Uncategorized

The Browser-in-the-Browser (BITB) Attack Enabling Easier Phishing Attack

Leave a Comment / Uncategorized /

New phishing technique called browser-in-the-browser (BitB) attack can be xploited to act like a browser window within the browser in order to spoof a legitimate domain, which makes it possible to stage convincing phishing attacks. The method makes use of the third-party single sign-on (SSO) options embedded on websites such as “Sign in with Google” […]

The Browser-in-the-Browser (BITB) Attack Enabling Easier Phishing Attack Read More »

Garrett Walk-Through Metal Detector Vulnerability Discovered

Leave a Comment / Uncategorized, Vulnerabilities /

Security flaws have been uncovered in a networking component in Garrett Metal Detectors which could allow remote attackers bypass authentication requirements, tamper with metal detector configurations and even execute arbitrary code on the devices. Cisco Talos noted in a disclosure publicized that “An attacker could manipulate this module to remotely monitor statistics on the metal

Garrett Walk-Through Metal Detector Vulnerability Discovered Read More »

Researchers Detail Novel Malicious Frameworks Attacking Air-Gapped Networks

Leave a Comment / Malware, Uncategorized /

Air-gapped networks have been discovered to be attacked by four different malicious frameworks bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. Researchers have stated that the frameworks were designed to perform some form of espionage and they all used USB drives as

Researchers Detail Novel Malicious Frameworks Attacking Air-Gapped Networks Read More »

Microsoft Windows OS Gets Affected by Unpatched Unauthorized File Read Vulnerability

Leave a Comment / Uncategorized, Vulnerabilities /

The Windows Security Vulnerability (CVE-2021-24084) which allows disclosure and Local Privilege Escalation (LPE) on vulnerable systems has received a follow up patch after the last patch failed to solve the problem. But as observed by Naceri in June 2021, not only could the patch be bypassed to achieve the same objective, the researcher this month

Microsoft Windows OS Gets Affected by Unpatched Unauthorized File Read Vulnerability Read More »

Pegasus-maker NSO Group and 3 Others Sanctioned by the U.S. Department of Commerce

Leave a Comment / Uncategorized /

Four companies as well as the Isreal-based spyware company NSO Group and Candiru have been added to a list of entities engaging in “malicious cyber activities” by the U.S. Commerce Department. This addition is based on evidence that spyware was developed and supplied to foreign governments who in turn used these tools to maliciously target

Pegasus-maker NSO Group and 3 Others Sanctioned by the U.S. Department of Commerce Read More »

Unmasking Of Domain Name Registrants Now Part Of EU Proposals

Leave a Comment / Uncategorized /

The EU in its “NIS2” legislation making its way through the European Parliament has made provisions to ban anonymous registration of domain data in a bid to boost security and anti-piracy efforts. It seeks to ensure the availability of accurate, verified and complete domain name registration data by imposing it on TLD registries and entities

Unmasking Of Domain Name Registrants Now Part Of EU Proposals Read More »

Ukrainian Hacker With Over 100,000 Botnets Arrested

Leave a Comment / Uncategorized /

Ukrainian law enforcement authorities have arrested a hacker who created and managed a “powerful botnet” consisting of nothing less than 100,000 enslaved devices that was used to carry out distributed denial-of-service (DDoS) and spam attacks on behalf of paid customers. The suspect’s residence was raided and computer equipment as evidence of illegal activity was seized.

Ukrainian Hacker With Over 100,000 Botnets Arrested Read More »

Fake Amnesty International Antivirus Hacking Systems Now Currently In Circulation

1 Comment / Uncategorized /

In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be a security software designed to safeguard against NSO Group’s Pegasus surveillanceware. Hacking groups have never failed at

Fake Amnesty International Antivirus Hacking Systems Now Currently In Circulation Read More »