Cybersecurity specialists report that a hacking group is abusing functions on Telegram messaging app to embed malicious code within a Remote Access Trojan (RAT) identified as ToxicEye. According to the report, ToxicEye infected devices can be controlled via Telegram accounts operated by hackers. Experts mention that this Trojan may take control of file systems, install […]
A recent security report mentions that a dark web leak containing access keys has been published to more than 1.3 million Windows Remote Desktop servers. This is a clear indication of the scope of cybercrime and could even be binding on other incidents of which cybersecurity community knows little. It’s not all bad news, as […]
A group of specialists has detailed a method for abusing a well-known “H2C smuggling” technique in order to authenticate and bypass some WAF mechanisms on multiple cloud platforms. Early stages of the attack include WAF routing and omissions in Microsoft Azure, as well as an authentication bypass in Cloudflare Access. Bishop Fox developers mention that […]
A newly discovered glitch in Zoom’s screen sharing feature can accidentally leak sensitive information to other attendees in a call, according to the latest findings. Tracked as CVE-2021-28133, the unpatched security vulnerability makes it possible to reveal contents of applications that are not shared, but only briefly, thereby making it harder to exploit it in […]
Cybersecurity experts report that a purported member of REvil, one of the world’s most dangerous ransomware groups, disclosed multiple details about the activities of these hackers. According to this report, hackers prefer to attack secured companies against cybersecurity incidents, as well as claiming that REvil avoids political conflict but has access to major nuclear facilities […]
Yandex N.V. is a Russian Dutch-domiciled multinational corporation providing Internet-related products and services including transportation, search and information services, eCommerce, navigation, mobile applications, and online advertising. They provide over 70 services. Yandex is the popular leading search engine and E-mail provider in Russia. They announced that a data breach had been discovered during routine screening […]
Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too
The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially let a remote attacker bypass mobile one-time passwords (OTP) and sign in as other users. Discovered separately by two independent bug bounty researchers, Mohesh Mohan and Ashish Gahlot, the vulnerability could have been exploited […]
EasyJet admitted that hackers have stolen the email address and travel details of more than 9 million customers. The company not provided any details of how the breach occurs or how the hackers gained access to their servers. Due to this coronavirus pandemic, the company has grounded most of its flights, in 2019 easyJet uplifted […]
With the growing cyber threats and data leaks, every organization must follow the industry-recommended security practices and opt for the best solutions. Although endpoint and firewall solutions protect against the outside attacks, they hardly secure your organization against malicious insiders (employees). You may ask the question: do inside attacks pose a great risk to organizations? […]
According to web application security specialists, a recently patched vulnerability in Microsoft login system could have been exploited to trick some users into granting hackers full access to their online accounts. Thanks to the presence of this vulnerability, threat actors were able to inadvertently extract access tokens, so they could access victims’ accounts without having […]
Cisco recently issued a security alert for all companies using the Zoom Connector, mentioning that this driver could be used maliciously. According to vulnerability testing specialists, this potential malicious use consists of unauthorized access to Cisco devices through the Zoom Connector. Apparently, this connector allows any user on the Internet who has a Specific Zoom […]
Researchers discovered a new wave of spyware apps named Stalkerware emerging in wide for the past few months that spies victims’ online activities and steal sensitive data from the infected devices. Recently FTC warned that Retina-X developed and sold MobileSpy, PhoneSheriff and TeenShield shared sensitive information about your smartphone activities – such as call history, […]
Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information. Adobe owned Magento is an open-source e-commerce and CMS platform written in PHP, and it was acquired for $1.68 billion in 2018. It is one of the most popular open e-commerce systems in […]
OnePlus discloses a security breach, the company says that hackers accessed customers’ personal information users’ name, contact number, email and shipping address. The security incident was identified by OnePlus last week, some unauthorized user accessed the database where the customer’s information is stored. The company took immediate steps to stop the intrusion and informs impacted […]
The biggest smartphone maker OnePlus has disclosed a data breach where several users’ information was “accessed by an unauthorized party.” The data breach targeted the OnePlus online store as hackers gained access to the customer’s past orders. The information exposed might include customer names, email addresses, contact numbers, and shipping addresses. However, OnePlus has confirmed […]
This will be the second time when hackers have targeted T-Mobile in two years. The telecom giant T-Mobile announced on Thursday that it suffered a data breach in which hackers accessed personal information of its prepaid wireless customers. In a statement, the company revealed that data accessed by hackers included names, phone numbers, along with […]
American telecommunications giant T-Mobile Anoununced a data breach on its network, through which attackers gained access to a prepaid customer’s data. T-Mobile US provides wireless voice, messaging, and data services in the United States. The company operates the third largest wireless network in the U.S market with over 84.2 million customers and annual revenues of […]
A research published by vulnerability testing experts at security firm Onapsis claims that multiple vulnerabilities have been discovered in Oracle’s E-Business Suite. If exploited, these flaws would allow threat actors to gain full control of electronic transfers and even print undetected checks. The report mentions that the attack, known as Oracle Payday, involves exploiting two […]
Researchers discovered a new malware campaign that drops two different Remote Access Trojan(RAT) on targeted Windows systems and steal sensitive information from popular browsers such as Chrome and Firefox. The samples that uncovered by Fortinet researchers drop the RevengeRAT and WSHRAT malware and it has various obfuscation functionalities that use the various stage to maintain […]
A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated. This script (optionally) accepts GCP user/service account credentials and a keyword. Then, a list of permutations will be generated from that keyword which will then be used to scan for the existence of […]