Our news
-
Apple’s ‘Find My’ Network Exploited via Bluetooth
The ‘Send My’ exploit can use Apple’s locator service to collect and send information from nearby devices for later upload to iCloud servers.
-
Reverse Shells
Reverse Shells When discussing reverse shells, we should first cover what a shell is. A shell allows a user to interact with an operating system, the applications on the computer, and every function that is allowed for that user. A remote shell allows a user to perform actions on a device across the network. A remote shell works…
-
Researchers Flag e-Voting Security Flaws
Paper ballots and source-code transparency are recommended to improve election security.
-
‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices
Wi-Fi devices going back to 1997 are vulnerable to attackers who can steal your data if they’re in range.
-
Joint CISA-FBI Cybersecurity Advisory on DarkSide Ransomware
Original release date: May 11, 2021 CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure (CI) company. Cybercriminal groups use DarkSide to gain access to a victim’s network to encrypt and exfiltrate data. These…
-
AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting…
-
Wormable Windows Bug Opens Door to DoS, RCE
Microsoft’s May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities.
-
Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader
A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.
-
Lemon Duck Cryptojacking Botnet Changes Up Tactics
The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh attacks against North American targets.
-
Vulnerability Summary for the Week of May 3, 2021
Original release date: May 10, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info ambarella — oryx_rtsp_server A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to…