News
Entertainment
Science & Technology
Life
Culture & Art
Hobbies
News
Entertainment
Science & Technology
Culture & Art
Hobbies
Be4Sec | An Information Security Blog - Software
8 | Follower
Threats to the Gaming Industry – be4sec
The digital battleground extends far beyond virtual realms, directly impacting the thriving global gaming industry. In 2025, game developers, publishers, and even individual players find themselves increasingly under siege by sophisticated cyber threats, ranging from data breaches and ransomware to advanced cheating mechanisms and targeted intellectual property theft. The sheer volume of sensitive player data,…
How Do Threat Actors Use AppInit_DLLs? – be4sec
"AppInit_DLLs" is a powerful, yet often overlooked, mechanism in Windows that attackers frequently exploit for persistence, privilege escalation, and code injection. This technique allows adversaries to load their malicious Dynamic Link Libraries (DLLs) into nearly every process that loads user32.dll, which is most user-mode applications. Here's a breakdown of how attackers leverage AppInit_DLLs: Understanding AppInit_DLLs…
Monthly Cloud Security Report – be4sec
Executive Summary May 2025 proved to be a challenging month for cloud security, marked by a significant increase in sophisticated cyberattacks impacting various sectors, including finance, retail, healthcare, and technology. These incidents consistently highlighted persistent vulnerabilities such as third-party compromises, pervasive misconfigurations, and the growing threat of ransomware and zero-day exploits. This report summarizes key…
Quantum Leap in Computing Threatens Current Encryption Standards – be4sec
The burgeoning field of quantum computing, while promising revolutionary advancements in various sectors, presents a significant and looming threat to current cybersecurity practices, particularly in the realm of encryption. Experts warn that the very principles that give quantum computers their immense processing power could render many of today's security protocols obsolete, demanding an urgent shift…
Cyberespionage Campaign Targets Iraqi and Kurdish Officials with Sophisticated Malware – be4sec
A sophisticated cyberespionage campaign, dubbed "BladedFeline" by security researchers at ESET, has been uncovered targeting high-ranking Iraqi and Kurdish officials. The operation leverages a trio of malicious tools – Whisper, PrimeCache, and a previously identified backdoor known as Shahmaran – to gain and maintain unauthorized access to the officials' computer systems, primarily through compromised webmail…
RAT in the Machine: Popular Code Library Hides Remote Access Trojan – be4sec
Cybersecurity experts are sounding the alarm after a sophisticated supply chain attack was identified involving the widely used rand-user-agent package. The malicious activity, discovered on May 5, 2025, highlights the persistent and evolving threat landscape facing cloud environments and digital infrastructure. The attack, dubbed "Catching a RAT" (Remote Access Trojan), centered on rand-user-agent@1.0.110, a seemingly…
AI’s Hidden Hand: “Slopsquatting” Emerges as a New Cyber Threat from Code-Generating AI – be4sec
In the ever-evolving landscape of cybersecurity threats, a novel and insidious technique has emerged, exploiting the growing reliance on artificial intelligence in software development. Dubbed "slopsquatting," this method takes aim not at human error, but at the creative (and sometimes incorrect) output of Large Language Models (LLMs) used for code generation, posing a significant risk…
Victoria’s Secret Website Offline Amidst “Security Incident” – be4sec
Lingerie giant Victoria's Secret has confirmed that its U.S. website was taken offline as a "precautionary measure" following a "security incident" that began impacting operations earlier this week. While the company has been tight-lipped on the exact nature of the disruption, the widespread outages and the engagement of third-party experts suggest a significant cybersecurity event.…
Medusa Ransomware is Targeting Critical Infrastructure – be4sec
Medusa Ransomware is Targeting Critical Infrastructure The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning in March 2025 regarding the escalating threat posed by the Medusa ransomware . This ransomware-as-a-service (RaaS) operation, active since 2021, has recently intensified its attacks, impacting hundreds of organizations, particularly within…
Key Ransomware Group Activities – January 2025 – be4sec
