Misconfiguration practices might make companies lucrative targets for threat actors Source: Infosecurity Nearly One Million Misconfigured Kubernetes Exposed That Could Cause Data Breaches

Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding …

Telecommunications companies in Pakistan and Afghanistan and a port in Malaysia targeted Source: Infosecurity Hackers Deploy Shadowpad Backdoor and Target Industrial Control Systems in Asia

Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta). Source: DarkReading Ransomware Volume Nearly Doubles 2021 …

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. Source: NIST CVE-2022-0085

Dubbed ‘Revive’ because of its ability to automatically restart in case it stops working, the tool seems to be designed for persistent campaigns. Source: Infosecurity Android Spyware ‘Revive’ Upgraded to …

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the …

When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device …

Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, …

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login …