About 100,000 top-ranking websites have recently been examined by security experts, revealing that some of them leak users’ data entered on website forms to third-party trackers even before users hit the submit button. Moreover, even if users have not submitted their data on the forms and deleted everything they typed in, the websites still share...Continue Reading
India has recently mandated all internet service providers to gather their respective user data for the last five years, based on a press release by the CERT-IN (Indian Computer Emergency Response Team). CERT-In also added that they would be amassing data from service providers such as data centres, VPNs, body corporate, and intermediaries under the...Continue Reading
Several months after security analysts found the critical zero-day flaw under the Java logging library Apache Log4j, they disclosed that many servers and applications are still prone to cyberattacks posed by the flaw due to failure to apply proper security patches. The vulnerability tracked as CVE-2021-44228 was first detailed last December, allowing hackers to launch...Continue Reading
A security flaw was found within Google’s VirusTotal platform, allowing threat actors to exploit it to accomplish remote code execution or RCE via the unpatched third-party sandboxing machines employing anti-virus applications. The vulnerability was fixed immediately after being discovered. VirusTotal is a malware-scanning platform under Google’s security subsidiary that investigates suspicious links, domains, and files...Continue Reading
Catalan-based journalists, politicians, and activists are the newest targets of a zero-click exploit on iPhone’s iMessage app utilised to install spyware under the NSO Group. As dubbed by experts, HOMAGE is a zero-click vulnerability that impacts iOS version 13.2. The HOMAGE exploit is abused by threat operators to target people with the Pegasus spyware, alongside...Continue Reading
The JSSLoader remote access trojan (RAT) propagates using Microsoft Excel add-ins during their attacks. Researchers attributed the newly discovered threat campaign to the Russian FIN7 threat group and have been actively circulating in the wild since December two years ago. The attack campaign uses a new and more elusive variant of JSSLoader. Its threat operators...Continue Reading
A new phishing strategy enables threat actors to bypass the multi-factor authentication (MFA) functionality using a new phishing technique that involves discreetly having targets log into their account on an attacker-operated server via remote access software. Based on reports, a researcher performed a pen-testing for an organisation and accidentally found a phishing activity on the...Continue Reading
Recent reports revealed how Google Drive became the most exploited function that threat actors used for spreading malicious payloads. Based on data gathered by researchers, about half of all malicious Office documents spread globally were distributed by threat actors using Google Drive. The result of the report is based on a recent study that covers...Continue Reading
A state-backed cybercriminal group called OceanLotus, also known as APT32, exploits the web archive file format to avoid detection from security solutions while distributing malware to intrude in target devices. The recent report of a cybersecurity researcher claims that the state-sponsored hackers are actively utilising the web archive files [.]MHTML, and [.]MHT for its campaign....Continue Reading
Even Google Docs has not been spared from being abused in cyberattacks, as researchers found that threat actors are exploiting its commenting feature to execute phishing attacks since December last year. Many employees globally are familiar with how Google Docs email alerts work. Receiving such alerts on their Gmail accounts might make them curious to...Continue Reading
