InfoSecBulletin Cybersecurity for mankind
While it may be tempting to top off your phone at one of those free charging stations found in airports or shopping centers, the Federal Bureau of Investigation (FBI) advises against it. In a recent PSA, the agency’s Denver branch notes that bad actors have figured out how to use …
Read More »TimeLine Layout
April, 2023
-
13 April
iPhones Hacked Via iOS Zero-Click Exploit To Deploy Spyware
Microsoft Threat Intelligence experts say a threat group is associated with “QuaDream,” an Israeli-based private sector offensive actor (PSOA). It employed a zero-click exploit called END OF DAYS to compromise the iPhones of high-risk individuals. Reports say QuaDream sells a platform called REIGN to governments for use in law enforcement. A collection …
Read More » -
13 April
OpenAI Launched Bug Bounty Program – Rewards up to $20,000
It’s been almost half a year since the revolutionary ChatGPT was released. Amazingly, it reached 100 million users in just two months. ChatGPT has an unimaginable potential to answer things that need a lot of research. Due to its increasingly demanding usage, securing it from threat actors is also essential. The …
Read More » -
13 April
AI can crack half of common passwords in less than a minute
A new study by a cybersecurity firm has revealed that most commonly used passwords are vulnerable to artificial intelligence (AI) tools and can be cracked almost instantly. AI chatbots like ChatGPT have made it easier to perform tasks just by sending prompts. However, it seems these large tools are also …
Read More » -
12 April
Sophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code
Sophos has released a new security advisory that has fixed 3 of its significant vulnerabilities, allowing threat actors to execute arbitrary code injection on Sophos Web Appliance (SWA). CVE(s): CVE-2023-1671 – Pre-Auth Command Injection CVE-2022-4934 – Post-Auth Command Injection CVE-2020-36692 – Reflected XSS via POST method CVE-2023-1671 – Pre-Auth Command Injection in Sophos …
Read More » -
12 April
Pay $20K To Infect Android Devices Via Google Play Store – Darkweb Report
In recent times, it has been observed by the security researchers at Kaspersky’s SecureList that the official Google Play store’s security has become increasingly vulnerable to the schemes of the threat actors. These shady actors have exploited various loopholes to develop tools that can effectively Trojanize the existing Android applications, making them …
Read More » -
12 April
12 Days to Pay Ransom: Palo Alto County Sheriff Office Ransomware Attack
The Palo Alto County Sheriff Office seems to have become the latest victim of a ransomware attack after hacker collective Play ransomware added it to its list. A deadline of 12 days to pay a ransom has been set by the ransomware group, following which they have threatened to publish the stolen …
Read More » -
9 April
Women Hold 25 Percent Of Cybersecurity Jobs Globally In 2022
Women hold 25 percent of cybersecurity jobs globally in 2022, up from 20 percent in 2019, and around 10 percent in 2013. We predict that women will represent 30 percent of the global cybersecurity workforce by 2025, and that will reach 35 percent by 2031. This goes beyond securing corporate …
Read More » -
9 April
New Scam Alerts Users About YouTube Altering Policy
A new YouTube phishing campaign is making rounds in the wild, urging users to read and accept so-called changes in YouTube’s rules and policies. What’s scary is that it abuses YouTube’s authentic email address to lure users into providing their credentials. What’s the new scam? YouTube has published a warning, stating …
Read More » -
9 April
Black Hat Asia 2023
The Black Hat Trainings offer attendees individual technical courses on topics ranging from the latest in penetration testing to exploiting web applications and even defending and building SCADA systems. Often designed exclusively for Black Hat, these hands-on attack and defense courses are taught by industry and subject matter experts from …
Read More »