JS8 is a protocol for communicating over vast differences using radio. It's a text based protocol for chat. The protocol is operates at 7MHz-14MHz, which is extremely low. At these frequencies,...

A security researcher discovered an exposed cloud database that contained sensitive log records with references to Fatal Model, an escort service in Brazil. Additionally, the database contained...

Authored by: Neil Tyagi Scam artists know no bounds—and that also applies to stealing your cryptocurrency. Crypto scams are like... The post Crypto Scam: SpaceX Tokens for Sale appeared first on...

TL;DR This post is a summary of the contents of my talk in Defcon 31 AppSec Village last August 2023, and part of what I will explain in Canada at the SecTor conference on the 24th of October 2023...

This blog post is based on “GroundPeony: Crawling with Malice” that we presented at HITCON CMT 2023. We are grateful to HITCON for giving us the opportunity to present....

Ensure that your Docker and Kubernetes environments are secure and compliant with CIS benchmarks. Generate reports quickly and easily and remediate any issues with actionable insights.

Zunami is a yield aggregator protocol for stablecoin staking. They lost 2.1M dollars in two transactions. How did this happen? The function calcTokenPrice() is used to determine the price of the...

Chainlink provides off-chain data to smart contracts in order for users to query them. Integrating with chainlink creates its own set of challenges. The oracles are updated periodically but must...

On 2023-08-17, a campaign was reported, involving Labrat operator, gaining initial access via 1-day vulnerability, while using Proxyjacking, Cloud compute cryptojacking, targeting GitLab to...

After tracking the cybercrime threat landscape on a day-to-day basis for over four years now, it’s not that often anymore that something surprises me. But the latest trend of a suspected...

Mocor OS is a proprietary OS from UNISOC. This OS is used in various phone vendros such as Nokia, TCL and others. During the initial boot up process, there is a user-lock password on the phone....

On the web, the go to method for maintaining state in the stateless HTTP protocol is cookies. The .NET framework included a way of putting cookies into the URL for clients who couldn't support...

The original XBox was pwned hard very soon after its release through various methods. One method that was thrown out early on was the idea of using JTAG. This was a gold mine if possible though;...

VPNs are used in order to prevent snooping or internet tracking. In this article, the authors go over widespread issues they found with VPN apps. When a user joins a network, the subnet is set....

On 2023-08-15, an incident was reported, involving an unknown actor, gaining initial access via 0-day vulnerability, while using SSM orchestration abuse, Cron persistence, IMDS abuse, targeting...

On 2023-08-15, an incident was reported, involving an unknown actor, gaining initial access via ,. The following tools were observed: linPEAS.

On 2023-08-15, a campaign was reported, involving 0ktapus, gaining initial access via Unknown, while using Azure Run Commands abuse, with unknown impact.

Patterson Cake // When it comes to M365 audit and investigation, the “Unified Audit Log” (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend […] The post...

In this part we present information on the four types of implants and two tools used during the last (third) stage of the attacks discovered.

On 2023-08-10, a campaign was reported, involving an unknown actor, gaining initial access via 1-day vulnerability, targeting SugarCRM. The following tools were observed: Pacu, ScoutSuite.

Researchers also disclosed a separate bug called "Inception" for newer AMD CPUs.

Wiz is the #1 cloud security company on the list and one of the biggest movers from last year, alongside OpenAI. What an honor!

Mitigating factors include typing style, multi-case passwords, uncommon laptops.

COVID's impact still resonates. Remote work, AI, and a turbulent economy have made the future unpredictable, including the future of cloud security. But we still have best practices for you! Let's...

Shining a Light on the Hidden Tactics and Techniques Employed by DarkGate

Welcome to the world of hacktivism, where technology and activism collide. Verifying and researching hacktivist claims can be a challenging and time-consuming endeavour. The sheer volume of claims...

Authored by SangRyol Ryu, McAfee Threat Researcher We live in a world where advertisements are everywhere, and it’s no surprise... The post Invisible Adware: Unveiling Ad Fraud Targeting Android...

The wealth of data available on the internet and the infinite potential that it has to offer requires much diligence and technique to unlock. This is where ‘Web Crawling’ and ‘Web Scraping’ come...

Authored by: Lakshya Mathur and Yashvi Shah As the Back-to-School season approaches, scammers are taking advantage of the opportunity to... The post The Season of Back to School Scams appeared...

Wiz protects AI infrastructure against cloud attacks, allowing data scientists and engineers to focus on deploying more AI applications.