Cisco IOS XE Zero-Day Vulnerabilities: Uncovering Over 56,000 Exposed Devices

Cisco IOS XE zero-day vulnerability has recently become a hot topic in the cybersecurity industry. This particular vulnerability was identified within the Web UI functionality of the IOS XE software developed by Cisco. Notably, CVE-2023-20198 has been assigned the highest CVSS score of 10, with Cisco describing this vulnerability as "a vulnerability that allows an attacker [...]

By |2023-11-14T10:24:36+09:00November 10th, 2023|0 Comments

MOVEit Zero-Day: Detecting Servers Exposed to Data Leak Attacks

Recently, due to the MOVEit zero-day vulnerability, a data leak incident involving 890 schools using the US non-profit education organization National Student Clearinghouse (NSC) services has become a hot topic. Threat actors have gained access to the MOVEit Managed File Transfer server and exfiltrated various personal information including names, birth dates, contact information, Social Security [...]

By |2023-10-12T10:02:27+09:00October 6th, 2023|Tags: , |0 Comments

CVE-2023-38035 Zero-Day: Ivanti Sentry Authentication Exploit

Ivanti Sentry (previously known as MobileIron Sentry) is an in-line gateway that manages, encrypts, and secures traffic between mobile devices and back-end enterprise systems. It is primarily utilized in Microsoft Exchange, ActiveSync and SharePoint servers. Ivanti disclosed a CVE-2023-38035 zero-day vulnerability that may enable an attacker with no rights to bypass authentication controls on the administrative interface [...]

By |2023-08-30T16:11:12+09:00August 30th, 2023|Tags: , |0 Comments

Chilean Army Documents Leak: Exploiting Cobalt Strike With Rhysida Ransomware

Last month, the Chilean Army (Ejército de Chile) suffered damage from military documents leaking to the dark web due to a Cobalt Strike ransomware attack known as Rhysida. The Rhysida ransomware gang stole 360,000 pieces, about 30% of the documents, from the Chilean Army's network and exposed the stolen files on the dark web data breach [...]

By |2023-07-28T12:02:50+09:00July 27th, 2023|Tags: , , |0 Comments

How To Be Safe From Google Ads Scams (MetaMask Phishing Site) 

With its unrivaled search algorithm, Google occupies 92% of the global search engine market and is favored by many internet users. Consequently, websites exposed at the top of search results by Google's algorithm are visited by tens of thousands or even millions of Google search engine users a day. Google is constantly improving its algorithm [...]

By |2023-02-06T10:44:40+09:00February 3rd, 2023|Tags: , , |2 Comments

KIOSK Hacking: Tips to Improve Your Kiosk Security

A kiosk is a small machine with an interactive display screen that businesses place in public areas such as government agencies, banks, department stores, and restaurants to provide information or offer self-service options. The use of kiosks keeps increasing in corporates and organizations for its advantages like self-service. As risks always accompany new technologies, security threats to [...]

By |2023-01-19T19:45:51+09:00January 13th, 2023|Tags: , |3 Comments

Check ‘Flipper Zero (Hacker’s Tamagochi)’ Phishing Site 

Flipper Zero, a portable multitool for pentester is priced at $200, is a popular product that has recently been sold out among penetration testers and hackers. This, called 'hacker's Tamagochi' due to its appearance, has been reviewed on various security communities such as TikTok, Twitter, and Telegram. Popularity skyrocketed, and 'Flipper zero' is flying off the [...]

By |2023-10-18T17:26:06+09:00January 6th, 2023|Tags: , |1 Comment

IP Camera Hacking – A Nightmare To Your IoT Christmas Gifts

Christmas, which many people look forward to, is the peak season for hackers to spread malware, leak information, and conduct phishing scams. With all the end-of-year celebrations and public holidays, there is a lack of security staff monitoring the increase in online shopping and congratulatory messages being sent. Hackers will take advantage of the loosening [...]

By |2022-12-29T10:38:17+09:00December 22nd, 2022|Tags: , |0 Comments

Cobalt Strike Beacon: Finding Infected Botnet Servers

There have been multiple instances of Cobalt Strike (a penetration testing tool) being used maliciously for ransomware attacks or intrusion into company's internal systems. This method of attack consists of using a botnet to distribute Cobalt Strike malware and using ransomware and PC attacks to do so. This article, therefore, discusses methods for finding web [...]

By |2023-01-18T09:58:58+09:00November 24th, 2022|2 Comments
Go to Top