⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan] https://firewall.firm.in/wp-content/uploads/2025/01/recap.png Jan 06, 2025Ravie Lakshmanan Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line ...

India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements https://firewall.firm.in/wp-content/uploads/2025/01/india-data.png Jan 06, 2025Ravie LakshmananRegulatory Compliance / Data Privacy The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. “Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent,” India’s Press Information Bureau ...

U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns https://firewall.firm.in/wp-content/uploads/2025/01/china-usa.png Jan 04, 2025Ravie LakshmananCyber Espionage / IoT Botnet The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims. These attacks have been publicly attributed to a Chinese ...

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution https://firewall.firm.in/wp-content/uploads/2025/01/attack.gif Jan 04, 2025Ravie LakshmananVulnerability / Software Security A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out ...

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps https://firewall.firm.in/wp-content/uploads/2025/01/PLAYFULGHOST.gif Jan 04, 2025Ravie LakshmananMalware / VPN Security Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google’s Managed Defense team, shares functional overlaps with ...

Chinese hackers targeted US treasury office that handles economic sanctions: report – ET CISO https://etimg.etb2bimg.com/thumb/msid-116932200,imgsize-5842,width-1200,height=765,overlay-etciso/data-breaches/chinese-hackers-targeted-us-treasury-office-that-handles-economic-sanctions-report.jpg Chinese govt hackers breached the US treasury office that administers economic sanctions, the Washington Post reported on Wednesday, identifying targets of a cyberattack treasury disclosed earlier this week. Citing unnamed US officials, the Washington Post said hackers compromised the office of foreign assets control and ...

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers https://firewall.firm.in/wp-content/uploads/2025/01/exploit-poc.png Jan 03, 2025Ravie LakshmananWindows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by ...

New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60% https://firewall.firm.in/wp-content/uploads/2025/01/ai-jailbreak.png Jan 03, 2025Ravie LakshmananMachine Learning / Vulnerability Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model’s (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has ...

Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption https://firewall.firm.in/wp-content/uploads/2025/01/NET.png Jan 03, 2025Ravie LakshmananDevOps / Software Development Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. “We expect that most users will not be directly affected, however, ...

Chinese hack of US treasury breached sanctions office: Report – ET CISO https://etimg.etb2bimg.com/thumb/msid-116871307,imgsize-726250,width-1200,height=765,overlay-etciso/data-breaches/chinese-hack-of-us-treasury-breached-sanctions-office-report.jpg Chinese government hackers breached the U.S. Treasury office that administers economic sanctions, the Washington Post reported on Wednesday, identifying targets of a cyberattack Treasury disclosed earlier this week. Citing unnamed U.S. officials, the Washington Post said hackers compromised the Office of Foreign Assets Control and the Office ...