Our Blog
“Welcome to the CISTCK Group Cybersecurity Blog! Dive into the dynamic world of cybersecurity with our expert insights, thought-provoking articles, and the latest developments in the field. Our blog is your go-to resource for staying ahead in the ever-evolving landscape of cyber threats. Explore topics ranging from threat intelligence and risk management to industry best practices and emerging technologies. Whether you’re a cybersecurity professional, IT enthusiast, or simply interested in safeguarding digital landscapes, join us on a journey of knowledge-sharing and discover actionable strategies to fortify your defenses. Stay informed, stay secure with the CISTCK Group Cybersecurity Blog.”
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024
The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024. "The law, known as the Product Security and Telecommunications...
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked...
China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale
A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019....
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM
It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge....
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks
A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE...
Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover
Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to...
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services. These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad...
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023...
Bogus npm Packages Used to Trick Software Developers into Installing Malware
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the...
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security...