The state-sponsored advanced persistent threat (APT) is going after high-value communications service provider networks in the US, potentially with a dual set of goals.

Source: BSIP SA via Alamy Stock Photo

A freshly discovered advanced persistent threat (APT) dubbed "Salt Typhoon" has reportedly infiltrated Internet service provider (ISP) networks in the US, looking to steal information and potentially set up a launchpad for disruptive attacks.

Citing "people familiar with the matter," the Wall Street Journal broke the news on Sept. 25 that the Chinese-sponsored state hackers have successfully targeted "a handful" of cable and broadband service providers during the campaign.

Other details are scant, but Salt Typhoon's efforts highlight China's priorities when it comes to geopolitical realities, researchers note.

**A Sprinkle of Espionage, A Dash of Pre-Positioning**

For instance, a position within the service provider network would offer valuable reconnaissance for how to further target high-value marks working for the federal government, law enforcement, manufacturers, military contractors, and Fortune 100 companies. 

"Obtaining access to ISPs would make it easier to survey those users of the ISPs for information on their location and what kinds of services are being accessed," says Sean McNee, vice president of research and data at DomainTools. "Bad actors could get information about the ISP's users, where they live and billing information, and what kind of access or usage they have, \[who they call, and\] text messages."

But the concern doesn't stop there. Given China's desire to control Taiwan and other assets in the region, there's very likely a military component to the campaign as well.

"Based on the recent history of Chinese-sponsored cyber campaigns and warnings from \[the Cybersecurity and Infrastructure Security Agency\] and FBI, China has escalated from surveillance-only goals toward installing an offensive capability to disrupt critical US civilian and military infrastructure," warns Sean Deuby, principal technologist at Semperis. "This could potentially range from 'blinking the lights' to dissuade US intervention to actively delaying or crippling a US response to Chinese activities."

There's precedent for that assessment. Microsoft outed Volt Typhoon in January and its alarming efforts to plant itself inside military bases, critical infrastructure assets, and telecom infrastructure — all with the goal of being able to cause outages, disrupt communications, and sow panic in the event of a kinetic conflict with the US in the South China Sea. Since then, China has denied the allegations, while the APT has been actively expanding its efforts despite its cover being blown.

**China's Recipe: Targeting Telecom, ISPs, Critical Infrastructure**

The development is the latest in a string of Chinese-sponsored efforts to subvert critical infrastructure in the US and destabilize Pacific Rim allies, many flagged by Microsoft using hurricane-related names.

For instance, a Chinese threat actor known as Flax Typhoon emerged a year ago, using legitimate tools and utilities built into the Windows operating system to carry out an extremely stealthy and persistent spy operation against entities in Taiwan. Last week, news emerged that the APT had built a 200,000-device Internet of Things (IoT) botnet in order to gain a foothold in government, military, and critical manufacturing targets in the US.

There's also the APT that Microsoft calls Brass Typhoon (aka APT41, Earth Baxia, and Wicked Panda) that recently attacked Taiwanese government agencies, Filipino and Japanese military, and energy companies in Vietnam, installing backdoors for cyberespionage purposes.  

On top of that, other China-linked groups have made a name for themselves in specifically targeting communications service providers, such as Mustang Panda, especially in Taiwan and other countries of interest.

"Chinese-backed threat actors have been conducting attacks against telcos for as long as I can remember," Semperis' Deuby says. "Historically, their goals are to create 'persistence' in the carrier. By that I mean they will infiltrate a target, gain a foothold, and then move laterally with the goal of maintaining persistence and extracting data from strategic targets as needed."

He adds that lurking and listening is a specialty: "While Chinese government actors were behind the infamous Operation Soft Cell campaign in 2019, where the threat actor stole call data records, they had infiltrated some of the telcos more than five years before being discovered."

**Communications Service Provider Defenses Need Seasoning**

The ongoing targeting of communications infrastructure should put carriers and service providers on notice to harden their defenses.

