Category: Uncategorized
-
What is a spam trap?
Post ContentRead More
-
What is a whaling attack (whaling phishing)?
Post ContentRead More
-
What is acceptable use policy (AUP)?
Post ContentRead More
-

NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta’s Lawsuit [email protected] (The Hacker News)
Legal documents released as part of an ongoing legal tussle between Meta’s WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so. They also show that NSO Group repeatedly found ways to…
-

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites [email protected] (The Hacker News)
A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin.…
-

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released [email protected] (The Hacker News)
Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management…
-

Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials [email protected] (The Hacker News)
A threat actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet’s FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity, which disclosed the findings Friday, said it identified the zero-day exploitation of the credential disclosure vulnerability in July 2024, describing BrazenBamboo as the developer behind…
-
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user’s NTLMv2 hash to an attacker via a file open operation. The attacker can leverage this hash to impersonate that user with minimal interaction from the victim. This Vulnerability (CVE-2024-43451) has been added to CISA’s Known Exploited…
-
MFA required for AWS Organizations member accounts in 2025
Post ContentRead More
-
Palo Alto Networks PAN-OS management interfaces under attack
Post ContentRead More
