January 2022 – TheCyberThrone

Public Exploit On Windows Privilege Escalation

The security researchers has publicly released an exploit for a Windows local privilege elevation flaw (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The Win32k elevation of privilege…

PravinKarthik January 31, 2022

AWS Unsecured Bucket Leaks 3TB Data

An unsecured server has exposed sensitive data belonging to airport employees across Colombia and Peru. The server belonging to Securitas was left unsecured, resulting in the exposure of 3TB in…

PravinKarthik January 31, 2022

Dark Herring ! Scam Campaign

A total of 470 malicious applications, collectively named Dark Herring, were used to target users in 70 countries in what appears to be the largest SMS scam campaign known to…

PravinKarthik January 31, 2022

Security

Google FLoC Flops ! Topics Rising

Google has decided to drop FLoC (Federated Learning of Cohorts), its cookie alternative, with something called Topics API. The Topics API will use browsing topics into 300 or so categories.…

PravinKarthik January 31, 2022

Solarwinds Fixes Critical Bug in its Helpdesk Software

Solarwinds has fixed a critical bug in its Web Help Desk software that allowed attackers to execute arbitrary Hibernate Query Language (HQL) code. Solarwinds Web Help Desk is a helpdesk…

PravinKarthik January 31, 2022

Phishing Campaign Using BYOD Process

Microsoft has elaborated about a large-scale phishing campaign that leverages stolen credentials to register devices on a target’s network to extend the attack to other enterprises. The attack exploits the…

PravinKarthik January 30, 2022

OiVaVoii Campaign Targetting C-Suite O365 Users

A new hybrid cloud campaign dubbed OiVaVoii that uses hijacked Office 365 users and a sophisticated combination of malicious OAuth apps and targeted phishing threats to attack many C-level executives,…

PravinKarthik January 30, 2022