Unmasking the Cyber Threat Landscape — SIM-Swapping Attack
In November 2022, the world witnessed a significant data breach. A gang adept in SIM-swapping attacks targeted the cryptocurrency exchange, FTX, draining over $400 million from its coffers. While three Americans were implicated and charged for this cybercrime, the dark web whispers of the involvement of organized Russian cybercriminal networks laundering the stolen wealth. The […]
Attackers Access Source Code and Internal Docs – Understanding Cloudflare’s Breach
In the ever-evolving landscape of cybersecurity, the Thanksgiving 2023 security incident involving Cloudflare has been a stark reminder of the sophistication and persistence of nation-state actors. It was a wake-up call to organizations worldwide on the necessity of robust identity and access management (IAM) systems to safeguard their digital assets. In this comprehensive analysis, we […]
Confluence RCE Exploit Campaign – CVE-2023-22527
Collaboration applications have become deeply ingrained in modern work culture, providing efficient means for teams to share information and work together. However, as with any technology, these tools also introduce potential security risks that can be exploited by malicious actors. Recently, a severe vulnerability nicknamed “Chaos” was disclosed in Atlassian’s popular Confluence software that allows […]
Silently Weaponizing the VMware Zero-Day: Inside the UNC3886 Cyber Espionage Campaign
Advanced persistent threat (APT) groups are continuously evolving their tactics, techniques, and procedures (TTPs) to carry out cyber espionage campaigns against organizations globally. The latest example is that of UNC3886, an advanced China-nexus threat actor that has silently weaponized a critical zero-day vulnerability in VMware vCenter Server since late 2021 to infiltrate their targets. About […]
Massive Data Breach Exposes Over 41 Million Hathway Customers
Hathway, one of India’s largest cable TV and broadband service providers, has reportedly suffered a massive data breach impacting over 41 million customers. A hacker going by the alias “dawnofdevil” claims to have breached Hathway’s database and obtained sensitive personal information of millions of customers. This shocking cyber attack demonstrates the growing threat of data […]
CVE-2023-7028: Gitlab Vulnerability – Account Takeover Via Simple Password Reset
A critical vulnerability has been discovered in GitLab Community Edition (CE) and Enterprise Edition (EE), which allows for remote account takeover without any user interaction. This flaw is specifically related to a password reset issue. All GitLab users must take immediate action and apply the necessary patches to mitigate this security risk. The vulnerability has […]
FBot: A New Python Hacking Tool Targeting Cloud Services and SaaS Platforms
A dangerous new hacking tool called FBot has recently emerged in the cybercrime underground. FBot is a Python-based tool designed to target popular web servers, cloud services, content management systems (CMS), and software-as-a-service (SaaS) platforms. In this post, we’ll take an in-depth look at FBot, its capabilities, and how organizations can protect themselves. Overview of […]
VAPT(Vulnerability Assessment & Penetration Testing)
VAPT testing(Vulnerability Assessment and Penetration Testing) is a comprehensive approach to evaluating the security of your systems by combining two essential components: vulnerability assessment and penetration testing. By conducting a thorough analysis of your network infrastructure, applications, and devices, VAPT helps identify potential weaknesses that malicious actors could exploit. Vulnerability assessment involves systematically scanning and analysis of […]
Cyber Espionage Campaign Sea Turtle – Targets Dutch IT and Telecom Companies
The cyber threat landscape continues to evolve with new groups and campaigns emerging regularly. One such threat actor that has garnered attention recently is Sea Turtle, a Turkey-nexus Advanced Persistent Threat (APT) group conducting cyber espionage campaigns since at least 2017. This article provides an in-depth look at Sea Turtle’s activities, attack methods, and impact […]
VAPT Audit Cost in India 2024
What is a VAPT Audit? Vulnerability Assessment and Penetration Testing is known as VAPT. It is a thorough method for assessing how secure an organization’s networks, systems, data, applications, and infrastructure are. VAPT attempts to test an organization’s defenses against actual attacks and find security flaws that an attacker could exploit. VAPT comprises two main […]
