CISA and NIST published a report on software supply chain attacks that shed light on the associated risks and provide instructions on how to mitigate them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) released a joint advisory that provides trends and best practices related to […]
Experts found a bug in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information. Boffins from the Technical University of Darmstadt, Germany, have discovered a privacy issue in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information, such as email addresses and phone numbers. “A team of researchers from […]
The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Another supply chain attack made the headlines, the Australian software company Click Studios informed its customers of the security breach that impacted its Passwordstate password management application. Passwordstate is the Enterprise Password Management solution used by more […]
Threat actors are exploiting two flaws in the popular file-sharing server FileZen to steal sensitive data from businesses and government organizations. Threat actors are exploiting two vulnerabilities in the popular file-sharing server FileZen, tracked as CVE-2020-5639 and CVE-2021-20655, to steal sensitive data from businesses and government organizations. FileZen servers allow users to share data according to their needs, […]
10,000+ unpatched ABUS Secvest home alarm systems could be remotely disabled exposing customers to intrusions and thefts. Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor has addressed a critical bug (CVE-2020-28973) in January. A remote attacker could exploit the vulnerability to disable alarm systems and expose homes and […]
Evil Maid Attack – Weaponizing an harmless vacuum cleaner hiding within it a small Rogue Device such as a Raspberry Pi. It is a typical day at the office. You are sitting at your desk, working hard at whatever it is that you do. The cleaning lady is also doing her job nearby, but you […]
Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems. Security solutions one again are used as attack vectors by threat actors, this time cybersecurity company Trend Micro revealed that attackers are actively exploiting a vulnerability, tracked as CVE-2020-24557, […]
Security vendor SonicWall has addressed three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. SonicWall is warning its customers to update their hosted and on-premises email security products to address three zero-day vulnerabilities that are being actively exploited in the wild. The three vulnerabilities addressed by the security vendor are: CVE-2021-20021: Email Security Pre-Authentication Administrative […]
At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the networks of US defense contractors. According to coordinated reports published by FireEye and Pulse Secure, two hacking groups have exploited a new zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors […]
The popular cyber security expert Luca Bongiorni demonstrated how to hack an X-Ray Machine using his WHIDelite tool. Recently I bought a X-RAY machine from China to have some ghetto-style desktop setup in order to inspect/reverse engineer some PCBs and hardware implants. The first thing striked my curiosity, even before purchasing it, was its remote. […]