Pro-India hackers use Android spyware to spy on Pakistani military
This week a report has revealed details on the two spyware strains leveraged by state-sponsored threat actors during the India-Pakistan conflict. The malware strains named Hornbill and SunBird have been delivered as fake Android apps (APKs) by the Confucius advanced persistent threat group (APT), a state-sponsored operation. […]
United Nations data breach exposed over 100k UNEP staff records
This week, researchers have responsibly disclosed a vulnerability by exploiting which they could access over 100K private records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories which let researchers clone Git repositories and gather PII of a large number of employees. […]
DHS-CISA urges admins to patch OpenSSL DoS vulnerability
This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability, CVE-2020-1971. U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately. […]