, which assigns a unique record to each reported vulnerability, is…

Maximising network penetration testing’s effectiveness

Businesses rely heavily on their IT networks to store, process and transmit sensitive data.   As cyber threats evolve and increase in sophistication, securing your network has become more critical than ever.   Network penetration testing is one of the most effective ways to achieve this. It involves simulating real-world attacks on your network to uncover weaknesses……

Silk Typhoon Hackers Indicted

Lots of interesting details in the story: The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two…

Chainguard’s FIPS-compliant Cassandra addresses security demand of federal and regulated markets

Open-source software security firm Chainguard announced Wednesday that it is now building FIPS-validated images for Apache Cassandra, achieving what it describes as a first-of-its-kind accomplishment in the open-source community.  The project enables organizations in regulated industries — including government, health care, and finance — to deploy Cassandra with cryptographic libraries compliant with the National Institute…

“Emergent Misalignment” in LLMs

Interesting research: “Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs“: Abstract: We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it…

Threat actors are increasingly trying to grind business to a halt

Cybercriminals intentionally disrupted operations at a growing rate last year, Palo Alto Networks’ threat intelligence firm Unit 42 said in an annual incident response report released Tuesday. Of the nearly 500 major cyberattacks Unit 42 responded to last year, 86% involved business disruption, including operational downtime, fraud-related losses, increased operating costs and negative reputational impacts. …

Russia-aligned threat groups dupe Ukrainian targets via Signal

Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday. “This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said…

AI and Civil Service Purges

Donald Trump and Elon Musk’s chaotic approach to reform is upending government operations. Critical functions have been halted, tens of thousands of federal staffers are being encouraged to resign, and congressional mandates are being disregarded. The next phase: The Department of Government Efficiency reportedly wants to use AI to cut costs. According to The Washington…

Russian state threat group shifts focus to US, UK targets

A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state…

Projecting the next decade of software supply chain security

With the rapid pace of innovation accelerating under a new administration, discussions over whether software security will be sidelined in favor of speed are heating up. However, security leaders have long been saying that security protocols shouldn’t slow down development plans — and they don’t when done correctly. This perception must be adopted more widely…

Hugging Face platform continues to be plagued by vulnerable ‘pickles’

Researchers at ReversingLabs have identified at least two machine-learning models on Hugging Face, a popular platform for community AI development, that link to malicious web shells and managed to evade detection through the use of “pickling.” Pickle files are python-based modules that allow a developer to serialize and deserialize code. They’re commonly used by AI…

Wiz researchers find sensitive DeepSeek data exposed to internet

A security issue at Chinese artificial intelligence firm DeepSeek exposed over a million lines of sensitive internal data, including user chat histories, API secrets, and backend operational details, according to research published Wednesday by cloud security firm Wiz.  The exposure, discovered earlier this month, stemmed from a publicly accessible ClickHouse database linked to DeepSeek’s systems.…

SonicWall pushes urgent patch for its SMA appliance

A critical security flaw has been identified and potentially exploited in SonicWall’s Secure Mobile Access (SMA) 1000 series appliances, sparking significant concern among cybersecurity experts and users worldwide.  The vulnerability, registered as CVE-2025-23006, allows remote, unauthenticated attackers to execute arbitrary operating system commands under certain conditions. The issue specifically impacts the Appliance Management Console (AMC)…

ETW Threat Intelligence and Hardware Breakpoints

Learn to bypass EDR detection using NtContinue for hardware breakpoints without triggering ETW Threat Intelligence. This technical blog explores kernel debugging, debug registers, and EDR evasion with code examples. The post ETW Threat Intelligence and Hardware Breakpoints appeared first on Praetorian. The post ETW Threat Intelligence and Hardware Breakpoints appeared first on Security Boulevard.

CISA director says threat hunters spotted Salt Typhoon on federal networks before telco compromises 

A top federal cybersecurity official said Wednesday that threat hunters from the Cybersecurity and Infrastructure Security Agency first discovered activity from Salt Typhoon on federal networks, allowing public and private sector defenders to more quickly “connect the dots” and respond to Chinese attacks on the U.S. telecommunications industry.   Speaking at an event hosted by the…

WordPress Appliance - Powered by TurnKey Linux