GHDBREVO: January 2025

eBook: Your Step-by-Step Guide to Securing AI in the Enterprise

͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌

When it comes to adopting AI securely, there's no one-size-fits-all framework or solution. Every organization's needs and objectives are different.

Tired of generic recommendations that don't address real-world security blockers? We are too.

That's why the new Securing AI in the Enterprise guide from Tines includes:

Insights from IT and security leaders at the forefront of AI adoption
Clear, actionable steps for achieving secure AI adoption
Practical advice for vendor engagement, including key questions and criteria

Whether you're facing a lack of AI governance, struggling to define priorities, or navigating a sea of hyperbolic vendor claims, this comprehensive guide from Tines offers actionable strategies to help you keep moving forward.

Get the Guide ▶

View email in browser
The Hacker News · Pearl Omaxe Tower · 810/8 Nsp, Pitampura · New Delhi, Delhi 110034 · India
update your preferences or unsubscribe

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 Jan]

͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌ ͏ ‌

Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we're breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention.

As we unpack these complex topics, we'll equip you with sharp insights to navigate these turbulent waters. Curious about the solutions? They're smarter and more unexpected than you might think. Let's dive in.

⚡ Threat of the Week

Juniper Networks Routers Targeted by J-magic — A new campaign targeted enterprise-grade Juniper Networks routers between mid-2023 and mid-2024 to infect them with a backdoor dubbed J-magic when certain precise conditions. The malware is a variant of a nearly 25-year-old, publicly available backdoor referred to as cd00r, and is designed to establish a reverse shell to an attacker-controlled IP address and port. Semiconductor, energy, manufacturing, and information technology (IT) sectors were the most targeted.

The Human Touch In Creating and Securing Non-Human Identities

In today's digital landscape, a new class of identities has emerged alongside traditional human users: non-human identities (NHIs).This ebook explores everything you need to know about managing NHIs in your environment.

Download

🔔 Top News

Palo Alto Firewalls Found Vulnerable to Firmware Exploits — An analysis of three firewall models from Palo Alto Networks – PA-3260, PA-1410, and PA-415 – uncovered that they are vulnerable to known security flaws that could be exploited to achieve Secure Boot bypass and modify device firmware. In response to the findings, Palo Alto Networks said exploiting the flaws require an attacker to first compromise PAN-OS software through other means and obtain elevated privileges to access or modify the BIOS firmware. It also said it will be working with third-party vendors to develop firmware updates for some of them.
PlushDaemon Linked to Supply Chain Compromise of South Korean VPN Provider — A never-before-seen China-aligned hacking group named PlushDaemon carried out a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023 to deliver malware known as SlowStepper, a fully-featured backdoor with an extensive set of information gathering features. The threat actor is also said to have exploited an unknown vulnerability in Apache HTTP servers and conducted adversary-in-the-middle (AitM) attacks to breach other targets of interest. Active since at least 2019, the group has singled out individuals and entities in China, Taiwan, Hong Kong, South Korea, the United States, and New Zealand.
Mirai Botnet Launches Record 5.6 Tbps DDoS Attack — Cloudflare revealed that a Mirai botnet comprising over 13,000 IoT devices was responsible for a record-breaking 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack aimed at an unnamed internet service provider (ISP) from Eastern Asia. The attack lasted about 80 seconds. The web infrastructure company said the average unique source IP address observed per second was 5,500, and the average contribution of each IP address per second was around 1 Gbps.
Over 100 Flaws in LTE and 5G Implementations — A group of academics has disclosed 119 security vulnerabilities impacting LTE and 5G implementations, Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN, that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. Some of the identified vulnerabilities could be weaponized to breach the cellular core network and leverage that access to monitor cellphone location and connection information for all subscribers at a city-wide level, carry out targeted attacks on specific subscribers, and perform further malicious actions on the network itself.
Ex-CIA Analyst Pleads Guilty to Sharing Top Secret Docs — Asif William Rahman, a former analyst working for the U.S. Central Intelligence Agency (CIA), pleaded guilty to transmitting top secret National Defense Information (NDI) to unauthorized personnel and attempted to cover up the activity. The incident, which took place in October 2024, involved Rahman sharing documents prepared by the National Geospatial-Intelligence Agency and the National Security Agency. They were related to Israel's plans to attack Iran, and were subsequently shared on Telegram by an account called Middle East Spectator. He has pleaded guilty to two counts of willful retention and transmission of classified information related to the national defense. He is expected to be sentenced on May 15, 2025, potentially facing a maximum penalty of 10 years in prison.

