12Jun 2023 by Ernest Haberli Jr. No Comments
How Lazarus Group Abuses IIS Servers to Spread Malware? How Should You Protect Your IIS Servers from DLL side-loading Attacks?

How Lazarus Group Abuses IIS Servers to Spread Malware? How Should You Protect Your IIS Servers from DLL side-loading Attacks?

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Malware, Network Security, Threats & Vulnerabilities
Attackers are always searching for weak points to establish a foothold within your network. Today, we are uncovering one such group of attackers who have been observed exploiting Windows IIS servers to distribute malware. We’re referring to the Lazarus group, a notorious cyber assault organization known for its relentless attacks. They have now shifted their focus towards exploiting vulnerable Microsoft Internet Information Services (IIS) servers. Recently, the AhnLab Security Emergency Response Center (ASEC) published a report explaining how the Lazarus group abuses IIS servers to propagate malware. We’ve created this post to let security and Windows teams know about how to protect IIS servers from DLL Side-Loading Attacks. A Short Introduction to Lazarus Group: Lazarus group is one of the notorious North Korean-backed APT groups performing multiple attacks worldwide. Many…
Read More
10Jun 2023 by Ernest Haberli Jr. No Comments
How To Investigate An Email ID Using Mosint?

How To Investigate An Email ID Using Mosint?

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Data Breaches, Linux, Mac, Network Security, Threats & Vulnerabilities
Email has become one of the most popular means of communication, especially in the business world. Despite its many benefits, the email also has some disadvantages that can impact productivity and effectiveness. One of the biggest disadvantages is its susceptibility to cyber-attacks. Cyberattacks are becoming more and more common, and email is often the gateway that attackers use to gain access to a company’s network. Once they have access, they can wreak havoc by stealing data, deleting files, or even taking over the entire network. Email IDs are also considered one of the markable Indicators of Compromise (IoCs) in the Cybersecurity landscape. It is not just important to know how to investigate an email ID, however, it is necessary to know. There are several tools and techniques to investigate an email ID,…
Read More
10Jun 2023 by Ernest Haberli Jr. No Comments
Protecting Your macOS Device From Atomic macOS Stealer Malware- AMOS Malware

Protecting Your macOS Device From Atomic macOS Stealer Malware- AMOS Malware

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Mac, Malware, Threats & Vulnerabilities
It is a known fact that Apple is growing its market in smartphones to mac books by releasing powerful exciting and more productive products over the years. This made threat actors create more malware programs to target Apple’s products. If you have been following cybersecurity blogs or intelligence for a year, MacStealer, RustBucket, and DazzleSpy are a few good examples, which show how threat actors are actively working on macOS exploits. There is a new addition to this list. Atomic macOS Stealer Malware (AMOS Malware).   Cyble Research and Intelligence Labs (CRIL) recently uncovered a Telegram channel promoting a new information-stealing malware, dubbed Atomic macOS Stealer (AMOS). This malware is specifically engineered to target macOS users and pilfer sensitive information from their devices. The research team also reveals that the…
Read More
09Jun 2023 by Ernest Haberli Jr. No Comments
How to Protect Your Apple Devices From 14 0-Day Vulnerabilities in iOS, iPadOS, and macOS

How to Protect Your Apple Devices From 14 0-Day Vulnerabilities in iOS, iPadOS, and macOS

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, INFOSEC, Mobile, Threats & Vulnerabilities, Tutorials
On SEP 12th, tech giant Apple rolled out security updates for their iOS, iPadOS, and macOS platforms to protect your Apple devices from 14 0-day vulnerabilities in iOS, iPadOS, and macOS. Apple didn’t disclose the technical details about the flaws to avoid the exploitation of the vulnerabilities. Let’s explore what Apple has shared about the vulnerabilities in this post. Let’s start this post from listing the vulnerabilities. List of 0-Day Vulnerabilities in iOS, iPadOS, and macOS Apple has shared a long list of 0-day vulnerabilities in iOS, iPadOS, and macOS. Sl. No.CVE IDAffected OSDescriptionImpact1CVE-2022-32854All versions prior viOS 15.7 and viPadOS 15.7.All versions prior macOS Big Sur v11.7.This is an improper checks in Privacy preferences.Possible to bypass Privacy preferences.2CVE-2022-32911All versions prior viOS 15.7 and viPadOS 15.7.All versions prior macOS Big Sur v11.7.All versions prior…
Read More
08Jun 2023 by webmaster No Comments
How to Fix CVE-2023-34362- A Critical 0-Day SQL Injection Vulnerability in MOVEit Transfer Solution?

