EvilExtractor malware activity spikes in Europe and the U.S.
Researchers are seeing a rise in attacks spreading the EvilExtractor data theft tool, used to steal users’ sensitive data in Europe and the U.S. EvilExtractor…
Month: April 2023
GitHub now allows enabling private vulnerability reporting at scale
GitHub announced that private vulnerability reporting is now generally available and can be enabled at scale, on all repositories belonging to an organization. Once toggled…
How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hours
When PullRequest was acquired, these concerns became HackerOne’s challenges. When we finalized the acquisition, we immediately added PullRequest’s assets to the scope of HackerOne’s own…
How to Hack Google Cloud(GCP) Accounts via Ghost Token technique?
The Security Research Group at Astrix discovered a zero-day vulnerability in Google’s Cloud Platform (GCP), which means that all Google customers are at risk. Because…
Meet the team: Pedro Merino – in the paint of startup financials
Pedro Merino has brought this value of team work off the court to help the Finance team at Detectify manage company resources effectively. He describes…
Companies as Alaskan Fishing Boats
Should we be thinking about corporate workforces as tiny crews dedicated to an extreme life for extreme profit? Created/Updated: November 28, 2022 What if companies…
Making sandwiches with closures in JavaScript
An explanation of closures and how they can emulate private methods in JavaScript. Say you’re having a little coding get-together, and you need some sandwiches.…
Criminals Are Using Tiny Devices to Hack and Steal Cars
Employees of the US Immigration and Customs Enforcement agency (ICE) abused law enforcement databases to snoop on their romantic partners, neighbors, and business associates, WIRED exclusively…
First-Ever Cyber Attack Via Kubernetes RBAC
Recently, a new attack campaign has been discovered by the cybersecurity researchers at Aqua Security that exploits Kubernetes RBAC to assemble backdoors and mine cryptocurrency…
Walmart Ranks 1, Most Imitated In Brand Phishing Attacks
Walmart has been named as the brand most likely to be imitated in brand phishing attacks by cybercriminals in their attempts to steal individuals’ personal…
DevSecOps vs DevOps: What is the Difference?
In this article, we’ll explain what DevSecOps is, how it differs from DevOps, and what security controls it should ideally incorporate. What is the Difference…
The Buyer’s Guide to Scalable Application Security
Detectify is helping tech organizations bring safer web products to market by providing crowdsourced, cloud-based, continuous web app security. Here’s a buyer’s guide on how…