An Overview of the most dreaded ransomware in recent times Resurgence of Ransomware In April 2019, the Cybereason Nocturnus team encountered several target machines infected with a ransomware called Sodinokibi, which spread via links to zip files containing malicious. Sodinokibi (aka Sodin aka REvil) is installed on machines by exploiting an Oracle WebLogic vulnerability (CVE-2019-2725) and […]
According to an announcement made on Tuesday, August 10 by FireEye, a global cybersecurity firm, a coordinated cyberattack, which most likely originated in China, hit dozens of Israeli government and private organizations. This cyberattack is the first documented case of a large-scale Chinese attack on Israel, the world’s leading cyber superpower. Aimed at leaking political […]
Big Ticket Data Breaches How do they go undetected for so long? Introduction July 15, 2020 – PII Data of around 270 million Wattpad (a social storytelling website) users’ was leaked by an unknown hacker. The hacker released private data in public forums. According to researchers, the breach happened in June 2020. March 30, 2021 […]
Trigger Warning – Abuse, Stalking, Death She runs through an endless corridor of darkness, confused and helpless. Her heartbeat racing, her mind on overdrive. Why would he? How could he have known? How did he access her information? Her text messages, images, contact details, chats, places where she had visited, recordings of her phone calls […]
Multiple threat actors, including Hafnium, LuckyMouse, Calypso, Winnti, Bronze Butler, Websiic, Tonto, Mikroceen, and DLTMiner, are actively targeting four zero-day Microsoft Exchange vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) in their targeted malware attacks and hacking campaigns. These threat actors managed to compromise nearly 30,000 Microsoft Exchange servers located within the United States. Approximately 7,000 organizations worldwide […]
Clubhouse and its exponential growth during COVID-19 Clubhouse is an invite-only audio-chat iPhone app founded by Paul Davison and Rohan Seth. It allows users to create groups for conversations, including podcasts, audio conferences, etc. Launched in April 2020, the application became popular during the COVID-19 pandemic, reaching 600,000 registered users in December 2020, which exploded […]
Brief about the vulnerability The security feature bypass vulnerability (CVE-2020-0689) allows attackers to bypass the secure boot feature and load untrusted or malicious software during the Windows boot-up process. While this vulnerability created panic among Microsoft customers, Microsoft released a security update (KB4535680) to tackle the same. But the update has caused further inconvenience to […]
Global Cyber Security Spends The world seems to have undergone a decade’s worth of cybersecurity acceleration within a brief period of one year. And that shows in the cybersecurity spends made across the globe. Gartner has forecasted global Cyber Security Spends to remain on a growth trajectory, despite the worldwide pandemic, and touching $123 billion […]
You can read part-1 (Passive Subdomain Enumeration) here. Active sub-domain enumeration techniques Brute force or Dictionary Attacks Brute force means guessing possible combinations of the target until the expected output is discovered. So, in the subdomain context, the brute-forcing is to try the possible combination of words, alphabets, and numbers before the main domain in […]
What is sub-domain Enumeration? Subdomain enumeration is a process of finding subdomains for one or more domains. Why need sub-domain enumeration? Sub-domain enumeration helps to create a scope of security assessment by revealing domains/sub-domains of a target organization. Sub-domain enumeration increases the chance of finding vulnerabilities. The sub-domain enumeration helps us in finding the web […]
