Google Docs comment feature abused in phishing campaign
Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that...
hacking
France hits Google, Facebook with fines over ‘Cookies’ management
The French data privacy and protection authority hit Google and Facebook with 210 million euros ($237 million) in fines. France’s...
Log4J-Detect – Script To Detect The “Log4j” Java Library Vulnerability (CVE-2021-44228) For A List Of URLs With Multithreading
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreadingThe script...
NoReboot persistence technique fakes iPhone shutdown
Researchers devised a sophisticated persistence technique, named NoReboot, for iOS malware that fake shut downs. Researchers from Zecops devised a...
VMware fixed CVE-2021-22045 heap-overflow in Workstation, Fusion and ESXi
VMware addressed a heap-overflow issue (CVE-2021-22045) in Workstation, Fusion and CVE-2021-22045 products that can lead to code execution on the...
FTC warns legal action against businesses who fail to mitigate Log4J attacks
The US Federal Trade Commission (FTC) has warned legal action against companies who fail to secure their infrastructure against Log4Shell...
Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns
Threat actors continue to attempt to exploit Apache Log4J vulnerabilities in their campaigns to deploy malware on target systems, Microsoft...
Researchers used electromagnetic signals to classify malware infecting IoT devices
Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. A team of academics (Duy-Phuc...
UScellular discloses the second data breach in a year
UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in...
Rustpad – Multi-Threaded Padding Oracle Attacks Against Any Service
A multi-threaded what now? rustpad is a multi-threaded successor to the classic padbuster, written in Rust. It abuses a Padding...
Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites
Threat actors compromised more than 100 real estate websites belonging to the same parent company by implanting an e-skimmer. Threat...
Purple Fox backdoor spreads through fake Telegram App installer
Threat actors are spreading the Purple Fox backdoor using tainted installers of the Telegram messaging application. Threat actors are using...
SyntheticSun – A Defense-In-Depth Security Automation And Monitoring Framework Which Utilizes Threat Intelligence, Machine Learning, Managed AWS Security Services And, Serverless Technologies To Continuously Prevent, Detect And Respond To Threats
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and,...
Hospitality Chain McMenamins discloses data breach after ransomware attack
Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after...
Broward Health suffered a data breach that impacted +1.3 million people
The Broward Health public health system disclosed a massive data breach that has impacted more than 1.3 million individuals. The...
‘doorLock’ – A persistent denial of service flaw affecting iOS 15.2 – iOS 14.7
Expert found a new persistent DoS vulnerability, dubbed ‘doorLock,’ affecting the Apple HomeKit in iOS 14.7 through 15.2. Security researchers...
RPC Firewall – Stopping Lateral Movement via the RPC Firewall
I Need More InformationCheck out our RPC Firewall blog post to gain better understanding of RPC, RPC attacks and the...
Israeli Media Outlets hacked on the anniversary of Soleimani killing
Threat actors hacked the website of Jerusalem Post and the Twitter account of Maariv outlet on Soleimani killing anniversary. Threat actors have taken...
SEGA Europe left AWS S3 bucket unsecured exposing data and infrastructure to attack
SEGA Europe inadvertently left users’ personal information publicly accessible on Amazon Web Services (AWS) S3 bucket. SEGA Europe inadvertently left users’ personal...
The worst cyber attacks of 2021
Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses...
Msmailprobe – Office 365 And Exchange Enumeration
Office 365 and Exchange EnumerationIt is widely known that OWA (Outlook Webapp) is vulnerable to time-based user enumeration attacks. This...
Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers
Microsoft released an emergency patch to fix the Y2k22 bug that is breaking email delivery on on-premise Microsoft Exchange servers....
Exclusive: NASA Director Twitter account hacked by Powerful Greek Army
The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account...
Lsarelayx – NTLM Relaying For Windows Made Easy
lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running...
