A currently unidentified threat actor has compromised the update mechanism of Passwordstate, a password manager application primarily catering to enterprise customers, and has deployed malware on its user’s devices. Click Studios, the firm behind Passwordstate, has notified 29,000 customers via email, according to communications obtained by a Polish tech news site. The malware was live […]
21
Apr
Apr
Let us begin by describing how to approach Cyber Supply Chain Risk Management (C-SCRM) and the risks your vendors pose to you. Then we will discuss if you should require them to show evidence that penetration testing was conducted and what remediations were taken. C-SCRM in a nutshell For simplicity let us split suppliers into […]
20
Apr
Apr
An ongoing “malvertising” campaign dubbed “Tag Barnakle” was identified as the breach point of more than 120 Advertisement servers over the past year. The threat actors aim to inject code to host Adware that redirects users to domains under threat actors’ control, exposing them to more malware. The adversaries behind the Tag Barnakle campaign are […]
14
Apr
Apr
What is a SOC? The difference between SOC 1, 2 and 3 is quite important assuming that you know what SOC is. Most people will have heard of a SOC audit report, but for those who do not understand what SOC stands for, let us start from the beginning. SOC is the acronym for System […]
07
Apr
Apr
additionally, Last update: 25 January 2022 Web applications are an essential component of any modern business. They can help convey the company vision, advertise services and deliver content to customers. Regardless of their use, they are a necessity to make oneself or a business known to the world. However, as beneficial as they can be […]
07
Apr
Apr
APT’s exploit Fortinet FortiOS vulnerabilities to compromise systems belonging to government and commercial entities, warn US agencies. Threat actors are scanning for three high severity vulnerabilities that have not been patched. CVE-2018-13379, CVE-2020-12812 and, CVE-2019-5591 are actively being exploited. Each of these vulnerabilities is public and the vendor issued patches, but unless IT administrators apply […]
31
Mar
Mar
The official PHP Git repository suffered a software supply chain attack this week. Two malicious commits were pushed to the repository, where the attackers sign the commits with falsified but plausible aliases. An RCE backdoor was uploaded, which executes a backdoor in the HTTP protocol’s user agent header field. According to the PHP maintainers, the […]
23
Mar
Mar
“Bad Things Come in Threes.” Three historical vulnerabilities have been discovered in the Linux kernel. If exploited, it could be used to gain root access to those systems. The original researchers from the security firm GRIMM have stated that these vulnerabilities remained undiscovered for 15 years. The vulnerabilities exist in the Linux kernel SCSI (Small […]
17
Mar
Mar
Why else should you attend the webinar? You’ll not only receive expert insight into triggers and mistakes to avoid but will have the opportunity to ask your pressing questions surrounding the DPIA tool – which is the key to DPA and GDPR compliance. What else will be covered on DPIAs? The 4 objectives for […]
11
Mar
Mar
Phishing attacks targeting Microsoft users are leveraging a fake Google reCAPTCHA page. Attackers are sending thousands of emails to steal Office 365 account credentials. Combined with the forged reCAPTCHA ruse, top-level domain landing pages that include the victim’s company logo were discovered. Researchers say that at least 2,500 emails have been flagged after being sent […]