An old vulnerability (CVE-2021-22205) is being actively exploited for controlling on-premise Gitlab servers, Rapid7 researcher Jacob Baines remarks. What makes it worse is at least half of the 60,000 internet-facing GitLab installations the company has identified remains unpatched for the…
Latest posts - Page 69
Who’s behind the Stalkerware network of compromising several phones?
Developed states are backing spyware that can remotely hack into iPhones. Governments are buying and using these hacking tools to target dissent—journalists, activists and human rights defenders. Another kind of spyware exists that is more relevant and likely to affect…
Google is donating $15 million for the Ukraine crisis and is also targeting Russian media and people
Google said It’s helping those leaving Ukraine- war-affected regions. Google stated that Google.org and Google employees are donating $15 million for relief efforts in Ukraine. The company’s match campaign has got $5 million, and Company gets another $ 5 million…
Pentest as a service Platform: What’s new with Bugdazz 2.0.1?
Pentest as a service platform helps to smoothly manage pentests. Bugdazz 2.0.1 has been released, and it has several improvements over its previous version. The improvements underscore the ease in accessibility for users, and every Bugdazz improvement embodies the customer’s…
Data privacy bill: how individuals and companies are affected?
In 2017, the Indian Supreme Court held that the right to privacy was a fundamental right, and afterwards, the Indian Parliament drafted a data protection bill which has been recently reviewed by Joint Parliamentary Committee. The committee has recommended the…
TrickBot malware operators close their botnet infrastructure
TrickBot, a modular Windows crimeware platform, has shut its infrastructure on Thursday after reports came of its impending retirement. TrickBot was inactive for two months, and Thursday marked the closure of a persistent malware campaign. “TrickBot is gone… It is…
Entropy malware planted using Dridex malware on affected computers
Dridex, a general-purpose malware, and Entropy, a less known ransomware strain, share similarities as a result of operators playing with names in their extortion campaign. “The similarities are in the software packer used to conceal the ransomware code, in the…
OpenSea’s users have reported losing $1.7 million in a phishing attack
OpenSea’s NFT marketplace vulnerability in the smart contract upgrade process exploited by malicious actors. The malicious actors executed a phishing attack against 17 users and stole $1.7 million worth of virtual assets. NFTs, an acronym for non-fungible tokens, are digital…
Hackers exploit unpatched Microsoft SQL using Cobalt Strike
Threat actors have targeted vulnerable internet-facing Microsft SQL (MS SQL) servers. The attacks entail planting the Cobalt Strike adversary simulation tool in the targeted systems. “Attacks that target MS SQL servers include attacks to the environment where its vulnerability has…
Android vulnerabilities are being exploited to register disposable accounts
A study of SMS phone-verified account (PVA) services has revealed a rogue platform with a botnet underneath. The rogue platform has infected thousands of Android phones, and android infections point to the downsides of using SMS for account validation. SMS…