️🔥 Trending CVEs

Your go-to software could be hiding dangerous security flaws—don't wait until it's too late! Update now and stay ahead of the threats before they catch you off guard.

This week's list includes — CVE-2025-23006 (SonicWall), CVE-2025-20156 (Cisco Meeting Management), CVE-2025-21556 (Oracle Agile Product Lifecycle Management Framework), CVE-2025-0411 (7-Zip), CVE-2025-21613 (go-git), CVE-2024-32444 (RealHomes theme for WordPress), CVE-2024-32555 (Easy Real Estate plugin), CVE-2016-0287 (IBM i Access Client Solutions), CVE-2024-9042 (Kubernetes).

📰 Around the Cyber World

India and the U.S. Sign Cybercrime MoU — India and the United States have signed a memorandum of understanding (MoU) to bolster cooperation in cybercrime investigations. "The MoU allows the respective agencies of the two countries to step up the level of cooperation and training with respect to the use of cyber threat intelligence and digital forensics in criminal investigations," the Indian Ministry of External Affairs (MEA) said in a statement.
Critical Security Flaws in ABB ASPECT-Enterprise, NEXUS, and MATRIX Products — More than a 100 security flaws have been disclosed in ABB ASPECT-Enterprise, NEXUS, and MATRIX series of products that could enable an attacker to disrupt operations or execute remote code. Gjoko Krstikj of Zero Science Lab has been credited with discovering and reporting the flaws.
91% of Exposed Exchange Server Instances Still Vulnerable to ProxyLogon — One of the vulnerabilities exploited by the China-linked Salt Typhoon hacking group for initial access is CVE-2021-26855 (aka ProxyLogon), a nearly four-year-old flaw in Microsoft Exchange Server. According to a new analysis from cybersecurity company Tenable, 91% of the nearly 30,000 external-facing instances of Exchange vulnerable to CVE-2021-26855 have not been updated to close the defect to date. "Salt Typhoon is known for maintaining a stealthy presence on victim networks and remaining undetected for a significant time period," it said.
IntelBroker Resigns from BreachForums — The threat actor known as IntelBroker has announced his resignation as the owner of an illicit cybercrime forum called BreachForums, citing a lack of time. The development marks the latest twist in the tumultuous history of the online criminal bazaar, which has been the subject of law enforcement scrutiny, resulting in a takedown of its infrastructure and the arrest of its previous administrators. Its original creator and owner Conor Brian Fitzpatrick (aka Pompompurin) was sentenced to time served and 20 years of supervised release exactly a year ago. However, newly filed court documents show that his sentence has been vacated -- i.e., declared void. "While released on bond awaiting sentencing, Fitzpatrick violated his conditions of release immediately by secretly downloading a virtual private network, which he then used virtually every day to access the Internet without the knowledge of his probation officer," the document reads. "Not only did Fitzpatrick commit serious offenses, but he also showed a lack of remorse, joking about committing additional crimes even after entering a guilty plea."
Cloudflare CDN Bug Leaks User Locations — A new piece of research from a 15-year-old security researcher who goes by the name Daniel has uncovered a novel "deanonymization attack" in the widely used Cloudflare content delivery network (CDN) that can expose someone's location by sending them an image on platforms like Signal, Discord, and X. The flaw allows an attacker to extract the location of any target within a 250-mile radius when a vulnerable app is installed on a target's phone, or as a background application on their laptop, simply by sending a specially-crafted payload. Using either a one-click or zero-click approach, the attack takes advantage of the fact that Cloudflare stores cache copies of frequently accessed content on data centers located in close proximity to the users to improve performance. The security researcher developed a Teleport tool that let them check which of Cloudflare's data centers had cached an image, which allowed them to triangulate the approximate location a Discord, Signal, or X user might be in. Although the specific issue was closed, Daniel noted that the fix could be bypassed using a VPN. While the geolocation capability of the attack is not precise, it can provide enough information to infer the geographic region where a person lives, and use it as a stepping stone for follow-on intelligence gathering. "The attack leverages fundamental design decisions in caching and push notification systems, demonstrating how infrastructure meant to enhance performance can be misused for invasive tracking," the researcher said.
Belsen Group Leaks Fortinet FortiGate Firewall Configs — A little-known hacking group named Belsen Group has leaked configuration data for over 15,000 Fortinet FortiGate firewalls on the dark web for free. This includes configurations and plaintext VPN user credentials, device serial numbers, models, and other data. An analysis of the data dump conducted by security researcher Kevin Beaumont has revealed that the configuration data has likely been put together by exploiting CVE-2022-40684, an authentication bypass zero-day vulnerability disclosed in October 2022, as a zero-day. Of the 15,469 distinct affected IP addresses, 8,469 IPs have been found to be still online and reachable in scans. As many as 5,086 IPs are continuing to expose the compromised FortiGate login interfaces. A majority of the exposures are in Mexico, Thailand, and the U.S. "If your organization has consistently adhered to routine best practices in regularly refreshing security credentials and taken the recommended actions in the preceding years, the risk of the organization's current config or credential detail in the threat actor's disclosure is small," Fortinet said in response to the disclosure. The disclosure comes as another critical flaw in FortiGate devices (CVE-2024-55591 aka Console Chaos) has come under active exploitation in the wild since November 1, 2024.

