A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines. The package, named “oscompatible,” was published on January 9, 2024, attracting a total of 380 downloads before it was taken down. oscompatible included a “few strange binaries,” according to software supply chain security firm […]
Cyber News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core to its Known Exploited Vulnerabilities (KEV) catalog, stating it’s being actively exploited in the wild. The vulnerability in question is CVE-2023-35082 (CVSS score: 9.8), an authentication bypass that’s a patch bypass […]
Cyber NewsBalancing Penetration Testing & Exploitation Assessment in Financial Systems The realm of financial systems is complex, encompassing a vast array of technologies, processes, and operations. With an ever-evolving digital landscape, the security of these systems has become paramount. In the financial sector, where billions of transactions occur daily, a slight security oversight can lead to […]
Penetration Testing and Exploitation AssessmentPCI DSS Compliance: Securing New Payment Gateways Payment gateways are essential touchpoints in modern e-commerce, allowing swift and seamless transactions for millions of users worldwide. As digital purchasing continues to grow, so does the need for robust security measures. Enter the Payment Card Industry Data Security Standard (PCI DSS), the frontline defense against payment card […]
PCI DSS Compliance
Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. “This is the first documented case of malware deploying the 9Hits application as a payload,” cloud security firm Cado said, adding […]
Cyber NewsValue-Identifying IT Due Diligence in Mergers: The Unseen Factors Mergers and acquisitions (M&A) have long been a strategic move for businesses aiming to expand their operations, strengthen their market presence, or gain a competitive edge. However, the success of an M&A deal isn’t solely dependent on financial figures and market share. In today’s dynamic business […]
Value-Enhancing Technology Due DiligenceValue-Identifying Application Due Diligence in the SAAS Boom The Software as a Service (SAAS) industry has been on a remarkable ascent in recent years. The SAAS market has grown exponentially, with companies of all sizes and industries adopting SAAS solutions to streamline their operations, increase efficiency, and stay competitive in the digital age. As the […]
Value-Enhancing Application Due DiligenceUnpacking the Penetration Testing & Exploitation Assessment Dichotomy In the ever-evolving landscape of cybersecurity, staying one step ahead of malicious actors is a constant challenge. As organizations strive to protect their digital assets and sensitive data, two crucial methodologies emerge to gauge their security posture: penetration testing and exploitation assessment. These practices are vital in […]
Penetration Testing and Exploitation Assessment
The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google’s Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection […]
Cyber News