#پرسش_پاسخ

👇🏻

-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.11

#پرسش_پاسخ

👇🏻

-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.11

#پرسش_پاسخ

👇🏻

-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.11

#پرسش_پاسخ

👇🏻

-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.11

#پرسش_پاسخ

👇🏻

-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.11

#پرسش_پاسخ

👇🏻

-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.11

#DiyakoSecureBow

Analytics
A Year in Review of 0-days Exploited In-the-Wild in 2022
Maddie Stone, Security Researcher, Threat Analysis Group (TAG)

This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild [2021, 2020, 2019] and builds off of the mid-year 2022 review. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a whole, looking for trends, gaps, lessons learned, and successes.
Executive Summary
41 in-the-wild 0-days were detected and disclosed in 2022, the second-most ever recorded since we began tracking in mid-2014, but down from the 69 detected in 2021. Although a 40% drop might seem like a clear-cut win for improving security, the reality is more complicated. Some of our key takeaways from 2022 include:

N-days function like 0-days on Android due to long patching times. Across the Android ecosystem there were multiple cases where patches were not available to users for a significant time. Attackers didn’t need 0-day exploits and instead were able to use n-days that functioned as 0-days.

0-click exploits and new browser mitigations drive down browser 0-days. Many attackers have been moving towards 0-click rather than 1-click exploits. 0-clicks usually target components other than the browser. In addition, all major browsers also implemented new defenses that make exploiting a vulnerability more difficult and could have influenced attackers moving to other attack surfaces.

Over 40% of the 0-days discovered were variants of previously reported vulnerabilities. 17 out of the 41 in-the-wild 0-days from 2022 are variants of previously reported vulnerabilities. This continues the unpleasant trend that we’ve discussed previously in both the 2020 Year in Review report and the mid-way through 2022 report. More than 20% are variants of previous in-the-wild 0-days from 2021 and 2020.

Bug collisions are high. 2022 brought more frequent reports of attackers using the same vulnerabilities as each other, as well as security researchers reporting vulnerabilities that were later discovered to be used by attackers. When an in-the-wild 0-day targeting a popular consumer platform is found and fixed, it's increasingly likely to be breaking another attacker's exploit as well

https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html

-Business Secure Continuity-
1402.05.12
#vulnerability #zerotrust #zeroday #threatintelligence #threathunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_the-ups-and-downs-of-0-days-a-year-in-review-activity-7092797937302269953-1_wv?utm_source=share&utm_medium=member_ios

هیچ بلیطی از هیچ جا به هیچ جا موجود نیست!

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.11

🔒 Urgent Alert: Hundreds of Citrix NetScaler ADC and Gateway servers breached! Malicious actors exploit CVE-2023-3519 #vulnerability to deploy web shells.

Read more about this threat: https://thehackernews.com/2023/08/hundreds-of-citrix-netscaler-adc-and.html


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.12

#پرسش_پاسخ

👇🏻

-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.12

-گرگی که مرا شیر دهد میش من است،
بیگانه گر وفا کند خویش من-


Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.13

CISA, NSA, FBI, & global partners disclose the top exploited vulnerabilities of 2022. Beware of CVE-2018-13379, a 4-year-old Fortinet FortiOS SSL flaw still targeted by cybercriminals.

Read: https://thehackernews.com/2023/08/major-cybersecurity-agencies.html

Patch NOW to protect your organization.


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.14

#DiyakoSecureBow

Entertainment 1 - watching movies and series related 2 the specialized field of cyber security and related elements.(Name UNTRACEABLE, Year 2008, Type Movie, Time 1H 41Min, Grade C) A serial killer who rigs contraptions that kill his victims based on the number of hits received by a website that features a live streaming video of the victim. Millions of people log on, hastening the victims' deaths.

Comment on this post;
You know websites, documentaries, movies, series that are relevant content 4 cyber security enthusiasts and specialists.

سرگرمي شماره 1 - تماشاي فيلم و سريال هاي مرتبط به حوزه تخصصي امنيت سايبري و المان هاي مرتبط. (نام غيرقابل رديابي، سال ٢٠٠٨، نوع فيلم، مدت ١ ساعت و ٤١ دقيقه، درجه C) یک قاتل زنجیره ای که بر اساس تعداد بازدیدهای دریافتی توسط وب سایتی که یک ویدیوی پخش زنده از قربانی را ارائه می دهد، ابزارهایی درست می کند که قربانیانش را می کشد. میلیون ها نفر وارد سیستم می شوند و مرگ قربانیان را تسریع می کنند.

در اين پست كامنت كنيد؛
شما وب سايت، مستند، فيلم، سريال هاي كه محتواي مرتبط براي علاقه مندان و متخصصين امنيت سايبري مي شناسيد

https://www.youtube.com/watch?v=oIqnESZW0qc

-Business Secure Continuity-
1402.05.14
#hackers #hackernews #hackerone #hacking #hackersummercamp #UNTRACEABLE #bugbountytips #bughunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_untraceable-trailer-activity-7093444258635866112-ZPLo?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow

Entertainment 2 - watching movies and series related 2 the specialized field of cyber security and related elements.(Name Snowden, Year 2016, Type Movie, Time 2H 14 Min, Grade B)
Elliot Alderson, a cybersecurity engineer and hacker with social anxiety disorder and clinical depression. Recruited by an insurrectionary anarchist known as Mr. Robot, to join a group of hacktivists called fsociety.

Comment on this post;
You know websites, documentaries, movies, series that are relevant content 4 cyber security enthusiasts and specialists.

سرگرمي 2 - تماشاي فيلم و سريال هاي مرتبط به حوزه تخصصي امنيت سايبري و المان هاي مرتبط.( نام اسنودن، سال ٢٠١٦، نوع فيلم. مدت ٢ساعت و ١٤ دقيقه، درجه B)الیوت آلدرسون، مهندس امنیت سایبری و هکر مبتلا به اختلال اضطراب اجتماعی و افسردگی بالینی. توسط یک آنارشیست شورشی معروف به آقای ربات استخدام شد تا به گروهی از هکتیویست ها به نام fsociety بپیوندد.

در اين پست كامنت كنيد؛
شما وب سايت، مستند، فيلم، سريال هاي كه محتواي مرتبط براي علاقه مندان و متخصصين امنيت سايبري مي شناسيد.

https://www.youtube.com/watch?v=U94litUpZuc

-Business Secure Continuity-
1402.05.14
#hackers #hackernews #hackerone #hacking #hackersummercamp #bugbountytips #bughunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_mr-robot-official-extended-trailer-season-activity-7093521881688875008-d6Ei?utm_source=share&utm_medium=member_ios