🎥 Expert Webinar

No More Trade-Offs: Secure Code at Full Speed — Tired of security slowing down development—or risky shortcuts putting you at risk? Join Sarit Tager, VP of Product Management at Palo Alto Networks, in this must-attend webinar to discover how to break the Dev-Sec standoff. Learn how to embed smart, seamless security guardrails into your DevOps pipeline, prioritize code issues with full ecosystem context, and replace "shift left" confusion with the clarity of "start left" success. If speed and security feel like a trade-off, this webinar will show you how to have both. Save your spot now.
The Clear Roadmap to Identity Resilience — Struggling with identity security gaps that increase risks and inefficiencies? Join Okta's experts, Karl Henrik Smith and Adam Boucher, to discover how the Secure Identity Assessment (SIA) delivers a clear, actionable roadmap to strengthen your identity posture. Learn to identify high-risk gaps, streamline workflows, and adopt a scalable, phased approach to future-proofing your defenses. Don't let identity debt hold your organization back—gain the insights you need to reduce risk, optimize operations, and secure business outcomes.

P.S. Know someone who could use this? Share it.

🔧 Cybersecurity Tools

Extension Auditor: With cyber threats becoming more sophisticated, tools like Extension Auditor are essential for maintaining online safety. This tool evaluates your browser extensions for security and privacy risks, providing a clear analysis of permissions and potential vulnerabilities. Extension Auditor helps you identify and manage extensions that could expose you to danger, ensuring your browsing is secure and your data remains private.
AD Threat Hunting Tool: It is a simple yet powerful PowerShell tool that helps detect suspicious activities in your Active Directory, like password spray attacks or brute force attempts. It provides real-time alerts, smart analysis of attack patterns, and detailed reports with easy export options. With built-in testing to simulate attacks, this tool is a must-have for keeping your AD environment secure and identifying threats quickly.

🔒 Tip of the Week

Essential Network Security Practices — To effectively secure your network, you don't need complex solutions. Keep your network safe with these easy tips: Use a VPN like NordVPN to protect your data and keep your online activities private. Make sure your firewall is turned on to stop unwanted access. Keep your software and devices updated to fix security weaknesses. Choose strong, unique passwords for all your accounts and consider using a password manager to keep track of them. Teach yourself and others how to spot phishing scams to avoid giving away sensitive information. These basic actions can greatly improve your network's security and are simple to implement.

