Hexway blog with the latest updates, cyber news and interesting stuff
Pentesting Trends in 2023
Let’s take a look at major trends that have stirred up discussions on how pentests are performed and what looks promising in pentesting. The Major Trends AI and Pentesting Artificial ...
Generative AI in Penetration Testing
Large Language Models and Generative AI, notably ChatGPT, have revolutionized numerous sectors, including the security industry. These advancements have significantly altered both offensive and defensive security strategies, making AI a ...
0.58.1. Right-to-Left text support, DOCX bookmarks, automated project creation
As we step into September, we are thrilled to bring you some new features that are set to simplify your project management and report customization experience even further. Here’s a ...
Top 7 DevSecOps Security Tools
Let's take a look at the best DevSecOps tools and utilities that can help in the efficient implementation of your DevSecOps model. The hot topic in the product industry is ...
August 0.57. Project templates, password policy, HashiCorp support
It’s update time! Let’s now dive into Hexway Hive & Apiary latest release, packed with features that elevate your workflow and redefine efficiency. Here's a quick snapshot of what's in ...
The first steps toward SSDLC. Integrating semgrep with GitLab-CI
Hello! It’s Hexway team. We continue our DevSecOps series and decided to share with you simple steps toward implementing secure development into your current SDLC. We recently talked about security ...
Why modern pentest reports still don’t make much sense?
How evolving pentest methods haven’t resulted in better reporting in 2023 yet, and why is there a need for actionable pentest data? The way pentests are carried out must change ...
June 0.55. GPT integration, MacOS support & Apiary localization
We're excited to announce the June 0.55 update, packed with new features designed to make your experience more efficient and enjoyable. From AI-assisted writing to interface localization, this update brings ...
CYBERSECURITY NEWS MAY V. T-Mobile breach, Twitter Circle posts, the new Akira ransomware & more
We continue to share our monthly cybersecurity incident digest highlighting the most noticeable security incidents of the month. In this May edition, we’ll look into security breaches hitting T-Mobile, Twitter ...
S for Security. From SDLC to SSDLC, DevSecOps, and CI/CD/CS
In today's technology landscape, disruptive products continually redefine our lives. At the heart of this transformation lies the Software Development Life Cycle (SDLC), which delivers results across industries. However, the ...
May 0.54. CVSS calculator & amazing improvements
We surely couldn't leave you without a new release this month, so we're thrilled to announce our latest release! It's packed with features that will make your work easier, more ...
CYBERSECURITY NEWS APRIL V. — 3CX Trojan, AvidXchange attack, KFC leak, IP scam & Bluefield University attack.
A SolarWind-style Attack with a Twist In the ever-evolving landscape of cybersecurity, recent events have raised alarm bells across the industry, particularly regarding supply chain attacks. One such incident that ...
Why PTaaS is Evolving the Level of Pentest Quality?
The attackers have evolved and are stronger than ever. This has forced vendors to up the security services they provide, and PTaaS is that game changer, pushing the quality of ...
How PTaaS Can Benefit Pentest Providers?
While PTaaS is in every way an improvement over traditional methods for organizations, it also has its benefits for the pentest provider. Let’s look at how PTaaS can improve your ...
April 0.53. Read-only Apiary rights, project search & Jira comments
Get ready for a new experience with our latest product update for Hexway Apiary! We are thrilled to announce a set of new features and enhancements that will take your ...
Why PTaaS is Crucial for Modern Cybersecurity?
Let’s take a look at the growing importance of PTaaS in today’s technology landscape, even more so as organizations are migrating towards a cloud-first approach. In the last few years ...
CYBERSECURITY NEWS V. March — MacStealer, Skylink CZ attack, AT&T leak, Twitter code leak
Latitude Financial announced the cyberattack on March 16th. According to a comment the company made at the time, the theft affected 300,000 of the company's customers. Later it became known ...
Automating Pentests: How to Optimize Workflow and Save Time
Is it okay to rely heavily on automated tools to perform pentests? Or using tools beyond a certain extent can backfire? Let’s answer these questions in this article, as we ...
March 0.51.2 version. Apiary project groups, CSV issue export & advanced Hive filters.
