Category

Third Party Risk Assessment

Third Party Risk Assessment Page 1

S3crets Scanner Hack Tool Scan Compromised Data AWS S3 Buckets

S3crets Scanner tool could scan data from AWS S3 Buckets

Researchers discovered a new open-source tool called S3crets Scanner that could enable researchers to scan for confidential data that are accidentally stored by users in the Amazon AWS S3 storage buckets. Companies utilise the Amazon Simple Store Service (Amazon S3) to store information, services, and software in buckets. Unfortunately, most companies that use the platform...
Continue Reading
Critical URLs Exposed Data Misconfiguration Urlscan.io Data Leak

Critical URLs exposed by a misconfiguration in Urlscan.io

The website scan and analysis engine software, Urlscan.io has accidentally leaked sensitive records of scanned URLs after a misconfiguration in its system. Urlscan.io caters to URL submissions and produces troves of data such as domains, DOM information, cookies, screenshots, and IPs. According to its developers, the software aims to enable a user to analyse unidentified...
Continue Reading
Fake Browser Extension Dormant Colors Web Browsers Threat Campaign

Fake extensions used by Dormant Colors to target browsers

The Dormant Colors threat campaign has adopted a new way to steal and monetise data. A recent malvertising campaign from the earlier mentioned threat group distributes malicious data-gathering browser extensions based on reports. As of now, this malicious entity has been installed by millions of users globally. The Dormant Colors campaign includes 30 extensions for...
Continue Reading
GitHub Repositories Digital Risk Hacking Vulnerability Brand Abuse

GitHub repositories at risk of hacks due to a vulnerability

A new GitHub vulnerability was found recently, allowing threat actors to take over users’ repositories and spread malware to applications and codes. While the flaw has already been patched in GitHub’s ‘popular repository namespace retirement’ feature, experts warn that the same tool could be vulnerable to cyberattacks in the future. These flawed GitHub repositories are...
Continue Reading
Kiss-A-Dog Cryptojacking Open Source Platforms

Kiss-A-Dog cryptojacking targets open-source platforms

A new cryptojacking campaign called Kiss-A-Dog targets cloud infrastructures and open-source platforms worldwide. According to researchers, the primary targets of this new cryptojacking scheme are vulnerable Docker and Kubernetes entities. The campaign retrieves a Python-coded malware payload that could leverage several C2 servers to escape containerised landscapes and acquire root privileges. Subsequently, the malware could...
Continue Reading
Threat Actors Flaw Exploited VMware Vulnerability

Threat actors have exploited a VMware vulnerability

Threat actors exploited a critical vulnerability inside the VMware Workspace One Access to deliver malware strains like the RAR1Ransom tool. This malicious kit could lock files in archives protected by passwords. Based on reports, the current incident is enabled by a flaw tracked by researchers as CVE-2022-22954, an RCE bug activated through server-side template injection....
Continue Reading
Github Folders Exposed Data Cyberattackers

Git folders were found exposing millions of data to attackers

Git, a well-known open-source platform, has been seen with almost two million [.]git folders of vital project data exposed publicly. Experts reported that [.]git folders with public access could lead to source code exposures and exploitation by malicious actors for cyberattacks. The Git platform also aids programmers with coordinated work to develop source codes and...
Continue Reading
Experts Cybersecurity DNS Intelligence Domain Shadowing 2022

Experts have seen a spike in domain shadowing attacks for 2022

Cybersecurity researchers uncovered that between April and June this year, the domain shadowing technique had become one of the most prevalent malicious techniques propagated in the wild. About 12,197 domain shadowing cases were found based on a recent web scan. By definition, domain shadowing is a malicious technique that hackers use to avoid being detected...
Continue Reading
Studies Reveal Top Websites Leak User Search Terms Privacy Exposed Data

Studies reveal that top websites mostly leak user search terms

Cybersecurity research discovered that 80% of well-known websites with a search bar would likely leak their user search terms to online advertisers like Google. This research has concerned many experts since there could be implications of breaching a visitor’s privacy and exposing information to a massive network of third-party entities. These third-party advertisers could use...
Continue Reading
Apex One Vulnerability Security Flaw Cyberattacks Unpatched Threat Advisory Endpoint

New Apex One vulnerability threatens users against cyberattacks

An Apex One vulnerability has recently emerged, with its customers being warned to apply appropriate patches before threat actors would come to abuse it. According to reports, this critical flaw has already been actively exploited; thus, those who have yet to patch theirs must do immediately to stay protected. The Apex One platform helps businesses...
Continue Reading
1 2 3 13