February 6, 2024 at 01:41PM Attackers dubbed “ResumeLooters” used SQL injection and cross-site scripting to target at least 65 job-recruitment and retail websites, stealing databases with over 2 million emails and personal records in a month. They mainly targeted victims in Asia-Pacific, putting stolen data up for sale. Group-IB discovered the attacks, and have advised … Read more
December 14, 2023 at 05:20PM Group-IB has detected a new threat group, “GambleForce,” engaged in SQL injection attacks on organizations in the Asia-Pacific region. This group has targeted various sectors, including gambling, government, retail, travel, and job websites, using publicly available penetration-testing tools. The threat actor’s activities have led to data breaches in multiple organizations, … Read more
December 14, 2023 at 12:54PM Network penetration testing is vital in cybersecurity, yet misconceptions impact its role. This blog serves as a guide, explaining the process, debunking myths, and highlighting its significance. It encompasses internal and external testing differences, process stages, common misconceptions, and the comparison between manual and automated testing. It emphasizes the importance … Read more
November 29, 2023 at 10:50AM The increasing reliance on web-based apps for various tasks makes them prime targets for hackers due to multiple dependencies, valuable data storage, and insecure APIs. Successful breaches can cause data loss, reputational damage, and spread malware. Continuous monitoring, like Outpost24’s PTaaS, is crucial for real-time vulnerability identification and mitigation. Meeting … Read more
November 14, 2023 at 10:23AM “AlphaLock” is a Russian hacking group that operates as a “pentesting training organization,” training hackers and monetizing their services through an affiliate program. They offer a course called Bazooka Code Pentest Training, which costs $185 and provides knowledge and tools for work. They also plan to launch the ALPentest Hacking … Read more