Careful
Security

vulnerability management

IconBurst

IconBurst attack grabs data from multiple web apps (Supply Chain attack)

IconBurst: NPM software supply chain attack grabs data from apps, websites ReversingLabs researchers recently discovered evidence of a widespread software supply chain attack involving malicious Javascript packages offered via the NPM package manager. Researchers at ReversingLabs identified more than two dozen NPM packages, dating back six months, that contain obfuscated Javascript designed to steal form …

IconBurst attack grabs data from multiple web apps (Supply Chain attack) Read More »

Password Stuffing

Robert Half client accounts (Password Stuffing)

Staffing Firm Robert Half Says Hackers Targeted Over 1,000 Customer Accounts   HR consulting firm Robert Half has started informing customers that their personal and financial information might have been compromised after hackers targeted their RobertHalf.com accounts. Information provided by the company to the Maine Attorney General shows that threat actors targeted Robert Half between …

Robert Half client accounts (Password Stuffing) Read More »

Spokane Residential Health District (Phishing)

Spokane Residential Health District (Phishing)

SRHD Apologizes and Commits to Corrective Actions Spokane Regional Health District (SRHD) confirmed personal data may have been disclosed after the discovery of an unauthorized breach of personal health information via a phishing email, occurring on February 24, 2022.

BEC phishing campaign 

Microsoft issues warning on BEC phishing campaign 

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud  A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers then used the stolen credentials …

Microsoft issues warning on BEC phishing campaign  Read More »

SQL Injection

SQL Injection

What is SQL Injection? SQL Injection is a web security vulnerability that allows an attack to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data …

SQL Injection Read More »