Lindsey O'Donnell, Author at AZGAD WEBSITE SECURITY BLOG

Hackers Continue Cyberattacks Against Vatican, Catholic Orgs

Thursday September 17th, 2020 Lindsey O'Donnell

The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic institutions since May 2020 until as recently as last week.

Behzad Mohammadzadeh cybercriminal Department of Justice DOJ Government Hacks Irán Marwan Abusrour Qassem Soleimani Web Security Website Defacement

DoJ Indicts Two Hackers for Defacing Websites with Pro-Iran Messages

Wednesday September 16th, 2020 Lindsey O'Donnell website security

The two hackers allegedly hacked more than 50 websites hosted in the U.S. and vandalized them with pro-Iran messages.

arbitrary code execution CVE-2020-4470 CVE-2020-4703 CVE-2020-4711 high severity flaw IBM IBM Spectrum patch path traversal flaw remote code execution spectrum protect plus Vulnerabilities

IBM Spectrum Protect Plus Security Open to RCE

Tuesday September 15th, 2020 Lindsey O'Donnell

Two bugs (CVE-2020-4703 and CVE-2020-4711) in IBM’s Spectrum Protect Plus data-storage protection solution could enable remote code execution.

Active Directory active domain attack Authentication critical flaw CVE-2020-1472 domain controllers Exploit Microsoft microsoft August patch tuesday microsoft flaw Netlogon patch patch Tuesday poc privilege escalation Proof of Concept remote protocol Vulnerabilities windows flaw zerologon

Windows Exploit Released For Microsoft ‘Zerologon’ Flaw

Tuesday September 15th, 2020 Lindsey O'Donnell

Security researchers and U.S. government authorities alike are urging admins to address Microsoft’s critical privilege escalation flaw.

china chopper CISA Citrix VPNs Cobalt Strike CVE-2019-11510 CVE-2019-19781 CVE-2020-0688 CVE-2020-5902 Exploit F5 BIG-IP devices Government Hacks Microsoft Microsoft Exchange Mimikatz network compromise Pulse Secure VPNs spearphishing U.S. Government Vulnerabilities

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

Tuesday September 15th, 2020 Lindsey O'Donnell vulnerability

Monday’s CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.

Android app privacy app security arbitrary code execution data theft google play Mobile app mobile security tiktok tiktok app Update Vulnerabilities

TikTok Fixes Flaws That Opened Android App to Compromise

Monday September 14th, 2020 Lindsey O'Donnell

The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.

Active Directory authentication API Credentials email attack Hacks Microsoft Microsoft Active Directory Office 365 phishing attack phishing email Web Security

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Saturday September 12th, 2020 Lindsey O'Donnell

Attackers check the victims’ Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.

CVE-2020-5780 email forgery Email Subscribers & Newsletters plugin spoofing vulnerability Tenable Vulnerabilities Web Security WordPress WordPress plugin

WordPress Plugin Flaw Allows Attackers to Forge Emails

Friday September 11th, 2020 Lindsey O'Donnell

The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.

apt APT 28 Charming Kitten China cyberattack Donald Trump election meddling Government Hacks Irán Joe biden Microsoft Nation-state attacks phishing attack Phosphorous russia Spear Phishing Strontium U.S. election security U.S. elections U.S. presidential election Web Security Zirconium

Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns

Friday September 11th, 2020 Lindsey O'Donnell

Just months before the U.S. presidential election, hackers from Russia, China and Iran are ramping up phishing and malware attacks against campaign staffers.

authentication keys Bluetooth bluetooth 4.0 bluetooth 5.0 bluetooth classic Bluetooth Low Energy BLURtooth Cross-Transport Key Derivation CVE-2020-15802 Man-in-the-middle attacks MitM Vulnerabilities Web Security

Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks

Thursday September 10th, 2020 Lindsey O'Donnell

The “BLURtooth” flaw allows attackers within wireless range to bypass authentication keys and snoop on devices utilizing implementations of Bluetooth 4.0 through 5.0.

← Previous

By continuing to use the site, you agree to the use of cookies. more information