Cisco IOS XE zero-day vulnerability has recently become a hot topic in the cybersecurity industry. This particular vulnerability was identified within the Web UI functionality of the IOS XE software developed by Cisco. Notably, CVE-2023-20198 has been assigned the highest CVSS score of 10, with Cisco describing this vulnerability as "a vulnerability that allows an attacker [...]
Recently, due to the MOVEit zero-day vulnerability, a data leak incident involving 890 schools using the US non-profit education organization National Student Clearinghouse (NSC) services has become a hot topic. Threat actors have gained access to the MOVEit Managed File Transfer server and exfiltrated various personal information including names, birth dates, contact information, Social Security [...]
Ivanti Sentry (previously known as MobileIron Sentry) is an in-line gateway that manages, encrypts, and secures traffic between mobile devices and back-end enterprise systems. It is primarily utilized in Microsoft Exchange, ActiveSync and SharePoint servers. Ivanti disclosed a CVE-2023-38035 zero-day vulnerability that may enable an attacker with no rights to bypass authentication controls on the administrative interface [...]
Last month, the Chilean Army (Ejército de Chile) suffered damage from military documents leaking to the dark web due to a Cobalt Strike ransomware attack known as Rhysida. The Rhysida ransomware gang stole 360,000 pieces, about 30% of the documents, from the Chilean Army's network and exposed the stolen files on the dark web data breach [...]
With its unrivaled search algorithm, Google occupies 92% of the global search engine market and is favored by many internet users. Consequently, websites exposed at the top of search results by Google's algorithm are visited by tens of thousands or even millions of Google search engine users a day. Google is constantly improving its algorithm [...]
A kiosk is a small machine with an interactive display screen that businesses place in public areas such as government agencies, banks, department stores, and restaurants to provide information or offer self-service options. The use of kiosks keeps increasing in corporates and organizations for its advantages like self-service. As risks always accompany new technologies, security threats to [...]
Flipper Zero, a portable multitool for pentester is priced at $200, is a popular product that has recently been sold out among penetration testers and hackers. This, called 'hacker's Tamagochi' due to its appearance, has been reviewed on various security communities such as TikTok, Twitter, and Telegram. Popularity skyrocketed, and 'Flipper zero' is flying off the [...]
Christmas, which many people look forward to, is the peak season for hackers to spread malware, leak information, and conduct phishing scams. With all the end-of-year celebrations and public holidays, there is a lack of security staff monitoring the increase in online shopping and congratulatory messages being sent. Hackers will take advantage of the loosening [...]
There have been multiple instances of Cobalt Strike (a penetration testing tool) being used maliciously for ransomware attacks or intrusion into company's internal systems. This method of attack consists of using a botnet to distribute Cobalt Strike malware and using ransomware and PC attacks to do so. This article, therefore, discusses methods for finding web [...]
The most well-known method of accessing the dark web is through Tor browser. The dark web sites on Tor have .onion attached right at the end of the web address, and can only be accessed by said web browser. However, there are methods used to access dark web sites without using Tor. In this article, [...]
