Browsing category
Redcliffe Labs is one of the most comprehensive testing facilities in India. It provides more than 3,600 different diagnostic tests for illnesses and wellbeing. Users of the mobile application have the option of receiving medical diagnostic services in their homes, at medical facilities, or over the internet. These services include in-home full-body examinations, blood testing, […]
The recent Okta breach has raised concerns within the cybersecurity community. On October 20, 2023, Okta, a provider of identity services like multi-factor authentication and single sign-on, disclosed a security breach that involved unauthorized access to its customer support system. The incident came to light when hackers leveraged a stolen credential to infiltrate Okta’s support […]
BlackCat’s ransomware operators have recently introduced a new tool called “Munchkin,” enabling the propagation of BlackCat payloads to remote machines and shares within a victim’s network. This new tactic involves the use of a customized Alpine Virtual Machine (VM) to deploy the malware, a trend gaining traction amongst ransomware actors to bypass security solutions during […]
Cobalt Strike, a legitimate commercial penetration testing tool, has inadvertently become a favored instrument among cybercriminals for its efficacy in infiltrating network security. Initially released in 2012 by Fortra (formerly known as Help Systems), Cobalt Strike was designed to aid red teams in identifying vulnerabilities within organizational infrastructures. Despite stringent customer screening and licensing for […]
The team at Qualys Threat Research Unit has unveiled a fresh vulnerability within the Linux operating system, allowing local attackers to escalate their access level to root privileges. This escalation is made possible by exploiting a buffer overflow weakness located in the GNU C Library’s ld.so dynamic loader. Assigned the identification CVE-2023-4911 and nicknamed “Looney […]
Threat actors have begun utilizing an innovative approach to zero-point font obfuscation, a pre-existing technique, in an attempt to deceive users of Microsoft Outlook. They do so by creating an illusion that certain phishing emails have been thoroughly scanned and cleared by antivirus programs, thus increasing the chances of these deceptive emails bypassing security protocols. […]
A notorious threat actor with presumed ties to the Chinese government, known as “BlackTech”, has reportedly been exploiting Cisco routers to infiltrate major corporations in the United States and Japan, according to cybersecurity experts. Using various aliases like Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, BlackTech has stealthily replaced original device firmware with malicious counterparts. […]
A webmail service known for its emphasis on users’ privacy, Proton Mail, has serious code flaws that were discovered by a group of researchers. These vulnerabilities might have put the service’s users in danger. These vulnerabilities disclosed a possible weak link in the security chain, despite the fact that Proton Mail uses powerful end-to-end encryption […]
MITRE and the US Cybersecurity and Infrastructure Security Agency (CISA) have collaborated to develop a new open source tool that simulates cyber-attacks on operational technology (OT). The product was published recently. The MITRE Calder for OT is now accessible to the general public as an addition to the open-source Caldera platform that may be found […]
A new sextortion scam is doing the rounds that impersonates an email from the pornographic website YouPorn and warns that a sexually explicit video of the victim has been published to the website while also requesting that the victim pay money to get the video removed from the website. Sextortion email scams include the con […]
Several telescopes are still down weeks after a cybersecurity attack was discovered by US National Science Foundation (NSF) researchers. There is presently no information available on when the Gemini North telescope in Hawaii and the Gemini South telescope in Chile will resume operations. A number of smaller telescopes on the slopes of Cerro Tololo in Chile […]
A kind of attack known as prompt injection is directed against LLMs, which are the language models that are the driving force behind chatbots such as ChatGPT. It is the process by which an adversary inserts a prompt in such a manner as to circumvent any guardrails that the developers have set in place, so […]
Juniper Networks, a company that manufactures widely used networking equipment as well as security solutions, has issued a warning about vulnerabilities that are present in the operating systems of many of its devices. The business has acknowledged in not one but two distinct security alerts that were either released or revised this week that the […]
Following the disclosure of a serious flaw in the Microsoft Power Platform, researchers in the field of information security are advising users of Azure Active Directory (AD) to keep an eye out for abandoned reply URLs. To be more precise, the researchers discovered an unused reply URL address inside an Azure Active Directory application that […]
CVE-2023-36874 is not just any vulnerability; rather, it is a zero-day that is being actively exploited. This indicates that the vulnerability was being exploited in the wild even before any remedy was provided, and in some cases, even before it was publicly acknowledged. Because they provide a window of opportunity before updates are sent out, […]
The Internet of Things (IoT) is now experiencing its zenith and is quickly growing its capabilities. This is being accomplished through the transformation of commonplace goods, such as light bulbs and plugs, into smart devices that can be controlled using a smartphone. The number of Internet of Things devices surpassed 13.8 billion in 2021; by […]
This summer, hundreds of thousands of people will be preparing to take off while sitting back, relaxing, and using the airplane mode setting on their iPhones. When this setting is activated, the device’s radio frequency (RF) transmission technology is turned off, which severes the user’s connection to their mobile network for the duration of the […]
In the past, Citrix was found to have a Zero-Day vulnerability in its Citrix NetScaler Application Delivery Controller (ADC), which made it possible for malicious actors to carry out remote code execution. It was discovered that the zero-day vulnerability was being used in the wild, hence it was assigned the CVE ID 2023-3519 and the […]
It is possible to remotely hack ATMs by taking advantage of a number of vulnerabilities that have been found in the ScrutisWeb ATM fleet monitoring software developed by the firm.Members of the Synack Red Team were the ones to uncover the vulnerabilities in the system, and the vendor addressed them in July 2023 with the […]
Those that work with databases on a regular basis will know that PostgreSQL is more than just a name. It has an impressive history that spans over 30 years, and now it serves as an effective object-relational database system that is open source. Because of its ability to store and grow even the most complex […]
Researchers in the field of information security at Horizon3 have made public the proof-of-concept (PoC) code for a major privilege escalation vulnerability (CVE-2023-26067) found in Lexmark printers. On a device that has not been patched, this vulnerability, which has a CVSS score of 8.0, might enable an attacker to get elevated access if the device […]