Penetration Testing Services: what to look for in a pen test provider

These days computers and the software that operate upon them touch practically every part of our professional and personal lives. The information they store, process and transmit is the foundation upon which businesses are built, how customer experiences are delivered, and how we find the best takeout food in our immediate area. So why is … Continue reading Penetration Testing Services: what to look for in a pen test provider

NPM nukes NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total downloads over the course of the last few months up until being removed by NPM yesterday. The four packages are: plutov-slack-client - claims to be a … Continue reading NPM nukes NodeJS malware opening Windows, Linux reverse shells

Critical SonicWall vulnerability affects 800K firewalls, patch now

A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs. When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. Tracked as CVE-2020-5135, the vulnerability impacts multiple versions of SonicOS ran by hundreds of thousands of active VPNs. Craig Young of Tripwire Vulnerability and Exposure Research Team (VERT) … Continue reading Critical SonicWall vulnerability affects 800K firewalls, patch now

FIN11 hackers jump into the ransomware money-making scheme

FIN11, a financially-motivated hacker group with a history starting since at least 2016, has adapted malicious email campaigns to transition to ransomware as the main monetization method. The group runs high-volume operations, lately targeting companies primarily in North America and Europe from almost every industry sector to steal data and to deploy Clop ransomware. Recent … Continue reading FIN11 hackers jump into the ransomware money-making scheme

International law firm Seyfarth discloses ransomware attack

International law firm Seyfarth Shaw announced on Monday that it was the victim of a ransomware attack over the weekend. With more than 900 lawyers in 17 offices in America, Europe, and the Asia Pacific regions, the company made over $700 million in gross revenue last year, placing it in the lower half of the … Continue reading International law firm Seyfarth discloses ransomware attack