Beware of Fake Windows 11 Downloads Distributing Vidar Malware

Phishing domains are spreading Windows 11 installers loaded with Vidar infostealer. According to the cybersecurity firm Zscaler ThreatLabz, threat actors are trying to install info stealing malware on users’ devices through newly registered domains. Zscaler explained that these spoofed domains...

/ May 20, 2022

HackerOne Announces a New Customer Pentest Setup that’s More Efficient and Speeds Time to Launch

This improved experience reduces time to launch, which is vital when your organization is up against an urgent timeline to complete a pentest due to a recent acquisition, a security breach, compliance deadlines, or other drivers. Our expert Technical Engagement...

/ May 20, 2022

Pwn2Own – Windows 11, Microsoft Teams Hacked & Exploiting 16 Zero-day Bugs

The contestants who successfully exploited 16 zero-day bugs within 16 different products in the Pwn2Own Vancouver 2022 first day won more than $800,000 in prize money. The product line includes:- Microsoft Windows 11 (OS) Microsoft Teams (communication platform) First Day:...

/ May 20, 2022

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use...

/ May 20, 2022

Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

Other than Windows 11, Microsoft Teams and Mozilla Firefox, Oracle Virtualbox, Ubuntu Desktop, and Safari browser were also hacked on day one of PWN2OWN 2022 in Vancouver. Pwn2Own is a hacking contest where white hate hackers come forward and compete...

/ May 19, 2022

Microsoft Warns of Malware Campaign Targeting SQL Servers Using Brute Force

The United States Department of Homeland Security has issued a threat advisory regarding brute-forcing attacks aimed at exploiting weak passwords used on Microsoft SQL Server (MSSQL) database servers exposed to the internet. It is clear that the intrusions analyzed by...

/ May 19, 2022

New Bluetooth Hack Could Let Attackers Remotely Unlock Smart Locks and Cars

A novel Bluetooth relay attack can let cybercriminals more easily than ever remotely unlock and operate cars, break open residential smart locks, and breach secure areas. The vulnerability has to do with weaknesses in the current implementation of Bluetooth Low...

/ May 19, 2022

Hackers Use Built-In Utility To Target Vulnerable Microsoft SQL Servers

Posted on May 19, 2022 at 4:49 PM Tech giant Microsoft has warned about a brute-force attack that targets poorly secured and Internet-exposed Microsoft SQL Server (MSSQL) database servers with frail passwords. This is not the first time Microsoft SQL...

/ May 19, 2022

Kali Linux 2022.2 Release With New Hacking Tools & Updates

A new version of Kali Linux 2022.2 with new hacking tools was released, and there are a number of upgrades included in this release, all of which are available for download or updating instantly. For over a decade, offensive security...

/ May 19, 2022

US Warns Firms About North Korean Hackers Posing as IT Workers

US government has warned organizations to beware of hackers in the guise of IT freelancers claiming to be non-DPRK (Democratic People’s Republic of Korea) nationals. According to an advisory issued by the United States State and Treasury Departments and the Federal Bureau...

/ May 18, 2022

Hackers Are Inserting Malicious PHP Code to Steal credit card data

Posted on May 18, 2022 at 7:19 PM The Federal Bureau of Investigations (FBI) has issued a warning that some hackers are creating a backdoor into victims’ systems and accessing their credit card data. The agency stated that the attackers...

/ May 18, 2022

Understanding Public and Private Bug Bounties and Vulnerability Disclosure Programs

How Are Bug Bounty Programs and Vulnerability Disclosure Programs Different? Let’s start with the similarities. Both bug bounties and VDPs aim to collect vulnerability reports from third parties. These third parties can be security researchers, ethical hackers, partners, customers, or...

/ May 18, 2022