CyberSecurity Revolution
SSRF in a nutshell: When a server-based application allows end-users to specify a URL that the server then fetches and processes, the application is susceptible to SSRF attacks. Examples of such features include Webhooks, Blog
Continue readingGithub, Telegram Bots, And Qr Codes Abused In New Wave Of Phishing Attacks Phishing attacks are increasingly leveraging GitHub infrastructure, Telegram bots, and QR codes to evade detection and deliver malware. A recent campaign targeting
Continue readingMarriott Settles Over Data Breach That Exposed Millions Of Guests Marriott International has settled for $52 million with the FTC and U.S. states over data breaches affecting 344 million guests between 2014 and 2020. As
Continue readingZero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited Ivanti has disclosed active exploitation of three critical vulnerabilities (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) in its Cloud Service Appliance (CSA), which allow authenticated attackers to execute arbitrary SQL
Continue readingFraudsters Imprisoned For Scamming Apple Out Of 6,000 iPhones Two Chinese nationals, Haotian Sun and Pengfei Xue, were sentenced to prison for a scam that involved exchanging over 6,000 counterfeit iPhones for authentic ones, exploiting
Continue readingLockbit Associates Arrested, Evil Corp Bigwig Outed Operation Cronos has led to the arrest of four key LockBit ransomware associates and uncovered significant ties between LockBit and Russia’s Evil Corp, notorious for banking Trojans like
Continue readingDOJ Charges 3 Iranian Hackers In Political ‘Hack & Leak’ Campaign The U.S. Department of Justice has charged three Iranian hackers affiliated with the Islamic Revolutionary Guard Corps (IRGC) for conducting a politically motivated “hack-and-leak”
Continue readingNorth Korea Hackers Linked To Breach of German Missile Manufacturer North Korean hackers linked to the Kimsuky APT have successfully breached Diehl Defence, a German missile manufacturer, using sophisticated phishing tactics that included fake job
Continue readingNew Mallox Ransomware Linux Variant Based On Leaked Kryptina Code Mallox ransomware affiliates have been using a modified version of the leaked Kryptina ransomware source code to target Linux systems, representing a shift from their
Continue readingTor Says It’s “Still Safe” Amid Reports Of Police Deanonymizing Users The Tor Project reassures users that their network remains secure despite recent reports of law enforcement using timing attacks to deanonymize users. While acknowledging
Continue reading
Hey There, I am Amey Anekar - Cyber Security Specialist with a passion for solving security problems even when resources are limited. I've been fortunate to develop a knack for gauging an organization's cyber security posture and helping them plan a transition towards becoming more resilient in the face of cyber threats. It's a privilege to be able to contribute to the field and assist organizations in safeguarding their digital assets. Get In Touch