Articles that are tagged
Vulnerabilities
Recent News
VULNERABILITIES
Known Bug Being Abused by Iranian Hackers Found in Microsoft's MSHTML
4 years ago
Instagram and Google credentials of Farsi-speaking individuals around the world are being stolen by an Iranian threat actor. The threat group is using a new PowerShell-based stealer, PowerShortShell, for this campaign. PowerShortShell is used for Telegram surveillance and gathering system details from infected devices. Attacker-controlled servers work with... Read more
Instagram and Google credentials of Farsi-speaking individuals around the world are being stolen by... Read more
VULNERABILITIES
Squirrel Engine Bug lets attackers hack games and cloud services
4 years ago
Squirrel is an open-source, object-oriented programming language used for scripting video games and in IoT devices and distributed transaction processing platforms such as Enduro/X. Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that attackers can abuse to break out of the sandbox restrictions and execute... Read more
Squirrel is an open-source, object-oriented programming language used for scripting video games and in... Read more
VULNERABILITIES
Cyber Puppeteer Kits: The New Financial Services Security Threat
4 years ago
Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber puppeteer kit. They are a substantial threat to an organization’s employees, customers, critical assets and more. A cyber puppeteer kit, also referenced as “live panels” among the threat actors that operate them, is a new... Read more
Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber... Read more
VULNERABILITIES
Spook.js attack Bypasses Chrome's site isolation
4 years ago
Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers to leak sensitive data in a Spectre-style attack. The technique is a JavaScript-based line of attack that specifically aims to get around barriers put in place to ... Read more
Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved... Read more
VULNERABILITIES
Airtel’sFeds Warn of Ransomware Attacks Ahead of Labor Day mobile app hit with security flaw which left millions of user data exposed
4 years ago
The federal government has warned that threat actors might use the Labor Day weekend as a prime opportunity to ambush organizations when several staff would be taking time off, leaving behind a skeleton crew to oversee IT and network infrastructure and security. That’s because the absence of key personnel makes... Read more
The federal government has warned that threat actors might use the Labor Day weekend as... Read more
VULNERABILITIES
Proxy server vulnerability messing up with Exchange Server config
4 years ago
The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020 Microsoft Exchange security updates, but apparently, they found a second major security bug, nicknamed PROXYTOKEN. This vulnerability allows the attacker to bypass all the security authentications easily and make changes to the backend configuration of... Read more
The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020... Read more
VULNERABILITIES
Vulnerabilities exploited to Hack Linux Systems
4 years ago
Linux-based frameworks are presented to the web directly—attackers can, hence, undoubtedly target them to introduce noxious web shells, ransomware, Trojans, and so on. The US-Japanese firm Trend Micro distributed a point-by-point examination on the Linux danger setting, featuring the difficulties and weaknesses that affected the OS in the main portion... Read more
Linux-based frameworks are presented to the web directly—attackers can, hence, undoubtedly target them to introduce... Read more
VULNERABILITIES
Web Shells and Ransomware transmitted exploiting ProxyShell Vulnerabilities
4 years ago
The Cybersecurity and Infrastructure Security Agency (CISA) has recently warned that various attackers use three so-called “ProxyShell” vulnerabilities to compromise Microsoft Exchange Servers worldwide. They were discovered and demonstrated by Orange Tsai and his fellow research colleagues from DEVCORE Research Team at the Pwn2Own contest and also mentioned at the... Read more
The Cybersecurity and Infrastructure Security Agency (CISA) has recently warned that various attackers use three... Read more
VULNERABILITIES
'Bad Example' by Accenture for lack of transparency during ransomware attacks
4 years ago
When ransomware and cyber-attacks are at an all-time high, solution providers believe that high profile IT companies such as Accenture could help the industry by disclosing the attack details upfront. Their lack of disclosure is being heavily criticised and is seen as a missed opportunity to keep others well informed.... Read more
When ransomware and cyber-attacks are at an all-time high, solution providers believe that high profile... Read more
