Nation-State Crosshairs: France, Germany & United Kingdom

In the Nation-State Crosshairs: France, Germany & the United Kingdom By Trellix · March 28, 2022 Today Trellix and the Center for Strategic and International Studies CSIS released a global report, In the Crosshairs: Organizations and Nation-State Cyber Threats, examining security professionals’...

Nation-State Crosshairs: Australia, India & Japan

In The Nation-State Crosshairs: Australia, India & Japan By Trellix · March 28, 2022 Today Trellix and the Center for Strategic and International Studies CSIS released a global report, In the Crosshairs: Organizations and Nation-State Cyber Threats, examining security professionals’ mindsets...

potenciate.buenosaires.gob.ar Cross Site Scripting vulnerability OBB-2451303

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

The U.S. Department of Justice DOJ has indicted four Russian government employees in connection to plots to cyber-fry critical infrastructure in the United States and beyond, including at least one nuclear power plant. The campaigns involved one of the most dangerous malwares ever encountered in...

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The Federal Security Service conducted a multi-stage campaign in...

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

Google's Threat Analysis Group TAG on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser. The campaigns, once again "reflective of th...

Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted...

atis.statedevelopment.sa.gov.au Cross Site Scripting vulnerability OBB-2444816

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

AvosLocker Ransomware group has targeted 50+ Organizations Worldwide

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency released threat advisories on AvosLocker Ransomware. It is a Ransomware as a Service RaaS affiliate-based group that has targeted 50+...

LAPSUS$ Hackers Claim to Have Breached Microsoft and Authentication Firm Okta

Microsoft and authentication services provider Okta said they are investigating claims of a potential breach alleged by the LAPSUS$ extortionist gang. The development, which was first reported by Vice and Reuters, comes after the cyber criminal group posted screenshots and source code of what it...

White House Warns of Possible Russian Cyberattacks

News: The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. … Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors...

FBI and FinCEN Release Advisory on AvosLocker Ransomware

The Federal Bureau of Investigation FBI and the Department of the Treasury’s Financial Crimes Enforcement Network FinCEN have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based...

mail.promise.gov.bd Cross Site Scripting vulnerability OBB-2439837

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

New Backdoor Targets French Entities via Open-Source Package Installer

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attribute...

DDoS barrage against Israel described as the “largest ever” cyberattack its faced

Several government websites in Israel—those using the .gov.il domain—were inaccessible after a distributed denial of service DDoS attack hit Israels telecommunication provider, Cellcom. NetBlocks, a network disruption watchdog, initially detected "a significant disruption" aimed at the provider,...

Massive DDoS Attack Knocked Israeli Government Websites Offline

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service DDoS attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel Nationa...

mp.gov.my Cross Site Scripting vulnerability OBB-2429922

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

sericulture.nagaland.gov.in Cross Site Scripting vulnerability OBB-2428689

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Six Key Takeaways from the OMB Memo

In May 2021, following a number of high-profile security incidents, U.S. President Biden issued an executive order that set out a high-level agenda to modernize and improve the government’s cyber resilience. This January, the U.S. Office of Management and Budget OMB issued a memo to the heads of...

ati.da.gov.ph Improper Access Control vulnerability OBB-2423213

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...