#jobs #incident #vulnerability #patch-management #security-tools #ai #exploit #detection-engineering #malware #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #ssl Clear filter
SSL C2 bypassing EDR - Demo of SIEM detection + Detection as Code deployment

SSL C2 bypassing EDR - Demo of SIEM detection + Detection as Code deployment

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

Hey everyone, I put together a video showing something I think many blue teams deal with: encrypted C2 traffic sailing right past EDR. In the demo, I run an SSL C2 connection that the EDR completely misses, then show how to detect it using SIEM. The second half covers building a detection rule and pushing it to the SIEM via a Detection-as-Code pipeline. What's covered: Using indicators in SIEM to spot the C2 sample Writing the detection logic Automating rule deployment with a DaC pipeline...

#detection-engineering #edr #ssl #siem
New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft

New Phishing Attack Leverages Azure Blob Storage to Impersonate Microsoft

Cyber Security News cybersecuritynews.com

Threat actors are leveraging Microsoft Azure Blob Storage to craft highly convincing phishing sites that mimic legitimate Office 365 login portals, putting Microsoft 365 users at severe risk of credential theft. This method exploits trusted Microsoft infrastructure, making the attacks harder to spot as the fraudulent pages appear secured by official SSL certificates issued by

#incident #phishing #azure #ssl
Security and Privacy Assessment of U.S. and Non-U.S. Android E-Commerce Applications

Security and Privacy Assessment of U.S. and Non-U.S. Android E-Commerce Applications

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.12031v1 Announce Type: new Abstract: E-commerce mobile applications are central to global financial transactions, making their security and privacy crucial. In this study, we analyze 92 top-grossing Android e-commerce apps (58 U.S.-based and 34 international) using MobSF, AndroBugs, and RiskInDroid. Our analysis shows widespread SSL and certificate weaknesses, with approximately 92% using unsecured HTTP connections and an average MobSF security score of 40.92/100. Over-privileged...

#certificate #ssl
Insufficient Session Expiration in SSLVPN using SAML authentication

Insufficient Session Expiration in SSLVPN using SAML authentication

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record. Revised on 2025-10-14 00:00:00

#vulnerability #authentication #patch-management #ssl #saml
FGFM protocol allows unauthenticated reset of the connection

FGFM protocol allows unauthenticated reset of the connection

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests. Revised on 2025-10-14 00:00:00

#vulnerability #patch-management #ssl
Urgent: 3,894 SonicWall SSL VPNs Vulnerable to OVERSTEP and MFA Bypass

Urgent: 3,894 SonicWall SSL VPNs Vulnerable to OVERSTEP and MFA Bypass

CIP Blog blog.criminalip.io

Multiple hacking groups have been repeatedly using SonicWall SSL VPN devices as an intrusion vector, and the security community continues to report cases where accounts protected by OTP-based multi-factor authentication (MFA) were nonetheless logged into successfully - raising growing concern about potential authentication bypasses. SonicWall's internal investigation attributes these incidents to exploitation of the known

#exploit #authentication #mfa #ssl
Would love your feedback on Argus v2

Would love your feedback on Argus v2

cybersecurity www.reddit.com

Hi everyone, I've just released Argus v2 , a modular OSINT & recon toolkit I've been building for a while, and I'd really love to get some feedback from the community . Argus is an open-source OSINT & recon framework built for serious information gathering. The new v2 includes 130+ modules covering domains, APIs, SSL, DNS, and threat intelligence - all accessible from one command-line interface. I'm looking for honest feedback - bugs, missing features, design flaws, performance issues, or...

#security-tools #ssl