Conclusion

As we close this week's newsletter, let's focus on the crucial issue of vulnerabilities in healthcare technology. These gaps highlight a pressing need for enhanced security measures and more dynamic regulatory frameworks that can quickly adapt to new threats. How can we fortify our defenses to better protect critical infrastructure? Your expertise is essential as we tackle these challenges and push for more effective solutions. Let's keep the dialogue open and continue to drive progress in our field. Stay informed and engaged.

View email in browser
The Hacker News · Pearl Omaxe Tower · 810/8 Nsp, Pitampura · New Delhi, Delhi 110034 · India
update your preferences or unsubscribe

Cotton Canvas: A Comprehensive Guide for Crafters, DIYers, and Textile Enthusiasts

Cotton canvas: the workhorse of the crafting and DIY world. From sturdy tote bags to breathtaking painted artworks, its versatility and durability have made it a staple in workshops and studios for centuries. But beyond its readily apparent applications, cotton canvas holds a wealth of fascinating characteristics and possibilities. This comprehensive guide delves deep into the world of cotton canvas, exploring its properties, uses, types, history, and more, all tailored for the discerning crafter, DIY enthusiast, and textile aficionado.

What is Cotton Canvas? A Material Defined by Weave and Fiber

At its core, cotton canvas is a plain-woven fabric made from cotton fibers. The term "canvas" refers specifically to the weave – a tightly interlaced, balanced weave that provides inherent strength and stability. The combination of the natural cotton fiber and the plain weave structure gives canvas its unique properties:

Durability: The tight weave creates a strong fabric that can withstand significant wear and tear, making it ideal for projects that need to last.
Absorbency: Cotton is a naturally absorbent fiber, allowing canvas to readily accept dyes, paints, and other finishes. This is critical for customization in crafting and artistic applications.
Versatility: Canvas comes in various weights, textures, and finishes, making it suitable for a wide range of projects, from lightweight apparel to heavy-duty outdoor gear.
Breathability: Cotton fibers allow air to circulate through the fabric, making canvas comfortable to wear and use in warm environments.
Affordability: Compared to other durable fabrics like linen or leather, cotton canvas is relatively inexpensive, making it accessible for crafters on a budget.
Ease of Use: Cotton canvas is generally easy to cut, sew, and manipulate, making it a forgiving material for beginner and experienced crafters alike.

Unraveling the Weave: Understanding Canvas Construction

The strength and properties of cotton canvas are largely determined by its construction:

Weave Type: The most common weave for canvas is the plain weave, where warp (lengthwise) and weft (crosswise) yarns interlace in a simple over-under pattern. Other weaves, like twill, can also be used, resulting in a more textured and potentially more durable canvas.
Yarn Size (Weight): Canvas weight is typically measured in ounces per square yard (oz/yd²). Heavier canvases (e.g., 12 oz, 18 oz) are thicker, stronger, and more rigid, suitable for heavy-duty applications. Lighter canvases (e.g., 7 oz, 10 oz) are more pliable and suitable for garments or lining.
Thread Count: While less commonly specified for canvas than for other fabrics, thread count (number of threads per inch) can also influence the fabric's density and durability. A higher thread count generally indicates a tighter weave and greater resistance to tearing.
Ply: Refers to the number of yarns twisted together to make a single thread. Multiple-ply yarns create a stronger and more durable fabric.

Canvas Varieties: Exploring the Spectrum of Textures and Finishes

Cotton canvas isn't a monolithic material. A wide range of varieties cater to specific needs and applications:

Duck Canvas: The most common type of cotton canvas, characterized by its tightly woven plain weave. Duck canvas is graded by a numbered system (e.g., #8 duck, #10 duck), with lower numbers indicating heavier weights. It is incredibly versatile and used for everything from tote bags and upholstery to tarpaulins and tents.
Artist Canvas: Specifically designed for painting, artist canvas is typically primed with gesso to create a smooth, absorbent surface that is ready to accept paint. Available in various weights and textures, it is often stretched over a wooden frame for painting.
Cotton Drill: A strong, twill-woven fabric that is similar to canvas but generally lighter in weight. Drill is often used for workwear, linings, and durable clothing.
Cotton Twill: As mentioned, a twill weave creates a diagonal rib pattern on the fabric's surface. Twill canvas is often more flexible and drapable than plain-weave canvas.
Water-Resistant Canvas: Treated with a water-repellent finish (e.g., wax, silicone), this type of canvas is ideal for outdoor applications like awnings, boat covers, and tents. The water-repellency needs to be maintained with retreatment over time.
Flame-Retardant Canvas: Treated with flame-retardant chemicals, this canvas is suitable for applications where fire safety is a concern, such as stage curtains, backdrops, and safety clothing.
Organic Cotton Canvas: Made from cotton grown without the use of synthetic pesticides or fertilizers. This is a more sustainable option for environmentally conscious crafters.
Recycled Cotton Canvas: Made from recycled cotton fibers, reducing waste and conserving resources.

