Category

Third Party Risk Assessment

Third Party Risk Assessment Page 4

Security Analysts DuckDuckGo Microsoft User Tracking Dark Web Search Engine

Analysts discovered DuckDuckGo allowing Microsoft to track users

The popular search engine DuckDuckGo, which has claimed maximum browsing privacy for its users, reportedly allows Microsoft trackers on third-party websites. This report is discovered from an agreement between the two tech firms about their syndicated search content contract. DuckDuckGo had long assured its users of a private browsing experience, including not allowing trackers to...
Continue Reading
Third Party Trackers Logging User Data Website Forms

Third-party trackers discovered logging user data from site forms

About 100,000 top-ranking websites have recently been examined by security experts, revealing that some of them leak users’ data entered on website forms to third-party trackers even before users hit the submit button. Moreover, even if users have not submitted their data on the forms and deleted everything they typed in, the websites still share...
Continue Reading
CERT-IN User Data Incident Report Threat Analysis India VPN ISP Policy Enforcement

CERT-IN to collect user data aiming to solve incident analysis issues

India has recently mandated all internet service providers to gather their respective user data for the last five years, based on a press release by the CERT-IN (Indian Computer Emergency Response Team). CERT-In also added that they would be amassing data from service providers such as data centres, VPNs, body corporate, and intermediaries under the...
Continue Reading
Log4j Flaw Vulnerability Expose Devices Cyberattacks

The Log4j flaw still exposes thousands of devices to cyberattacks

Several months after security analysts found the critical zero-day flaw under the Java logging library Apache Log4j, they disclosed that many servers and applications are still prone to cyberattacks posed by the flaw due to failure to apply proper security patches. The vulnerability tracked as CVE-2021-44228 was first detailed last December, allowing hackers to launch...
Continue Reading
Third Party Vendor Antivirus Flaw Vulnerability Virus Total RCE Exploit Patched

A third-party AV flaw on VirusTotal triggering RCE exploit gets patched

A security flaw was found within Google’s VirusTotal platform, allowing threat actors to exploit it to accomplish remote code execution or RCE via the unpatched third-party sandboxing machines employing anti-virus applications. The vulnerability was fixed immediately after being discovered. VirusTotal is a malware-scanning platform under Google’s security subsidiary that investigates suspicious links, domains, and files...
Continue Reading
HOMAGE Vulnerability Exploit iOS Catalan Pegasus Spyware

HOMAGE exploit discovered targeting iOS users from Catalan

Catalan-based journalists, politicians, and activists are the newest targets of a zero-click exploit on iPhone’s iMessage app utilised to install spyware under the NSO Group. As dubbed by experts, HOMAGE is a zero-click vulnerability that impacts iOS version 13.2. The HOMAGE exploit is abused by threat operators to target people with the Pegasus spyware, alongside...
Continue Reading
JSSLoader Microsoft Excel Add-Ins Bypass Security Detection

JSSLoader utilised MS Excel add-ins to bypass security detection

The JSSLoader remote access trojan (RAT) propagates using Microsoft Excel add-ins during their attacks. Researchers attributed the newly discovered threat campaign to the Russian FIN7 threat group and have been actively circulating in the wild since December two years ago. The attack campaign uses a new and more elusive variant of JSSLoader. Its threat operators...
Continue Reading
Hackers Remote Access Software Phishing Campaigns Email VNC noVNC Evilginx2

Hackers used remote access software for phishing campaigns

A new phishing strategy enables threat actors to bypass the multi-factor authentication (MFA) functionality using a new phishing technique that involves discreetly having targets log into their account on an attacker-operated server via remote access software. Based on reports, a researcher performed a pen-testing for an organisation and accidentally found a phishing activity on the...
Continue Reading
Google Drive Attack Vector Malicious Downloads Malware Scripts Cloud Services Brand Abuse

Google Drive has become the most efficient vector for malicious downloads

Recent reports revealed how Google Drive became the most exploited function that threat actors used for spreading malicious payloads. Based on data gathered by researchers, about half of all malicious Office documents spread globally were distributed by threat actors using Google Drive. The result of the report is based on a recent study that covers...
Continue Reading
Web Archive File Exploited OceanLotus APT32 Malware MHT MHTML

Web archive file exploited by OceanLotus to spread malware

A state-backed cybercriminal group called OceanLotus, also known as APT32, exploits the web archive file format to avoid detection from security solutions while distributing malware to intrude in target devices. The recent report of a cybersecurity researcher claims that the state-sponsored hackers are actively utilising the web archive files [.]MHTML, and [.]MHT for its campaign....
Continue Reading
1 2 3 4 5 6 12