Aside from phishing and social engineering of employees, Terry Dunlap, chief security strategist at NetRise, notes that firmware and supply chain attacks using core network gear could both be attack avenues against ISPs.

"ISPs' blind spots are the firmware running their devices. Most firmware contains insecure or sloppy code that can be easily exploited, if discovered," he notes. "Another attack vector would be the supply chain. For example, if the Ethernet controller in a router or switch is supplied by a Chinese company, there are scenarios where malicious code or backdoors could be integrated into that Ethernet controller, providing an adversary easy access to that important piece of networking equipment."

In 2020, the World Economic Forum and its global partners developed a set of best practices for ISPs (PDF), including principles such as sharing threat intelligence between peers, working more closely with hardware manufacturers to increase minimum levels of security, and improving routing security, Deuby says.

Still, "as someone that's talked to many organizations about the well-understood security steps they should be taking versus their actual security posture, I'm sure plenty of gaps remain."

**About the Author**

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

China's 'Salt Typhoon' Cooks Up Cyberattacks on US ISPs

Multi Branch School Management System version 3.5 suffers from a backup disclosure vulnerability.

**Multi Branch School Management System 3.5 Backup Disclosure**

Posted Sep 25, 2024

Authored by indoushka

Multi Branch School Management System version 3.5 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure

SHA-256 | b4c3fb3408f8d7a80baf2b5ec0b035520c60a8b287134c61abe01863834639ea

Download | Favorite | View

**Multi Branch School Management System 3.5 Backup Disclosure**

    =============================================================================================================================================| # Title     : Multi Branch School Management System 3.5 Backup Disclosure Vulnerability                                                   || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://school.ramomcoder.com/                                                                                              |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Appears to leave backups in a world accessible directory under the document root.  [+] use Payload : /uploads/db_backup/[+] http://127.0.0.1/Multi/uploads/db_backup/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,950)
*   Arbitrary (17,099)
*   BBS (2,859)
*   Bypass (1,925)
*   CGI (1,047)
*   Code Execution (7,919)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,431)
*   DoS (25,293)
*   Encryption (2,395)
*   Exploit (54,302)
*   File Inclusion (4,275)
*   File Upload (1,020)
*   Firewall (822)
*   Info Disclosure (2,922)
*   Intrusion Detection (919)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,304)
*   Local (14,858)
*   Magazine (587)
*   Overflow (13,225)
*   Perl (1,435)
*   PHP (5,281)
*   Proof of Concept (2,412)
*   Protocol (3,749)
*   Python (1,661)
*   Remote (31,903)
*   Root (3,672)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,658)
*   Security Tool (8,050)
*   Shell (3,306)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,731)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,121)
*   Web (10,143)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,304)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,125)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,592)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,327)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,893)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,867)
*   UNIX (9,458)
*   UnixWare (188)
*   Windows (6,772)
*   Other

Multi Branch School Management System 3.5 Backup Disclosure

Complete Multi Hospital Management System version 1.0 suffers from a backup disclosure vulnerability.

**Complete Multi Hospital Management System 1.0 Backup Disclosure**

Posted Sep 25, 2024

Authored by indoushka

Complete Multi Hospital Management System version 1.0 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure

