CyberManipal.
Tech news from MIST
Latest
Latest news from CyberManipal, that matters.
Page 4
VULNERABILITIES
Cyber Puppeteer Kits: The New Financial Services Security Threat
3 years ago
Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber puppeteer kit. They are a substantial threat to an organization’s employees, customers, critical assets and more. A cyber puppeteer kit, also referenced as “live panels” among the threat actors that operate them, is a new... Read more
Adversaries have evolved to target financial organizations in a new, effective way, introducing the cyber... Read more
BREACHES
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
3 years ago
Apple released an emergency software update to avoid getting affected by a potentially harmful attack; users should immediately update their iOS devices to install an emergency patch. NSO Group created this patch to prevent exploitation. The company released several security updates on Monday, September 13, which include fixes for various... Read more
Apple released an emergency software update to avoid getting affected by a potentially harmful attack;... Read more
VULNERABILITIES
Spook.js attack Bypasses Chrome's site isolation
3 years ago
Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers to leak sensitive data in a Spectre-style attack. The technique is a JavaScript-based line of attack that specifically aims to get around barriers put in place to ... Read more
Spook.js is a newly discovered side-channel attack it has successfully overcome Site Isolation protections weaved... Read more
RESEARCH AND DEVELOPMENT
Implementation of Cobalt Strike Beacon
3 years ago
This Monday, Researchers disclosed a newly discovered Linux and Windows enactment of Cobalt Strike Beacon, which actively set its sight on government, telecommunications, IT, and financial institutions worldwide. The yet-to-be-detected version of penetration testing tool, also code-named “Vermilion Strike,” has marked one of the rare Linux Ports, i.e., a... Read more
This Monday, Researchers disclosed a newly discovered Linux and Windows enactment of Cobalt Strike Beacon,... Read more
RESEARCH AND DEVELOPMENT
WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud
3 years ago
WhatsApp recently announced that it would be bringing end-to end encrypted chat backups to the cloud for Android and iOS users, allowing users to save information including chat messages and photographs in a cryptographically safe manner on Apple iCloud or Google Drive. This feature is expected to go live in... Read more
WhatsApp recently announced that it would be bringing end-to end encrypted chat backups to the... Read more
VULNERABILITIES
Airtel’sFeds Warn of Ransomware Attacks Ahead of Labor Day mobile app hit with security flaw which left millions of user data exposed
3 years ago
The federal government has warned that threat actors might use the Labor Day weekend as a prime opportunity to ambush organizations when several staff would be taking time off, leaving behind a skeleton crew to oversee IT and network infrastructure and security. That’s because the absence of key personnel makes... Read more
The federal government has warned that threat actors might use the Labor Day weekend as... Read more
RESEARCH AND DEVELOPMENT
US cyber security firm says it can protect phones against Pegasus
3 years ago
Zimperium, a US-based technology firm that specializes in mobile phone security, claims that it can protect organizations and individuals from zero-day attacks often used by Pegasus or similar spyware programs and has recently secured a contract with the United States Department of Defence (DOD) to deliver a Mobile Endpoint Protection... Read more
Zimperium, a US-based technology firm that specializes in mobile phone security, claims that it can... Read more
VULNERABILITIES
Proxy server vulnerability messing up with Exchange Server config
3 years ago
The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020 Microsoft Exchange security updates, but apparently, they found a second major security bug, nicknamed PROXYTOKEN. This vulnerability allows the attacker to bypass all the security authentications easily and make changes to the backend configuration of... Read more
The system administrators thought ProxyShell vulnerability isn't a good reason to apply the July 2020... Read more
POLICIES AND REGULATIONS
Biden tells top CEOs at White House summit to step up on cybersecurity
3 years ago
USA President Biden called on the leaders of companies including Apple, Google, and JPMorgan Chase to respond to cybersecurity threats during a summit on Wednesday at the White House. The White House estimates roughly half a million cybersecurity jobs remain open amid an onslaught of cyberattacks. The shortage of professionals... Read more
USA President Biden called on the leaders of companies including Apple, Google, and JPMorgan Chase... Read more
BREACHES
Hackers trying to overthrow Belarusian leader Lukashenko
3 years ago
Belarusian hackers have released huge data that reveal the information and the activities of the most secret officers, police, and government databases in an attempt to drop Lukashenko from his position. It is part of overthrowing President Alexander Lukashenko's regime. They initially began defacing government sites as a part of... Read more
Belarusian hackers have released huge data that reveal the information and the activities of the... Read more
