When The Backbone ERP Becomes The Breach Point: Oracle EBS Under Fire
Blog When The Backbone ERP Becomes The Breach Point: Oracle EBS Under Fire Oracle EBS Under Fire A new campaign linked to the CL0P and FIN11 groups is targeting Oracle E-Business Suite (EBS) customers across multiple industries. What makes this case different is not only the scale but also the nature of the systems under […]
Google Chrome DLL Side Loading Exploit: A Deep Dive into Emerging Cyber Threats
Blog Google Chrome DLL Side Loading Exploit: A Deep Dive into Emerging Cyber Threats Executive Summary Threat actors are actively exploiting a vulnerability in Google Chrome version 133.0.6943.126 by leveraging DLL side-loading techniques to execute malicious code through a trusted subprocess. This attack vector has been commercialized on dark web forums, providing detailed implementation instructions […]
Top 10 Vulnerabilities of November 2024
Blog This article is about ‘Top 10 Vulnerabilities of November 2024’. Cybersecurity has been growing rapidly,simultaneously, there are an increasing number of threats to organizations’ key systems, applications, and devices. In recent releases unfortunately we see the rise of high-severity vulnerabilities where hackers take advantage of holes in popular platforms and infrastructure to steal data, […]
Peek into Monthly Vulnerabilities October 2024
Blog In October 2024, we were aware of a series of high-risk Common Vulnerabilities and Exposures (CVEs) for organizations and users. Such vulnerabilities, when taken advantage of, can allow attackers to gain root access and execute data breach, service disruption and other attacks. In this blog, we’ll dive into the top 10 CVEs for October […]
Amnesia Stealer
Blog The Amnesia Stealer is a sophisticated and dangerous piece of malware. In the current digital environment, cybercriminals are always updating their strategies, using fresh technologies to get around security measures and access systems. The Amnesia Stealer, a sophisticated and dangerous piece of malware, has recently been added to their arsenal, garnering global attention from […]
Peek into Monthly Vulnerabilities: September 2024
Blog Peek into Monthly Vulnerabilities: September 2024 The month of September 2024 is exceptional for the many high-severity flaws that may hurt organizations and individual users. Several key Common Vulnerabilities and Exposures (CVEs) were published during this month, which could potentially grant attackers easy access to target systems. As we delve into these flaws, it […]
Peek into Monthly Vulnerabilities: August 2024
Blog August 2024 Vulnerabilities August 2024 again saw an uptick in the number of vulnerability disclosures, with several commonly exploited Common Vulnerabilities and Exposures (CVEs) across several platforms. Risk levels may be high, particularly on an enterprise scale, but the number of exploits seen this month demonstrates that there are active attempts to prevent them. […]
Peek into Monthly Vulnerabilities: July 2024
Blog Peek into Monthly Vulnerabilities July 2024 July 2024 is not a normal reporting month as 22,254 Common Vulnerabilities and Exposures (CVEs) were reported in the middle of it, but only %0.91 had been weaponized. There were 79,000 new vulnerabilities reported in the first six months of 2024, which isn’t the actual number, but even if it is, […]
Peek into Monthly Vulnerabilities: June 2024
Blog Vulnerabilities June 2024 Peek into Monthly Vulnerabilities: June 2024 As more and more vulnerabilities and security flaws have surfaced throughout the rapidly changing cyber landscape, the need to keep an eye on our cybersecurity has become more keenly felt than ever before. The patching requirements of good cyber hygiene mandate that your chain is […]
Polyfill.io Supply Chain Attack: How Over 100,000 Websites Were Compromised and What You Need to Know
Blog Polyfill.io supply chain attack Polyfill.io Supply Chain Attack: How Over 100,000 Websites Were Compromised and What You Need to Know The Polyfill.io Scandal: What Happened? A highly used open-source JavaScript library, Polyfill.io helps to enable older browsers to implement modern web functionalities. This highly trusted service has recently been compromised, leading to massive supply […]
Peek into Monthly Vulnerabilities: May 2024
Blog Peek into Monthly Vulnerabilities May 2024 In May 2024, one of the largest number of vulnerabilities and security wrongdoings in this ever-changing cyber world were discovered. These vulnerabilities indicate that we must remain vigilant about our approach to cybersecurity. The online security landscape requires regular security patches to be in top form. Maintaining good […]
What is the OpenSSL Version Vulnerability?
