FISA

A high-severity vulnerability has been discovered in Splunk Universal Forwarder (UF) for Windows , exposing enterprise systems to serious risk. Tracked as CVE-2025-20298 , the flaw allows non-administrator users to gain unauthorized access to the application's installation directory and its contents. With a CVSS v3.1 score of 8.0 , this vulnerability violates fundamental security principles such as least privilege and may lead to log tampering, data exposure, and service disruption. Overview of the Issue During new installations or upgrades of Splunk Universal Forwarder on Windows, some affected versions assign overly permissive access controls to the installation directory: C:\Program Files\SplunkUniversalForwarder This misconfiguration allows standard (non-admin) users to read and potentially modify the contents of the directory, including configuration files, log data, and binary executables. The issue is categorized under CWE-732: Incorrect Permission Assignment for Critical R...

  Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss. The disconnect has become difficult to ignore. The average cost of a breach has reached $4.88 million, according to  recent IBM data . That figure reflects not just incident response but also downtime, lost productivity, customer attrition, and the extended effort required to restore operations and trust. The fallout is rarely confined to security. Security leaders need a model that brings those consequences into view before they surface. A Business Value Assessment (BVA) offers that model. It links exposures to cost, prioritization to return, and prevention to tangible value. This article will ...

Security teams have been drowning in alerts for years. Ask any SOC analyst what their inbox looks like after a weekend, and you’ll likely hear something close to panic. The sheer volume of false positives has become a full-time problem—one that traditional tools, frankly, haven’t fixed. But something has shifted. Source: Rapid7 Rapid7’s new AI-powered alert triage system, built into InsightIDR, might just be that shift. It classifies alerts with an astonishing 99.93% accuracy, thanks to machine learning models trained on a massive dataset sourced from their global MDR operations [1]. This isn’t just another automation tool promising to save time; it’s actually doing it. What sets this apart is the combination of accuracy and transparency. The system doesn’t just toss alerts into a “good” or “bad” pile—it shows its work. Analysts can review the AI’s decision process, which means they’re not being asked to blindly trust a black box. This kind of traceability is exactly what has been miss...

Two critical local information-disclosure vulnerabilities have been uncovered, affecting millions of Linux systems worldwide. These flaws could allow attackers to extract sensitive password data through manipulated core dumps—posing a serious security risk to enterprises and individuals alike. The Discovery The vulnerabilities, disclosed by the Qualys Threat Research Unit (TRU), target core dump handlers used in major Linux distributions. They involve race conditions that can be exploited to access core dumps generated by SUID (Set User ID) programs —a class of privileged executables. CVE-2025-5054 targets Apport , Ubuntu’s crash reporting system. CVE-2025-4598 affects systemd-coredump , the default handler in Red Hat Enterprise Linux (RHEL) 9 & 10 and Fedora 40/41 . Qualys researchers demonstrated successful proof-of-concept (PoC) exploits that allow attackers to manipulate processes like unix_chkpwd —a standard Linux utility for password verification—and extract pas...

  As we reflect on World Telecommunication and Information Society Day (WTISD) 2025, marked earlier this month, it’s clear that the world stands at a compelling crossroads of opportunity and risk. Telecommunications—always an important utility—has become the critical backbone of our digital economy. It supports everything from emergency response systems and banking to generative AI and smart cities.   But with this transformation comes heightened vulnerability. Cyber attackers are no longer targeting only data, they’re aiming for the very infrastructure that keeps societies connected. A Strategic Cyber Target – Telecommunications Sector In the  1Q of 2025 , the telecommunications sector experienced the highest percentage increase in weekly cyber attacks, with a 94% jump, reaching 2,664 attacks per organization weekly according to Check Point Research, with the expectation for this to rise. The  World Economic Forum’s Global Cybersecurity Outlook 2025  repor...

New research reveals two attack vectors that bypass web security and exploit fundamental flaws in HTTP/2 implementations In a groundbreaking revelation at the Network and Distributed System Security (NDSS) Symposium 2025 , researchers from Tsinghua University have uncovered a critical vulnerability in the HTTP/2 protocol that could allow attackers to bypass traditional web security protections and execute arbitrary cross-site scripting (XSS) attacks on major websites. What’s the Vulnerability? The vulnerability centers around two new attack techniques—dubbed "CrossPUSH" and "CrossSXG" —that exploit weaknesses in two key features of the HTTP/2 protocol: Server Push and Signed HTTP Exchanges (SXG) . These attacks allow malicious actors to bypass the Same-Origin Policy (SOP) , a security mechanism designed to keep malicious scripts from accessing sensitive data across different domains. By taking advantage of shared TLS certificates and manipulating HTTP/2 au...

Source : The Hacker News A sophisticated malware campaign has emerged, leveraging counterfeit VPN and browser installers to deploy Winos 4.0, a stealthy remote access trojan (RAT). Disguised as legitimate applications like LetsVPN and QQBrowser, these trojanized installers exploit the Nullsoft Scriptable Install System (NSIS) to execute a multi-stage, in-memory attack sequence. [2,4] The infection chain initiates with the Catena loader, a memory-resident component that employs shellcode embedded in .ini files and reflective DLL injection to evade traditional antivirus detection. This loader orchestrates the deployment of Winos 4.0, a modular malware framework capable of data exfiltration, remote shell access, and distributed denial-of-service (DDoS) attacks. [2] Notably, the malware exhibits region-specific targeting, primarily focusing on Chinese-speaking users. It checks for Chinese language settings on infected systems, although this filter is not strictly enforced, indicating po...