Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that’s used to target Laravel applications and steal sensitive data. “It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio,” Juniper Threat Labs researcher Kashinath T Pattan said. “Classified as an SMTP cracker, it exploits SMTP
Read More
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests,”
Read More
The threat actors behind the PixPirate Android banking trojan are leveraging a new trick to evade detection on compromised devices and harvest sensitive information from users in Brazil. The approach allows it to hide the malicious app’s icon from the home screen of the victim’s device, IBM said in a technical report published today. “Thanks
Read More
Volt Typhoon has been known to ‘commonly’ exploit vulnerabilities in network appliances from certain vendors, according to an advisory from CISA, the FBI and the NSA. U.S. agencies warned Wednesday that China-linked threat group Volt Typhoon has been known to obtain initial access to targeted IT infrastructure by exploiting network appliances from vendors including Fortinet,
Read More
Our mission is to educate our customer base, build capacity in every country we operate in and make cyber security affordable to all