WebShell Attack on a Rise
Posted incloudsecurity

WebShell Attack on a Rise

The number of monthly web shell attacks has almost doubled since last year, with an average of 140,000 such malicious tools being found on compromised servers every month Microsoft stated Web…
Dependency Confusion technique
Posted incloudsecurity

Dependency Confusion technique

Security researchers has detailed a supply chain attack technique called Dependency Confusion or a Substitution Attack, which can attack hybrid package manager configurations inside large corporations. Poisoning process The Dependency Confusion technique…
Zerologon Enforcement Mode

Zerologon Enforcement Mode

The Netlogon distant code execution vulnerability, disclosed final August, has been weaponized by APT teams.Microsoft has launched part two mitigation for the important Zerologon vulnerability disclosed in August 2020. CVE-2020-1472…
Critical RCE in TCP/IP

Critical RCE in TCP/IP

Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an important Denial of Service (DoS) vulnerability (CVE-2021-24086).…
Hackers Spyed with ConnectWise

Hackers Spyed with ConnectWise

UAE and Kuwait government agencies are targets of a new cyberespionage campaign potentially carried out by Iranian threat actors. Attributing the operation to be the work of Static Kitten, The…
Gitlab Spammed
Posted incybersecurity Security Spyware

Gitlab Spammed

The GitLab, a source code hosting website, and the Python Package Index (PyPI) portal both are flooded with advertisements for shady websites and assorted services by the spammers. However, both…