Hyper-Threading is a technology that improves the performance of some applications by allowing a single physical CPU core to execute multiple threads simultaneously, but it also introduces s… Read More
The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023.That's according to a new jo… Read More
A hot potato: US intelligence agency NSA and America's Cyber Defense Agency, CISA, have released a new joint advisory on urgent cyber-security matters. The two organizations are highlighting… Read More
In present times, cybersecurity has become a major need for tech companies and businesses around the world. Not only for companies, but cybersecurity is also important for all individuals us… Read More
Apple is inviting security researchers to apply for its iPhone Security Research Device Program (SRDP). It is a part of Apple’s bug bounty program where security researchers are awarde… Read More
Scattered Spider, also referred to as UNC3944, Scatter Swine, Muddled Libra, and Roasted Oktapus, is a financially motivated threat actor group that has been active since May 2022. Scattered… Read More
Android is the first mobile operating system to introduce advanced cellular security mitigations for both consumers and enterprises. Android 14 introduces support for IT administrators to di… Read More
CERT-In has issued a warning about the Mallox ransomware exploiting poorly secured MS-SQL servers through dictionary attacks.
By using this method as a penetration vector, the ransomware gai… Read More
The threat actors behind the LockBit ransomware-as-a-service (RaaS) scheme have extorted $91 million following hundreds of attacks against numerous U.S. organizations since 2020.That's accor… Read More
Quick Summary:
Web app security is a crucial aspect of any service or business in this digital world. Many businesses solely depend on web applications for their business. Hackers are also… Read More
Snake malware, which is among Russia’s most sophisticated tools used for cyberespionage, was overwritten by a global joint action codenamed Operation Medusa.
The Snake malware was crea… Read More
The objective of this article is to evaluate the security posture of the WEB session management. Distinguish the common attack patterns and vulnerable conditions, provide countermeasures to… Read More
A new 0-day vulnerability, formally known as CVE-2021-44228, was published on the NIST National Vulnerability Database on Friday, December 10. It is found in the Log4j Java library. … Read More
To conduct a penetration testing on a file with a detailed study analysis of system passwords as part of an ethical hacking engagement, a brief finding is presented in this report.Execu… Read More
When Rackspace Hosted Exchange service faced a ransomware attack in December, the root cause was traced to a zero-day exploit related to a Microsoft Exchange vulnerability (designated as CVE… Read More
Sourcehut, a code hosting service similar to GitHub, GitLab, Gitea, and the like, plans to start blocking the Go Module Mirror, a proxy that fetches and caches code from git servers, becaus… Read More
The Cache Poisoning DoS Attack, also known as CPDoS. It is a type of DoS attack that primarily relies on the webserver’s cache mechanism.
Overview
As we can see that the modern web ap… Read More
As an add-on service through Control Hub, the Pro Pack for Control Hub adds advanced security, compliance, and analytics functionality to your software management system, providing your admi… Read More
The OverlayFS file system implementation in the Linux kernel is where the vulnerability, CVE-2021-3493, exist. Although it only seems to impact Ubuntu, it allows a local user without adminis… Read More
DDoS assaults are closely tied with botnets, in which hackers acquire command and control of thousands of Internet-connected devices and then instruct all of those devices to make requests… Read More
Microsoft Office Zero-Day Vulnerability
A zero-day vulnerability in Microsoft Office can be exploited to allow arbitrary code execution. According to “nao_sec,” the Japanese rese… Read More
Quick Summary:
As one of the most popular application design and development frameworks. Angular is popular in the developer community. Like every web application, Angular apps are also vul… Read More
WASHINGTON, USA – The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory Monday with technical… Read More
6 steps for third-party cyber risk managementClassify vendors based on the inherent risk they pose to the organization (i.e., risk that doesn’t take into account existing mitigations… Read More
09/05/2021The Tor network is known to be one of the best way to remain anonymous on the web. But it's the Tor's exit node that seems to be the network's big weakness.
In order for a Tor user… Read More
Cloud native applications are defined as applications that are scalable and reliable by construction. The difference between cloud native applications and non… Read More
The Emotet botnet is picking up steam again, according to an advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA). The agency directly warns state and local governm… Read More
A group of web application security specialists from the Cologne University, Germany, published a report describing a new form of cyberattack that abuses the cache to show victims fake error… Read More
Tails 3.14 which includes fixes for various CPU hardware bugs, updates the kernel and streamlines the live disc. "Upgrades and changes: Update Linux to 4.19.37 and most firmware p… Read More
We could define DDoS (Distributed Denial of Service) attacks as the exclusive appropriation of a resource or service with the intention of avoiding any third party access. Also included in t… Read More