Key Ransomware Group Activities - January 2025 This report summarizes the key activities of prominent ransomware groups in January 2025, based on available cybersecurity intelligence. Medusa Medusa ransomware attacks showed a significant increase in January 2025, with almost twice as many attacks observed compared to the same period in 2024. Symantec's Threat Hunter team tracked…
New Phishing Scam Exploits Microsoft Copilot’s Popularity – be4sec
New Phishing Scam Exploits Microsoft Copilot's Popularity A new phishing campaign is taking advantage of the growing popularity of Microsoft Copilot, a generative AI assistant, to trick users into giving up their login credentials. According to a recent post on the Cofense blog, cybercriminals are sending out emails that appear to be from "Co-pilot," exploiting…
European Attack Activity – 13 March – be4sec
European Attack Activity - 13 March French PII Data A threat actor advertised French PII data in breachforums. The attacker claimed that they obtained these data from various government websites. According to the post, the data contains almost 100 thousands records including phone names, numbers, email addresses, and various information gathered from several sources. The…
Social Engineering and Authorized Fraud: How Criminals Manipulate Victims – be4sec
Social Engineering and Authorized Fraud: How Criminals Manipulate Victims A disturbing trend is sweeping across the globe, quietly siphoning off billions and eroding the very foundations of trust in our digital age. It's not the brazen hacking of accounts or the shadowy world of cybercrime; it's something far more insidious: authorized fraud. What is authorized…
The Gates Foundation’s Data Advertised – be4sec
A Chinese threat actor called lijie234 claimed that they gathered data from the American private foundation founded by Bill Gates and Melinda French Gates, "The Gates Foundation" The announcement was made in Telegram and according to this post, the data is containing internal donation list announcement including SSN and personal information. The actor also shared…
New Wave of Cyberattacks Targets Japan – be4sec
New Wave of Cyberattacks Targets Japan A new wave of persistent cyberattacks has targeted organizations across Japan, exploiting a critical vulnerability in PHP on Windows systems. According to a recent article on the Cisco Talos blog, these attacks, discovered in early 2025, have impacted a wide range of sectors, including technology, telecommunications, entertainment, education, and…
The Smartest Notebook Ever? This AI Tool Could Change Everything – be4sec
In an era defined by information overload, Google has introduced NotebookLM, an innovative AI-driven tool designed to revolutionize how we interact with our personal knowledge bases. This experimental application leverages the power of Google's PaLM 2 language model to provide users with an on-demand research assistant capable of summarizing, explaining, and generating insights from uploaded…
Poland Boosts Cybersecurity Amidst Suspected Russian Cyberattacks – be4sec
Poland Boosts Cybersecurity Amidst Suspected Russian Cyberattacks Poland is significantly ramping up its cybersecurity defenses in the face of escalating cyber threats, which Warsaw strongly suspects are orchestrated by Russia, according to recent reports from Reuters. The heightened security measures come after a series of incidents, including unauthorized access to the Polish Space Agency's (POLSA)…
Time to Patch Your IBM Storage – be4sec
CVE-2025-0159 and CVE-2025-0160 are two critical vulnerabilities affecting IBM Storage Virtualize products. While CVE-2025-0159 enables authentication bypass through manipulated HTTP requests to the same endpoint, exploiting improper session token validation, CVE-2025-0160 allows unauthenticated remote Java code execution via the RPCAdapter service due to improper input validation. CVE-2025-0159: Authentication Bypass IBM Corp. has provided the following…
MITRE ATT&CK T1543: Create or Modify System Process – PolicyKit – be4sec
MITRE ATT&CK T1543: Create or Modify System Process - PolicyKit Understanding PolicyKit Exploitation The MITRE ATT&CK framework is a comprehensive knowledge base of adversary tactics and techniques based on real-world observations. It's an invaluable resource for cybersecurity professionals to understand and defend against cyberattacks. One of the techniques detailed within the framework is T1543: Create…
WEF Global Risks Report 2025: A World in Peril – be4sec