Beyond the Bolt: Common Uses for Cotton Canvas

The versatility of cotton canvas makes it a go-to material for a vast array of projects:

Crafting & Sewing: Tote bags, pouches, aprons, placemats, curtains, pillow covers, wall hangings, stuffed animals.
Art & Painting: Painting canvases, backdrops, murals.
Home Decor: Upholstery, slipcovers, curtains, rugs, storage bins.
Outdoor Gear: Tents, awnings, boat covers, backpacks, tarpaulins.
Apparel: Jackets, pants, skirts, dresses, hats, workwear.
Shoes: Canvas sneakers, espadrilles.
Photography & Event Decor: Photography backdrops, pipe and drape systems for booths and events.

Choosing the Right Canvas: A Project-Specific Guide

Selecting the appropriate canvas for your project is crucial for achieving the desired results:

For Tote Bags: A medium-weight duck canvas (10-12 oz) is a good balance of durability and ease of sewing. Consider a heavier weight (14-18 oz) for bags that will carry heavy loads.
For Painting: Artist canvas primed with gesso is essential. Choose a weight and texture based on your painting style. Finer textures are good for detailed work, while coarser textures are suitable for looser styles.
For Upholstery: A heavy-weight duck canvas (12-18 oz) or a cotton drill is recommended for durability. Consider a stain-resistant finish for added protection.
For Clothing: A lighter-weight canvas (7-10 oz) or a cotton twill will be more comfortable to wear.
For Outdoor Projects: A water-resistant canvas is a must. Consider the level of water resistance needed based on the project's exposure to the elements.
For Photography Backdrops: Muslin is also used for backdrops, however cotton canvas in a plain color or painted canvas can add character and is generally durable. Using pipe and drape to set up the photography backdrops can be an efficient means.

Working with Cotton Canvas: Tips and Techniques for Crafters

While generally easy to work with, cotton canvas benefits from a few key techniques:

Pre-Washing: Pre-wash canvas before cutting and sewing to prevent shrinkage after the project is complete.
Needle Selection: Use a universal or denim needle in your sewing machine. The size of the needle will depend on the weight of the canvas.
Thread Choice: Choose a strong, durable thread like polyester or cotton-wrapped polyester.
Seam Finishes: Finish raw edges to prevent fraying. Options include serging, zigzag stitching, or binding with bias tape.
Reinforcements: Reinforce stress points with extra stitching or rivets.
Cutting: Use sharp fabric scissors or a rotary cutter for clean, accurate cuts.
Pressing: Press seams open after sewing for a professional finish.
Painting & Dyeing: Cotton canvas readily accepts paints and dyes. Experiment with different techniques to achieve the desired look. Use fabric paints or dyes that are designed for natural fibers.

Caring for Your Canvas Creations: Maintaining Longevity

Proper care will extend the life of your cotton canvas projects:

Washing: Machine wash in cold water on a gentle cycle. Avoid using harsh detergents or bleach.
Drying: Tumble dry on low heat or hang to dry. Avoid over-drying, which can cause shrinkage.
Ironing: Iron on a medium setting.
Storage: Store canvas projects in a cool, dry place away from direct sunlight.

A Historical Thread: The Evolution of Cotton Canvas

Canvas has a rich history, dating back centuries. Originally made from hemp or linen, canvas was used for sails, tents, and other essential items. The introduction of cotton canvas in the 19th century made the material more affordable and accessible, leading to its widespread adoption in various industries.

