Services of Google, including Google Chrome, YouTube Google Drive, and Gmail Sign-in, confronted a mass blackout on Monday (December 14). The blackout went on for around an hour and it influenced Google Chrome clients across the world. During the blackout,…
Latest posts
Security Researcher earns $3,000 Bug Bounty for a CSRF Vulnerability in Glassdoor Sticky
A security expert has procured a bug bounty of $3,000 by accomplishing a webpage wide Cross-Site Request Forgery (CSRF) on employment site Glassdoor. Security researcher circumvents the security defences to alter jobseeker profiles, change manager records, and that’s just the…
Vulnerabilities within the VPN are an Open Invitation for Hackers Sticky
Attackers are spoilt for decision as to the utilization of VPN services floods in the pandemic. With numerous employees yet remote working, the utilization of VPNs has opened a pool of assaults against their users. As indicated by insights, it…
WhatsApp & WhatsApp Business for iOS face high-risk WhatsApp security vulnerabilities Sticky
The older versions of WhatsApp & WhatsApp Business for iOS are facing multiple vulnerabilities. These WhatsApp security vulnerabilities were given a high severity rating. The news came after the Indian Cybersecurity firm CERT-In (Computer Emergency Response Team) has announced a…
NAT Slipstreaming allows attackers to gain access to your TCP/UDP services Sticky
A security researcher, Samy Kamkar has recently revealed a technique capable enough to bypass firewall protection & access any TCP /UDP services of the victim’s machine. The technique Network Address Translation (NAT) Slipstreaming provides a way for attackers to victim…
Google Chrome Fixes Another Zero-Day Vulnerability Amongst 10 Bugs Sticky
Not long after fixing the first zero-day vulnerability, Google Chrome has now fixed another zero-day vulnerability in its system. The vulnerability is tracked as CVE-2020-16009. Google has notified that they know of it being exploited in the wild. Along with…
OpenEMR fixes Security Vulnerabilities For Better Service Sticky
Vulnerabilities have been discovered recently in the popular medical records management portal, OpenEMR. These vulnerabilities if left unattended would have renowned the medical practice management application control to the attackers. Of all the bugs, the one in the Patient Portal…
WordPress Update 2020: WordPress patches 10 security bugs including a high-severity RCE Sticky
WordPress is calling this last WordPress update ‘short-cycle security & maintenance release’ before the critical 5.6 release version of the software. Recently, WordPress released the latest version of its web publishing software, 5.5.2. With it, they have also tackled 10…
Aetna breaches cost them $1 million to be paid to HIPAA Sticky
The healthcare insurance giant Aetna has reached a settlement of $1 million dollars for violating HIPAA regulations. Aetna had been accused of disclosing their customers’ information under three instances of the breach. Besides this, Aetna has time & again violated…
Ransomware is disastrous for businesses: future holds bigger challenges
Technology company Comparitech reported a study that assessed 186 ransomware attacks against U.S. businesses in 2020. The study concluded that companies lost US$21 billion because of the downtime caused by the attack. The number of ransomware attacks increased by 245%…
Windows vulnerabilities patched by Microsoft security patches
Microsoft rolled out security patches for vulnerabilities in windows. The patch addressed one of the critical vulnerabilities: the vulnerability was widely targeted by attackers who could use it for remorse code execution for gaining control over vulnerable systems. Out of…
Ransomware attacks based on Python: the quickest attacks
Python-based ransomware was used for carrying out successful cyberattacks in record time-less than 3 hours. Sophos cited the attack as one of the fastest ransomware attacks launched against victims. The python based ransomware was planted in the system 10 minutes…
Threat actors targeting middle east telecommunications & aerospace
Operation Ghost Cell, a cyberespionage campaign, targets aerospace and telecommunications industries in the Middle East and causes collateral damage in the U.S, Russia and Europe. The threat actors intended to obtain critical data about the organization’s infrastructure and technology. Investigators…
Proxy Phantom: Fraud rings flood online merchants
A massive fraud operation slamming e-commerce merchants in account takeover attacks has been revealed by researchers. Sift, a fraud protection business announced on Thursday that the ring, called Proxy Phantom, is employing over 1.5 million stolen account credentials in automated…
Healthcare organizations hit by Ransomware attacks
Ponemon Institute polled 597 IT and IT security professionals to learn how COVID-19 has influenced how healthcare delivery organizations (HDOs) defend patient care and patient data from increasingly virulent assaults, particularly ransomware. This study demonstrates for the first time that…
Apple AirTag Bug Enabled ‘Good Samaritan’
If the AirTag has been set to lost mode, the new $30 AirTag tracking device from Apple has a feature that lets anyone who finds one of these tiny location beacons scan it with a mobile phone and know its…
Akamai acquires cybersecurity firm
Akamai Technologies has purchased Guardicore to expand its cybersecurity portfolio for content delivery networks (CDNs). The agreement was made public on Wednesday. Akamai will pay about $600 million to purchase all outstanding shares under the terms of the transaction. Based…
Atlassian Confluence RCE Flaw Abused
Opportunistic threat actors were discovered actively exploiting a previously published severe security weakness in Atlassian Confluence deployments on Windows and Linux to deploy web shells that resulted in the execution of crypto miners on vulnerable systems. The vulnerability, tracked as…
Data from Oath Keepers leaked online
A hacker claims to have obtained and leaked massive amounts of data from the Oath Keepers, a far-right militia group whose members were present at the Capitol incident on January 6. The hacker furnished the journalism and transparency collective Distributed…