On June 24, 2023, Microsoft mitigated the exposure of internal information in a storage account due to an overly permissive Shared Access Signature (SAS) token. The incident was discovered by security researchers at Wiz Research, who reported it to Microsoft’s Security Response Center (MSRC) on June 22. The SAS token is a security feature that […]

Indian Websites Targeted by Hacking Group to Protest G20 Hacking groups from Pakistan, Indonesia, and Bangladesh have targeted several Indian websites in protest the G20 summit, which is being held in New Delhi on September 9-10. The groups, which call themselves “The Black Hat Collective,” “Hacktivist of Garuda,” “Team Herox” and “Mysterious Team Bangladesh,” have […]

WinRAR File Spoofing Vulnerability: What You Need to Know WinRAR is a popular file archiver that is used by millions of people around the world. However, a recently discovered vulnerability in WinRAR could allow attackers to execute arbitrary code on your computer by tricking you into opening a malicious file. The vulnerability, known as CVE-2023-38831 […]

Thales to acquire Cyber security product firm Imperva Thales, a well-known French multinational company, recently announced its acquisition of Imperva from Thomas Bravo, who had purchased Imperva in 2019. Thales operates in several sectors, including Aerospace, Space, Defense, Security, and Transportation. This strategic move is expected to bolster Thales’ cybersecurity business significantly. Imperva has taken […]

Fortinet, a leading provider of network security solutions, recently rolled out multiple versions of FortiOS, the operating system (OS) and firmware that powers their widely used Fortigate firewalls and other devices commonly used for SSL-VPN. However, a concerning omission in their release notes has come to light – the failure to mention the inclusion of […]

Pakistani hackers targeted Indian Army and Navy websites The Pakistani hacker organization Team_insane_pk has targeted more than 20 Indian government and corporate websites, primarily defense websites, in a response for alleged oppressions of religious minorities in India. The hacker group launched a distributed denial of service (DDoS) attack against these websites. A DDoS attack is […]

All you need to know about Universal Data Permission Scanner Data privacy and security have become key concerns as corporations continue to gather and retain massive quantities of data. One of the most significant issues that organisations confront is data authorization blind spots, which relate to the inability to keep track of all data access […]

Microsoft patches critical Azure API Vulnerabilities Azure API Management is a Microsoft cloud-based service that enables organisations to publish, protect, and manage APIs (Application Programming Interfaces). While this service provides a safe and convenient approach to handle APIs, it is not without flaws. In this post, we will look at a flaw Ermetic research team […]

Iranian Operations Use BouldSpy to Track Minority Groups Concerns have grown in recent years over the Iranian government’s use of surveillance technologies to follow minority groups within the country. The BouldSpy programme for example, has been widely utilized by Iranian authorities to monitor and spy on its residents. The Iranian government has a long history […]

Netgear flaws Causing Credential Leak & Privilege Escalation Netgear, a renowned networking equipment vendor, recently discovered various vulnerabilities in its devices. These flaws have the potential to result in the disclosure of user credentials as well as privilege escalation. The revelation of these vulnerabilities underscores the critical need of cybersecurity in our increasingly digital environment. […]