QBot changes tactic, remains a menace to business networks
QBot has resurfaced with a new tactic involving a reply-chain phishing email, a fake PDF, and the likely promise of a ransomware infection. QBot, an…
Month: April 2023
H1-702 Las Vegas Day 0: Setup
Hackers! We have made it to Las Vegas! We are here for a live hacking event (LHE). All live hacking events are amazing, but this…
Hacking Cisco Industrial Network Director (IND) router using vulnerabilities with CVSS score 9.9
Cisco Industrial Network Director (IND) is an important tool for managing industrial networks, particularly in settings that need high-security standards. This is especially true in…
G2 comparison of top Endpoint Security vendors
#1 in Endpoint Protection, #1 ROI for EDR, #1 for EDR implementation. Navigating the world of endpoint security is challenging, with numerous vendors stoking FUD…
What’s the difference between Attack Surface Monitoring and Vulnerability Scanning?
Detectify is driving the future of internet security with automation and crowdsourcing hacker research. It’s focused on helping companies detect anomalies in their web attack…
NO. 362 | Dependency Scanner, Citrix Attacks, AI Analysis…
Exploring the intersection of security, technology, and society—and what might be coming next… Standard Web Edition | Ep. 362 | December 19, 2022 SECURITY NEWS…
On doing great things | victoria.dev
Some thoughts inspired by International Women’s Day, Grace Hopper, and making contributions to the world of tech. It’s International Women’s Day, and I’m thinking about…
H1-702 Las Vegas Day 1: H@cktivitycon
After a day of prep, we were ready to launch into our first day of H1-702! What makes today special is the return of…
New Google Chrome Zero-Day Bug Actively Exploited in Wide
On April 18, 2023, Google released a new update for Chrome Desktop versions with security updates for actively exploited second Chrome zero-day vulnerability that allows…
Debunked: Is a subdomain takeover ‘game over’ for companies?
When was the last time you checked DNS configurations for subdomains pointing at services not in use? According to Crowdsource ethical hacker Thomas Chauchefoin, while…
Attackers use abandoned WordPress plugin to backdoor websites
Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows…
My Philosophy and Recommendations Around the LastPass Breaches
If you follow Information Security at all you are surely aware of the LastPass breach situation. It started back in August of 2022 as a…