Bouncy Castle Crypto Authentication Bypass Vulnerability Revealed A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user or administrator accounts due to a cryptographic weakness in the way passwords are checked. Bouncy Castle Read more…
Nation-state Hackers Breached US Think Tank Thrice In A Row An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times. Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July Read more…
Ransomware Masquerades As Mobile Version Of Cyberpunk 2077 A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare. To trick users into installing malware, threat actors commonly distribute them as gamer installers, cheats, and cracks for copyrighted software. This Read more…
CISA: Hackers Breached US Govt Using More Than SolarWinds Backdoor The US Cybersecurity and Infrastructure Security Agency (CISA) said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector. “CISA has evidence of additional initial access vectors, other than the Read more…
Iranian Nation-state Hackers Linked To Pay2Key Ransomware Iranian-backed hacking group Fox Kitten has been linked to the Pay2Key ransomware operation that has recently started targeting organizations from Israel and Brazil. “We estimate with medium to high confidence that Pay2Key is a new operation conducted by Fox Kitten, an Iranian APT Read more…
WordPress Plugin With 5 Million Installs Has A Critical Vulnerability The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installs making this urgent upgrade a necessity for WordPress site owners out there. Unrestricted file upload Read more…
FBI, CISA Officially Confirm US Govt Hacks After SolarWinds Breach The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence (ODNI). “Over Read more…
Mitigate SolarWinds Orion Code Compromise This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 21-01, “Mitigate SolarWinds Orion Code Compromise”. Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security threat, Read more…
Malicious Chrome, Edge Extensions With 3M Installs Still In Stores Malicious Chrome and Edge browser extensions with over 3 million installs, most of them still available on the Chrome Web Store and the Microsoft Edge Add-ons portal, are capable of stealing users’ info and redirecting them to phishing sites. The malware-laced extensions found Read more…
FireEye, Microsoft Create Kill Switch For SolarWinds Backdoor Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself. This past weekend it was revealed that Russian state-sponsored hackers breached SolarWinds and added malicious code to a Windows DLL file used Read more…
Let us help you out.
Singapore
7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987
Thailand
The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand
Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!
Click one of our contacts below to chat on WhatsApp
