Cybersecurity

#Google suffers #DataBreach in ongoing #Salesforce data theft attacks

https://www.bleepingcomputer.com/news/security/google-suffers-data-breach-in-ongoing-salesforce-data-theft-attacks/

#cybersecurity #privacy

Couple of vulnerabilities I found from #Eaton Rack PDU G4:

ETN-VA-2025-1002: Multiple vulnerabilities detected in Eaton G4 PDU

#CVE_2025_48393
CVSS v3.1 Base Score – 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack.

#CVE_2025_48394
CVSS v3.1 Base Score – 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

An attacker with authenticated and privileged access could modify the contents of a nonsensitive file by traversing the path in the limited shell of the CLI.

These vulnerabilities are fixed in firmware version 3.5.0 and later. It is recommended to upgrade the device firmware as soon as possible.

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1002.pdf

#infosec #cybersecurity

Hackers Hijacked #Google’s #Gemini #AI With a Poisoned #Calendar Invite to Take Over a Smart Home

https://www.wired.com/story/google-gemini-calendar-invite-hijack-smart-home/

#cybersecurity

#TrendMicro warns of #ApexOne zero-day exploited in attacks

https://www.bleepingcomputer.com/news/security/trend-micro-warns-of-endpoint-protection-zero-day-exploited-in-attacks/

#cybersecurity

#Microsoft pays record $17 million in bounties over the last 12 months

https://www.bleepingcomputer.com/news/microsoft/microsoft-pays-record-17-million-in-bounties-over-the-last-12-months/

#cybersecurity #BugBounty

Welcome to the website for the Applied Cryptography course at the American University of Beirut! This page serves as a unified and self-sufficient source of truth on everything concerning your course.
(...)
Course Description: Applied Cryptography explores the core theory of modern cryptography and how to apply these fundamental principles to build and analyze real-world secure systems. We start with foundational concepts—such as Kerckhoff's Principle, computational hardness, and provable security—before moving on to key cryptographic primitives like pseudorandom generators, block ciphers, and hash functions. Building on this solid groundwork, we will survey how these technologies power critical real-world deployments such as TLS, secure messaging protocols (e.g., Signal), and post-quantum cryptography. We will also delve into specialized topics like high-assurance cryptographic implementations, elliptic-curve-based systems, and zero-knowledge proofs to give you a complete understanding of contemporary cryptography's scope and impact. By the end of the semester, you will have gained both a rigorous theoretical perspective and practical hands-on experience, enabling you to evaluate, design, and implement cryptographic solutions."

https://appliedcryptography.page/

#CyberSecurity #Encryption #Privacy #Cryptography #QuantumComputing

#Adobe issues emergency fixes for #AEM Forms zero-days after PoCs released

https://www.bleepingcomputer.com/news/security/adobe-issues-emergency-fixes-for-aem-forms-zero-days-after-pocs-released/

#cybersecurity

#SonicWall urges admins to disable #SSLVPN amid rising attacks

https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-disable-sslvpn-amid-rising-attacks/

#cybersecurity

#Microsoft increases #ZeroDayQuest prize pool to $5 million

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-5-million-prize-pool-for-zero-day-quest-hacking-contest/

#cybersecurity

#Fashion giant #Chanel hit in wave of #Salesforce data theft attacks

https://www.bleepingcomputer.com/news/security/fashion-giant-chanel-hit-in-wave-of-salesforce-data-theft-attacks/

#cybersecurity #DataBreach #privacy

#Google says its #AI-based bug hunter found 20 security vulnerabilities

https://techcrunch.com/2025/08/04/google-says-its-ai-based-bug-hunter-found-20-security-vulnerabilities/

#cybersecurity

#Proton fixes #Authenticator bug leaking #TOTP secrets in logs

https://www.bleepingcomputer.com/news/security/proton-fixes-authenticator-bug-leaking-totp-secrets-in-logs/

#cybersecurity

How #Rust powers #ProtonAuthenticator

https://proton.me/blog/authenticator-rust

#Proton #cybersecurity #2FA #TOTP #FOSS

New #Plague #Linux #malware stealthily maintains #SSH access

https://www.bleepingcomputer.com/news/security/new-plague-malware-backdoors-linux-devices-removes-ssh-session-traces/

#cybersecurity #FOSS

North Korean spies posing as remote workers have infiltrated hundreds of companies, says #CrowdStrike

https://techcrunch.com/2025/08/04/north-korean-spies-posing-as-remote-workers-have-infiltrated-hundreds-of-companies-says-crowdstrike/

#NorthKorea #cybersecurity

#Ransomware gangs join attacks targeting #Microsoft #SharePoint servers

https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-attacks-targeting-microsoft-sharepoint-servers/

#cybersecurity #cybercrime

#Mozilla warns of #phishing attacks targeting add-on developers

https://www.bleepingcomputer.com/news/security/mozilla-warns-of-phishing-attacks-targeting-add-on-developers/

#cybersecurity

AI startup Perplexity is crawling and scraping content from websites that don’t want to be scraped. And it’s not by accident, according to internet infrastructure provider Cloudflare. @Techcrunch has the details, including Perplexity’s response:

https://flip.it/LrrdqE

#Tech #AI #ArtificialIntelligence #Technology #CyberSecurity

Attackers exploit link-wrapping services to steal #Microsoft365 logins

https://www.bleepingcomputer.com/news/security/attackers-exploit-link-wrapping-services-to-steal-microsoft-365-logins/

#Microsoft #cybersecurity

#SonicWall #firewall devices hit in surge of #Akira #ransomware attacks

https://www.bleepingcomputer.com/news/security/surge-of-akira-ransomware-attacks-hits-sonicwall-firewall-devices/

#cybersecurity #cybercrime

After just five years, #Microsoft will end support for low-cost #Windows11SE

https://arstechnica.com/gadgets/2025/08/microsoft-kills-windows-11-se-another-in-a-long-line-of-failed-chromeos-competitors/

#EoL #cybersecurity #education

#SexToy maker #Lovense threatens legal action after fixing security flaws that exposed users’ data

https://techcrunch.com/2025/08/01/sex-toy-maker-lovense-threatens-legal-action-after-fixing-security-flaws-that-exposed-users-data/

#cybersecurity #DataBreach #privacy #nsfw

#AI-powered #Cursor #IDE vulnerable to prompt-injection attacks

https://www.bleepingcomputer.com/news/security/ai-powered-cursor-ide-vulnerable-to-prompt-injection-attacks/

#cybersecurity #coding

Authorities seize #BlackSuit #ransomware gang’s servers

https://techcrunch.com/2025/08/01/authorities-seize-blacksuit-ransomware-gangs-servers/

#cybercrime #cybersecurity

#Pwn2Own hacking contest pays $1 million for #WhatsApp exploit

https://www.bleepingcomputer.com/news/security/pwn2own-hacking-contest-pays-1-million-for-whatsapp-exploit/

#cybersecurity #Meta