Tuesday , December 24 2024

infosecbulletin

iPhones Hacked Via iOS Zero-Click Exploit To Deploy Spyware

Microsoft Threat Intelligence experts say a threat group is associated with “QuaDream,” an Israeli-based private sector offensive actor (PSOA). It employed a zero-click exploit called END OF DAYS to compromise the iPhones of high-risk individuals. Reports say QuaDream sells a platform called REIGN to governments for use in law enforcement. A collection …

Read More »

Sophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code

Sophos has released a new security advisory that has fixed 3 of its significant vulnerabilities, allowing threat actors to execute arbitrary code injection on Sophos Web Appliance (SWA). CVE(s): CVE-2023-1671 – Pre-Auth Command Injection CVE-2022-4934 – Post-Auth Command Injection CVE-2020-36692 – Reflected XSS via POST method CVE-2023-1671 – Pre-Auth Command Injection in Sophos …

Read More »

Pay $20K To Infect Android Devices Via Google Play Store – Darkweb Report

In recent times, it has been observed by the security researchers at Kaspersky’s SecureList that the official Google Play store’s security has become increasingly vulnerable to the schemes of the threat actors. These shady actors have exploited various loopholes to develop tools that can effectively Trojanize the existing Android applications, making them …

Read More »

Black Hat Asia 2023

The Black Hat Trainings offer attendees individual technical courses on topics ranging from the latest in penetration testing to exploiting web applications and even defending and building SCADA systems. Often designed exclusively for Black Hat, these hands-on attack and defense courses are taught by industry and subject matter experts from …

Read More »