CVSS V4.0: High Fidelity Vulnerability Assessment Unveiled The Forum of Incident Response and Security Teams (FIRST) releases CVSS v4.0. It aims to provide the highest level of vulnerability assessment. This update comes eight years after CVSS v3.0 which was released in 2015. A New Standard in Vulnerability Assessment The tech universe had its “aha” moment
Read More
Delights, Dangers and Domain Shortening: Unmasking Prolific Puma’s Peculiar Service Behold, the Mystery of the Shortened Links • The stealthy menace behind the scenes, appropriately dubbed as Prolific Puma, has been providing an underground link shortening service for his fellow “bad cats” over the past four years. Now, that’s what we call a real “Link-ognito”
Read More
The Browser: The Unsung Workplace Hero – The browser has become the main work interface in most modern companies. – Workers use browsers to create and interact with important data. – Employees use browsers to access both organizational and external SaaS and web applications. – Cyber adversaries heavily target browsers to steal the data within
Read More
Main Points A cyber espionage campaign, linked to Iran’s Ministry of Intelligence and Security (MOIS), is targeting various sectors in the Middle East. The campaign has been active for at least one year and targets financial, government, military, and telecommunications sectors. Check Point, an Israeli cybersecurity firm, and Sygnia found the campaign. The firm refers
Read More
New Version of Notorious Turla’s Backdoor: “Kazuar” – The reputed Russian hacking collective, Turla, has been spotted using an updated version of its recognized second-stage backdoor, known as Kazuar. – Palo Alto Networks Unit 42 is monitoring this infamous adversary, referred to under its celestial codename – “Pensive Ursa”. – The upgraded version of Kazuar
Read More
F5 Raises Alarm on Exploitation of Critical BIG-IP Flaw Main Points: F5 warns about active exploitation of a serious security vulnerability in BIG-IP. This flaw, tracked as CVE-2023-46747 and scored at 9.8 (CVSS), was disclosed less than a week ago. The vulnerability enables casual network interlopers to execute arbitrary system commands and achieve code execution.
Read More
The Art of Spyware: Meet Arid Viper, The Culprit Behind a Sneaky Android Attack The infamous threat actor Arid Viper, also known as APT-C-23, Desert Falcon, or TAG-63, has unleashed another attack, this time through an Android spyware campaign. This breach targets Arabic-speaking users utilizing a counterfeit dating app to gather valuable user data. Arid
Read More
Those Sneaky Cyber Baddies: New Malicious Packages Found in NuGet! Bullet Points: Cybersecurity researchers have outsmarted some elusive villains once again, uncovering a new set of malicious packages on the NuGet package manager, a method not commonly seen in the malicious playbook. Software supply chain security firm ReversingLabs describes this as a coordinated attack that’s
Read More
Atlassian Letting Users Confront A Confluence Conundrum Atlassian has identified a critical security flaw in their Confluence Data Center and Server platforms that could lead to massive data loss if taken advantage of by an unauthenticated incognito attacker. The vulnerability is indexed as CVE-2023-22518 and has been given a chilling score of 9.1 out of
Read More
Evolution and Innovation: Driving Forces in Cybersecurity Cybersecurity is a field that rewards swift adaptability and innovation. Penetration testing (pen test) solutions boost productivity and deliver a layer of essential objectivity that ensures efficiency and precision. An effective pairing of a top-notch penetration tester and a robust pen testing solution is essential in today’s heightened
Read MoreNo products in the cart.