Tag: Cybersecurity
-
How Hackers Avoid Detection using ZIP files
•
A significant part of a cybercriminal’s arsenal of tools and techniques is dedicated to evading detection by security solutions such as firewalls and antiviruses. Depending on the nature of the malware that needs to be delivered, the criminal might pick the most suited method of avoiding detection. ZIP File Concatenation…
-
The Ultimate Guide to Home Wi-Fi Security
•
Hello there and welcome to another guide! This one is for those of you who might want your Wi-Fi to be more secure. Here are 5 simple steps to help you cover all the bases of Wi-Fi Security. We’re not just listing the steps here – we’re breaking down what…
-
CVE-2024-47575: Critical Vulnerability in Fortinet’s Fortimanager
•
Fortinet has made the news once again with a critical flaw in their software management platform FortiManager which could allow a remote attacker to run code on unpatched systems and, due to the managerial nature of the application, possibly spread further into the network. The vulnerability tracked, as CVE-2024-47575, has…
-
Severe Flaws in Cloud Storage Platforms Affecting 22 Million People
•
Researchers at ETH Zurich have found vulnerabilities in several end-to-end encrypted cloud storage platforms being used by over 22 million people in total. While cloud storage platforms like Google Drive, Dropbox, and OneDrive are household names, these services do not provide End-to-End Encryption, meaning that the provider has access to…
-
Hacked Robot Vacuums Yell Racial Slurs at Owners
•
Robot Vacuums made by Ecovacs, one of the largest home robotics companies in the world, have reportedly been roving around people’s homes yelling slurs at their owners through the onboard speakers. A critical vulnerability in the company’s software left the robots susceptible to being hacked from afar, allowing attackers to…
-
CISA Orders US Federal Agencies to Patch this Fortinet Flaw!
•
On the 9th of October, CISA revealed a critical vulnerability in Fortinet’s FortiOS, tracked as CVE-2024-23113, being actively exploited in the wild by attackers to achieve Remote Code Execution(RCE). CISA has since added it to its Known Exploited Vulnerabilities Catalogue and ordered US Federal agencies to patch it within 3…
-
Internet Archives Suffers Breach: 31 Million Affected
•
The Wayback Machine of the Internet Archives has been breached by a threat actor who stole a user authentication database containing 31 million unique records from the website. A javascript alert created by the hacker on the compromised website reads, “Have you ever felt like the Internet Archive runs on…
-
Blind Trust in LLMs: How Hallucinated Packages Can Compromise Open-Source Projects
•
Large Language Models(LLMs) have become essential tools for software developers, helping them solve complex problems and even implement entire functionalities in some cases. However, while these models can accelerate development and streamline workflows, over-reliance on them comes with its own set of risks. A well-known flaw of LLMs is their…
-
RAMBO: Stealing Secrets from Isolated Computers
•
Background Prominent researcher Mordechai Guri of the Ben-Gurion University of the Negev, Israel, recently released a research paper detailing a new method that allows attackers to steal sensitive information from air-gapped(isolated) computers. Air-gapped systems are systems that are physically separated from external networks, including the Internet. This is achieved by keeping the…
-
Revival Hijack: A PyPI Supply Chain Attack Technique.
•
Researchers at JFrog have recently discovered a PyPI supply chain attack technique being exploited in the wild, dubbed “Revival Hijack”. This technique can be used to hijack Python packages hosted on PyPI by manipulating the option to re-register(revive) their names once the owner takes them down. A package repository is a centralized…