ALERT: Google Releases Immediate Update for Chrome to Fix Actively Exploited Zero-Day Vulnerability
Google released emergency Update for Chrome web browser on Thursday to patch an actively exploited zero-day vulnerability. The CVE-2022-3723 vulnerability has been identified as a misunderstanding bug in the V8 JavaScript engine. On October 25, 2022, Avast security researchers Jan Vojtek, Milánek,…
0 Comments2 Minutes
The Dangers of Storing Passwords in Your Computer and What to do About It
Do you or your coworkers keep passwords in an Excel sheet, Word document or Notepad? The fact is that nearly half of businesses store passwords in spreadsheets and other documents, according to a survey conducted by Pulse on behalf of Hitachi ID, a leading cybersecurity software provider…
0 Comments7 Minutes
Hackers are Moving to Sliver C2 as an Alternative to Cobalt Strike
Threat actors are abandoning the Cobalt Strike suite in favour of a lesser-known, open-source, cross-platform tool known as Sliver C2. Cobalt Strike has developed as an attack tool for numerous threat actors, including ransomware operations, to place “beacons” on infiltrated networks…
0 Comments6 Minutes
65,000+ Businesses Suffered Data Leaks Due to Microsoft Server Misconfiguration
Microsoft Server Misconfiguration allowed unauthenticated access to some business transaction data pertaining to exchanges between Microsoft and potential customers, such as the planning or possible deployment and provisioning of Microsoft services. The exposure totals 2.4 gigabytes of data, which…
0 Comments3 Minutes
New Malicious “Clicker Apps” Downloaded by over 20M Users
Sixteen mobile malware apps have been detected posing as legitimate utilities while automatically crawling adverts in the background. The McAfee Mobile Research Team recently discovered new Clicker malware that had infiltrated Google Play. In total, 16 previously available Google Play applications…
0 Comments4 Minutes
Diffie Advises Security Professionals to Be Prepared for the Quantum Computing Age
The respected cryptography pioneer, Dr. Whitfield Diffie, has advised that anyone interested in system security should take Quantum Computing Age seriously, as it is not going away anytime soon. Dr. Diffie, known for his co-invention of public key cryptography and digital signatures and as the…
0 Comments5 Minutes
Researchers Issue Warning Regarding New Phishing-as-a-Service Model Used by Cyber Criminals
Caffeine, a previously unknown phishing-as-a-service (PhaaS) toolset, is being used by cybercriminals to scale up their attacks and deliver malicious payloads easily. “This platform has a simple UI and comes for a relatively moderate cost while offering its criminal customers a plethora of…
0 Comments4 Minutes
Penetration Testing Process and Guide
Penetration testing is a popular and successful method for identifying security flaws in an organization’s IT infrastructure. It involves performing a vulnerability assessment of your IT infrastructure by “ethically hacking” any system, network or application to simulate how a…
0 Comments17 Minutes
Microsoft releases enhanced mitigations for unpatched Exchange Server vulnerabilities
Microsoft announced on Friday that it had made additional improvements to the mitigation mechanism available to thwart exploitation efforts against the recently discovered unpatched security weaknesses in Exchange Server. To that end, Microsoft updated the blocking rule in IIS Manager from…
0 Comments3 Minutes
ALERT: Critical Vulnerability on FortiGate and FortiProxy, According to Fortinet
Fortinet has notified its customers of a security weakness affecting FortiGate firewalls and FortiProxy web proxies, which can allow attackers to execute unauthorized operations on vulnerable systems. | Vulnerability on FortiGate Vulnerability on FortiGate | The significant bug, identified as…
0 Comments3 Minutes