SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.
Attacks on Citrix servers have intensified this week. Multiple threat actors have now joined in and are launching attacks in the hopes of compromising a high-value target, such as a corporate network, government server, or public institution. One of the threat actors is patching them and installing their own backdoor to lock out other attackers.…
Security researchers from Sophos have discovered a new set of “fleeceware” apps that have been downloaded and installed by more than 600 million times on 100 million devices. The cybersecurity firm first invented the term fleeceware last September after it discovered a new type of financial fraud taking place on the Google Play Store. Fleeceware…
Microsoft published a security advisory warning of an Internet Explorer (IE) zero-day vulnerability. The vulnerability, tracked as CVE-2020-0674 and rated moderated, is currently being exploited in the wild. The company described these as “limited targeted attacks” suggesting the zero-day was not broadly exploited, but rather that it was part of attacks aimed at a small…
A Facebook bug temporarily allowed anyone to see the admin behind Facebook Pages. Facebook doesn’t reveal the page admin accounts unless the Page owner decides to make the admins public, but the bug allowed anyone to reveal the accounts running a Page. The bug was exploited in attacks in the wild against several high-profile pages.…
Two WordPress plugins, InfiniteWP Client And WP Time Capsule, contain critical security vulnerabilities that allow adversaries to access a site’s backend with no password. The vulnerability is due to a logical mistake and has opened up an estimated 320,000 websites to exploit. InfiniteWP allows users to manage an unlimited number of WordPress sites from their servers. And WP…
Risk management is the process of identifying, assessing, responding, and implementing the activities. This process controls how the organization manages the potential effects of risks. It is a continuous and ever-increasing complex process and has a prominent rank throughout the security life-cycle. All organizations prepare a risk management plan, but the types of risks are…
Researchers have found a new ransomware family that is being used to target and encrypt all of the devices on business networks. The SNAKE is a new ransomware that is threatening enterprises worldwide together with the most popular ransomware families such as Ryuk, Maze, Sodinokibi, LockerGoga, BitPaymer, DoppelPaymer, MegaCortex, LockerGoga. The SNAKE ransomware is the…
Google has discovered more than 1,700 applications in the Play Store that were infected by Joker malware. The company started tracking the malware (also known as Bread) in early 2017. This malware operation is one of the most persistent threats Google has dealt with during the last few years. These also include 24 Android apps,…
Mozilla has warned Firefox users to update their browsers to the latest version due to a critical vulnerability actively being exploited in the wild. The update is to address a critical zero-day vulnerability that has been abused for targeted attacks. Mozilla claims that they are aware of targeted attacks in the wild that were abusing…
TikTok is one of the most popular apps globally. Beijing-based ByteDance owns the app that is available in over 150 countries and boasts over 1 billion users. Israeli cybersecurity research firm Check Point Research says it found “multiple vulnerabilities” within TikTok’s infrastructure. The vulnerabilities made it possible for potential attackers to hijack accounts to manipulate…