The 20th edition of the Global Risks Report 2025 published in January. It has been long time, but we want to share the details again for those who are not aware of it. The WEF Global Risks Report 2025 paints a concerning picture of a world facing growing divisions and accelerating risks over both the…
Orca Security Enhances Cloud-Native Application Protection – be4sec
Orca Security, a leading provider of agentless cloud security, has announced enhancements to its Cloud-Native Application Protection Platform (CNAPP). The platform now offers comprehensive security and compliance checks across the full software development lifecycle (SDLC), integrating cloud and application security in one platform. Key features of the enhanced platform include: * Code Security: Including software…
Hackers Targeting Higher Ed: How to Keep Your Campus Safe – be4sec
Is your university prepared for the latest wave of phishing attacks? A recent blog post on Google Cloud dives deep into the concerning increase in phishing campaigns specifically targeting higher education institutions. Since August 2024, these attacks have become more sophisticated and frequent, exploiting the trust within academic environments. What's Happening? The blog post highlights…
Chinese Hackers Exploit A Previously Patched Vulnerability – be4sec
It has beed detected that a Chinese threat group exploited a previously patched Check Point VPN vulnerability (CVE-2024-24919) to infiltrate organizations across Europe, Africa, and the Americas. The attacks, which occurred between June 2024 and January 2025, primarily targeted the manufacturing sector, but also affected healthcare, logistics, and energy entities. This breach underscores the critical…
Chinese Hackers Exploit A Previously Patched Vulnerability – be4sec
It has beed detected that a Chinese threat group exploited a previously patched Check Point VPN vulnerability (CVE-2024-24919) to infiltrate organizations across Europe, Africa, and the Americas. The attacks, which occurred between June 2024 and January 2025, primarily targeted the manufacturing sector, but also affected healthcare, logistics, and energy entities. This breach underscores the critical…
Trump and Vance Phones Among Alleged Targets of Chinese Hackers – be4sec
In a shocking cyber revelation, Chinese hackers are suspected of targeting cellphones belonging to former President Donald Trump and his 2024 running mate, Senator JD Vance. According to informed sources, the Trump/Vance campaign was alerted that both Trump and Vance may be among several individuals whose phone numbers were allegedly compromised. As the cybersecurity community…
U.S. Citizens’ Data Allegedly on Sale – be4sec
A threat actor claimed that they have and are selling 280 million U.S. citizens' personal data on dark web. According to the post of the threat actor, the data includes; First_Name、Last_Name Address、City、State、ZIP Ind_Date_Of_Birth_Year、Ind_Age Home_Value_Code、Home_Median_Value_Code、Median_Income_Code Email、Phone They are also claiming that they can provide sample data to the prospects. Meanwhile, they did not mention the source…
Silverfort Acquires Rezonate – be4sec
Silverfort, a leader in identity security, announced its acquisition of Rezonate, a pioneering firm in identity-first security for cloud environments. This acquisition combines Silverfort’s robust on-premise identity security solutions with Rezonate's innovative cloud-focused identity security capabilities, creating the industry’s most comprehensive platform for protecting enterprise identities. The new unified platform is set to launch mid-2025…
Why AI Developers Must Embrace Vulnerability Research and Transparency – be4sec
In his insightful article, Why AI Vendors Should Share Vulnerability Research, Phil Venables of Google Cloud highlights the importance of vulnerability research and transparency in the fast-evolving field of AI. Venables underscores Google’s commitment to security, discussing the company’s proactive efforts to identify and address security risks associated with their AI platforms, notably through their…
Hackers Strike at Heart of Italian Government – be4sec
In a scenario reminiscent of a modern-day Italian Job, hackers have allegedly breached Italy's national security, exposing confidential data of some of the country’s most prominent political figures. At the heart of the controversy is Nunzio Samuele Calamucci, a 44-year-old IT consultant operating from a modest office near Milan’s iconic Duomo cathedral. Italian prosecutors claim…
Singtel Hack Highlights Rising Threat of Chinese Cyber Attacks on Global Telecoms – be4sec