It seems like the spring equinox isn’t just bringing you day & night length equality but also a pack of new and long-awaited & some customer request Hexway Hive & ...
Continuous Pentesting: A modern-day necessity?
Why is it essential to have a pentesting programmer in your company? How does it help to stay on top of 0-days, exploits, CVEs, and cyberattacks? We’ll tell you in ...
CYBERSECURITY NEWS V. February — what happened?
A round-up of the major security events that have happened so far in this new year. This year started only two (and a few) months ago, but a lot of ...
Command and Control (C2) explained
What is Command and Control (C2)? What are C2 servers? Why are they so notorious, and why are blue teams worldwide trying their best to detect C2 servers? It’s time ...
Identity Threats and Security: What-why-how?
Explore the niche category of emerging issues related to managing users: related threats, how major breaches happened, and what could be done to thwart these. Identity Threats explained Let's ...
February 0.49.3 version. Cross-project dashboard, email notifications, new integration & a lot more
It’s time to download new versions of Hive & Apiary because 0.49.3 has many feature gems for a better experience and amazing pentests. Let’s head to the main part… What’s ...
CYBERSECURITY NEWS V. January – Patch Tuesdays, LockBit apology, Qualcomm UEFI flaws
News FYI The LockBit ransomware gang apologizes, gives SickKids hospital free decryptor The LockBit ransomware gang has apologized for the cyberattack on the SickKids children's hospital in Toronto, Canada. The ...
December Hexway 0.48.1 version. SLA, Acunetix & logo replace.
First of all, we want to thank everyone for keeping an eye on updates! Especially pre-New Year ones. Let’s head down to the main part. What’s in this update? Acunetix ...
2022 as it was
Dear hexwayers, This year is coming to an end. It was full of ups and downs, and you were always on our side! We would like to thank each of ...
CYBERSECURITY NEWS V. December – Ninth Chrome 0-Day of 2022, ‘Highly Exploited’ 0-Day Vulnerability Most iPhones Had, Attacker blackmails Elon Musk
News FYI Google Patches Ninth Chrome Zero-Day of 2022 On December 2, 2022, Google released new versions of the Chrome browser (108.0.5359.94 for Mac OS and Linux, 108.0.5359.94/.95 for Windows). ...
November 0.47.2 version. Duplicated issue merging & updated project feed.
Good news, pentest fellows. It’s time to update your Hive to make pentests even better. This release is important as it has a lot of fixes for better usability and... ...
CYBERSECURITY NEWS V. November – November Android patches, Atlassian patches critical flaws, Dropbox data leak
News FYI Pharmaceutical company AstraZeneca faced with the personal data leakage of its patients The management of a large pharmaceutical company AstraZeneca confirmed that due to the inattention of one ...
CYBERSECURITY NEWS V. October – vulnerabilities in FortiOS and FortiProxy, 0-day vulnerability in iOS 16.1, Microsoft has a giant leak
News FYI Apple fixes zero-day vulnerability in iOS 16.1 The zero-day vulnerability was identified as CVE-2022-42827, and the company was notified about it by an anonymous researcher. The error is ...
Spooky 0.46 version. Hive LDAP, checklist summary & new parsers!
Well, Halloween’s coming, so we have prepared a few awesome feature treats for you. No tricks included! How about taking a look at what this update has in a pocket? ...
CYBERSECURITY NEWS V. September – 15-year-old Python vulnerability, Apple patches, TikTok vulnerability on Android
News FYI Apple patches holes in iOS and iPadOS Apple urgently fixed two zero-day vulnerabilities in the iOS and iPadOS kernel and browser engine that allowed arbitrary code to run ...
CYBERSECURITY NEWS V. August – Apple Patches Zero-Days, LastPass Source Code Stolen, Dominican government under ransomware attack
News FYI Apple Patches New macOS, iOS Zero-Days Apple has released emergency fixes for two zero-day vulnerabilities already exploited by attackers in its flagship macOS and iOS platforms. Patches are ...
September 2022. 0.44 version. Jira reverse sync & mass issue actions
Hey everyone! We are here to announce that this summer is officially over! But there’s no reason to be sad because we’ve brought our latest update with a bunch of ...
