The Symantec Danger Hunter team discovered 1859 applications on Android and iOS that contained hard-coded Amazon Web Expert services (AWS). They obtain tokens that allowed access to personal AWS credentials. Around half of all the apps examined by the security…
Microsoft has released a detailed description of a now-resolved issue that was potentially dangerous for TikTok users. Microsoft classified the issue as a “high-severity vulnerability,” requiring several steps to be chained together to function. Attackers who use it could compromise…
Chrome version 104 introduced a bug that removes the requirement for users to approve clipboard writing events from websites visited. This feature is not limited to Google Chrome. Despite the fact that Safari and Firefox allow web pages to write…
The “as a service” business model has grown in popularity as cloud adoption enables people to access services through third-party providers. Given the convenience and agility of service offerings, that cybercriminals are utilizing the “as a service” model for nefarious…
Social engineering techniques were used to trick developers into exposing repositories. Using the GitHub Pages build process, a security researcher discovered a way to launch code execution attacks. According to a recent blog post, Joren Vrancken received a $4,000 reward…
In a breach that could lead to further problems, 2.5 million people were affected. Over 2.5 million loanees have been notified by EdFinancial and the Oklahoma Student Loan Authority (OSLA) that their personal information was compromised in a loan data…
One of the main hubs for cybercrime has now been identified as the city of Nizams, which is also a center for IT. According to data from the National Crime Record Bureau (NCRB), Telangana was responsible for 10% of all…
Iranian state-sponsored actors are doing all in their power to target Israeli entities using unpatched Log4j systems; this shows how long the vulnerability will take to fix. The most recent operations were attributed by Microsoft to the umbrella threat group…
The Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team have recently discovered Iran-based threat actor MERCURY using SysAid applications’ exploits of Log4j 2 vulnerabilities to target enterprises that are all in Israel. The Ministry of Intelligence and…
Threat actors are switching away from the Cobalt Strike suite of penetration testing tools in favor of less similar frameworks. Sliver toolkit, an open-source, cross-platform kit, is emerging as a viable replacement for Brute Ratel. However, by examining the toolkit,…
