SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.
The latest discoveries reveal that there is a major issue with the Google Authenticator app that could cause serious security problems. Nightwatch Cybersecurity discovered that any rogue app can screen capture the Google Authenticator’s OTP codes as they are shown on the device screen. If you have the app on your phone you can open it right…
Multiple state-sponsored hacking groups are exploiting a vulnerability in Microsoft Exchange email Servers that the company patched in February. The exploitation attempts were first spotted by UK cyber-security firm Volexity on Friday. Volexity confirmed that exploitation of this security flaw began in late February, with several organizations already having their networks compromised after state-backed advanced persistent…
A zero-day vulnerability is discovered in Zoho ManageEngine Desktop Central endpoint which could cause serious damage to customers if exploited. web-based office suite and SaaS provider, Zoho, was revealed to contain a zero-day vulnerability in the ManageEngine Desktop Central endpoint. ManageEngine Desktop Central endpoint is an endpoint management tool that helps managed service providers (MSPs)…
Virgin Media, a provider of telephone, television, and internet services in the UK, disclosed today a data breach that was caused by a database server left exposed online without a password. The data breach exposed the personal information of approximately 900,000 customers (names, home, and email addresses and phone numbers). Virgin Media said the incident…
A new vulnerability, tracked as CVE-2019-0090, affects all Intel chips that could allow attackers to bypass every hardware-enabled security technology. All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that is designed to shield sensitive data of users even when…
Microsoft Subdomains vulnerability exposes accounts to hijacking which can be exploited and used in malware and phishing attacks against users and employees. These vulnerable subdomains, if hijacked, could trick users into thinking that they are on a legit web domain but in fact, they are on a subdomain exploited by attackers. Any information that users…
Spammers in a new email campaign are targeting users in Italy by exploiting the outbreak of the Coronavirus (COVID-19), attempting to steal information through phishing scams or to lure users into downloading a different kind of virus. The malware-laced message carries false advice and a hidden threat, so widely emailed that it instantly reached a…
En allvarlig sårbarhet i MediaTek Command Queue-drivrutin som utvecklarna sade påverkar miljontals enheter. Den första måndagen varje månad publicerar Google ”Android Security Bulletin”, där den avslöjar alla säkerhetsproblem och deras korrigeringar. Google offentliggjorde just Android Security Bulletin för mars 2020, där det avslöjas en allvarlig sårbarhet i MediaTeks Command Queue-drivrutin som utvecklarna sade påverkar miljontals…
T-Mobile disclosed a data breach that exposed the account information of customers and employees. The attack was conducted against their email vendor resulting in unauthorized access to certain T-Mobile employee email accounts. A “NOTICE OF DATA BREACH” is posted on the T-Mobile website in which they state that it has been the target of a…
The Let’s Encrypt project is going to revoke more than 3 million TLS certificates on Wednesday, March 4, 2020, that may have been issued wrongfully due to a bug it discovered in its backend’s code. The bug in Let’s Encrypt’s certificate authority (CA) software caused some certificates to not be properly validated through Certificate Authority…