International

The MITRE Corporation and the US Cybersecurity and Infrastructure Security Agency (CISA) released Caldera for OT, a new extension to the open source Caldera platform that emulates adversarial attacks against operational technology (OT). Caldera for OT is the result of a collaboration between MITRE, CISA, and the Homeland Security Systems …

The Indian Cyber Force (ICF) hackers group again threat they are going to attack Bangladesh coming 19 September for the 2nd time. Prior to that, they attack Bangladeshi infrastructure on 15 August and according the calculation provided by the BGD e-Gov CIRT on that day more than 10 websites were …

A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website’s source code. An examination of the text input fields in web browsers revealed that the coarse-grained permission model underpinning Chrome extensions violates the principles …

A SAML token signature bypass vulnerability in VMware Tools was responsibly reported to VMware with a maximum CVSSv3 base score of 7.5. Updates are available to remediate this vulnerability in the affected VMware products. Click here to read full report.

The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations. The National Safety Council (NSC) is a non-profit organization in the United States providing workplace and driving safety training. On its digital platform, NSC provides online resources …

It has come to the attention of researchers that the LockBit 3.0 builder has suffered from a leak, which now allows anyone to create various versions of the LockBit ransomware according to their own preferences. This poses a serious security risk that should not be taken lightly. LockBit” is a …

ImmuniWeb has released Neuron Mobile, a security testing solution for mobile applications. It scans iOS and Android apps for OWASP Mobile Top 10 vulnerabilities and weaknesses. According to ImmuniWeb, Neuron Mobile is a fully automated solution that includes dynamic and static application security testing (DAST/SAST), along with software composition analysis …

Reportedly, the Russian-speaking Cl0p ransomware group has executed the MOVEit campaign, affecting approximately 1,000 organizations and 60 million individuals. It is important to highlight that these numbers encompass both entities that are directly and indirectly affected. For example, numerous organizations and millions of individuals had their information compromised through PBI, …

Several steps can help minimize the threat from malware loaders. Here’s what ReliaQuest suggests: To enhance your workflow and streamline your scripting tasks, I recommend optimizing the default execution engine for JS files from Wscript to the versatile Notepad. Additionally, you have the flexibility to extend this configuration to accommodate …

The FBI has issued a warning stating that even after being patched against a critical flaw, Barracuda Networks Email Security Gateway (ESG) appliances are still vulnerable to potential compromise by suspected Chinese hacking groups. It said that the fixes were not effective and that it still sees intrusions and considers …