A vast number of Third-Party Cloud Containers possess popular vulnerabilities

Leave a Comment / Vulnerabilities /

Researchers have reported that a large amount of third-party code used in cloud infrastructure possess vulnerabilities as well as insecure configurations. The security vendor’s Unit 42 Cloud Threat Report 2H 2021 used data from various public sources better to understand the threat from cloud software supply chains. Data from various public sources were used by […]

A vast number of Third-Party Cloud Containers possess popular vulnerabilities Read More »

UK MoD Suffers Another Data Breach as More Afghan Citizens Data gets Exposed

Leave a Comment / Data Breach /

The UK’s Ministry of Defence (MoD) reportedly suffers another data breach that has exposing details of more Afghan citizens who may be at risk of reprisals from Taliban forces. The government department was forced to apologize earlier this week for sending an email which exposed the data of more than 250 Afghan interpreters who worked

UK MoD Suffers Another Data Breach as More Afghan Citizens Data gets Exposed Read More »

Microsoft cautions on FoggyWeb Malware Targeting Active Directory FS Servers

Leave a Comment / Malware /

A new Malware was revealed on Monday by Microsoft developed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services (AD FS) servers. Microsofts’ Threat Intelligence Center (MSTIC) codenamed the “passive and highly targeted backdoor” FoggyWeb, making it the threat

Microsoft cautions on FoggyWeb Malware Targeting Active Directory FS Servers Read More »

ERMAC: 378 Banking Apps Financial Data Stolen by New Android Malware

Leave a Comment / Data Breach /

BlackRock mobile malware operators have resurfaced with a new Android banking trojan called ERMAC targeting Poland with roots in the well known Cerberus malware, according to the latest research. “The new trojan has active distribution campaigns targeting 378 banking and wallet apps with overlays,” Cengiz Han Sahin the ThreatFabric’s CEO said in an emailed statement.

ERMAC: 378 Banking Apps Financial Data Stolen by New Android Malware Read More »

Windows Systems are getting Infected with UEFI Bootkit by New FinSpy Malware Variant

Leave a Comment / Malware /

FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit making use of a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. Detected since 2011, FinFisher also known as the Wingbird of FinSpy is a spyware toolset for

Windows Systems are getting Infected with UEFI Bootkit by New FinSpy Malware Variant Read More »

Chrome Releases Update Patching Actively Exploited Zero-Day Vulnerability

Leave a Comment / Vulnerabilities /

Google rolled out an emergency security patch to its Chrome web browser on the 24th of September, 2021 aimed at addressing a security flaw that’s known to have an exploit in the wild. The vulnerability is tracked as CVE-2021-37973 and described as use after free in Portals API, a web page navigation system that enables

Chrome Releases Update Patching Actively Exploited Zero-Day Vulnerability Read More »

100,000 Windows Domain Credentials Leaked due to Microsoft Exchange Bug

Leave a Comment / Data Breach /

100,000 login names and passwords for Windows domains worldwide has been leaked as a result of an unpatched design flaw in the implementation of Microsoft Exchange’s Autodiscover protocol. “This is a severe security issue, since if an attacker can control such domains or has the ability to ‘sniff’ traffic in the same network, they can

100,000 Windows Domain Credentials Leaked due to Microsoft Exchange Bug Read More »