Cyber Crime
Cyber Attacks
The crypto industry often hailed as the vanguard of modern financial innovation faced a tumultuous 2024 marred by significant losses due to cyber threats. According to Cyvers' latest Security Fraud and Compliance Report the sector lost over $2.361 billion to cybercriminal activities marking a 40% increase from the $1.69 billion lost in 2023.
Turla, a Russia-linked Advanced Persistent Threat (APT) group with a history spanning nearly three decades. Known for their stealthy and innovative approaches, Turla continues to raise the bar for nation-state cyber operations. Their latest campaign unveiled by Lumen Technologies Black Lotus Labs reveals an extraordinary feat of infiltration: hijacking the command-and-control (C2) infrastructure of Storm-0156 a Pakistan-based hacking group to expand their espionage activities.
Tech
Okta, a widely recognized identity and access management service, is integral to safeguarding user authentication for organizations around the world. Known for its ability to streamline secure access to various applications and systems, Okta supports a broad range of authentication methods, including multi-factor authentication (MFA) and single sign-on (SSO). With millions of users and enterprises relying on Okta’s infrastructure for seamless and secure access, any discovered vulnerabilities have the potential for widespread implications.
This blog is about IDOR vulnerability found by cert-in that can cause concern to Aadhaar card or pan card
In 2024, SaaS breaches surged, with 31% of organizations impacted, highlighting vulnerabilities in identity management. To address these risks, Okta introduced the IPSIE framework at Oktane 2024. IPSIE aims to standardize identity security, promoting interoperability, lifecycle management, and risk-sharing to reduce fragmentation and enhance protection across SaaS platforms.
In August 2024, Star Health and Allied Insurance, India's largest health insurer, fell victim to a sophisticated cyberattack resulting in the leak of sensitive customer data and medical records. The attacker, known as xenZen, demanded a ransom of $68,000 in exchange for ceasing further leaks of confidential information. The breach has caused a massive reputational and financial crisis for the company, with its market value declining and legal battles ensuing. This blog provides a comprehensive look at the timeline, technical details, and the overall impact of this significant cyberattack.
In today’s highly connected world, web applications are ubiquitous and serve as the backbone of many organizations’ online presence. Unfortunately, they are also prime targets for cyberattacks. To protect sensitive data and maintain the integrity of web-based services, Web Application Penetration Testing (Pentesting) has become an indispensable part of any robust cybersecurity strategy. This detailed guide will walk you through everything you need to know about web application penetration testing, from why it's essential to how the process works, common tools used, and what you should consider to make the most of your pentesting efforts.
With attacks targeting critical infrastructure, supply chains, and even the democratic processes, governments worldwide are under pressure to reinforce their cybersecurity defenses. The United States has been at the forefront of this effort and its National Cybersecurity Strategy—refined over the years and updated in 2024 continues to serve as a key blueprint for national defense against cyber threats. This blog explores how the U.S. is addressing modern cybersecurity challenges and offers insights that developing countries can adopt to bolster their own defenses.
Let us explore various forms of malware, such as viruses, worms, Trojans, ransomware and more. The article breaks down how these malicious programs operate and provides practical strategies for mitigating their risks. From educating users to implementing network security and backup measures, this guide offers a comprehensive approach to safeguarding systems against malware threats.
In one of the most alarming data breaches in recent times, Star Health Insurance, India’s largest standalone health insurance provider, suffered a major privacy breach. Hackers used Telegram chatbots to leak sensitive customer information, exposing the personal details of over 31 million individuals. This data breach revealed critical customer information, including medical records, and has raised concerns about the security of personal data in the healthcare industry.
In the world of cybersecurity and penetration testing, performing efficient reconnaissance is crucial for identifying potential attack vectors. One powerful but often overlooked tool is the Autonomous System Number (ASN), a unique identifier that helps map out an organization’s network infrastructure. In this blog, we’ll explore how to leverage ASN for reconnaissance purposes, uncovering IP ranges, network affiliations, and hidden assets.
In today's digital age, every action we take online can be tracked, monitored, and recorded by websites, advertisers, and even cybercriminals. As privacy becomes increasingly important, understanding how to browse the internet anonymously can help protect your personal information and safeguard against surveillance. This blog will explore the best tools and techniques for anonymous browsing, so you can maintain your privacy online.
In this blog, we’re going to explore two major web application vulnerabilities: Broken Authentication and Cryptographic Failures . BA occurs when authentication mechanisms, like login systems or session management, fail to properly secure user identities, leaving accounts vulnerable to attacks like session hijacking or credential stuffing. On the other hand, CF refers to weaknesses in how sensitive data is protected through encryption. When encryption is weak or improperly implemented, it exposes critical information to attackers. Both vulnerabilities pose significant threats to the security of web applications, and we'll dive into how they can be exploited and prevented.
In this blog, you'll learn about quishing—a new cyber threat where malicious QR codes trick users into revealing sensitive information or installing malware. We’ll explore how quishing works, QRL Jacking, real-life examples and practical tips to protect yourself. Stay informed and safeguard your digital interactions with these essential insights.