FBI seizes 13 more domains linked to DDoS-for-hire services
cyberstress.org seizure banner (DOJ) The U.S. Justice Department announced today the seizure of 13 more domains linked to DDoS-for-hire platforms, also known as ‘booter’ or…
Month: May 2023
OWASP Top 10 2017 is here – Injection still #1
After four years, OWASP published the new list of the most common vulnerabilities – OWASP Top 10 2017. We have taken a look at the…
Firing the Vulnerability Disclosure Fire-Drill Mentality
Omer Carmi, VP of Threat Intelligence, When I was in elementary school, we had a routine fire drill. The alarm bells would ring, and we…
Live Hacking Events | 2019 Recap and the Road Ahead
Since our first event in Las Vegas in 2016, we have hosted 20 events in 12 different cities with 14 different customers. As of our final event…
DarkWatchMan RAT Hides in Windows Registry
A phishing website impersonating the popular Russian site CryptoPro CSP has been detected by the Cyble Research and Intelligence Labs (CRIL) in a recent discovery.…
Detectify team’s 10 favourite security books
November 30 is Computer Security Day, a day dedicated to security awareness and education. To celebrate, we have put together a list of our team’s…
Intel investigating leak of Intel Boot Guard private keys after MSI breach
Intel is investigating the leak of alleged private keys used by the Intel Boot Guard security feature, potentially impacting its ability to block the installation…
Intel investigating leak of Intel BootGuard private keys after MSI breach
Intel is investigating the leak of alleged private keys used by the Intel BootGuard security feature, potentially impacting its ability to block the installation of…
What is Firewall as a Service (FWaaS)?
A firewall serves as a barrier to unapproved network traffic. Additional organizational security policies are enforced to achieve this, including active traffic monitoring of incoming…
Twitter Flaw Exposes Private Circle Tweets to Public
According to reports, there has been a security incident with Twitter’s Private Circle tweets feature as they have been exposed publicly. Twitter’s Private Circle was…
Attack Types in Web Fuzzing
Fuzzing은 어플리케이션을 테스트하고 보안 취약점을 찾아내기 위해서 가장 일반적으로 사용하는 기술입니다. 보통 Burpsuite의 Intruder, Turbo Intruder 또는 ZAP의 Fuzz, Caido의 Automate와 같이 Proxy 도구에서 제공하는…
Microsoft enforces number matching to fight MFA fatigue attacks
Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication (MFA) fatigue attacks. In such attacks (also known as…