InfoSec News & Tutorials
News
Flaws in Xiaomi Redmi Note 9T and Redmi Note 11 models could be exploited to disable the mobile payment mechanism and even forge transactions. Check Point researchers discovered the flaws while analyzing…
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of…
Russian hacker group Killnet claims to have launched a DDoS attack on the aerospace and defense giant Lockheed Martin. The Moscow Times first reported that the Pro-Russia hacker group Killnet…
C The NCSC is currently inviting organisations to help develop a new Cyber Advisor service. The initial 100 Cyber Advisor assessments will be funded by the NCSC. A Cyber Advisor…
Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware security firm Eclypsium have discovered a vulnerability…
This article explores event-driven architecture (EDA) with a detailed definition and explains how EDA offers many essential benefits to developers. It concludes with an outline of some best practices for…
We found APT group Iron Tiger's malware compromising chat application Mimi’s servers in a supply chain attack. If you like the site, please consider joining the telegram channel or supporting…
The U.S. State Department announced a $10 million reward for information related to five individuals associated with the Conti ransomware gang. The U.S. State Department announced a $10 million reward for information…
Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS…
The Conti ransomware gang is using BazarCall phishing attacks as an initial attack vector to access targeted networks. BazarCall attack, aka call back phishing, is an attack vector that utilizes…
For more than a year, we have been providing free intelligence services via the OpenTIP portal. Using the web interface, anyone can upload and scan files with our antivirus engine,…
We tracked the latest deployment of the group behind CopperStealer, this time stealing cryptocurrencies and users’ wallet account information via a malicious Chromium-based browser extension. If you like the site,…
Explore 5 security considerations in-line with cyber insurance requirements to renew or obtain a policy while reducing your cyber risk. If you like the site, please consider joining the telegram…
Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo…
A former Twitter employee was found guilty of spying on certain Twitter users for Saudi Arabia. A former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information…
Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security…
In late August 2020, we published an overview of DeathStalker’s profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns (PowerPepper was later documented in 2020). Notably, we exposed…
Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached…
New open source initiative helping organizations to detect and respond to cyber-attacks faster and easier If you like the site, please consider joining the telegram channel or supporting us on…
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December 2021 security teams scrambled to find Log4j-vulnerable assets and patch…
10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers have discovered ten malicious packages on the Python Package Index…
Cloudflare revealed that at least 76 employees and their family members were targeted by smishing attacks similar to the one that hit Twilio. The content delivery network and DDoS mitigation…
US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed…