The US Government, Cybersecurity and Infrastructure Security Agency (CISA) has added Microsoft Windows and RAR (zip software), vulnerabilities to it’s database. CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
Personal data leaked in another “sophisticated” attack
First see what I have to say about “sophisticated attacks” then we will get into this leak of personal information by an organisation that should have a reasonable spend on cyber-security! Twilio – a communications and phone company based in San Francisco – is reluctant to give away much information on …
Continue reading “Personal data leaked in another “sophisticated” attack”
Microsoft 365 credentials stolen through redirects
Threat actors abused open redirects on the Snapchat and American Express websites to steal credentials for Microsoft 365 accounts. URL Redirection to Untrusted Site (‘Open Redirect’) (mitre.org) Get some training sop this does not happen to you, or worse, your team. Cyber Awake | Train Your Team To Protect Against …
Continue reading “Microsoft 365 credentials stolen through redirects”
The Feds are not impressed
Cryptocurrency bridge Nomad recently lost nearly $200 million to a cyber attack. Now they are offering the threat actors 90/10 split on the loot, for the return of 90% and not prosecution – Nomad will treat it as bug bounty for finding the flaw. Nomad are referring to the threat …
Command and Control on sale for hackers
In any cyber attack where the criminals want to make money, there is usually a server somewhere out there on the internet, being used for command and control of the malware. Now there this is being offered as a service the threat actors can purchase, to save them the full …