SHA-256 | e760cf3c5b44d7d8984817fcf92204fd9912a026b5d02720406cc72f12ac70ed

Download | Favorite | View

**Complete Multi Hospital Management System 1.0 Backup Disclosure**

    =============================================================================================================================================| # Title     : Complete Multi Hospital Management System 1.0 Backup Disclosure Vulnerability                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://www.campcodes.com/downloads/free-download-complete-multi-hospital-management-system/                                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Appears to leave backups in a world accessible directory under the document root.  [+] use Payload : /files/backups/[+] http://127.0.0.1/multihospital/files/backups/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,950)
*   Arbitrary (17,099)
*   BBS (2,859)
*   Bypass (1,925)
*   CGI (1,047)
*   Code Execution (7,919)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,431)
*   DoS (25,293)
*   Encryption (2,395)
*   Exploit (54,302)
*   File Inclusion (4,275)
*   File Upload (1,020)
*   Firewall (822)
*   Info Disclosure (2,922)
*   Intrusion Detection (919)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,304)
*   Local (14,858)
*   Magazine (587)
*   Overflow (13,225)
*   Perl (1,435)
*   PHP (5,281)
*   Proof of Concept (2,412)
*   Protocol (3,749)
*   Python (1,661)
*   Remote (31,903)
*   Root (3,672)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,658)
*   Security Tool (8,050)
*   Shell (3,306)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,731)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,121)
*   Web (10,143)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,304)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,125)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,592)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,327)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,893)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,867)
*   UNIX (9,458)
*   UnixWare (188)
*   Windows (6,772)
*   Other

Complete Multi Hospital Management System 1.0 Backup Disclosure

The advanced Python-based PysSilon malware can steal data, record keystrokes, and execute remote commands. The attackers behind it are promising to leak details of deleted X posts related to accused rapper and music producer Sean Combs.

Source: Photo 12 via Alamy Stock Photo

Threat actors are using the public's interest in a current scandal surrounding celebrity rapper Sean "Diddy" Combs to spread spyware, via files promising to reveal details of deleted posts related to Combs from the X social media platform.

Researchers have uncovered a version of the open source PySilon RAT, a remote access Trojan called "PdiddySploit" hiding in files posted online and then submitted to VirusTotal, according to analysis from Veriti Research published Sept. 24.

PySilon RAT is an advanced Python-based malware that can steal sensitive information, record keystrokes, capture screen activity, and execute remote commands, posing "serious threats to personal and organizational security," according to the post by Veriti.

Combs (aka P. Diddy), a rapper, record producer, and entrepreneur who has been in the public eye since the 1990s, is facing multiple charges of sexual assault and misconduct in New York, which has thrust him into the recent media spotlight. One area of acute public interest are controversial posts related to Combs and alleged illicit activity on X by fellow celebrities and musicians, such as Usher and Pink, as well as Combs himself that have since been deleted, according to Veriti.

"One of the most concerning aspects of this trend is the use of files related to Combs' social media activity, particularly from X.com," according to the post.

Related:Security Concerns Plague Emerging Chip Architecture

Specifically, the researchers uncovered files containing posts and replies from Combs' now-deleted account on VirusTotal, where they were uploaded by a user named @lamps\_apple. "These files are part of an automated process of 'collecting posts and replies,' but they pose a high risk because they can be easily armed with malicious payloads," according to Veriti.

**Taking Advantage of Current Events**

The activity demonstrates how attackers are quick to take advantage of current events or media stories of interest to the public to spread malware by weaponizing content related to them. One clear example of this activity was during the COVID-19 pandemic, when multiple phishing and other malicious campaigns leveraged public interest in the virus and other health-related topics to spread malware.

"Given the intense media coverage surrounding P. Diddy and other public figures, attackers are using these files to lure curious users into downloading them, only to be infected with malware," according to Veriti. "The fact that P. Diddy and others have deleted their social media content adds an additional layer of intrigue, tempting users to open these files to see what was deleted."

Related:How to Establish & Enhance Endpoint Security

PsySilon RAT — discovered in 2022 — also has seen a surge in recent use by multiple threat actors, with more than 300 samples reported on VirusTotal since June 2023, according to Cyble Research and Intelligence Labs (CRIL). Attackers use the malware to infiltrate systems, steal information, and even control devices remotely, according to Veriti.

PsySilon RAT is currently in version 3.6 and has been detected in numerous samples that imitate software, tools, and cracks, which likely originate from phishing websites, free software-downloading websites, and the like, according to Cyble.

