Author: Pratima Lohar

Security researchers from Digital Defense have found a significant security problem in cPanel, a common software suite that facilitates the management of a web hosting server. Attackers could exploit the flaw to bypass two-factor authentication (2FA) for cPanel accounts and manage the associated websites and conduct a brute force attack to infiltrate user accounts. Such…
Read more

Lazarus, also known as Hidden Cobra, is an umbrella term for select threat groups- including offshoot entities – suspected of being tied to North Korea. Thought to be responsible for Sony’s infamous 2014 hack, Lazarus has also been connected to hacks using zero-day vulnerabilities, LinkedIn phishing messages, and the deployment of Trojans in campaigns including Dacls and Trickbot. ESET researchers…
Read more

A weakness in the Cisco IOS XR Software Input Packet Processing Feature for Cisco ASR 9000 Series Aggregation Services Routers may allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. According to its self-reported version, IOS-XR is affected by a denial of service (DoS) vulnerability in the…
Read more

This Security Alert addresses CVE-2020-14750, a vulnerability in Oracle WebLogic Server for remote code execution. This vulnerability is identified with CVE-2020-14882, which was tended to in the October 2020 Critical Patch Update.  It is remotely exploitable without authentication, i.e., might be misused over an organization without the requirement for a username and password. The Security Alert Advisory is…
Read more

Imperva security researchers discovered a botnet that exploits vulnerabilities in the underlying content management systems of websites and then uses these compromised servers to mine for cryptocurrencies or deliver more spam to victims. The botnet, which the researchers dubbed KashmirBlack, began operating in November 2019 and since then infiltrated thousands of websites by targeting vulnerabilities…
Read more

The presence of address bar spoofing vulnerabilities in various smartphone browsers has recently been exposed by cybersecurity company Rapid7. Upon exploitation, these bugs will do significant harm to the multiple users since they won’t even recognize the bogus pages. The seven smartphone browsers, including some common ones, were infected by about 10 different vulnerabilities. Specifically,…
Read more

CVE represents Common Vulnerabilities and Exposures and is alluded to as “a word reference of freely known information security vulnerabilities and exposures.” Currently, MITRE Corporation works under an agreement with the U.S. Dept. of Homeland Security.  Practically speaking, The National Vulnerability Database (NVD) is a database of publicly recognized security vulnerabilities in operation. The CVE…
Read more

GravityRAT is a bit of malware which is named spyware: it helps cybercriminals to steal certain information from infected computers. It is realized that cybercriminals behind this malware target Windows, macOS, and Android devices. If there is a reason to believe that a computer or cell phone is equipped with GravityRAT, it should be removed…
Read more

OSINT Framework, as its name suggests, is a cybersecurity platform, a set of OSINT resources that support the information and data collection activities. This tool is often used for digital footprinting, OSINT analysis, intelligence gathering, and reconnaissance by security researchers and penetration testers. It offers a simple web-based interface that helps you to access various…
Read more