An old vulnerability (CVE-2021-22205) is being actively exploited for controlling on-premise Gitlab servers, Rapid7 researcher Jacob Baines remarks. What makes it worse is at least half of the 60,000 internet-facing GitLab installations the company has identified remains unpatched for the…
Developed states are backing spyware that can remotely hack into iPhones. Governments are buying and using these hacking tools to target dissent—journalists, activists and human rights defenders. Another kind of spyware exists that is more relevant and likely to affect…
Google said It’s helping those leaving Ukraine- war-affected regions. Google stated that Google.org and Google employees are donating $15 million for relief efforts in Ukraine. The company’s match campaign has got $5 million, and Company gets another $ 5 million…
Pentest as a service platform helps to smoothly manage pentests. Bugdazz 2.0.1 has been released, and it has several improvements over its previous version. The improvements underscore the ease in accessibility for users, and every Bugdazz improvement embodies the customer’s…
In 2017, the Indian Supreme Court held that the right to privacy was a fundamental right, and afterwards, the Indian Parliament drafted a data protection bill which has been recently reviewed by Joint Parliamentary Committee. The committee has recommended the…
TrickBot, a modular Windows crimeware platform, has shut its infrastructure on Thursday after reports came of its impending retirement. TrickBot was inactive for two months, and Thursday marked the closure of a persistent malware campaign. “TrickBot is gone… It is…
Dridex, a general-purpose malware, and Entropy, a less known ransomware strain, share similarities as a result of operators playing with names in their extortion campaign. “The similarities are in the software packer used to conceal the ransomware code, in the…
OpenSea’s NFT marketplace vulnerability in the smart contract upgrade process exploited by malicious actors. The malicious actors executed a phishing attack against 17 users and stole $1.7 million worth of virtual assets. NFTs, an acronym for non-fungible tokens, are digital…
Threat actors have targeted vulnerable internet-facing Microsft SQL (MS SQL) servers. The attacks entail planting the Cobalt Strike adversary simulation tool in the targeted systems. “Attacks that target MS SQL servers include attacks to the environment where its vulnerability has…
A study of SMS phone-verified account (PVA) services has revealed a rogue platform with a botnet underneath. The rogue platform has infected thousands of Android phones, and android infections point to the downsides of using SMS for account validation. SMS…
