Cryptocurrency platform Coinbase has recently reported a cyber attack on its systems, where an unknown attacker stole the credentials of one of its employees in an attempt to gain remote access to the company’s systems. This serves as a stark reminder of the ongoing threat posed by cybercriminals to companiesContinue Reading
Citrix released builds to fix CVE-2022-27518, which affects the following Citrix ADC (formerly NetScaler) and Citrix Gateway versions: 12.1 (including FIPS and NDcPP) and 13.0 before 13.0-58.32 of Citrix ADC and Citrix Gateway, both of which must be configured with an SAML SP or IdP configuration to be affected. The vulnerability has very highContinue Reading
A threat actor advertises data of a Turkish gold mining company called Anagold in breached.co. breached.co is a forum created as an alternative to raidforums.com. Anagold is a mining company which is a partner of Canadian SSR Mining company and has gold mines in Turkey. In the past months, thereContinue Reading
In recent years, it is very common to share PoC exploits for known vulnerabilities. It is very common to easily find several PoCs for vulnerabilitirs in GitHub. A researcher team from Leiden Institute of Advanced Computer Science announced that they discovered thousands of repositories on GitHub that offer fake PoCContinue Reading
CVE-2022-26809 is a vulnerability exists within the Remote Procedure Call Runtime component in Microsoft Windows. If an attacker successfully exploits the vulnerability, then she/he could run arbitrary code on the affected system. To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPCContinue Reading
As we red the details in TheRecord.media, an attacker has abused a vulnerability in a cryptocurrency platform and stole crypto-assets worth $322.8 million at the time of stealing. The news is very detailed in the blog so does not want to mention the details here again. But, the interesting thingContinue Reading
Modules are typically work in Powershell directly. “Get-Module” command can be used to see imported modules. “Get-Module -ListAvailable” command show the modules available. For the additional modules we want to use, we should import them first. Once we import the module, we can use its all commands anymore. We willContinue Reading
An effective threat hunting is critical because it is hard to think like attackers and to search for the unknown in an enterprise network. This post may help organizations for an effective and successful threat hunting. Knowledge of Topology and Environment The purpose of threat hunting is to find theContinue Reading
VMware Carbon Black has published an update to resolve critical authentication bypass vulnerability on Carbon Black App Control product. App Control is a solution to lock down critical systems and servers to prevent unwanted changes and ensure continuous compliance with regulatory mandates. This authentication bypass vulnerability was followed by CVE-2021-21998.Continue Reading
Although Threat Hunting is nothing new, it is a very hot topic lately. Even if you have perimeter and endpoint security devices and SIEM for collecting and correlating logs from them, it is not a good way to wait for incidents coming. Without Threat Hunting, dwell time is increasing moreContinue Reading