November 23, 2022

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. Patch your kernel

Redhat has just just published a risk advisory about a vulnerability in the Linux Kernel that allows for local privilege escalation. This vulnerability is tracked as CVE-2022-3910 (CVSS score: 7.4). This vulnerability is referred to be a use-after-free problem, and it can be found in io uring on the Update of Reference Count. io uring …

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. Patch your kernel Read More »

Changes to Google’s employee appraisal system stir layoff fears

After several major technology companies announced layoffs due to macroeconomic headwinds in the last few months, Google is now under the spotlight as news reports this week predict that the company will cut at least 10,000 jobs. The forecasts are based on a report from the Information, which said that under the Google Reviews and …

Changes to Google’s employee appraisal system stir layoff fears Read More »

Experts Condemn The UK Online Safety Bill As Harmful To Privacy And Encryption

The British Parliament may start debating the Online Safety Bill again as soon as this week. The bill is a deeply flawed censorship proposal that would allow U.K. residents to be thrown in jail for what they say online. It would also force online service providers to use government-approved software to search for user content …

Experts Condemn The UK Online Safety Bill As Harmful To Privacy And Encryption Read More »

Redis and AWS extend partnership to accelerate cloud migration and application development

Redis has unveiled a multi-year strategic collaboration agreement (SCA) with Amazon Web Services (AWS). Building on the companies’ existing work together, this agreement will make it easier and faster for customers to adopt Redis Enterprise Cloud’s real-time data processing capabilities with the global reach of AWS services. This SCA is designed to deliver new product …

Redis and AWS extend partnership to accelerate cloud migration and application development Read More »

Web Application Penetration Testing Checklist – A Detailed Cheat Sheet

Web Application Pentesting is a method of identifying, analyzing and Report the vulnerabilities which are existing in the Web application including buffer overflow, input validation, code Execution, Bypass Authentication, SQL Injection, CSRF, Cross-site scripting in the target web Application which is given for Penetration Testing. Repeatable Testing and Conduct a serious method One of the …

Web Application Penetration Testing Checklist – A Detailed Cheat Sheet Read More »

To be Xor Not to Be: How RESPOND could have stopped a surprise DDoS incident

When is the best time to be hit with a cyberattack? The answer that springs to most is ‘Never’,  however in today’s threat landscape, this is often wishful thinking. The next best answer is ‘When we’re ready for it’. Yet, this does not take into account the intention of those committing attacks. The reality is …

To be Xor Not to Be: How RESPOND could have stopped a surprise DDoS incident Read More »

Tata Power Attack Linked to Bug in Nearly 20-Year-Old Server

Governance & Risk Management , Operational Technology (OT) Microsoft Confirms 2021 Report, Says 1 Million Boa Servers Still Online Globally Mihir Bagwe (MihirBagwe) • November 23, 2022     Source: Freepik Nearly 20-year-old, outdated web servers were responsible for last month’s intrusion on India’s largest integrated power company, Tata Power, Microsoft says. See Also: Live …

Tata Power Attack Linked to Bug in Nearly 20-Year-Old Server Read More »

New Wave of SocGholish cid=27x Injections

On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress theme and fake plugins files before extracting the SocGholish script, which is saved as an encrypted value inside the wp_option table of the WordPress database. …

New Wave of SocGholish cid=27x Injections Read More »

These Ten Startups Are Focused on Protecting Connected Cars From Cyber Attacks

Did you know that half of all cyberattacks in the automotive industry happened in 2021?  This represented a from attacks in the automotive industry in 2020. This shouldn’t be surprising, considering that the number of vehicles connected to the internet has risen dramatically over the last few years.  A ‘connected’ vehicle, in this case, is …

These Ten Startups Are Focused on Protecting Connected Cars From Cyber Attacks Read More »

Pro-Russian Killnet group hits UK organizations with DDoS attacks

On November 22nd, in the early hours of the morning, Prince William’s website was reportedly attacked by a Russian hacking group Killnet. In a message posted on Telegram, Killnet stated the reason for the attack to be UK’s continued support for Ukraine. Killnet said it had conducted the attack “due to the supply of high-precision …

Pro-Russian Killnet group hits UK organizations with DDoS attacks Read More »

Futureproofing Cybersecurity With On-Premise Video And Access Control Systems

In 2022, it took around to identify and contain a breach. To prevent a cybersecurity breach for your business, you need to think about your on-premise security systems. How can you futureproof your cybersecurity with on-premise video and access control systems? Keep reading to learn about on-premise video and access control systems and what the …

Futureproofing Cybersecurity With On-Premise Video And Access Control Systems Read More »

Smart Flow – A super-charged single step for extractions in UFED 7.60

Taking the guesswork out of device-specific profiling Keeping up with the ever-changing mobile device industry is challenging even for a seasoned examiner. One must be able to properly identify the device and select the relevant profile to start the extraction process. Cellebrite’s ‘Live’ methods, released over the last few years, have provided industry leading access …

Smart Flow – A super-charged single step for extractions in UFED 7.60 Read More »

IBM: RansomExx becomes latest ransomware group to create Rust variant

The RansomExx ransomware group has become the latest gang to create a variant in the Rust programming language, according to IBM Security X-Force Threat researchers. Charlotte Hammond, a malware reverse engineer for IBM Security X-Force, told The Record the development was important because antivirus detection rates tend to be lower for Rust compiled malware, making …

IBM: RansomExx becomes latest ransomware group to create Rust variant Read More »

Why endpoint security will be a renewed priority for businesses of all sizes in 2023

A recent spate of high-profile security breaches at some of the largest enterprises in Australia has reminded everyone of the importance of security. Cyber crime is estimated to cost the Australian economy around $42 billion per year, and that number is only increasing. The biggest challenge when it comes to cyber crime is that there …

Why endpoint security will be a renewed priority for businesses of all sizes in 2023 Read More »

Russian KillNet Shuts Down EU Parliament Website With DDoS

Cyberwarfare / Nation-State Attacks , DDoS Protection , Fraud Management & Cybercrime EU Declares Russia a Terrorist State; Attack Follows DDoS Hits on Eastern Nations Akshaya Asokan (asokan_akshaya) • November 23, 2022     European Parliament (Image: Dusan_Cvetanovic, Pixabay) Pro-Kremlin KillNet hackers took down the website of the European Parliament on Wednesday in a DDoS …

Russian KillNet Shuts Down EU Parliament Website With DDoS Read More »