Dark Angel Victim: CannonDesign
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
OSINT
8 Base Ransomware Victim: KTUA Landscape Architecture and Planning
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
8 Base Ransomware Victim: Comtek Advanced Structures, a Latecoere Company
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Daily Vulnerability Trends: Thu Oct 12 2023
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-38545 No description provided CVE-2023-43641libcue provides an API for parsing and extracting...
Simpson Manufacturing shuts down IT systems after cyberattack
Simpson Manufacturing disclosed via a SEC 8-K filing a cybersecurity incident that has caused disruptions in its operations, which are...
LinkedIn Smart Links attacks return to target Microsoft accounts
Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts...
Generative AI Security: Preventing Microsoft Copilot Data Exposure
This article is written by Rob Sobers, Varonis. Microsoft Copilot has been called one of the most powerful productivity tools...
New WordPress backdoor creates rogue admin to hijack websites
A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create...
Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation...
Microsoft Defender now auto-isolates compromised accounts
Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard...
BianLian extortion group claims recent Air Canada breach
The BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada, the country's...
Google Adopts Passkeys as Default Sign-in Method for All Users
Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled...
Researchers Uncover Grayling APT’s Ongoing Attack Campaign Across Industries
A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the...
New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise
Certain online risks to children are on the rise, according to a recent report from Thorn, a technology nonprofit whose...
HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks
Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks...
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards
A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been...
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two...
Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a...
Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords
Passwords are at the core of securing access to an organization's data. However, they also come with security vulnerabilities that...
U.S. Cybersecurity Agency Warns of Actively Exploited Adobe Acrobat Reader Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its...
Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023
More than 17,000 WordPress websites have been compromised in the month of September 2023 with malware known as Balada Injector,...
Spoofy – Program That Checks If A List Of Domains Can Be Spoofed Based On SPF And DMARC Records
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records....
LockBit 3.0 Ransomware Victim: foremostgroups[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
New ‘HTTP/2 Rapid Reset’ zero-day attack breaks DDoS records
A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since...