Given the discovery of the RAT lurking behind the cover of PdiddySploit, it's likely that as the related scandal continues to attract attention, even more attackers will "leverage this malware to exploit public interest," according to Veriti.

**Don't Let Curiosity Cloud Safe Judgment**

It's perfectly natural for people to take an interest in trending topics and celebrity scandals, the researchers noted. However, that doesn't mean people should throw caution to the wind when interacting with any related files or content online.

"Curiosity can be dangerous," Veriti researchers warned, especially as attackers are well-versed in social engineering and "are always looking for ways to exploit human nature."

Related:RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary

To avoid falling prey to attackers aiming to capitalize on this and other news of public interest, Veriti advised that people avoid downloading suspicious files, especially if they encounter files claiming to contain deleted posts or exclusive content related to a celebrity scandal. They should always verify the source of these or any files before downloading something from the Internet, the researchers noted.

People also should be wary of email attachments because phishing emails remain a primary way that attackers spread malware. "If you receive an email with attachments related to the P. Diddy scandal, think twice before opening it," according to Veriti. Using up-to-date antivirus software and other protections to secure email accounts also effectively can delete malware or malicious files before they even reach someone's inbox.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Sophisticated RAT Hides Behind P. Diddy Scandal Lures

To maintain AI leadership, Congress and regulatory agencies must recognize that our foreign competitors are working to surpass us.

Haiman Wong, Fellow, Cybersecurity & Emerging Threats, R Street Institute

September 25, 2024

3 Min Read

Source: NicoElNino via Alamy Stock Photo

COMMENTARY

As a global leader in artificial intelligence (AI) innovation, the United States currently enjoys a significant competitive advantage economically, militarily, and technologically. To maintain this leadership, Congress and federal regulatory agencies must avoid complacency and recognize that our foreign competitors are diligently working to surpass us.

According to a recent report by the United Nations World Intellectual Property Organization, China filed more than 38,000 generative AI patents between 2014 and 2023, demonstrating its aggressive push to dominate AI advancement. This surge in patent activity underscores the critical need for the United States to accelerate its ongoing research and development efforts to maintain our global AI leadership.

To meet the demands of this moment, the US federal government must focus on three strategic AI research and development priorities that enhance our cyber resilience and national defense:

**1\. Clarifying the Definitions of Key AI-Related Terms**

Ambiguity and inconsistency in AI terminology continue to pose significant risks and challenges. Without precise and consistent definitions for key AI-related terms like "open source AI," "AI security," and "trustworthy AI," our country faces challenges in ensuring the responsible use of AI. Focused research and development efforts toward closing this gap can help create a more comprehensive and nuanced taxonomy, mapping out potential varying definitions and detailing parameters. For example, standardizing the term "AI security" could not only help promote secure development practices but also address emerging challenges like prompt injections and ensuring visibility into AI usage across organizations to prevent data leaks.

By systematically analyzing and standardizing terminology through collaborative efforts across academia, industry, and government stakeholders, the United States can lay a foundation for developing robust strategies that protect our national security and promote cyber resilience.

**2\. Developing a Scientific Understanding of AI**

A comprehensive scientific understanding of AI's limitations and capabilities is vital for assessing its impact and countering adversarial threats. The recent Private and Civil Liberties Oversight Board (PCLOB) AI Forum emphasized the importance of continuous research to measure AI's safety and reliability throughout its life cycle. To address this need, focused and strategically aligned research and development efforts are essential.

By developing ways to measure, test, audit, and evaluate AI capabilities, we can establish reliable methods to quantify AI's performance. These methods are critical for conducting accurate risk assessments and for our ability to continually improve AI systems and uses. Building a scientific understanding of AI, led by agencies like the National Institute of Standards and Technology (NIST) in collaboration with industry, academia, and other federal partners, will bolster our national and cybersecurity defenses by ensuring that AI systems are safe, reliable, and effective under various conditions and adversarial scenarios.