CYBERSECURITY NEWS V. July – Microsoft Patch Tuesday, 0-day vulnerability in Android, Millions of Twitter user accounts were sold
News FYI More than 5.4 million Twitter user accounts are being sold online for $30,000 The hacker hacked and stole the data of more than 5.4 million Twitter users and ...
July 2022. 0.43 version. Custom issue statuses & status sync.
July was pretty intense for us as Hexway was getting ready to present a new pack of awesome features. It’s no joke, the stakes are high! So, meet this month’s ...
CYBERSECURITY NEWS V. June – Cloudflare outage, Roblox sells ransomware, City of Palermo suffers from cyberattack
News FYI Italian city of Palermo services and operations suffer from cyberattack The Italian city of Palermo has been hit by a cyberattack that has affected a range of services ...
How does Hive save up to 6 hours on each pentest project?
Hexway Hive is an intelligent Red Team workspace made by pentesters for other red teamers to keep some time on the most interesting security things instead of spending time on ...
June 2022 Hive & Apiary update. 0.41 version. PPTX reporting & Vulnerability linking
Wow... New Apiary & Hive. Meet version 0.41! It’s time to shed light on our latest updates and features that will make you happy! What’s in this amazing update? PPTX ...
CYBERSECURITY NEWS V. May – Apple Patches Exploited Vulnerabilities, Costa Rica declares national emergency after cyberattacks
News FYI Apple Finally Patches Exploited Vulnerabilities in macOS Big Sur and Catalina Apple released security updates to fix dozens of vulnerabilities in its operating systems, and released long-awaited patches ...
Essential Pentest Tools for Each Testing Phase
During penetration testing, testers use a methodical approach to identify vulnerabilities and recommend fixes in a company environment before they can be exploited by real threat actors. A pentest is ...
CYBERSECURITY NEWS V. April – Lapsus$ Hackers Target T-Mobile, Coca-Cola under cyber attack
News FYI The Bored Ape Yacht Club's Discord server has been hacked An unknown hacker has broken into the official Discord server dedicated to NFT holders Bored Ape Yacht Club, ...
Top 4 Methodologies for Efficient Penetration Testing
Penetration testing is a proactive security test where a pentester or ethical hacker deliberately attacks the organization’s network and systems. The goal is to proactively find and fix existing security ...
April 2022 Hive & Apiary 0.39 version. Multi-Factor Authentication and Checklist Cards
Hello, Hexway users! Today we have released a pack of features you may want to start using already today. This release mostly affects Apiary features — our Blue Team workspace ...
Why Hexway Hive Report Generator is Ahead of Other Reporting Tools
Penetration Testing is a great way to gain insight into the security capabilities, shortcomings, and scope for improvement for any company. While pentest is an essential tool to maintain a ...
CYBERSECURITY NEWS V. March – Anonymous declares cyberwar, Samsung source code leak, Denso under cyberattack
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Samsung confirms source code leak The South American hacker ...
Hexway Hive 0.37.1 version. Checklists and methodologies sync with Apiary
Let’s say there is a typical pentest report. Basically, it’s just a PDF file with all found vulnerabilities. Normally, this would be enough. But if pentest company wants clients to ...
CYBERSECURITY NEWS V. February – Anonymous declares cyberwar on Russia, decryption keys for Egregor, Sekhmet, and Maze
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI 13 NFTs stolen, $3 million lost A Twitter user ...
How to Write an Effective Pentest Report: 5 Key Sections
As a pentester, you play a critical role in helping to secure an organization’s infrastructure, assets, and data from bad actors. While conducting pen tests, you simulate cyberattacks on your ...
Hive 0.36 version. New report generator & custom issues
Introduction First of all, we want to share this fantastic news with you… We have added what you wanted for so long! It’s an updated (super cool) report generator and ...
Vulnerability assessment or Penetration testing: what to choose?
Vulnerabilities. Threats. Risks. Smart, well-informed cybersecurity professionals are intimately familiar with these terms. They also know that they must identify and address the vulnerabilities, threats, and risks affecting their organization ...
Vulnerability Management 101: what is it?
Vulnerability Management for Stronger Enterprise Cybersecurity 2021 was a booming year for cyberattackers. In many such attacks, they exploited vulnerabilities in enterprise networks to disrupt operations, access business-critical resources, and ...
