Information Security News|Cyber Security|Hacking Tutorial

3 vulnerabilities affecting IBM QRadar SIEM. Patch immediately

On: July 27, 2022

IBM has published details of vulnerabilities affecting IBM QRadar SIEM. Below are the details. 1) Improper input validation CVE-ID: CVE-2017-9801 Description The vulnerability allows a remote attacker to inject arbitraryRead More →

Login duplication allows 20m Alibaba accounts to be attacked

Alibaba Cloud Compromised to Distribute Malware via Steganography

On: July 27, 2022

In: Malware

Researchers have identified a malicious campaign using Alibaba Cloud’s Object Storage Service (OSS) (also known as Aliyun) for malware distribution and illicit cryptocurrency mining activities using steganography. OSS is aRead More →

Building a DevSecOps Process with Splunk

On: July 27, 2022

In: Technology Talk

What is DevSecOps? DevSecOps integrates software development (dev), IT operations (ops) and security (sec), to enable an organization to securely deliver software applications and services. DevSecOps incorporates the culture, practices,Read More →

Windows enables default account lockout policy for RDP (Remote Desktop Protocol) to reduce ransomware attacks based on brute forcing RDP

On: July 26, 2022

In: Data Security

Microsoft has chosen to add specific security measures against brute force attacks against RDP (Remote Desktop Protocol). These security improvements have been introduced in the most recent builds of WindowsRead More →

What is Zero Trust Security Model?

On: July 26, 2022

In: Technology Talk

Zero Trust Security is one of the technology trends with the form of a security architecture model that is starting to be used by many companies to strengthen their infrastructure.Read More →

New Very Powerful All in One Linux Malware

On: July 25, 2022

In: Malware

Previously undetected malware called Lightning Framework that targets Linux systems can be used as a backdoor using SSH and deploy rootkits to cover the tracks of attackers. Described as aRead More →

MICROSOFT MAKES THINGS HARDER FOR CYBER CRIMINALS BY DISABLING MACROS AGAIN BY DEFAULT IN OFFICE PRODUCTS

On: July 22, 2022

In: Data Security

One of the attack methods that hackers can use is a simple Word document that they send in the mail. They use macros that are capable of executing the maliciousRead More →

Critical (CVSS 9.4) SQL Injection vulnerability in SonicWall GMS & SonicWall Analytics On-Prem

On: July 22, 2022

In: Vulnerabilities

SonicWall has published a hotpatch to fix two SQL injection vulnerabilities impacting the GMS (Global Management System) and Analytics On-Prem products. CVE-2022-22280 is a critical vulnerability (CVSS 9.4) that resultsRead More →

How to Use Advanced Network Intelligence Toolkit for Pentesting: badKarma

On: July 21, 2022

In: Tutorials

Searching vulnerabilities on the host (the host can be a website, web server, network device (router and others), end-user computer) begins with the collection of basic information. This information includesRead More →

Expert Guide to the Ultimate Security of Your SAP Solutions

On: July 21, 2022

In: Technology Talk

Sensitive data is inherent to SAP solutions. Data must be protected against external unauthorized access, thus meaning extensive security and protection monitoring is required. Because SAP Systems have a holisticRead More →

3 vulnerabilities affecting IBM QRadar SIEM. Patch immediately

Alibaba Cloud Compromised to Distribute Malware via Steganography

Building a DevSecOps Process with Splunk

Windows enables default account lockout policy for RDP (Remote Desktop Protocol) to reduce ransomware attacks based on brute forcing RDP

What is Zero Trust Security Model?

New Very Powerful All in One Linux Malware

MICROSOFT MAKES THINGS HARDER FOR CYBER CRIMINALS BY DISABLING MACROS AGAIN BY DEFAULT IN OFFICE PRODUCTS

Critical (CVSS 9.4) SQL Injection vulnerability in SonicWall GMS & SonicWall Analytics On-Prem

How to Use Advanced Network Intelligence Toolkit for Pentesting: badKarma

Expert Guide to the Ultimate Security of Your SAP Solutions

TunnelCrack: Two serious vulnerabilities in VPNs discovered, had been dormant since 1996

How to easily hack TP-Link Archer AX21 Wi-Fi router

US Govt wants new label on secure IoT devices or wants to discourage use of Chinese IoT gadgets

24,649,096,027 (24.65 billion) account usernames and passwords have been leaked by cyber criminals till now in 2022

How Chinese APT hackers stole Lockheed Martin F-35 fighter plane to develop its own J-20 stealth fighter aircraft [VIDEO]

Massive NVIDIA GPU Exploit Found. How Hackers Can Take Down 35% of AI Systems in Cloud!

Blast-RADIUS Attack Exploting Critical RADIUS Flaw Could Compromise Your Network

14 Million Servers Vulnerable to Critical OpenSSH Bug: Become Remote Admin with CVE-2024-6387

How Safe is Your TinyProxy? Step-by-Step Guide to Exploiting Tinyproxy’s Zero Day Vulnerability

Eternal Malware: CVE-2024-3400 Rootkits Persist Through Palo Alto Firewalls Updates and Resets

WinRAR and ZIP File Exploits: This ZIP File Hack Could Let Malware Bypass Your Antivirus

5 Techniques Hackers Use to Jailbreak ChatGPT, Gemini, and Copilot AI systems

This Hacker Toolkit Can Breach Any Air-Gapped System – Here’s How It Works

Hacking Pagers to Explosions: Israel’s Covert Cyber-Physical Sabotage Operation Against Hezbollah!

Five Techniques for Bypassing Microsoft SmartScreen and Smart App Control (SAC) to Run Malware in Windows

How Millions of Phishing Emails were Sent from Trusted Domains: EchoSpoofing Explained

How to implement Principle of Least Privilege(Cloud Security) in AWS, Azure, and GCP cloud

The 11 Essential Falco Cloud Security Rules for Securing Containerized Applications at No Cost

Hack-Proof Your Cloud: The Step-by-Step Continuous Threat Exposure Management CTEM Strategy for AWS & AZURE

Web-Based PLC Malware: A New Technique to Hack Industrial Control Systems

This Hacker Toolkit Can Breach Any Air-Gapped System – Here’s How It Works

Hackers’ Guide to Rogue VM Deployment: Lessons from the MITRE hack

Eternal Malware: CVE-2024-3400 Rootkits Persist Through Palo Alto Firewalls Updates and Resets

Major Python Infrastructure Breach – Over 170K Users Compromised. How Safe Is Your Code?

How to exploit Windows Defender Antivirus to infect a device with malware

Cyber Security Channel

US Govt wants new label on secure IoT devices or wants to discourage use of Chinese IoT gadgets

24,649,096,027 (24.65 billion) account usernames and passwords have been leaked by cyber criminals till now in 2022

How Chinese APT hackers stole Lockheed Martin F-35 fighter plane to develop its own J-20 stealth fighter aircraft [VIDEO]