many parts make the whole
A Chinese state-sponsored espionage campaign being dubbed Salt Typhoon now includes nine U.S telecommunication firms. The Chinese government has denied responsibility for the attack which has compromised communications of senior U.S government officials. The full scope of the attack may never be known as the sophisticated attackers took steps to erase evidence of their presence. … Read More “NINTH TELECOM COMPANY ADDED TO LIST OF Salt Typhoon TARGETS” »
A flaw in McDonald’s McDelivery system in India could have allowed for the ability to order any number of menu items for $0.01. Sensitive information in the form of invoices for any order and the personal details for the delivery driver could also have been disclosed. This serves as a great reminder that while apps … Read More “McDonald’s API EXPLOITED FOR ONE CENT DELIVERIES” »
There has been a surge in brute-force attacks targeting Citrix NetScaler. The attacks are mainly originating from a cloud provider based in Hong-Kong, their IP ranges are available in the article linked below and should be blocked to help mitigate the attack on vulnerable systems. The attacks are leveraging zero-day exploits that were recently addressed … Read More “BRUTE-FORCE ATTACKS TARGETING Citrix NetScaler UNDERWAY” »
A new proof-of-concept attack has been disclosed by a team of researchers that effects AMD’s trusted execution environment. The attack does require physical access to the system however as the article below notes, in the age of cloud computing organizations may not have complete control over who has access to the physical hardware running their … Read More “AMD TRUSTED COMPUTING VULNERABLE TO NEW BadRAM ATTACK” »