CrowdStrike -The Vulnerability of Single-Solution Dependency Recently, a significant cyber crisis impacted over 8.5 million Microsoft Windows devices globally. This disruption affected both end-user devices and servers, leading to financial losses for organizations relying on the CrowdStrike EDR (endpoint detection and response) solution. On Friday, July 19, 2024, at 04:09 UTC, CrowdStrike released a content […]

Microsoft Stumble: Bing Outage Impacts Search Landscape A recent Microsoft outage caused disruption for users worldwide, impacting not only Microsoft’s search engine Bing, but also other services like Copilot, DuckDuckGo, and even aspects of ChatGPT. The outage, which began around 3 AM EDT on May 23rd, 2024, primarily affected users in Asia and Europe. Bing […]

Patch AIOSEO Plugin Now: WordPress XSS Alert! WordPress website owners, beware! A critical security vulnerability has been discovered in the widely used All in One SEO (AIOSEO) plugin, impacting millions of sites. This flaw, identified as CVE-2024-3368, exposes websites to malicious attacks by allowing attackers to inject and execute Stored Cross-Site Scripting (XSS) scripts on […]

International Modern Hospital Hit by Medusa Ransomware International Modern Hospital (IMH), one of the oldest hospital in UAE is scrambling to contain a suspected ransomware attack perpetrated by the Medusa ransomware group. The group claims to have infiltrated the hospital’s systems and stolen a staggering 1.45 terabytes of data, which they are now attempting to […]

GE Targeted by Meow Ransomware: Data Breach Feared The infamous Meow ransomware group has added another big name to its victim list: GE Aerospace. In a recent announcement, the group claims to have stolen sensitive client data and internal SQL databases from the aerospace giant. Meow is now reportedly attempting to sell this stolen information […]

Fake Putty, WinSCP Downloads Deliver Ransomware Ransomware gangs are constantly innovating their attack methods, and system administrators have become a prime target. A recent malvertising campaign uncovered by Rapid7  highlights this growing threat. The campaign leverages fake downloads of PuTTY, a popular SSH client for Windows, to distribute ransomware and potentially gain privileged access within […]

BreachForums Tor Site Remains Dark After FBI Takedown BreachForums Tor remains inaccessible after a forceful takedown by the FBI on May 15, 2024. This decisive action, following a significant data leak from Europol, underscores global efforts to dismantle online criminal marketplaces like BreachForums Tor. Previously accessible on both the regular web and the dark web […]

Unpatched Outlook Exploit Up for Grabs on Hacking Forums A critical security vulnerability has emerged with the news that a threat actor, known as Cvsp, is allegedly selling a remote code execution (RCE) exploit targeting Microsoft Outlook for a staggering $1.7 million. This zero-day exploit, (referred to as “0-day” because there’s currently no patch available) […]

Google Accidentally Deleted $125 Bn Pension Fund Account Cloud giant Google is facing a major trust deficit after a critical error on its Google Cloud platform led to a week-long outage for a massive Australian pension fund. The incident, centered around the accidental deletion of a $125 billion pension fund account, has shaken confidence in […]

Dell Data Breach: Millions of Customers Affected Dell Technologies confirmed a data breach impacting millions of customers, with some personal information compromised. The company states they are investigating the incident. Dell has downplayed the severity of the breach, claiming only “limited” customer data was accessed. This includes details like names, physical addresses, installed locations of […]

On June 24, 2023, Microsoft mitigated the exposure of internal information in a storage account due to an overly permissive Shared Access Signature (SAS) token. The incident was discovered by security researchers at Wiz Research, who reported it to Microsoft’s Security Response Center (MSRC) on June 22. The SAS token is a security feature that […]

Indian Websites Targeted by Hacking Group to Protest G20 Hacking groups from Pakistan, Indonesia, and Bangladesh have targeted several Indian websites in protest the G20 summit, which is being held in New Delhi on September 9-10. The groups, which call themselves “The Black Hat Collective,” “Hacktivist of Garuda,” “Team Herox” and “Mysterious Team Bangladesh,” have […]

WinRAR File Spoofing Vulnerability: What You Need to Know WinRAR is a popular file archiver that is used by millions of people around the world. However, a recently discovered vulnerability in WinRAR could allow attackers to execute arbitrary code on your computer by tricking you into opening a malicious file. The vulnerability, known as CVE-2023-38831 […]

Thales to acquire Cyber security product firm Imperva Thales, a well-known French multinational company, recently announced its acquisition of Imperva from Thomas Bravo, who had purchased Imperva in 2019. Thales operates in several sectors, including Aerospace, Space, Defense, Security, and Transportation. This strategic move is expected to bolster Thales’ cybersecurity business significantly. Imperva has taken […]

Fortinet, a leading provider of network security solutions, recently rolled out multiple versions of FortiOS, the operating system (OS) and firmware that powers their widely used Fortigate firewalls and other devices commonly used for SSL-VPN. However, a concerning omission in their release notes has come to light – the failure to mention the inclusion of […]

Pakistani hackers targeted Indian Army and Navy websites The Pakistani hacker organization Team_insane_pk has targeted more than 20 Indian government and corporate websites, primarily defense websites, in a response for alleged oppressions of religious minorities in India. The hacker group launched a distributed denial of service (DDoS) attack against these websites. A DDoS attack is […]

All you need to know about Universal Data Permission Scanner Data privacy and security have become key concerns as corporations continue to gather and retain massive quantities of data. One of the most significant issues that organisations confront is data authorization blind spots, which relate to the inability to keep track of all data access […]

Microsoft patches critical Azure API Vulnerabilities Azure API Management is a Microsoft cloud-based service that enables organisations to publish, protect, and manage APIs (Application Programming Interfaces). While this service provides a safe and convenient approach to handle APIs, it is not without flaws. In this post, we will look at a flaw Ermetic research team […]

Iranian Operations Use BouldSpy to Track Minority Groups Concerns have grown in recent years over the Iranian government’s use of surveillance technologies to follow minority groups within the country. The BouldSpy programme for example, has been widely utilized by Iranian authorities to monitor and spy on its residents. The Iranian government has a long history […]

Netgear flaws Causing Credential Leak & Privilege Escalation Netgear, a renowned networking equipment vendor, recently discovered various vulnerabilities in its devices. These flaws have the potential to result in the disclosure of user credentials as well as privilege escalation. The revelation of these vulnerabilities underscores the critical need of cybersecurity in our increasingly digital environment. […]