Why are all modern checklist apps so awful?
Indeed, why are they? It seems that it shouldn’t be a problem to implement checklists. A checkbox tree? Easy! Hey! This is Dmitry, founder of hexway. I decided to share ...
Hive 0.35 version. Renovated checklists
It’s time for the first big release of 2022. Check out what’s inside! Checklists It is one of the first features we have implemented in Hexway Hive. So, a few ...
CYBERSECURITY NEWS V. January – Fraudsters stole FIFA accounts, Cyberattacks on Minecraft Tournament Left Andorra’ without Internet
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Fraudsters scammed EA tech support and stole FIFA accounts ...
How to: PTaaS Benefits & what it is?
What is Penetration testing as a service (PTaaS)? It is a type of service provided by security vendors by implementing a special type of solution that aims to reduce the ...
8 steps: How to choose the right pentest service provider?
Hello, Hive & Apiary users! We've collected a few essential steps on choosing your future pentest service provider. It fits everyone who decides to implement pentest into their development cycle. ...
It’s 2022 on the way
Firstly, we want to say thank you for your feedback and how it has shaped the Hexway platform this year. Do you remember our first Hive release? It was January ...
Hive 0.33.1 version. Log4J & issue statuses
A vulnerability was found aaaand fixed, don't worry! What's in this update? Log4j vulnerability fix Draft & Ready issue statuses Bugfix we hope will make your life better! Log4j vulnerability ...
CYBERSECURITY NEWS V. November – Apple vs NSO Group, 45M VPN users’ data leakage, Panasonic Data Breach
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Apple vs NSO Group Apple sues NSO Group over ...
CYBERSECURITY NEWS V. October – Global crash of Facebook, Leaked Twitch source code, Acer hacked
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Global crash of Facebook, Instagram, and WhatsApp On October ...
Hive 0.30.1 version. Nuclei & Amass integrations
Hey, hexwayers! We are happy to have all of you here. So, let's take a short tour around our new update. We’ve added Nuclei and Amass scanners integration. Yay! What’s ...
CYBERSECURITY NEWS V. September – BrakTooth vulnerabilities, 500k Fortinet VPN accounts leak, JVC Kenwood hacked
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Apple Pay with Visa card allows paying with locked ...
Hive 0.27 version. Labor dashboard & notifications
Hey Hexwayers & our guests! A new day brings you a new release. What’s in it for you today? Cross-project pentesters labor dashboard Notification system update Utility name import via ...
CYBERSECURITY NEWS V. August – T-Mobile hack, Largest DDoS attack, ProxyShell vulnerabilities
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI T-Mobile hack In mid-August, an announcement about the sale ...
Cyber Security Attacks: Concept, Types, How to Protect?
What is a Cyber Threat? Today our whole life is inextricably linked with the Internet and computers: entertainment, communication, travel, medicine, shopping, and so on. All critical infrastructure, like power ...
CYBERSECURITY NEWS V. July – PrintNightmare update, Sequoia vulnerability, Saudi Aramco information leak
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Apple fixed 'actively exploited' 0-day Apple has released a ...
Hive 0.26.1 version. Scope diff, issues templates and advanced filters
It’s Hive team on the line. We are happy to announce our new updates: Scope diff Issues templates import/export Advanced project filters by date ...
CYBERSECURITY NEWS V. June – Codecov supply chain attack, Colonial Pipeline returned most of ransom paid to hackers
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI ChaChi is the new GoLang Trojan The team of ...
Hive 0.23 version. Advanced import, project dashboard, credential store and more!
We listen to your feedback (BTW, here is our Discord) and are trying to implement new features as fast as possible. Meet new Hive features: Advanced import settings Project Dashboard ...
Hive API. The easiest way to integrate your tool with Hexway Hive
Hi there! Currently, Hexway Hive supports integration with the following utility tools: Nmap/Masscan Metasploit Cobalt Strike Nessus However, there are much more tools we want our solution to be integratable ...