How to Fix CVE-2023-34362- A Critical 0-Day SQL Injection Vulnerability in MOVEit Transfer Solution?

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Network Security, Pen Testing, Threats & Vulnerabilities, Vulnerabilities
Progress Software has issued an advisory for a critical zero-day SQL Injection vulnerability in their MOVEit Transfer Solution. This vulnerability, initially disclosed on May 31, 2023, was assigned a CVE ID a few days later and is now tracked as CVE-2023-34362. It has received the maximum CVSS score of 10 out of 10, indicating its high severity. According to the advisory, this SQL Injection vulnerability could permit attackers to gain unauthorized access to the database of the MOVEit Transfer web application. Progress Software has issued a warning about the active exploitation of this vulnerability by the Cl0p ransomware gang. Microsoft linked the Cl0p ransomware group, associated with data-theft attacks on MOVEit, which can result in the theft or deletion of files or the encryption of files with a ransom demand attached. It…
Read More
05Jun 2023 by Ernest Haberli Jr. No Comments
How To Secure Your APC Smart-UPS Devices From TLStorm Vulnerabilities

How To Secure Your APC Smart-UPS Devices From TLStorm Vulnerabilities

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Network Security, Threats & Vulnerabilities, Vulnerabilities
Security researchers from Armis have disclosed a set of three critical vulnerabilities in APC Smart-UPS devices, cumulatively called TLStorm vulnerabilities. A remote attacker can string these vulnerabilities together to take over Smart-UPS devices and carry out extreme attacks targeting both physical devices and IT assets. The report published says that nearly 80% of the devices deployed in Governmental, Healthcare, Industrial, IT, Retail, and other sectors are vulnerable to TLStorm vulnerabilities. So, it is important to know more about the flaws before being hit by the worst. We have created this post to let all the people know How to Secure Your APC Smart-UPS Devices from TLStorm Vulnerabilities. To understand the significance of TLStorm vulnerabilities, you should know how big the APC network is. APC is a leading UPS manufacturer with over 20…
Read More
04Jun 2023 by Ernest Haberli Jr. No Comments
How To Fix CVE-2021-1577- A Critical Arbitrary File Read And Write Vulnerability In Cisco APIC

How To Fix CVE-2021-1577- A Critical Arbitrary File Read And Write Vulnerability In Cisco APIC

Application Security, Application/Appliance, Cloud & OS Platforms, Cyber Attacks, Cyber Security, Data Breaches, INFOSEC, Network Security, Threats & Vulnerabilities
Cisco has published advisory for one critical severity, one high severity vulnerability, and two medium severity vulnerabilities in Cisco APIC (Application Policy Infrastructure Controller). Successful exploitation of the vulnerabilities could allow attackers to take over the vulnerable Cisco appliances. The flaw CVE-2021-1577 with a base score of 9.1 is the most critical vulnerability among the four, which allows unauthenticated, remote attackers to read or write arbitrary files on an affected system. We recommend all the owners of Cisco and cloud APIC app read this post that tells how to fix CVE-2021-1577- A Critical Arbitrary File Read and Write Vulnerability in Cisco APIC. List Of Other Vulnerabilities Disclosed In Cisco APIC And Cloud APIC: Four vulnerabilities uncovered in Cisco APIC and Cloud APIC are: CVE-2021-1577: Arbitrary File Read and Write Vulnerability…
Read More
03Jun 2023 by Ernest Haberli Jr. No Comments
8 Raspberry Pi 4 Alternatives: The Best Single Board Computers For Your Next Project

8 Raspberry Pi 4 Alternatives: The Best Single Board Computers For Your Next Project

AI & Automation, Application Security, Application/Appliance, Best Reads, Cloud & OS Platforms, Cyber Security, Linux, Windows
The Raspberry Pi 4 Model B has become the go-to single-board computer (SBC) for makers, developers, and DIY enthusiasts around the world. However, with increasing demand and shortage of supply, it’s time to explore some equally powerful alternatives.   In this blog post, we’ll be diving into 8 Raspberry Pi 4 alternatives that offer excellent performance, versatility, and features to help you choose the best option for your next project. What Is A Single Board Computer? A single board computer (SBC) is a compact, integrated electronic device that combines all the essential elements of a full-fledged computer onto a single circuit board. Unlike traditional desktop computers with the separate motherboards, RAM, and storage components, SBCs are designed for size efficiency and lower power consumption while still offering impressive processing capabilities. At the heart of any SBC lies its…
Read More