On 2023-11-27, an incident was reported, involving an unknown actor, gaining initial access via End-user compromise, to achieve Data exfiltration.

On 2023-11-27, a campaign was reported, involving Andariel, gaining initial access via 1-day vulnerability, while using Vulnerability exploitation, targeting Apache ActiveMQ with unknown impact....

The 2023 Executive Order has far-reaching implications for companies relying on AI. Here is a breakdown of it through the lens of a Security Engineer, including an analysis, a summary of the...

Everyone has their own auditing methodology. Read the docs, don't read the docs, start with code, end with ... At the end of the day, the goal is to find all of the bugs. Most importantly for...

Mastadon is a decentralized Twitter-like replacement. Instead of having a single website, there are multiple servers that are individually ran. The instances communicate via HTTP requests with a...

Scroll is a zero knowledge (ZK) roll up layer 2 blockchain. The idea is to roll up loads of Ethereum transactions on a different blockchain back on to Ethereum. Then, to crank up the privacy, add...

Google Cloud customers can now detect excessive access in their GCP environment based on Google audit logs to effectively right-size permissions.

Researchers detected a cyber attack campaign that installs the XMRig CoinMiner on Windows web servers operating Apache. The threat actor employed Cobalt Strike to manage the compromised system....

Dive in a Kubernetes attack and see how eBPF and other security best practices can prevent these attacks.

a blue box that reads "Threat Analysis Group"

Wiz extends its platform to secure AI with AI-SPM capabilities, helping organizations accelerate their AI innovation in the cloud.

MacOS has two many things going on for its own good. It has way too many things to analyze statically. So, the author creates a tool to pick up FDA entitled apps and run a syscall trace on them....

The rep movsb instruction is a super common way to move around memory in x86. The destination, direction and amount are all set in this call, but the processor does stuff under the hood. In x86,...

Authored by Dexter Shin Most people have smartphones these days which can be used to easily search for various topics... The post Fake Android and iOS apps steal SMS and contacts in South Korea...

Authored by Margit Hazenbroek At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for...

Authored by Margit Hazenbroek At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for...

Wiz has helped hundreds of organizations, including 40% of the Fortune 100, improve their security posture and gain operational efficiency.

On 2023-11-14, a campaign was reported, involving C3RB3R operator, gaining initial access via 1-day vulnerability, targeting Confluence Server to achieve RansomOp. The following tools were...

Gain complete visibility into your environment and its risks to enable a Zero Trust strategy in the cloud

An error as small as a single flipped memory bit is all it takes to expose a private key.

Perpetuals are a type of trading that is speculating on the price of an asset after some amount of time in the future. The price can either be bet on going up or down. The vulnerability is in the...

On 2023-11-13, a campaign was reported, involving an unknown actor, gaining initial access via Software misconfig, while using Abusing exposed Docker socket, targeting Docker to achieve Resource...

What happened? On 8 November 2023, the Industrial and Commercial Bank of China (ICBC) was attacked by the LockBit ransomware group. The ICBC is one of the world’s largest banks and is a Chinese...

Optimism is an L2 blockchain. The idea is that Ethereum is too slow and too expensive. So, if we rollup a large amount of transactions into a single transaction sent to Etheruem, the gas cost can...

| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […] The...

A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion...

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81,...

Today, Wiz published its 2023 Kubernetes Security Report. Here are some key takeaways.

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted...

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that...