Cyber Security BlogsResearchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz. In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource

Cyber Security Blogs Hacktivist groups have purportedly orchestrated a cyberattack on Indian Police and Government Institutions, commencing on January 10th, 2024, with data disclosure coming to light today. The identified threat actors include ‘THE ANONYMOUS BD,’ ‘GARUDA FROM CYBER,’ and ‘SYLHET GANG-SG.’  The cyberattack on Indian government institutions includes DDoS assaults on the Indian Ministry

Cyber Security Blogs A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have two-factor authentication enabled on their account are safe from account takeover. “We have not detected any abuse of this vulnerability on platforms managed by GitLab, including GitLab.com

Cyber Security Blogs The Stealthy World of Remote Access Trojans A Cautionary Tale In a quiet suburb, Sarah, a regular smartphone user, experienced a digital nightmare. A Remote Access Trojan (RAT) compromised her trusted device, turning her personal haven into a source of vulnerability. Sarah’s story is not unique; it’s a growing reality for many

Cyber Security Blogs In the midst of escalating tensions and a growing political divide between India and Maldives, the cyber landscape has transformed into a battleground for warfare. In this surge of cyberattacks on the Maldivian agencies, pro-India cyber groups have unleashed targeted assaults on several Maldivian institutions. As reported by a cybersecurity research agency

Cyber Security BlogsLiquipedia, an online e-sports platform run by Team Liquid, exposed a database revealing its users’ email addresses and other details. Users of the e-sports knowledge base were exposed via a publicly accessible and passwordless MongoDB database, the Cybernews research team has discovered. The database was closed after researchers informed Liquipedia’s admins about the

Cyber Security BlogsBitdefender researchers revealed the vulnerability allows an attacker to send commands to the thermostat and replace its firmware ​Read More

Cyber Security Blogs There are unconfirmed reports indicating a potential breach of the database at the Indian Railways Institute of Mechanical & Electrical Engineering (IRIMEE). Situated in Jamalpur, IRIMEE functions as the central training hub for the Indian Railways, primarily dedicated to educating officers and supervisors in the Mechanical Engineering Department. Alleged IRIMEE Data Leak