Revealing REvil

An Overview of the most dreaded ransomware in recent times Resurgence of Ransomware In April 2019, the Cybereason Nocturnus team encountered several target machines infected with a ransomware called Sodinokibi, which spread via links to zip files containing malicious. Sodinokibi (aka Sodin aka REvil) is installed on machines by exploiting an Oracle WebLogic vulnerability (CVE-2019-2725) and […]

The Ominous signs of a potential Inter-State Cyberwar

According to an announcement made on Tuesday, August 10 by FireEye, a global cybersecurity firm, a coordinated cyberattack, which most likely originated in China, hit dozens of Israeli government and private organizations. This cyberattack is the first documented case of a large-scale Chinese attack on Israel, the world’s leading cyber superpower. Aimed at leaking political […]

Stalkerware – Is Somebody Watching You?

Trigger Warning – Abuse, Stalking, Death She runs through an endless corridor of darkness, confused and helpless. Her heartbeat racing, her mind on overdrive. Why would he? How could he have known? How did he access her information? Her text messages, images, contact details, chats, places where she had visited, recordings of her phone calls […]

New Wave of Targeted Hacking Campaigns and Ransomware Attacks Exploiting Microsoft Exchange Server Vulnerabilities

Multiple threat actors, including Hafnium, LuckyMouse, Calypso, Winnti, Bronze Butler, Websiic, Tonto, Mikroceen, and DLTMiner, are actively targeting four zero-day Microsoft Exchange vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) in their targeted malware attacks and hacking campaigns. These threat actors managed to compromise nearly 30,000 Microsoft Exchange servers located within the United States. Approximately 7,000 organizations worldwide […]

Vulnerabilities and Privacy Issues with Clubhouse App

Clubhouse and its exponential growth during COVID-19 Clubhouse is an invite-only audio-chat iPhone app founded by Paul Davison and Rohan Seth. It allows users to create groups for conversations, including podcasts, audio conferences, etc. Launched in April 2020, the application became popular during the COVID-19 pandemic, reaching 600,000 registered users in December 2020, which exploded […]

What is the security feature bypass vulnerability & update affecting Windows customers worldwide?

Brief about the vulnerability The security feature bypass vulnerability (CVE-2020-0689) allows attackers to bypass the secure boot feature and load untrusted or malicious software during the Windows boot-up process. While this vulnerability created panic among Microsoft customers, Microsoft released a security update (KB4535680) to tackle the same. But the update has caused further inconvenience to […]

How to Evaluate the ROI on Your Cyber Security Investments?

Global Cyber Security Spends The world seems to have undergone a decade’s worth of cybersecurity acceleration within a brief period of one year. And that shows in the cybersecurity spends made across the globe. Gartner has forecasted global Cyber Security Spends to remain on a growth trajectory, despite the worldwide pandemic, and touching $123 billion […]

Active Subdomain Enumeration (Part 2)

You can read part-1 (Passive Subdomain Enumeration) here. Active sub-domain enumeration techniques Brute force or Dictionary Attacks Brute force means guessing possible combinations of the target until the expected output is discovered. So, in the subdomain context, the brute-forcing is to try the possible combination of words, alphabets, and numbers before the main domain in […]

Passive Subdomain Enumeration (Part 1)

What is sub-domain Enumeration? Subdomain enumeration is a process of finding subdomains for one or more domains. Why need sub-domain enumeration? Sub-domain enumeration helps to create a scope of security assessment by revealing domains/sub-domains of a target organization. Sub-domain enumeration increases the chance of finding vulnerabilities. The sub-domain enumeration helps us in finding the web […]