Blog Learn about the OpenSSL version vulnerability, a flaw in the popular encryption library that can expose sensitive data, emphasizing the importance of updates to mitigate security risks. On October 25, the OpenSSL team has announced that a security patch for a critical vulnerability in OpenSSL version 3.x was being prepared. In addition to that […]
SQL Injection Failure and Flaws Have Been Patched by Vmware
Blog SQL Injection Failure SQL Injection Failure and Flaws That Allow Remote Attackers to Execute Code Remotely Have Been Patched by Vmware. The proof-of-concept exploit code is publicly available for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain administrative privileges. VMware has previously released updates to the vulnerability (CVE-2022-31656, […]
Google Has Released an Update for the New Chrome Zero-Day Vulnerability
Blog Chrome Zero-Day Vulnerability Google has released security updates for many vulnerabilities, including the zero-day vulnerability for the Chrome browser. These defects are known to be actively exploited in the wild. Defined as a case of insufficient validation of untrusted inputs in Intents, the flaw is tracked with code CVE-2022-2856 (CVSS: N/A). The firm refrained […]
CISA Warning Against Active Exploitation of Palo Alto Networks’ PAN-OS Vulnerability
Blog This blog is about CISA’s warning regarding the active exploitation of a Palo Alto Networks PAN-OS vulnerability. PAN-OS vulnerability. CISA added Palo Alto Networks PAN-OS to its Catalog of Known Exploited Vulnerabilities based on evidence of active exploitation This critical vulnerability is tracked with code CVE-2022-0028 (CVSS: 8.6 High). The vulnerability is the misconfiguration […]
Iranian Threat Actor MERCURY Exploits Log4j 2 Vulnerabilities in Unpatched Systems
Blog The Iranian threat actor MERCURY has been exploiting unpatched Log4j 2 vulnerabilities in SysAid applications to target organizations, highlighting the critical need for timely security updates. The Iranian threat actor MERCURY The Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team found that Iran-based threat actor MERCURY exploited Log4j 2 vulnerabilities in […]
PetitPotam (MS-EFSRPC) Exploit – CVE2021-36942
Blog PetitPotam (MS-EFSRPC) Exploit – Summary PetitPotam Exploit needs Active Directory Certificate Services, specifically the default settings behind the Web Enrollment service because of this Vulnerability. Adversaries can achieve full Domain Admin (DC) takeover of a target Active Directory by using PetitPotam, which takes attention among Ransomware Gangs, they are able to use this Vulnerability […]
What is HTML Injection Vulnerability? How to Mitigate HTML Injection?
Blog HTML Injection vulnerability is a kind of injection vulnerability as you can understand from it’s name. It allows the user to inject his/her arbitrary HTML codes to the webpage. Injection type may be stored or reflected. It looks like a Cross-site Scripting (XSS) vulnerability. Some researchers consider the HTML Injection vulnerability to be a […]
What are Multiple Apache Vulnerabilities?
Blog Multiple Apache Vulnerabilities Multiple Apache Vulnerabilities can expose systems to various risks, including unauthorized access, denial of service, and data breaches. In this article, Apache Server and its vulnerabilities, and ways to mitigate these threats will be talked about. How to find the website’s server? There are multiple tools available to find out which […]
What Is Jquery XSS Vulnerability Version?
Blog Jquery XSS Vulnerability Version; Much information, including personal information, can be captured and operations can be performed on computers. Let’s start with what jquery and XSS are. Jquery is a library of JavaScript. It was created to facilitate the use of JavaScript on websites. It is not a separate programming language and works with […]
What is File Upload Vulnerability?
Blog File upload vulnerability File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and potentially […]
What is Weak SSL Algorithms?
Blog Weak SSL algorithms are cryptographic protocols that do not provide adequate security, making it easier for attackers to intercept sensitive data. Sensitive data must be protected when transmitted over the network. This data may include user credentials and credit card information. Servers are authenticated using digital certificates. These are SSL/TLS certificates. TLS encrypts communication […]
What is Server Header Information Disclosure?
Blog Server Header Information Disclosure In this article, what is Server Header Information Disclosure and what ways it causes will be discussed. While the web server sends HTTP headers to the user to respond, it exposes the server version and the technologies used by the web server. This information plays an important role in determining […]
What is SSL Expire?
Blog SSL Certificate An SSL certificate is a digital certificate that authenticates a website and encrypts information sent to a server using this technology. How to learn SSL certificate duration? There are websites to query the expiration time of the SSL certificate. Secondly, the SSL certificate duration can be learned with the following command line […]
What is SMTP Open Mail Relay Vulnerability?
Blog SMTP open mail relay vulnerability occurs when a mail server is improperly configured, allowing unauthorized users to send emails through it. SMTP (Simple Mail Transfer Protocol) SMTP, e-mail protocols are sets of rules that let different e-mail clients and accounts easily exchange information. It is also the only dedicated protocol for sending e-mails. Most […]
What are Multiple Microsoft IIS Vulnerabilities?
Blog In this article, Microsoft IIS Server vulnerabilities and ways to mitigate these threats will be discussed. How to find the website’s server? There are multiple tools available to find out which web server is used. The first of these is curl -I command. curl -I command is run on terminal in order to learn […]
What are Multiple Nginx Vulnerabilities?
Blog In this article, Nginx Server vulnerabilities and ways to mitigate these threats will be talked about. How to find the website’s server? There are multiple tools available to find out which web server is used. The first of these is curl -I command. curl -I command is run on terminal in order to learn […]