In a stark warning for global telecommunications infrastructure, Singtel, Singapore's largest mobile carrier, was reportedly targeted by Chinese state-sponsored hackers this past summer. The breach, which involved a group known as Volt Typhoon, was detected in June and aligns with a broader pattern of Chinese attacks on telecommunications and critical infrastructure around the world, according…
Hackers Targeting Higher Ed: How to Keep Your Campus Safe – be4sec
Is your university prepared for the latest wave of phishing attacks? A recent blog post on Google Cloud dives deep into the concerning increase in phishing campaigns specifically targeting higher education institutions. Since August 2024, these attacks have become more sophisticated and frequent, exploiting the trust within academic environments. What's Happening? The blog post highlights…
Orca Security Enhances Cloud-Native Application Protection – be4sec
Orca Security, a leading provider of agentless cloud security, has announced enhancements to its Cloud-Native Application Protection Platform (CNAPP). The platform now offers comprehensive security and compliance checks across the full software development lifecycle (SDLC), integrating cloud and application security in one platform. Key features of the enhanced platform include: * Code Security: Including software…
Power Sector Faces New Standards with NERC-CIP015 for Internal Network Security Monitoring – be4sec
In a significant move to strengthen the cybersecurity of the North American electric grid, the Federal Energy Regulatory Commission (FERC) released Order 887 in January 2023, which paved the way for NERC-CIP015, a new standard on Internal Network Security Monitoring (INSM). This directive, set forth by the North American Electric Reliability Corporation (NERC), addresses a…
How AI is Changing Business Email Compromise – be4sec
As artificial intelligence (AI) continues to transform business operations, it’s also changing the face of cybercrime. One area particularly vulnerable to AI-powered attacks is Business Email Compromise (BEC), a form of fraud that targets companies by manipulating employees into transferring money or sensitive information. With AI in the mix, BEC has become more sophisticated, presenting…
Silverfort Acquires Rezonate – Be4Sec
Silverfort, a leader in identity security, announced its acquisition of Rezonate, a pioneering firm in identity-first security for cloud environments. This acquisition combines Silverfort’s robust on-premise identity security solutions with Rezonate's innovative cloud-focused identity security capabilities, creating the industry’s most comprehensive platform for protecting enterprise identities. The new unified platform is set to launch mid-2025…
How AI is Changing Business Email Compromise – Be4Sec
As artificial intelligence (AI) continues to transform business operations, it’s also changing the face of cybercrime. One area particularly vulnerable to AI-powered attacks is Business Email Compromise (BEC), a form of fraud that targets companies by manipulating employees into transferring money or sensitive information. With AI in the mix, BEC has become more sophisticated, presenting…
Power Sector Faces New Standards with NERC-CIP015 for Internal Network Security Monitoring – Be4Sec
In a significant move to strengthen the cybersecurity of the North American electric grid, the Federal Energy Regulatory Commission (FERC) released Order 887 in January 2023, which paved the way for NERC-CIP015, a new standard on Internal Network Security Monitoring (INSM). This directive, set forth by the North American Electric Reliability Corporation (NERC), addresses a…
Why AI Developers Must Embrace Vulnerability Research and Transparency – Be4Sec
In his insightful article, Why AI Vendors Should Share Vulnerability Research, Phil Venables of Google Cloud highlights the importance of vulnerability research and transparency in the fast-evolving field of AI. Venables underscores Google’s commitment to security, discussing the company’s proactive efforts to identify and address security risks associated with their AI platforms, notably through their…
Singtel Hack Highlights Rising Threat of Chinese Cyber Attacks on Global Telecoms – Be4Sec
In a stark warning for global telecommunications infrastructure, Singtel, Singapore's largest mobile carrier, was reportedly targeted by Chinese state-sponsored hackers this past summer. The breach, which involved a group known as Volt Typhoon, was detected in June and aligns with a broader pattern of Chinese attacks on telecommunications and critical infrastructure around the world, according…