Citrix NetScalers backdoored in widespread exploitation campaign
Researchers have found almost 2000 backdoored Citrix NetScalers, many of which were patched after the backdoor in the form of a web shell was dropped.…
Month: August 2023
How easy is to bomb someone mobile phone with thousands of SMS messages?
SMS Bomber attacks are becoming more prominent as a contemporary risk that has the potential to have substantial and unsettling repercussions in the field of…
Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams
This tech support scam is one of the most long running and covert ones we have ever seen. Back in January 2020, we blogged about…
APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countriesSecurity Affairs
Russia-linked APT29 used the Zulip Chat App in attacks aimed at ministries of foreign affairs of NATO-aligned countries EclecticIQ researchers uncovered an ongoing spear-phishing campaign…
Adaptive Shield Unveils Identity Threat Detection and Response (ITDR): A New Era in SaaS Security
Adaptive Shield, a leader in SaaS security, has made headlines with the announcement of its groundbreaking Identity Threat Detection and Response (ITDR) solution at Black…
ProjectDiscovery Lands $25M Investment for Cloud Security Tech
San Francisco cloud security startup ProjectDiscovery has banked $25 million in early-stage financing as investors continue to place bets on vendors in the attack surface…
BlackCat’s Sphynx ransomware embeds Impacket, RemCom
Microsoft has discovered a new version of the BlackCat ransomware that embeds the Impacket networking framework and the Remcom hacking tool, both enabling spreading laterally…
A massive campaign delivered a proxy server application to 400,000 Windows systemsSecurity Affairs
Researchers discovered a massive campaign that delivered a proxy server application to at least 400,000 Windows systems. AT&T Alien Labs researchers uncovered a massive campaign…
Hackers ask $120,000 for access to multi-billion auction house
Hackers claim to have breached the network of a major auction house and offered access to whoever was willing to pay $120,000. Security researchers found…
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft’s PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the…
Karma Catches Up to Global Phishing Service 16Shop – Krebs on Security
You’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple…
Alarming lack of cybersecurity practices on world’s most popular websitesSecurity Affairs
The world’s most popular websites lack basic cybersecurity hygiene, an investigation by Cybernews shows. Do you happen to love exploring DIY ideas on Pinterest? Scrolling…