Monthly Security Digest for August
Every month, we are covering the major security events for our clients. Please find an exclusive selection below.
New ParseThru Parameter Smuggling in Golang
A new vulnerability dubbed ParseThru affects Golang-based application that is misused to gain unauthorized access to cloud-based applications. According to the researchers at Israeli cybersecurity firm Oxeye, this newly discovered vulnerability allows a threat actor to bypass validations under certain conditions, which results in the use of unsafe URL parsing methods built in the language. […]
New IoT RapperBot Malware Targets Linux
A new IoT botnet malware dubbed RapperBot has been rapidly evolving its capabilities. It borrows the original source code from Mirai apart from this it has a built-in capability to brute force credentials and gains access to SSH servers instead of Telnet as implemented in Mirai. […]
Zeppelin Ransomware Attack Campaign
According to the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations that threat actors employ Zeppelin ransomware to encrypt their files multiple times. The FBI has observed instances where Zeppelin actors have executed their malware multiple times within a victim’s network, which results in the creation of different IDs or file extensions, for each instance of an attack, this results in the victim needing several unique decryption keys. […]