SSO Implementation Vulnerability In Cisco Broadworks
A single sign-on (SSO) implementation flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform might make it possible for a…
Month: September 2023
iPhone Zero-Day Exploited in the Wild to Install Malware
Researchers discovered an actively exploited zero-click vulnerability that was part of an exploit chain aimed at deploying NSO Group’s Pegasus malware. One of the most…
Apple Discloses 2 Zero-Day Flaws Exploited to Hack iPhones & Mac
Two Zero-Day flaws have been discovered on Apple Devices affecting macOS, iOS, and iPadOS. The vulnerabilities involve an arbitrary code execution and a buffer overflow.…
Google rolls out Privacy Sandbox to use Chrome browsing history for ads
Google has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user’s interests from third-party cookies to…
Cisco Identity Services Engine Flaw Let Attacker Trigger DoS Condition
Cisco addressed high-impact vulnerability CVE-2023-20243 in the Cisco Identity Services Engine (ISE), allowing attackers to stop processing Radius packets. This vulnerability, with a base score of…
Hackers Steal NTLMv2 Hashes using Custom Powershell Scripts
A new sophisticated stealing campaign named “Steal-It” has been discovered that exfiltrates NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script. It is believed…
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini September 09, 2023 US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ…
Microsoft Teams phishing attack pushes DarkGate malware
A new phishing campaign is abusing Microsoft Teams messages to send malicious attachments that install the DarkGate Loader malware. The campaign started in late August…
Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital
Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital Pierluigi Paganini September 09, 2023 The Ragnar Locker ransomware gang added Israel’s Mayanei…
API7:2023 Server Side Request Forgery
Welcome to the 8th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…
Mozilla: Your New Car Is a Data Privacy Nightmare
Eighty-four percent of the brands that researchers studied share or sell this kind of personal data, and only two of them allow drivers to have…
Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Sep 09, 2023THNMobile Security / Spyware Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that’s designed to harvest…