**3\. Developing AI Standards Adhering to US Mission and Values**

Establishing AI standards that reflect our mission and values, such as transparency and accountability, is crucial for maintaining national security. The PCLOB AI Forum also highlighted the importance of developing clear standards that guide acceptable and non-acceptable uses of AI, particularly in the intelligence community.

Research and development can support this effort by identifying best practices and creating robust frameworks that ensure AI technologies are deployed ethically and securely. By focusing on these priorities, we can ensure that AI advancements align with American values and strengthen our national security and cybersecurity. This makes the development of AI standards an urgent and essential aspect of AI research and development.

Recognizing AI's pivotal role in national security, policymakers have already made significant investments in its advancement. To ensure these efforts remain focused and strategically aligned, Congress must consider targeted legislative measures while empowering federal agencies to facilitate coordination, promote public-private partnerships, and set actionable research and development priorities that encourage innovation within these established guidelines.

By prioritizing the clarification of key AI-related terms, building a scientific understanding of AI, and establishing AI standards that adhere to our mission and values, the United States can maintain the momentum of our advancements in AI and meet our cyber resilience and national defense imperatives.

**About the Author**

Fellow, Cybersecurity & Emerging Threats, R Street Institute

Haiman Wong is a fellow for the R Street Institute’s Cybersecurity and Emerging Threats team. Outside of R Street, she serves as a co-chair in the AI Safety, Cybersecurity, and Inclusion Through Advanced Text Analytics minitrack at the Hawaii International Conference on System Sciences (HICSS). 

Before joining R Street, Haiman was a cyber threat intelligence associate and data scientist at Northern Trust, where she used NLP techniques to analyze more than a million cybersecurity logs. She also advised executive leadership on emerging cyber threat activities to shape the firm’s global cyber defense strategy. 

Haiman is a doctoral candidate at Purdue University, exploring the intersection of technology leadership in innovation and the influence of emerging technologies on the democratic exchange of digital information. She holds a master’s degree in data science with a cybersecurity concentration, and a bachelor’s degree in interdisciplinary studies (communications, legal institutions, economics, and government) from American University.

US May Be Losing the Race for Global AI Leadership

Cybercriminals are exploiting the ongoing Sean “Diddy” Combs scandal by spreading the new PDiddySploit malware hidden in infected…

Cybercriminals are exploiting the ongoing Sean “Diddy” Combs scandal by spreading the new PDiddySploit malware hidden in infected files, targeting curious and unsuspecting social media users, particularly those on X.com (formerly Twitter).

Cybercriminals are wasting no time exploiting the recent scandal involving Sean “Diddy” Combs. As the public’s curiosity surges over the music mogul controversy, cybercriminals have seized the moment to spread a new strain of malware designed to take advantage of the growing interest.

According to Veriti’s research team, a new Trojan malware dubbed PDiddySploit has been identified. This malware, part of the PySilon RAT (Remote Access Trojan) family, is developed to exploit those seeking information about Diddy’s now-deleted social media activity on platforms like X.com (formerly Twitter).

The Trojan, which has advanced capabilities for stealing sensitive data, monitoring keystrokes, recording screen activity and remotely controlling infected systems, can severely compromise anyone’s security and privacy.

****The PDiddySploit Threat****

First discovered on September 13, 2024, PDiddySploit is a direct variant of the PySilon RAT, which is notorious for its adaptability and malicious functionalities. PySilon, an open-source **Python-based malware**, has become a preferred tool for threat actors due to its ability to evolve and spread quickly.

The current version of PySilon RAT is version 3.6 and since June 2023 alone over 300 samples have been found on **VirusTotal**, showing how cybercriminals are continuously refining this tool.

****Celebrity Scandals as a Gateway for Malware Attacks****

According to Veriti’s **report** shared with Hackread.com ahead of publishing on Tuesday, one of the most alarming aspects of this wave of attacks is how closely they are tied to Diddy’s deleted social media content.

