Netizen Blog and News
The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.
Category: Application Security
-
The emergence of Pikabot malware, employed by the group Water Curupira, represents a significant shift in cyber threat tactics, with its deployment closely linked to sophisticated phishing strategies like email conversation thread hijacking. Pikabot and Its Operational Tactics Pikabot operates as a loader malware with two components: a loader and a core module. This sophisticated…
-
SMTP smuggling, a novel cybersecurity threat, has emerged as a significant concern due to its ability to exploit vulnerabilities in the Simple Mail Transfer Protocol (SMTP). This protocol is widely used by mail servers for the transmission, reception, and relaying of emails. Discovered by Timo Longin from SEC Consult, SMTP smuggling allows malicious actors to…
-
Security vulnerabilities are a constant threat to business operations, making prompt patching crucial. Netizen’s Security Operations Center highlights five critical vulnerabilities from December, emphasizing the need for immediate action. These include issues with Microsoft Power Platform Connector, Google Chrome’s WebRTC framework, Apache Struts, SSH ProxyCommand, and Apache OFBiz. Netizen offers comprehensive security solutions and support.
-
Overview: Phish Tale of the Week Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this text message, the actors are appearing as LinkedIn, the social media platform, and informing you that action needs to be taken regarding your account. The message politely explains that someone else…
-
In October, the genetic testing company 23andMe faced a significant data breach, initially believed to affect about 14,000 of its users. However, further assessments revealed that nearly half of its 14 million users, approximately 6.9 million individuals, were impacted. The specific individuals or groups responsible for the 23andMe data breach have not been publicly identified…
-
AI training data poisoning is a form of cybersecurity threat that targets the integrity of machine learning models by deliberately inserting misleading or harmful data into the training set. This tactic can compromise the model’s accuracy, leading to incorrect or manipulated outputs. Nightshade, a tool developed by Ben Zhao’s team at the University of Chicago,…
-
Two significant vulnerabilities have been identified in the WebKit web browser engine, impacting a range of Apple devices and operating systems. These vulnerabilities are critical and require immediate attention. Apple has acknowledged these vulnerabilities and released updates for a range of devices. Users are urged to update their devices to the latest versions as soon…
-
Overview: Phish Tale of the Week Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this text message, the actors are appearing as Royal Mail, a courier service, and informing you that action needs to be taken regarding your package’s delivery. The message politely explains that “RoyalMail”…
-
Functioning as a Telegram bot-based toolkit, Telekopye, an e-commerce threat vector, streamlines the execution of advanced phishing operations. It enables perpetrators, referred to as ‘Neanderthals’, to deploy a range of tactics including spear-phishing through crafted HTML pages, domain spoofing, and social engineering via SMS and email phishing campaigns. This toolkit marks a significant escalation in…
-
Security vulnerabilities are a constant threat to businesses. Netizen’s Security Operations Center has identified five critical vulnerabilities from November that require immediate attention. These include privilege escalation, path traversal, SQL injection, CSRF, and local privilege escalation issues in various software. Netizen offers advanced solutions and services to help businesses enhance their cybersecurity posture.
Netizen Blog and News 