Network Configuration Audit is more important than ever now. To best visualize how an enterprise network has changed over the past few months, all a network administrator must do is open their network monitoring system (MNS) and view the shift in data flows across the LAN, WAN, and network edge. While a significant part of …
Network Configuration Audit – Why its More Important Than Ever Now? Read More »
Cybersecurity researchers of SonarSource have discovered multiple security vulnerabilities in Zimbra Email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious email message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws which tracked as CVE-2021-35208 and CVE-2021-35208 were discovered and reported …
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email Read More »
As individuals and businesses become increasingly dependent on video conferencing to stay connected during the Covid-19 outbreak, fraudsters have used the opportunity to target users with a malicious Zoom phishing scam. The Zoom phishing scam begins with an email that impersonates a notification from the video conferencing platform. The email informs the recipient in different …
Zoom Phishing Scam Aims To Steal Login Credentials Read More »
Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University. Successfully exploiting the vulnerability could allow attackers to use modified DNS records to redirect a target to a malicious website under their control as part of DNS spoofing (also known as DNS cache poisoning) attacks. …
Microsoft issues Guidance for DNS Cache Poisoning Vulnerability Read More »
GitHub code scanning is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. We’re thrilled to announce the general availability of code scanning. You can enable it on your public repository today! One year ago, GitHub welcomed Semmle. We’ve since worked to bring the revolutionary code analysis capabilities of its CodeQL technology to GitHub …
Github Code Scanning – Vulnerability Scanner by Justin Hutchings Read More »
A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called “Gitpaste-12,” which used GitHub to host malicious code containing as …
Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices Read More »
Security researchers have discovered this week a botnet operation that targets PostgreSQL databases to install a cryptocurrency miner. Codenamed by researchers as PgMiner, the botnet is just the latest in a long list of recent cybercrime operations that target web-tech for monetary profits. According to researchers at Palo Alto Networks’ Unit 42, the botnet operates by …
PgMiner botnet attacks weakly secured PostgreSQL databases Read More »
Microsoft has raised the alarm today about a new malware strain that infects users’ devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages. Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers – Microsoft 365 Defender Research Team Named Adrozek, the …
Microsoft exposes Adrozek, a malware that hijacks Chrome, Edge, and Firefox Read More »
tinfoleak is an open-source tool within the OSINT (Open Source Intelligence) and SOCMINT (Social Media Intelligence) disciplines, that automates the extraction of information on Twitter and facilitates subsequent analysis for the generation of intelligence. Taking a user identifier, geographic coordinates or keywords, tinfoleak analyzes the Twitter timeline to extract great volumes of data and show useful and structured …
Tinfoleak – The most complete Open-source tool for Twitter Intelligence Analysis Read More »
As of Nov 22, 2020, Unknown threat actors are scanning for WordPress websites with Epsilon Framework based themes installed on over 150,000 sites and vulnerable to Function Injection attacks that could lead to full site takeovers. “So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million …
Hackers are actively probing millions of WordPress sites Read More »