Hyper-Threading is a technology that improves the performance of some applications by allowing a single physical CPU core to execute multiple threads simultaneously, but it also introduces s… Read More

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023.That's according to a new jo… Read More

A hot potato: US intelligence agency NSA and America's Cyber Defense Agency, CISA, have released a new joint advisory on urgent cyber-security matters. The two organizations are highlighting… Read More

In present times, cybersecurity has become a major need for tech companies and businesses around the world. Not only for companies, but cybersecurity is also important for all individuals us… Read More

Apple is inviting security researchers to apply for its iPhone Security Research Device Program (SRDP). It is a part of Apple’s bug bounty program where security researchers are awarde… Read More

Scattered Spider, also referred to as UNC3944, Scatter Swine, Muddled Libra, and Roasted Oktapus, is a financially motivated threat actor group that has been active since May 2022. Scattered… Read More

Android is the first mobile operating system to introduce advanced cellular security mitigations for both consumers and enterprises. Android 14 introduces support for IT administrators to di… Read More

The threat actors behind the LockBit ransomware-as-a-service (RaaS) scheme have extorted $91 million following hundreds of attacks against numerous U.S. organizations since 2020.That's accor… Read More

Quick Summary: Web app security is a crucial aspect of any service or business in this digital world. Many businesses solely depend on web applications for their business. Hackers are also… Read More

The objective of this article is to evaluate the security posture of the WEB session management. Distinguish the common attack patterns and vulnerable conditions, provide countermeasures to… Read More

A new 0-day vulnerability, formally known as CVE-2021-44228, was published on the NIST National Vulnerability Database on Friday, December 10. It is found in the Log4j Java library. … Read More

To conduct a penetration testing on a file with a detailed study analysis of system passwords as part of an ethical hacking engagement, a brief finding is presented in this report.Execu… Read More

Sourcehut, a code hosting service similar to GitHub, GitLab, Gitea, and the like, plans to start blocking the Go Module Mirror, a proxy that fetches and caches code from git servers, becaus… Read More

The Cache Poisoning DoS Attack, also known as CPDoS. It is a type of DoS attack that primarily relies on the webserver’s cache mechanism. Overview As we can see that the modern web ap… Read More

As an add-on service through Control Hub, the Pro Pack for Control Hub adds advanced security, compliance, and analytics functionality to your software management system, providing your admi… Read More

The OverlayFS file system implementation in the Linux kernel is where the vulnerability, CVE-2021-3493, exist. Although it only seems to impact Ubuntu, it allows a local user without adminis… Read More

Iran-sponsored operatives target Fortinet FortiOS, Microsoft Exchange and VMware Horizon Log4j vulnerabilities. Credit: Get… Read More

Содержание Identity And Access Management Continuously Monitor The State Of Your Security Controls What Role Does Integration Pla… Read More

DDoS assaults are closely tied with botnets, in which hackers acquire command and control of thousands of Internet-connected devices and then instruct all of those devices to make requests… Read More

Microsoft Office Zero-Day Vulnerability A zero-day vulnerability in Microsoft Office can be exploited to allow arbitrary code execution. According to “nao_sec,” the Japanese rese… Read More

Quick Summary: As one of the most popular application design and development frameworks. Angular is popular in the developer community. Like every web application, Angular apps are also vul… Read More

WASHINGTON, USA – The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory Monday with technical… Read More

6 steps for third-party cyber risk managementClassify vendors based on the inherent risk they pose to the organization (i.e., risk that doesn’t take into account existing mitigations… Read More

09/05/2021The Tor network is known to be one of the best way to remain anonymous on the web. But it's the Tor's exit node that seems to be the network's big weakness. In order for a Tor user… Read More

Cloud native applications are defined as applications that are scalable and reliable by construction. The difference between cloud native applications and non… Read More

The Emotet botnet is picking up steam again, according to an advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA). The agency directly warns state and local governm… Read More

A group of web application security specialists from the Cologne University, Germany, published a report describing a new form of cyberattack that abuses the cache to show victims fake error… Read More

  Tails 3.14 which includes fixes for various CPU hardware bugs, updates the kernel and streamlines the live disc. "Upgrades and changes: Update Linux to 4.19.37 and most firmware p… Read More

We could define DDoS (Distributed Denial of Service) attacks as the exclusive appropriation of a resource or service with the intention of avoiding any third party access. Also included in t… Read More