The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure.
Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime PM Boris Johnson Expected to Present National Security Review on Tuesday Prajeet Nair (@prajeetspeaks) • March 15, 2021 UK to build “a cyber ecosystem fit for the future.” Source: UK Ministry of Defense Ahead of presenting a long-term review of…
A week after releasing iOS 14.7.1 to the public, Apple today stopped signing iOS 14.7. That means users who have updated their devices or iOS 14.7.1 or even iOS 15 beta can no longer downgrade to iOS 14.7. iOS 14.7.1 was released on July 26 with a fix for a bug that prevented users from…
The cybersecurity team of zLabs Zimperium has recently detected several applications that have stolen the passwords of thousands of Facebook users. Not only this, but the Zlab security researchers have also checked this attack, and they claimed that the malware used in this attack was dubbed as “FlyTrap.” According to the report, FlyTrap has been…
Russian President Vladimir Putin likely authorised attempts to influence last year’s US election in favour of former President Donald Trump, intelligence officials say. Russia has repeatedly denied allegations of election interference. The 15-page report, released on Tuesday by the Office of the….
Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management Report: XSS and Exploit Forum Members Using Workarounds to Violate the Ban Doug Olenick (DougOlenick) • August 6, 2021 A forum user receives a warning for attempting to trade ransomware. (Source: Digital Shadows) The decision by the Russian-speaking darknet forums XSS and Exploit…
Cybercrime , Forensics , Fraud Management & Cybercrime Prodaft: APT Group Uses ‘Unprecedented Malware Detection Sandbox’ Prajeet Nair (@prajeetspeaks) • March 22, 2021 SolarWinds attack timeline (Source: Prodaft) Swiss cybersecurity firm Prodaft says it has accessed several servers used by an advanced persistent threat group tied to the SolarWinds supply chain attack. These…
