+84949482065
GitHub is rolling out free secret scanning to all public repositories. Previously, the service had been available only to organizations that use GitHub Enterprise Cloud with a GitHub Advanced Security…
The user database of the FBI’s InfraGard has been offered for sale on a cybercrime forum. The database contains contact information for 80,000 public- and private-sector InfraGard members who hold…
Researchers found that common misconfigurations arising from how DNS is implemented in an environment can put air-gapped networks and high-value assets at risk. Ref https://www.darkreading.com/attacks-breaches/report-air-gapped-networks-vulnerable-dns-attacks
HR, benefits, and payroll management company Sequoia notified its customers of a data breach that occurred between September 22 and October 06, which compromised their names, contact details, SSNs, and…
Group-IB tracked over 16,000 scam domains and 40 malicious apps on the Google Play Store abusing the FIFA World Cup in Qatar to target fans. Ref https://www.infosecurity-magazine.com/news/experts-16000-scam-fifa-world-cup/
TikTok’s ‘Invisible Challenge’ to trick users into downloading the W4SP Stealer malware. With over a million views on such videos, threat actors managed to steal and add more than 30,000…
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher. More detail https://lists.apache.org/thread/2f126y32bf1v3mvxkdgt2jr5j3l1t01w
The Android banking Trojan Vultur has reached a total of more than 100,000 downloads on the Google Play Store, says a new advisory from cybersecurity experts at Cleafy. The dropper hides…
Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view,…
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of…