The Sustainability Question: Addressing Environmental Concerns

The environmental impact of cotton production is a growing concern. Conventional cotton farming relies heavily on pesticides and fertilizers, which can pollute waterways and harm ecosystems. Choosing organic or recycled cotton canvas is a more sustainable option. Consider also the dyes and finishes used on the canvas, opting for eco-friendly alternatives whenever possible.

The Future of Cotton Canvas: Innovation and Possibilities

The future of cotton canvas is bright, with ongoing innovations in textile technology. Researchers are exploring new ways to improve the performance and sustainability of canvas, including:

Developing more durable and water-resistant finishes.
Creating canvas from innovative blends of cotton and other fibers.
Improving the efficiency of cotton farming practices.
Exploring new applications for canvas in areas like construction and transportation.

Canvas Specific Project Ideas

For a craft and DIY blogger, cotton canvas offers a plethora of content opportunities. Here are some project ideas specifically tailored to your audience:

Personalized Photography Backdrops: Create unique, hand-painted backdrops for photoshoots using cotton canvas and acrylic paints.
Upcycled Canvas Tote Bags: Transform old canvas drop cloths or tents into stylish and functional tote bags.
DIY Canvas Wall Art: Create textured wall art using canvas scraps, fabric scraps, and mixed media techniques.
Canvas Storage Bins: Sew sturdy and stylish storage bins for organizing craft supplies or household items.
Custom Canvas Pet Beds: Design and sew comfortable and durable pet beds using heavy-weight cotton canvas.
Painted Canvas Shoes: Customize canvas shoes with fabric paint and unique designs.
Tutorials on different painting and dyeing techniques for canvas.
Reviews of different types of canvas and their suitability for various projects.
Posts on sustainable canvas options and eco-friendly crafting practices.

Resources for Cotton Canvas Enthusiasts:

Online fabric retailers: Many online retailers specialize in selling cotton canvas in various weights, colors, and finishes.
Local fabric stores: Support your local fabric stores by purchasing cotton canvas from them.
Art supply stores: Art supply stores carry artist canvas in various sizes and textures.
DIY and crafting websites: Numerous websites offer tutorials and inspiration for working with cotton canvas.
Textile museums and historical societies: Learn more about the history and evolution of canvas at textile museums and historical societies.

Conclusion

Cotton canvas is more than just a fabric; it is a versatile and enduring material that has played a significant role in crafting, art, and industry for centuries. By understanding its properties, varieties, and applications, crafters, DIY enthusiasts, and textile learners can unlock its full potential and create beautiful and functional projects that will last for years to come. As a craft blogger, embracing this material and sharing its nuances with your audience will position you as a trusted resource and inspire creativity for all. Remember to explore the possibilities and experiment with different techniques to find what works best for you and your unique creative vision! The key is to understand the material and apply your knowledge and creativity to create something amazing.

https://thefabricofourlives.com/cotton-fabrics/canvas
https://wellfabric.com/what-is-cotton-canvas-fabric/
https://sewport.com/fabrics-directory/canvas-fabric
https://www.cassart.co.uk/whats-the-difference-between-linen-and-cotton-canvas/
https://en.wikipedia.org/wiki/Canvas
https://www.fabrichouse.com/int/all-fabrics/cotton/cotton-canvas/https://thecanvaswiki.blogspot.com/

--
You received this message because you are subscribed to the Google Groups "Broadcaster" group.
To unsubscribe from this group and stop receiving emails from it, send an email to broadcaster-news+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/broadcaster-news/1de2d782-f2a6-4eff-a4ef-411d1515ef35n%40googlegroups.com.

GHDBREVO

Wednesday, January 29, 2025

eBook: Your Step-by-Step Guide to Securing AI in the Enterprise

Monday, January 27, 2025

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 Jan]

⚡ Threat of the Week

🔔 Top News

️🔥 Trending CVEs

📰 Around the Cyber World

🎥 Expert Webinar

🔧 Cybersecurity Tools

🔒 Tip of the Week

Conclusion

Thursday, January 23, 2025

Cotton Canvas: A Comprehensive Guide for Crafters, DIYers, and Textile Enthusiasts

About Me

Links

Previous Posts

Archives