CYBERSECURITY NEWS V. May – Cyberattack on the Colonial Pipeline, Qualcomm vulnerability, Apple fixes 0-days in macOS
News FYI Cyberattack on the Colonial Pipeline In mid-May 2021, Colonial Pipeline, the largest pipeline operator in the United States, was hit by a DarkSide ransomware attack. The cyberattack caused ...
Hive 0.20.1 version. New parser engine and Metasploit & Cobalt Strike integration
New parser engine We have completely redesigned the operation principles of our parsing system and have changed data visualization in the interface! Now, when you click on a hostname, IP, ...
Introducing Hexway Apiary, a new pentest management platform
Cybersecurity specialists are often faced with a large number of challenging tasks. To help them reduce expenses and make their work even more effective, we’ve launched a new platform for ...
CYBERSECURITY NEWS V. April – Facebook Data Leak, RotaJakiro, Microsoft Updates
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Information of 533 million Facebook users published At the ...
Hexway Hive 0.13.1 version. Nessus integration
We can’t wait to share an important Hive update with you! Now you can import scan results from Nessus directly. This improvement should facilitate the discovery stage of the pentesting ...
CYBERSECURITY NEWS V. March – Microsoft Exchange Server hack, Purple Fox, RCE vulnerability in Facebook
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Massive Microsoft Exchange Server hack The attacks began in ...
Hexway Hive online demo version is out!
We understand that sometimes to test a new product you need sufficient time for preparation and installation. That’s why we’ve decided to publish this Hive online demo. This version should ...
CYBERSECURITY NEWS V. February – Silver Sparrow, WatchDog mines cryptocurrency, Kia Motors America hit by DoppelPaymer
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI 30,000 Mac computers infected with new malware Silver Sparrow ...
CYBERSECURITY NEWS V. February – 0-day in WebKit, AvaddonDecrypter, 12-year-old bug in Windows Defender
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI 0-day in WebKit redirected iOS users to malicious sites ...
CYBERSECURITY NEWS V. 10.02 – Morse code in malicious URLs, Chrome update, CD Projekt RED hit by ransomware
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI CD Projekt RED hit by ransomware attack CD PROJEKT ...
CYBERSECURITY NEWS V. 02.02 – Apple patches 3 exploited iOS 0-days, 10-year-old bug gives root access on Linux systems
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI 10-year-old bug gives root access on Linux systems A ...
CYBERSECURITY NEWS V. 26.01 – Public exploit for SAP SolMan vulnerability, Dovecat malware
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI SonicWall Hacked Through 0-Day Vulnerability In Its VPN Products ...
CYBERSECURITY NEWS V. 18.01 – Microsoft Patch Tuesday, Decryptor for DarkSide, Joker’s Stash closing, Nvidia patches
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Google reports on sophisticated malware campaign against Android and ...
CYBERSECURITY NEWS V. 26.12 – Cyber Attack on SolarWinds, RubyGems packages infected with bitcoin stealers
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Cyber Attack on ...
CYBERSECURITY NEWS V. 11.12 – Critical bug in PlayStation Now, MageCart skimmers in social media buttons
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Credit card stealer hides inside social media buttons Sanguine ...
CYBERSECURITY NEWS V. 03.12 – Critical vulnerability in iPhones, Bugs in Tesla Model X, 300k Spotify accounts hacked
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Apple patches critical ...
CYBERSECURITY NEWS V. 27.11 – 50k Fortinet VPN Services Vulnerable, New Zoom features, Facebook Messenger bug
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Hacker posts Exploits ...
CYBERSECURITY NEWS V. 19.11 – Jupyter malware, Microsoft Patch Tuesday, Microsoft engineer stole $10 million
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion New Jupyter malware ...
CYBERSECURITY NEWS V. 13.11 – Adobe patches, Apple 0-day vulnerabilities, New ransomware Pay2Key
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Emergency patches for ...
CYBERSECURITY NEWS V. 05.11 – Oracle WebLogic flaw, 0-day in Windows kernel, Nitro Software data breach
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Hackers actively exploit ...
CYBERSECURITY NEWS V. 29.10 – Attackers donate stolen money, GeForce Experience vulnerabilities, GravityRAT
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Ransomware gang donates ...
CYBERSECURITY NEWS V. 23.10 – The largest DDoS attack, Egregor ransomware, Zoom implements E2EE
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Google hit by ...
