FIR filed over suspected data breach on Manav Sampada portal – ET CISO https://etimg.etb2bimg.com/thumb/msid-114611079,imgsize-75886,width-1200,height=765,overlay-etciso/data-breaches/fir-filed-over-suspected-data-breach-on-manav-sampada-portal.jpg Concerns have emerged over a potential security breach involving the Uttar Pradesh government’s Manav Sampada portal, leading to the filing of an FIR. The alert was raised by Rajeev Kumar Mishra, deputy registrar of the Institute of Engineering and Technology (IET), through an official email dated ...

Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite https://firewall.firm.in/wp-content/uploads/2024/10/wifi.png Oct 25, 2024Ravie LakshmananVulnerability / Wi-Fi Security A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found ...

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection https://firewall.firm.in/wp-content/uploads/2024/10/trojan.png New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. “Only part of this ...

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans https://firewall.firm.in/wp-content/uploads/2024/10/cisco.png Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. “The campaign involves modular infection chains that are either Maldoc or HTML-based infections and ...

Guide:  The Ultimate Pentest Checklist for Full-Stack Security https://firewall.firm.in/wp-content/uploads/2024/10/breacklock.jpg Oct 21, 2024The Hacker NewsPenetration Testing / API Security Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization’s attack surface, both internal and external. By ...

Major security breach? ‘Pentagon documents’ leaked online – ET CISO https://etimg.etb2bimg.com/thumb/msid-114416419,imgsize-896964,width-1200,height=765,overlay-etciso/data-breaches/major-security-breach-pentagon-documents-leaked-online.jpg A pro-Iranian Telegram account has leaked alleged classified Pentagon documents that detail Israel’s preparations for a potential military strike against Tehran. The documents, published by a pro-Iran Telegram account called “Middle East Spectator,” claim to provide insights into US intelligence observations of Israeli military activities conducted on October 15-16. ...

Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain https://firewall.firm.in/wp-content/uploads/2024/10/gambling-hacker.png The prolific Chinese nation-state actor known as APT41 (aka Brass Typhoon, Earth Baku, Wicked Panda, or Winnti) has been attributed to a sophisticated cyber attack targeting the gambling and gaming industry. “Over a period of at least six months, the attackers stealthily gathered valuable information from the targeted company ...

Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials https://firewall.firm.in/wp-content/uploads/2024/10/roundcube.png Oct 20, 2024Ravie LakshmananVulnerability / Email Security Unknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials. Russian cybersecurity company Positive Technologies said it discovered last month that an ...

U’khand cyber attack: Initial probe points to breach at B’luru backup centre – ET CISO https://etimg.etb2bimg.com/thumb/msid-114367216,imgsize-7858,width-1200,height=765,overlay-etciso/data-breaches/ukhand-cyber-attack-initial-probe-points-to-breach-at-bluru-backup-centre.jpg As the probe into the recent ransomware attack that forced the shutdown of 192 govt websites in the state continues, preliminary findings suggest the attackers first breached security at the disaster recovery (DR) centre in Bengaluru. The DR centre is managed by a private ...

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks https://firewall.firm.in/wp-content/uploads/2024/10/russia.png Oct 19, 2024Ravie LakshmananNetwork Security / Data Breach A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. “The group under ...