Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

Category: CyberSecurity

  • What is Code Access Security (CAS)?

    What is Code Access Security (CAS)?

    Code Access Security (CAS) is a pivotal framework in .NET that regulates code execution based on permissions to prevent unauthorized access and security threats. Though deprecated in newer versions, its principles remain vital for legacy application security. Key benefits include limiting access for untrusted code and enhancing overall application security.

  • Netizen: Monday Security Brief (3/3/2024)

    Netizen: Monday Security Brief (3/3/2024)

    Microsoft has revealed the Storm-2139 cybercrime network, exploiting Azure OpenAI services for malicious activities. The group uses stolen credentials to generate harmful content, prompting Microsoft to pursue legal action. Additionally, a Chinese hacking group exploited a VPN vulnerability to breach operational technology organizations globally, highlighting a critical need for enhanced cybersecurity measures.

  • Netizen: February 2025 Vulnerability Review

    Netizen: February 2025 Vulnerability Review

    Security vulnerabilities pose ongoing challenges for organizational security. Netizen’s Security Operations Center has highlighted five critical vulnerabilities from February 2025 that require immediate attention. These include CVE-2025-21391 and CVE-2025-21418, both high-severity elevation of privilege flaws affecting Windows systems; CVE-2025-21376, a high-risk remote code execution vulnerability; CVE-2025-21377, a medium-severity NTLM hash disclosure; and CVE-2025-21381, a high-severity…

  • Netizen Cybersecurity Bulletin (February 27th, 2025)

    Netizen Cybersecurity Bulletin (February 27th, 2025)

    Bybit experienced a $1.5 billion cryptocurrency heist linked to North Korea’s Lazarus Group, exploiting a vulnerability in its asset transfer process. Separately, DISA Global Solutions revealed a data breach exposing personal information of 3.3 million users. Netizen offers cybersecurity solutions, including assessments and compliance support, to enhance organizational defenses.

  • Orange Group Data Breach Exposes 380,000 Emails, Contracts, and Payment Details

    Orange Group Data Breach Exposes 380,000 Emails, Contracts, and Payment Details

    French telecommunications company Orange Group experienced a security breach, where hacker “Rey” leaked sensitive data from its Romanian division, including 380,000 email addresses and source code. The breach, exploited via compromised credentials and Jira vulnerabilities, raised concerns over identity theft. Orange, confirming the impact, has initiated an internal investigation and cooperation with authorities.

  • Netizen: Monday Security Brief (2/24/2024)

    Netizen: Monday Security Brief (2/24/2024)

    Google Cloud has introduced quantum-safe digital signatures in its Cloud KMS, addressing post-quantum cryptographic security. This move, alongside Microsoft’s Majorana 1 chip advancement, highlights the urgency for organizations to adopt quantum-resistant encryption. Experts warn that the potential of quantum computing necessitates immediate migration to post-quantum cryptography to safeguard critical data.

  • UK Government Forces Apple to Disable Advanced Data Protection

    UK Government Forces Apple to Disable Advanced Data Protection

    Apple has discontinued its Advanced Data Protection feature for iCloud in the UK due to a government order for backdoor access. While existing users can access the feature temporarily, it will be phased out. Apple opposes government surveillance and emphasizes data security amidst growing privacy concerns. Other features remain encrypted.

  • SIPRNet and NIPRNet: Key Differences Explained

    SIPRNet and NIPRNet: Key Differences Explained

    The Department of Defense (DoD) utilizes two key networks: SIPRNet for classified information and NIPRNet for unclassified data. SIPRNet ensures secure communication with stringent access controls for sensitive information, while NIPRNet facilitates broader communication needs by handling non-sensitive information with adequate security measures. Both are vital for operational effectiveness.

  • New FrigidStealer Campaign Targeting macOS Users: What SOC Teams Need to Know

    New FrigidStealer Campaign Targeting macOS Users: What SOC Teams Need to Know

    A new malware campaign targets macOS users through fake browser update prompts, distributing FrigidStealer. This campaign also affects Windows and Android users. Cybercriminals utilize compromised websites to inject malicious JavaScript, requiring user interaction to install malware. Security teams need to enhance detection, endpoint protection, and user awareness to counter this threat effectively.

  • OpenSSH Security Updates: What SOC Teams Need to Know

    OpenSSH Security Updates: What SOC Teams Need to Know

    OpenSSH has released version 9.9p2 to address two critical vulnerabilities: a machine-in-the-middle attack (CVE-2025-26465) and a pre-authentication denial-of-service flaw (CVE-2025-26466). Users are urged to update immediately, disable default settings that allow exploitation, and reinforce security practices to protect against potential attacks on SSH connections.