Threat Actor Profile: APT34
APT34, also known as OilRig, is a suspected Iranian cyber espionage threat group that has been operational since at least 2014. The group is believed to work on behalf of…
Active Exploitation of Zero-Day Vulnerability (CVE-2023-38606) Affecting All Apple Products
The Centre for Cyber Security Belgium (CERT.be) has issued an advisory warning of an actively exploited zero-day vulnerability (CVE-2023-38606) affecting all Apple products. This vulnerability, which allows for the modification…
Unveiling TETRA:BURST – A Deep Dive into the Critical Vulnerabilities of Global Emergency Communication Systems
Introduction The Terrestrial Trunked Radio (TETRA), a communication system extensively utilized by government agencies, law enforcement, and emergency services organizations across Europe, the United Kingdom, and numerous other countries, has…
Ivanti Endpoint Manager Mobile (EPMM) CVE-2023-35078
Ivanti, a leading provider of IT software solutions, has recently addressed a critical zero-day authentication bypass vulnerability in its Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. This vulnerability,…
Zero-day vulnerability exploited in cyberattack on Norwegian government’s IT systems
On July 24, 2023, the Norwegian government announced that its ICT platform, used by 12 of its ministries, had been compromised in a cyberattack. The attack was carried out by…
Zenbleed – CVE-2023-20593: A use-after-free in AMD Zen2 Processors announced
A recent oss-security list post from Tavis Ormandy has brought attention to a use-after-free vulnerability, CVE-2023-20593, in AMD Zen2 processors.
Risks Associated with Managed File Transfer (MFT) Solutions
Managed File Transfer (MFT) solutions are essential tools for businesses to securely transfer sensitive data. However, like any software, they can be vulnerable to exploits if not properly managed and…
Insecure Direct Object References (IDOR): A Deep Dive into the #1 Vulnerability Found by Penetration Testers in 2023
Insecure Direct Object References (IDOR) vulnerabilities have been a consistent thorn in the side of web application security. In 2023, it was identified as the top vulnerability discovered by penetration…
Top 10 Vulnerabilities and Misconfigurations Found by Pen Testers in 2023
In the ever-evolving landscape of cybersecurity, it is crucial to stay updated with the latest vulnerabilities and misconfigurations that threat actors exploit. This article provides a detailed overview of the…
OpenSSH Security Update: Mitigating CVE-2023-38408
OpenSSH, a widely used implementation of the Secure Shell protocol (SSH), has released its latest version, OpenSSH 9.3p2. This update addresses a significant security bug, CVE-2023-38408, which could potentially be…