Blog
Online Store Zhefengle Exposed Millions of Chinese Citizen IDs
The database contained over 3.3 million orders from 2015 to 2020, many of which included uploaded copies of customers' government-issued identity cards. The vulnerability was addressed after a security researcher notified the store owners.
N. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware
The North Korea-linked nation-state group called BlueNoroff has been attributed to a previously undocumented macOS malware strain dubbed ObjCShellz. Jamf Threat Labs, which disclosed details of the malware, said it's used as part of the RustBucket malware campaign,...
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics
The Jupyter Infostealer malware has resurfaced with new techniques, including PowerShell command modifications and the use of signed certificates, to establish a persistent presence on compromised systems.
How Global Password Practices are Changing
Password health and hygiene have improved globally over the past year, reducing the risk of account takeover. However, password reuse remains prevalent, making user accounts vulnerable to password-spraying attacks.
Confidence in File Upload Security is Alarmingly Low. Why?
Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications. The benefits are undeniable; however, this shift presents new security challenges. OPSWAT's...
New GootLoader Malware Variant Evades Detection and Spreads Rapidly
A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection. "The GootLoader group's introduction of their own custom bot into the late stages of their attack chain is an attempt to...
Veeam Patches Two Critical Bugs in Veeam ONE
In a security update yesterday, the firm revealed CVE-2023-38547, a CVSS 9.9-rated flaw in Veeam ONE 11, 11a, and 12. The second critical bug (CVE-2023-38548) affects Veeam ONE version 12 and has a CVSS score of 9.8.
Offensive and Defensive AI: Let’s Chat(GPT) About It
ChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game. ChatGPT is the most swiftly growing consumer application to date....
Medusa Ransomware Group Claims Cyberattack on Canadian Psychological Association
The Medusa ransomware group has demanded a ransom of $10,000 to delay the publication of compromised data by another day, and a staggering $200,000 for the complete deletion of the data.
Update: Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent
As per Microsoft, the vulnerabilities do not meet the criteria of actual zero-days and require authentication for exploitation, reducing their chances of being used in malicious attacks.
FREE GUIDE