Month: June 2022
Malicious Facebook Messenger Chatbots Steal Facebook Pages User’s Credentials
As part of a new phishing attack, impersonating the company’s customer support team using Facebook Messenger chatbots, attackers are trying to steal Facebook credentials for managing specific pages on the site. The idea behind a chatbot is that it can...
Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups
Google’s Threat Analysis Group (TAG) on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip...
What Your Organization Gains by Understanding the Value of App Security Testing Averages
Daily and weekly agile software releases include bug fixes and security patches alongside new functionality. As a result, new vulnerabilities are introduced daily, even as teams plug existing security holes. With so many software releases, it is essential for security...
Burp Suite 2022.5.1 Released – Whatâs New !!
Recently, PortSwigger has released a brand-new version of Burp Suite for Professional and Community users. The newly released version, Burp Suite 2022.5.1 contains numerous improvements and bug fixes. Burp Suite is well-known by its informal name, “Pentester’s Swiss Army Knife,” it’s...
State of your attack surface, improved user permissions, and many new tests
TL/DR: We’ve launched a new filter to simplify how you assess the state of your attack surface and made a few other updates to our products. Easily assess the state of your attack surface The attack surface is inevitably going...
Detectify strengthens its authority in G2âs security categories
TL/DR: Adding to its slew of accolades, Detectify’s solution has been recognized by the G2 Summer Report 2022 as a Leader in the categories Website Security (ranking #1), Penetration Testing, and Vulnerability Scanner thanks to users’ high ratings, substantial satisfaction,...
The SessionManager IIS backdoor
Following on from our earlier Owowa discovery, we continued to hunt for more backdoors potentially set up as malicious modules within IIS, a popular web server edited by Microsoft. And we didn’t come back empty-handed… In 2021, we noticed a...
Hackers May Target Zimbra Webmail Servers Through UnRAR Zero-Days
Posted on June 30, 2022 at 7:15 AM A new vulnerability has been discovered in RARlab’s UnRAR utility. The flaw could enable a remote attacker to execute arbitrary codes on a binary-reliant system if successfully exploited. The flaw, assigned CVE-2022-30333,...
Facebook Phishing Scam: Crooks Using Messenger Chatbots to Steal Login Data
The new phishing scam uses malicious and fake chatbots to steal login credentials of unsuspected Facebook users through Facebook Messenger. A new phishing campaign has been discovered by Trustwave security researchers, which involves using Facebook Messenger chatbots while the campaign’s...
How Partners Increase Their Offerings and Revenue Growth with Synack
By Justine Desmond Unemployment in cybersecurity is close to zero percent. If that’s not enough to cause concern, the global shortage of cyber professionals is estimated at 2.72 million individuals. With an economic downturn, there’s also more risk to hiring...
Lithuania Hit With DDoS Attacks Over Kaliningrad Route Blockage
Posted on June 29, 2022 at 8:01 PM The recent attack on the Lithuanian government and other entities was allegedly perpetrated by Russia-linked cyber threat actor Killnet, who claimed responsibility. According to the group, the attack was in response to...
Pentesting for Cloud Systems: What You Need to Know
Why You Need to Pentest Your Cloud Implementation and What’s Different From Normal Pentesting Security Breaches in Cloud Systems Most businesses today perform at least some of their compute functions in the cloud. For good reason. Processing in the cloud...
