Two vulnerabilities in Adobe ColdFusion are exploited in real-world attacks, the Cybersecurity & Infrastructure Security Agency (CISA) warns. Both issues are related to the possibility of arbitrary code execution, caused by poor validation of deserialized data. Adobe released patches for both of these vulnerabilities back in mid-July 2023, when they were originally detected. ColdFusion ACE… Continue reading Two Adobe ColdFusion Vulnerabilities Exploited in The Wild
Author: Stephanie Adlam
I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.
Tortilla (Babuk) Ransomware Decryptor Available
On January 9, 2024, Avast and Cisco Talos announced the release of a free decryptor for one of the Babuk ransomware variants – Tortilla. Analysts ensure that all the victims of the said threat actor can use the decryptor to get their files back. That is the second ransomware strain to get the decryptor in… Continue reading Tortilla (Babuk) Ransomware Decryptor Available
OAuth2 Session Hijack Vulnerability: Details Uncovered
A sophisticated exploit targeting Google’s OAuth2 authentication system was uncovered by Prisma threat actor. This exploit leverages undocumented functionalities within Google’s MultiLogin endpoint, enabling attackers to generate and maintain persistent Google cookies even after a password reset. OAuth2 Vulnerability Allows for Persistent Session Hijacking The attackers found a way to use specific components within the… Continue reading OAuth2 Session Hijack Vulnerability: Details Uncovered
xDedic Marketplace Members Detained In International Operations
The infamous xDedic Marketplace, known for its illicit trade in compromised computers and personal data, has been effectively dismantled. 19 persons related to the marketplace were detained. The overall operation is the result of joint effort of law enforcement from 11 countries. xDedic’s Actors Face US Courts Although the actual seizure of xDedic happened almost… Continue reading xDedic Marketplace Members Detained In International Operations
Verified X/Twitter Accounts Hacked to Spread Cryptoscams
The trend of hacking official accounts to promote cryptocurrency fraud is gaining momentum. Over the past week, researchers have discovered an abnormal number of such incidents. X/Twitter Crypto Scams From Verified Accounts Today, we are witnessing an unpleasant trend: hackers increasingly target verified Twitter accounts. To be more specific, this refers to individuals who are… Continue reading Verified X/Twitter Accounts Hacked to Spread Cryptoscams
SMTP Smuggling is a New Threat to Email Security
A new SMTP Smuggling technique reportedly has the potential to bypass existing security protocols. Also it can enable attackers to send spoofed emails from seemingly legitimate addresses. This may breathe new life into email spam, despite its efficiency not decreasing throughout the last time. What is SMTP Smuggling? SMTP smuggling is a novice exploitation technique… Continue reading SMTP Smuggling is a New Threat to Email Security
Mandiant Account in X Hacked to Spread Cryptocurrency Scams
The Twitter account of Google’s Mandiant cybersecurity service has been hacked to promote a cryptocurrency scam. It happens along with the massive spread of cryptocurrency drainer scams on different social media platforms. Mandiant has lost control of its X/Twitter account Early this morning Eastern Time, cybersecurity company Mandiant’s account on the social network X (formerly… Continue reading Mandiant Account in X Hacked to Spread Cryptocurrency Scams
Qualcomm RCE Vulnerabilities Expose Millions of Users
Vulnerability in several Qualcomm chipsets allows for remote code execution during the phone call. This and other vulnerabilities were uncovered in the latest security bulletin released by the chipmaker. The optimistic part here is that the company uncovered the flaws half a year ago, and arranged the fixes with the OEMs. RCE Vulnerability In Qualcomm… Continue reading Qualcomm RCE Vulnerabilities Expose Millions of Users
Black Basta Ransomware Free Decryptor Available
SRLabs researchers published a free decryptor for BlackBasta ransomware. They discovered the vulnerability in the way malware handles the encryption process and found the way to recover the encryption key and get the files back. The decryptor is called Black Basta Buster and is available for free on the devs’ GitHub page. Black Basta Decryptor… Continue reading Black Basta Ransomware Free Decryptor Available
Seven Common Types of Malware – Analysis & Description
In the intricate landscape of cybersecurity, comprehending the various forms of malware is crucial. This article offers an in-depth look at the most pervasive malware types, from Loaders to Keyloggers. We’ll explore their mechanisms, impacts, and how they compromise digital security, providing you with the knowledge to better safeguard against these ever-evolving cyber threats. Let’s… Continue reading Seven Common Types of Malware – Analysis & Description