DOJ Detected SolarWinds Breach Months Before Public Disclosure
In November 2020, months after the DOJ completed the mitigation of its breach, Mandiant discovered that it had been hacked, and traced its breach to…
Month: April 2023
How a New HackerOne Integration with AWS Security Hub Accelerates Vulnerability Remediation Time
How Can You Use the Integration? This new integration reduces the manual processes of comparing and taking action on vulnerability findings between the two platforms…
ViperSoftX info-stealing malware now targets password managers
A new version of the ViperSoftX information-stealing malware has been discovered with a broader range of targets, including targeting the KeePass and 1Password password managers.…
Detectify security updates for 29 April
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security…
Hackers swap stealth for realistic checkout forms to steal credit cards
Hackers are hijacking online stores to display modern, realistic-looking fake payment forms to steal credit cards from unsuspecting customers. These payment forms are shown as…
Man used brother’s credentials to steal $4.8M seized Bitcoin
Gary James Harmon, a 31-year-old man from Cleveland, Ohio, has been sentenced to four years and three months in prison for stealing more than 712…
Government is playing ‘psychic war’ in battle over end-to-end encryption
The government is playing a high-stakes game of chicken with technology companies by being “intentionally ambiguous” about the impact legislation going through Parliament that could…
Google bans 173,000 malicious app developers
Google has issued a ban on approximately 173,000 application developers who tried various methods to get their software published on its Play Store. The web…
Ambassador Spotlight AWC Edition: Blaklis
What is your role as an ambassador? 🌎 As an ambassador, I aim to foster a bug bounty community in France and other French-speaking countries.…
SOC Training – SOC Analyst Cyber Attack Intrusion Training
SOC Training is one of the most critical concerns in building a Quality Security Operation Center Team to fight against advanced threats that target the…
Hiding in plain sight: HTTP request smuggling – Detectify Blog
HTTP request smuggling is increasingly exploited by hackers in the wild and in bug bounty programs. This post will explain the HTTP request smuggling attack…
CISA warns of critical bugs in Illumina DNA sequencing systems
The U.S. Cybersecurity Infrastructure Security Agency (CISA) and the FDA have issued an urgent alert about two vulnerabilities that impact Illumina’s Universal Copy Service (UCS),…