BQE Web Suite Billing App Rigged to Inflict Ransomware

An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware. Threat actors have been…

What Is Extended Detection and Response (XDR)? Features, Benefits, and Beyond

Overloaded security teams, poor visibility, and threat alert overload have quite an impact when it comes to detecting and effectively responding to cyber threats. Since today’s cyberattacks are extremely tricky…

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said. The launch of a standing offer to pay for Windows virtual private network (VPN) software zero-day exploits came to…

Windows Defender Is an Underutilized Endpoint Security Resource

Microsoft Defender Antivirus suffers from a perception problem. For the first decade of its existence, starting with its 2006 release, Defender was a much-maligned piece of software that no business…

A Well-Known Bug Bounty Platform Wants Zero-day Exploits for Windows VPN Clients

Zerodium is a premium bug bounty platform created by cybersecurity specialists with zero-day exploit and vulnerability research experience. The goal of Zerodium is to gather together independent security researchers to…

Malicious Accounts that Targeted Security Researches Were Suspended by Twitter

Two malicious accounts used by threat actors in a seemingly North Korean cyber-espionage campaign were suspended by Twitter. The accounts under discussion are @lagal1990 and @shiftrows13 working as bait for…

Twitter accounts linked to cyberattacks against security researchers suspended

Twitter has suspended accounts belonging to a North Korean hacking group targeting security researchers.  The social media accounts, @lagal1990 and @shiftrows13, were suspended this month after “posing as security researchers,”…

How using the purple team approach helps in addressing cybercrime

Automated purple teaming is one of the best ways to address cybercrime as it does not only test for the deficiencies in existing security controls – Let’s dig deeper into…

Twitter Suspends Accounts Used to Snare Security Researchers

The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. Twitter has shuttered two accounts – @lagal1990 and @shiftrows13 –…

iPhone 13 Pro, Windows, Chrome, Linux and others pwned at Tianfu Cup

Tianfu Cup is a version of the Pwn2own in which hackers from Kunlun Lab managed to secure first place by hacking iPhone 13 through a vulnerability in the Safari mobile…