CYBERSECURITY NEWS V. 15.10 – Google October updates, MalLocker ransomware, Fullz House web skimmer
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Google fixes 50 ...
CYBERSECURITY NEWS V. 08.10 – Leaked Windows source code, New hacker group XDSpy, IPStorm botnet
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Leaked Windows source ...
CYBERSECURITY NEWS V. 01.10 – OldGremlin ransomware, Alien malware, Vulnerability in Instagram
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion New ransomware attacker ...
CYBERSECURITY NEWS V. 24.09 – Zerologon vulnerability, Bluetooth Spoofing Bug
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion The Zerologon vulnerability ...
CYBERSECURITY NEWS V. 17.09 – BLURtooth vulnerability, Adobe patches, New victims of Netwalker
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Bluetooth-enabled devices are ...
CYBERSECURITY NEWS V. 10.09 – Vulnerability in Cisco Jabber, New Trojan PyVil, Joker malware
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Critical vulnerability in ...
CYBERSECURITY NEWS V. 04.09 – Safari bug, updated Qbot Trojan, Lazarus attacks
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Safari bug that ...
CYBERSECURITY NEWS V. 27.08 – Freepik data leak, new FritzFrog Botnet
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Freepik data leak ...
CYBERSECURITY NEWS V. 19.08 – big Microsoft security updates, web application flaws in Amazon Alexa
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts Adobe Updates Adobe's latest security update ...
CYBERSECURITY NEWS V. 11.08 – why don’t you download some malicious Chrome extensions?
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Malicious Chrome extensions ...
CYBERSECURITY NEWS V. 06.08 – 62,000 QNAP NAS devices infected, new Linux backdoor
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion 62,000 QNAP NAS ...
CYBERSECURITY NEWS V. 23.07 – Critical SAP Bug
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts Critical SAP Bug A recently discovered ...
CYBERSECURITY NEWS V. 06.07 – Battle for user privacy, Largest DDoS attack, and more malware
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates with comments from our experts News for discussion Apple future updates ...
CYBERSECURITY NEWS V. 26.06 – Oracle`s huge mistake, new Trojan for Mac, ransomware slavery
More than just ransomware A recent leak on the Maze Ransomware website reveals that its operators stay in the networks of their victims to steal files. This means that no ...
CYBERSECURITY NEWS V. 06.17 – yet another Microsoft vulnerability, gamers in danger
Microsoft Windows wormable flaw exploit Exploit code for a Microsoft Windows wormable security flaw was published. Dubbed SMBGhost (CVE-2020-0796), it can spread from system to system without user interaction. The ...
CYBERSECURITY NEWS V. 06.09 – Does port scanning threaten privacy? NTT data breach, Apple updates
Popular websites using port scans The Bleeping Computer cybersecurity blog revealed that some popular websites are using port scans. For example, eBay uses a script to detect remote access applications ...
CYBERSECURITY NEWS V. 05.22 – UK supercomputer, EU Parliament, Trump & Madonna hit by hackers
New espionage toolkit targets air-gapped networks A newly discovered cyber-espionage framework dubbed Ramsay can collect and exfiltrate sensitive data from systems protected by an air gap. Ramsay is believed to ...
CYBERSECURITY NEWS V. 05.14 – Critical flaws in top VPN, 73.2 million records hit dark web
Snake ransomware returns After a few months of silence, the Snake ransomware operators have launched a worldwide campaign infecting numerous businesses. Fresenius Group, Europe's largest hospital provider, has become one ...
CYBERSECURITY NEWS V. 05.08 – Fake FBI warnings, email leaks, guilty Xiaomi?
In-app ads threaten Android users At least 400 apps in Google's Play Store are monetized through embedded proprietary advertising software. However, it was shown that malicious ads can be inserted ...
CYBERSECURITY NEWS V. 04.30 – iOS 0-day exploit, Windows against Chromium, cards database leaks
Business Email Compromise attacks nowadays A recent case published in the Check Point cybersecurity blog reveals a new type of business email compromise attack. A threat group dubbed "The Florentine ...
