What Is The Common Vulnerability Scoring System (CVSS)
Organizations need to identify, prioritize, and remediate these vulnerabilities as soon as possible. CVSS is a free and open industry standard for assessing the severity…
Month: April 2023
Yellow Pages Hack – Ransomware Gang Leaks Sensitive Data
As per reports, Yellow Pages Group, the Canadian Directory Publisher, has been attacked by the Black Basta Ransomware Group. The threat actor also took responsibility…
New coercive tactics used to extort ransomware payments
The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry agnostic threat, according to GuidePoint Security.…
Corporate boards pressure CISOs to step up risk mitigation efforts
While those working in InfoSec and GRC have high levels of confidence in their cyber/IT risk management systems, persistent problems may be making them less…
Metagaming: An Interview With Andrew Ringlein
Created/Updated: September 7, 2022 In today’s standalone episode I’m going to talk about some new gaming ideas I’ve not seen anywhere else, and have their…
Halo Security detects exposed secrets and API keys in JavaScript
Web properties are increasingly relying on third-party JavaScript to increase functionality, but this can also bring inherent risks. A report from Source Defense, which scanned…
Log4j Vulnerability Activity on the HackerOne Platform
December 17th Update: Vulnerabilities in Log4j have been evolving over the course of this week since the original disclosure of CVE-2021-44228, also known as Log4Shell. …
How attackers exploit the WordPress Easy-WP-SMTP zero-day
On November 6th, 2019, Detectify added security tests for 50+ of the most popular WordPress plugins, including Easy-WP-SMTP. Although the zero-day affecting Easy-WP-SMTP (CVE-2020-35234) was…
Black Basta ransomware attacks Yellow Pages Canada
Yellow Pages Canada has suffered a cyberattack by the Black Basta ransomware group. The Canadian Yellow Pages Group has confirmed it recently became victim of a cyberattack.…
My Mom Died on Saturday
Created/Updated: September 21, 2022 My mom died on Saturday. My biological mother became unable to function when I was around five due to mental illness,…
Abusing Service Location Protocol to cause never seen before 2,200x DDoS amplification attacks
Service Location Protocol (SLP) is an older Internet protocol that has been found to contain a critical security flaw, which has been assigned the identifier…
GuLoader returns with a rotten shipment
We take a look at a GuLoader campaign which comes bundled with an Italian language fake shipment email. GuLoader, a perennial favourite of email-based malware…