Analyzing Differences in Cloud Storage Options
Do you really get more value from a paid cloud storage service, or are free clouds enough? Here’s what you should know to balance quality…
Month: March 2023
Clop ransomware is victimizing GoAnywhere MFT customers
The Clop ransomware gang has claimed responsibility for attacking several GoAnywhere MFT customers by exploiting a vulnerability in the managed file transfer software’s administrative interface.…
Digital Opal Card rollout set for tail end of this year – Hardware – Software
NSW minister for customer service and digital government, Victor Dominello (R) and Liberal Candidate for Ryde, Jordan Lane (L) LinkedIn A digital Opal Card rollout…
Framing, Part 1: Click-Jacking Etsy – Jack
Back in October, I found a couple of issues in Etsy, which when combined could be used in a click-jacking attack. Incorrect Error Handling Pretty…
Microsoft fixes Windows zero-day exploited in ransomware attacks
Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any…
ALPHV ransomware threatens to disclose data stolen from Amazon’s Ring security cameras
The ALPHV ransomware organization is responsible for a string of ransomware operations that have been carried out via the BlackCat software, and it runs a…
LockBit Ransomware Claims Data Breach at SpaceX Contractor
The infamous LockBit ransomware claims to have stolen 3,000 “drawings certified by SpaceX engineers,” which they plan to sell “to other manufacturers” through an auction…
Bug bounty and the EU Cyber Resilience Act – everything you need to know
The EU Cyber Resilience Act aims to protect Europe from increasingly sophisticated cyber-threats. The first quarter of 2023 has seen significant cybersecurity legislation coming out…
Reddit is down in major outage blocking access to web, mobile apps
Reddit is investigating a major outage that is blocking users worldwide from accessing the social network’s website and mobile apps. Users are now seeing “Our CDN…
limited freemarker ssti to arbitrary liql query and manage lithium cms | by mert tasci | Mar, 2023
we faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd’s program. we could show the traditional 49’ number when trying the ‘${7*7}’ command, also…
Rubrik confirms data theft in GoAnywhere zero-day attack
Cybersecurity company Rubrik has confirmed that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. Rubrik is a…
Product Review of SpecOps Password Policy
Looking for a tool to validate if your Active Directory (AD) passwords are safe across your Enterprise? Why would this be important? There are a…