As a dedicated bug bounty hunter with an enviable track record on BugCrowd, Abdullah Nawaf, Full full-time bug Bounty Hunter, thrives on the thrill of discovery and the challenge of finding high-impact vulnerabilities. Recently, alongside his colleague Orwa Atyat, they achieved…
Category: EN
Let’s Encrypt Unveils Six-Day Certificate and IP Address Options for 2025
Let’s Encrypt has announced plans to introduce six-day certificate options and support for IP address certificates in 2025. This initiative is part of the organization’s ongoing commitment to fortify the Web Public Key Infrastructure (PKI), making secure connections more accessible…
DORA Comes into Force: Experts Weigh In on Its Impact and Opportunities
Today marks the enforcement of the Digital Operational Resilience Act (DORA), a regulation aimed at strengthening the financial sector’s defenses against cyber threats and operational risks. With its focus on ICT risk management, incident reporting, and operational resilience, DORA sets…
NSA issues warning to iPhone users on data security
National Security Agency (NSA) of the United States has issued a global advisory for iPhone users regarding a device setting that raises significant data security concerns. According to the agency, this setting could enable third-party applications and hackers to conduct…
Russia-linked APT Star Blizzard targets WhatsApp accounts
The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection.…
Balancing usability and security in the fight against identity-based attacks
In this Help Net Security interview, Adam Bateman, CEO of Push Security, talks about the rise in identity-based attacks, how they’re becoming more sophisticated each year, and how AI and ML are both fueling these threats and helping to defend…
How Video-Based Training Drives Compliance in Cybersecurity Policies
Cybersecurity threats are becoming more sophisticated, posing significant risks to organizations of all sizes. With sensitive data and critical systems at stake, employee compliance with cybersecurity policies is crucial to mitigating these threats. One effective way to ensure compliance is…
9 Airbnb scams and how to avoid them
Airbnb is a hugely popular accommodation provider. With the option to rent apartments, houses and rooms on a short-term basis, travelers have a useful (and… The post 9 Airbnb scams and how to avoid them appeared first on Panda Security…
CISA Warns of Aviatrix Controllers OS Command Injection Vulnerability Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a significant OS command injection vulnerability in Aviatrix Controllers, identified as CVE-2024-50603. This vulnerability poses a serious risk, as it allows unauthenticated attackers to execute arbitrary code on…
BitMEX Fined $100 Million for Violating Bank Secrecy Act
In a significant legal development, HDR Global Trading Ltd., operating under the name BitMEX, has been fined $100 million for violating the Bank Secrecy Act. Attorney for the United States, Matthew Podolsky, announced the sentencing on January 17, 2025, highlighting…
MSSqlPwner: Open-source tool for pentesting MSSQL servers
MSSqlPwner is an open-source pentesting tool tailored to interact with and exploit MSSQL servers. Built on Impacket, it enables users to authenticate with databases using various credentials, including clear-text passwords, NTLM hashes, and Kerberos tickets. The tool offers multiple methods…
Educate, Prepare, & Mitigate: The Keys to Unlocking Cyber Resilience
In 2024, consumers saw an array of cybersecurity incidents that impacted them directly, and in dramatic ways. From the Change Healthcare attack that impacted healthcare systems and prevented some from getting medication, to the more recent issues involving Ahold Delhaize…
Vulnerabilities in SimpleHelp Remote Access Software May Lead to System Compromise
Three vulnerabilities in SimpleHelp could allow attackers to compromise the remote access software’s server and the client machine. The post Vulnerabilities in SimpleHelp Remote Access Software May Lead to System Compromise appeared first on SecurityWeek. This article has been indexed…
Homeowners are clueless about how smart devices collect their data
Homeowners are increasingly concerned about data privacy in smart home products, according to Copeland. Homeowners see smart devices as boosting home security Homeowners are still generally comfortable in using new technology, but this year smart thermostat non-owners are less likely…
Hackers Deploy Web Shell To Abuse IIS Worker And Exfiltrate Data
An attacker exploited a vulnerability in the batchupload.aspx and email_settings.aspx pages on the target server that allowed them to upload a malicious web shell to the IIS worker process (w3wp.exe). They initially attempted to upload a web shell to another…
CISA Releases Guidelines For Closing Software Understanding Gap
The Cybersecurity and Infrastructure Security Agency (CISA) has released a pivotal report calling for urgent action to address the “software understanding gap.” This comprehensive document highlights the significant disparity between the rapid advancement in software production and the corresponding investment…
Analysis of Threat Actor Data Posting
This blog analysis regarding a recent threat actor posting, which claims to offer compromised configuration and VPN credentials from FortiGate devices, provides factual information to help our customers better understand the situation and make informed decisions. This article has…
EU takes decisive action on healthcare cybersecurity
The Commission has presented an EU action plan aimed at strengthening the cybersecurity of hospitals and healthcare providers. The initiative is an essential step in shielding the healthcare sector from cyber threats. Digitalization is revolutionizing healthcare, enabling better patient services…
European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China
Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users’ data to China. The advocacy group…
A Peek Inside the Current State of BitCoin Exchanges
Dear blog readers, In this post I’ll provide some actionable intelligence on the current state of active BitCoin Exchanges landscape with the idea to assist everyone on their way to properly attribute a fraudulent or malicious transaction or to dig…