Blog
-
Apache Log4j Vulnerability Explained
Security experts consider Log4j to be one of the most serious threats to come down the pipe in recent years. It’s viewed in this way because of two factors: the sheer number of systems that are vulnerable, and the ease with which an attacker can compromise a network.
-
Google, Mandiant Studies Find Surge in Zero-Day Vulnerabilities, More Than Double Previous Year’s Total
Reports from Mandiant and Google found that 2021 was a record year for zero-day vulnerabilities, more than doubling the number seen in 2020. Google, Microsoft and Apple account for 75% of the vulnerabilities.
-
Phishing Scam Targets iCloud Backups Containing MetaMask Crypto Wallet Seed Phrase
Phishing scams are targeting Apple device users known to use the MetaMask crypto wallet app, attempting to reset their credentials and gain access to the seed phrase stored in iCloud backup.
-
GitHub Private Repositories Breached After Theft of OAuth Tokens From External Sources
GitHub’s security team traced a breach of npm back to a stolen OAuth token, and the ensuing investigation turned up more stolen tokens and markers of access to private repositories.
-
FBI Links North Korean Lazarus Hacking Group to Record-Setting Ronin Network Crypto Theft
The FBI named the Lazarus hacking group as the primary suspect after the Treasury Department found links to a wallet used to host the stolen funds from the crypto theft.
-
Customer Data Stolen in T-Mobile Hack Remains at Large as Secret Payment Fails
After the August 2021 T-Mobile hack, which saw at least 50 million records exposed to the attackers, the stolen customer data appeared for sale on an underground site. A secret attempt to buy it back failed.
-
Industrial Control Systems in the Crosshairs of State-backed Hackers Wielding “Easy-to-Use” New Malware Kit
The malware kit has not yet been used to compromise a target, according to a public warning issued by US intelligence agencies, but has extensive capabilities for attacking a wide range of industrial control systems that are currently in use.
-
Mirai Botnet Malware Making a Resurgence Thanks To “Spring4Shell” Exploit
Organizations should have already been on top of patching Spring4Shell, but the emergence of the Mirai botnet malware campaign should be the final wake-up call.
-
Essential Guide to Penetration Testing Services
There are no two ways about it: useful penetration testing services require security professionals who understand how to hack networks and systems. Here we provide an essential guide to understanding penetration testing services.
-
Bust of Hydra Darknet Market Puts an End to $1.3 Billion in Criminal Trade
The Hydra darknet market was primarily a gathering point for criminal traffic in Eastern Europe. It was not just the largest market available in contemporary times, but is thought to be the largest ever available on the internet.