General News

November 7, 2024

Vulnerability in Linux Virtual machines exploited to target Windows Systems

A new phishing campaign named CRON#TRAP has been identified, targeting Windows systems by utilizing a Linux virtual machine equipped with a backdoor, allowing attackers to secretly access corporate networks. This campaign represents a significant evolution in the methods employed in cyberattacks, particularly the exploitation of virtualization technology to conduct malicious activities. The CRON#TRAP campaign used…

November 7, 2024

Exploiting ChatGPT for Voice-based scams

The latest AI model from OpenAI, ChatGPT-4o, can be exploited to carry out voice-based scams with financial motives, achieving success rates between 20% and 60%, thereby enabling large-scale fraud without human intervention. ChatGPT-4o boasts notable advancements, including the integration of text, voice, and images. However, to protect users from harmful content, OpenAI has implemented various…

November 7, 2024

Winos 4.0 malware infects gamers through game optimization applications

Cybersecurity researchers are warning about the malware Winos 4.0, which is distributed through game-related applications such as installers and optimization tools. Winos 4.0 is a powerful malicious platform that has been observed since June, operated by groups under the names Void Arachne and Silver Fox, enabling attackers to control multiple online devices. According to Fortinet…

November 7, 2024

Google Cloud set to require Multi-Factor Authentication for all users by 2025

Google Cloud has announced that by the end of 2025, all users will be required to implement multi-factor authentication (MFA) to enhance account security. Mayank Upadhyay, Vice President of Engineering at Google Cloud, stated that the deployment of MFA will occur in phases, with prior notifications provided to businesses and users to facilitate their preparation.…

November 7, 2024

INTERPOL has reported the destruction of over 22,000 malicious servers as part of a global campaign aimed at mitigating cyber threats

This initiative, named Synergia II, took place from April 1 to August 31, 2024, focusing on activities related to fraud, ransomware, and data theft. Of approximately 30,000 suspicious IP addresses identified, 76% were taken down, and 59 servers were seized. INTERPOL also confiscated 43 electronic devices, including laptops, mobile phones, and hard drives. Furthermore, INTERPOL…

November 7, 2024

“Microsoft SharePoint RCE vulnerability exploited for Corporate network attacks

Recently, a RCE vulnerability in Microsoft SharePoint, identified as CVE-2024-38094, has been discovered and is being exploited to infiltrate corporate networks. CVE-2024-38094 has a high severity rating (CVSS score: 7.2) and affects SharePoint, a widely used web platform for building intranet sites, managing documents, and seamlessly integrating with Microsoft 365 applications. Microsoft addressed this vulnerability…

September 15, 2023

VSEC is a member of the National Cyber Security Association

On the afternoon of September 8, 2023, the National Cyber Security Association held the first National Congress, term 2023-2028. Previously, on May 8, the Association received a decision to allow its establishment from the Ministry of Home Affairs. Senior Lieutenant General Luong Tam Quang, Deputy Minister of Public Security, was elected Chairman of the Association.…

September 5, 2023

Why you should hire a CREST Penetration Testing provider?

Cyber threats evolve at a rapid pace, and one of the most effective ways to assess and improve the security posture and resilience of a company’s systems against such threats is penetration testing. By performing controlled and simulated cyber attacks against an organization, pentesting aims to identify vulnerabilities that could be exploited by malicious hackers.…

August 30, 2023

What is the difference between Pentest and Pentest as a Service?

What is the practical difference between regular pentesting and Penetration testing as a Service (PtaaS)? Let’s take a closer look at each aspect below with VSEC. Pentest is a summary of Penetration Testing – a formula that evaluates the comprehensiveness of an IT information system through simulating a real attack authorized by that organization. Simply…

August 7, 2023

Why do hackers hack?

Hackers are individuals/organizations who gain unauthorized access to other information technology systems with a specific goal, such as gaining reputation by taking down computer systems, stealing money, or making networks worse. unavailable. The experience gained from these attacks and the satisfaction derived from successful attacks can become an addiction. Some common reasons to attack include…

August 5, 2023

VSEC TI Engine

VSEC TI ENGINE – System for predicting, identifying incidents, risks of security loss The security industry around the world is in a fierce battle against cyberattacks that are increasing in number, speed and complexity. This reality requires a new approach to preventing cyber threats. According to recent studies, traditional security solutions can almost exclusively identify…

August 5, 2023

VSEC Vadar SOAR

1.  THE NECESSITY OF SOAR In the current era of strong development of Information Technology, many organizations and businesses face more threats and risks. Security distribution software is constantly overloaded with warnings from various sources. In most organizations and businesses, IT infrastructure is always evolving every day. In this case, the personnel of the security…