CYBERSECURITY NEWS V. 4.24 – phishing against GitHub, new Lampion Trojan, improved Emotet
Maze Ransomware hits Cognizant Cognizant, a large IT services company with almost 300,000 employees and over $15 billion in revenue, has suffered from a significant cyber attack. In its official ...
CYBERSECURITY NEWS V. 4.09 – SuperVPN vulnerabilities, MS-SQL servers under attack
Vollgar campaign against MS-SQL servers A Vollgar campaign aims to infect Windows machines running MS-SQL servers. It uses password brute-force to breach victim machines, deploys multiple backdoors, and executes malicious ...
Cybersecurity News V. 3.26 – ransomware activity, “re”Mirai, passwords in danger
Sodinokibi ransomware operators start selling data Data previously stolen from Brooks International is available for purchase on hacking forums. Brooks International had refused to pay the ransom for unlocking the ...
Cybersecurity News V. 3.23 – COVID-19 drives cybercrimes, Firefox and Microsoft patch vulnerabilities
Mozilla Firefox security updates Twelve vulnerabilities were patched by Mozilla in Firefox products. The most critical of them are CVE-2020-6814 and CVE-2020-6815. These are memory and script safety bugs showing ...
Cybersecurity News V. 3.13 – data leaks in Asian banks, vulnerability in Linux & nothing about COVID-19
Ransomware attacks news Ransomware attacks are getting more sophisticated and rapid. For instance, Evraz North America, a steel producer, fell victim to a recent nation-wide cyberattack, which lead to malfunctioning ...
Cybersecurity News V. 3.04 – New Wi-Fi vulnerability, Google upd, Cerberus Android banking Trojan
Kr00k vulnerability found in Wi-Fi chips by Cypress and Broadcom ESET published a white paper about a vulnerability in Wi-Fi chips that was assigned CVE-2019-15126. It causes vulnerable devices to ...
Cybersecurity News V. 2.27 – data leaks, stalkerware app, hack them all: satellites, hotels, DISA
Pipeline operations could be at risk The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to prevent further attacks on critical infrastructure. It came as a response to a ...
Cybersecurity News V. 2.19 – New malware: made in North Korea, app for US election, Huawei espionage
Voatz app not ready for 2020 election Voatz voting app, which was supposed to be used in the 2020 Presidential elections, turned out to be vulnerable to numerous security flaws. ...
Cybersecurity News V. 2.11 – What’s up WhatsApp? DDoS for FBI & attack on Malaysian gov
Severe WhatsApp vulnerability patched Facebook has released a patch for WhatsApp vulnerability (CVE-2019-18426). WhatsApp Desktop prior to version 0.3.9309 allowed cross-site scripting and local files reading when paired with WhatsApp ...
Cybersecurity News V. 2.06 – SpiceJet data breach, Huge leak of payment cards, Avast failure
The new ransomware threat which is called Snake (EKANS) A new ransomware dubbed Snake was recently discovered. It not only encrypts data on infected machines but also removes all file ...
Cybersecurity News V. 1.30 – Trojan attacks, Internet Explorer 0-day
Recent news about Citrix CVE-2019-19781 vulnerability Citrix has finally released patches for CVE-2019-19781. The vulnerability affects Citrix Application Delivery Controller (ADS) and Gateway products. There was some evidence of in-the-wild ...
Cybersecurity News V. 1.16 – Vulnerable Windows, leaky Tinder, attacked UN
NSA shares information about Windows vulnerability Microsoft security patch day revealed the information about the CVE-2020-0601 vulnerability. It exists in the way Microsoft's CryptoAPI (Crypt32.dll) validates the Elliptic Curve Cryptography ...
CYBERSECURITY NEWS V. 1.11. – Attacks on Austrian Foreign Ministry and Alaskan airline
Citrix ADC CVE-2019-19781 - exploits revealed A recently found vulnerability in Citrix Application Delivery Controller ADC (former NetScaler ADC) and Citrix Gateway (former NetScaler Gateway) could allow an unauthenticated attacker ...
Cybersecurity threats, hacks and data flaws over decade
2010 Operation Aurora – Google hack An attack that hacked Google’s backend infrastructure. Operation Aurora was a campaign organized by the Chinese government’s military hackers. It affected not only Google, ...