One major part of this malware attack is how cybercriminals are uploading files that claim to contain “removed” posts and replies from Diddy’s X.com account, and these files are being used as bait to lure unsuspecting users. Curious individuals who want to see what was deleted are being tricked into downloading these files, unknowingly infecting their devices with the PDiddySploit Trojan.

One of the malicious files with deleted Diddy posts was uploaded by a now-deleted account @lamps\_apple on Virus Total (Screenshot via Veriti)

This tactic is effective because of the public’s curiosity. As the scandal gets more media attention, attackers know that many users will search for more information, especially content that has been taken down.

Veriti’s analysis uncovered several of these malicious files on platforms like VirusTotal, all associated with Diddy’s deleted posts. These files, packaged to appear like legitimate screenshots or documents, are loaded with malware, turning curiosity into a cybersecurity nightmare.

****Diddy and Malware****

Interestingly, this is not the first time Sean “Diddy” Combs’ name has been associated with malware. **Back in 2013**, a similar attack was launched, using Diddy’s hit song “I’m Coming Home” as the bait. That malware, disguised as an MP3 file, targeted users who wanted to download the track.

In similar attacks, hackers exploited the nude celebrity photo leaks scandal **in December 2016** to lure victims into downloading malicious PDF files loaded with malware. **In February 2020**, cybercriminals used Oscar movie nominations as bait, tricking users into downloading malware disguised as “free downloads” of movies nominated for the 2020 Oscar Best Picture award.

Nevertheless, while it may be tempting to explore deleted content or hidden details, letting curiosity take over can expose your device to malware. Additionally, the increasing sophistication of malware like PySilon RAT, added with the lure of celebrity conspiracy, sets the stage for successful cyberattacks. Therefore, watch out for social media trends, especially those addressing high-profile scandals.

1.  **Hackers Hiding DcRAT Malware in Fake OnlyFans Content**
2.  **Crooks using Marvel’s Black Widow movie to spread malware**
3.   **Torrent uploader CracksNow distributed GrandCrab ransomware**
4.  **Fake OnlyFans Checker Tool Infects Hackers with Lummac Stealer**
5.  **Russian Hackers Control Malware via Britney Spears Instagram Posts**

PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts

The security vulnerabilities could lead to everything from gas spills to operations data disclosure, affecting gas stations, airports, military bases, and other hypersensitive locations.

Source: Bax Walker via Alamy Stock Photo

Multiple critical security vulnerabilities in automatic tank gauge (ATG) systems, some unpatched, threaten critical infrastructure facilities with disruption and physical damage, researchers are warning.

ATGs are sensor systems that monitor and manage fuel storage tanks to ensure that fill levels aren't too low or too high, to see that leaks are detected in real-time, and to manage inventory. ATGs can be found where you'd expect them to be, like at gas stations and airports, but also in less obvious installations.

"In the US, for example, we were told that you are required by law to have an ATG system installed in any fuel tank of a certain size," Pedro Umbelino, principal research scientist at Bitsight's TRACE unit, explains to Dark Reading. "Gas stations are the largest and most obvious use case, but the second largest use case for ATGs are critical facilities that require large backup generators — you often see these in facilities like hospitals, military installations and airports."

Worryingly, most of the newly discovered vulnerabilities allow for an attacker to have full control of an ATG as an administrator. And according to Umbelino, the 11 bugs across six ATG systems from five different vendors can thus open the door to a gamut of nefarious activities, ranging from making fueling unavailable to wreaking environmental havoc.

Related:Kansas Water Plant Pivots to Analog After Cyber Event

"What's even more concerning is that, besides multiple warnings in the past, thousands of ATGs are still currently online and directly accessible over the Internet, making them prime targets for cyberattacks, especially in sabotage or cyberwarfare scenarios," Umbelino said in an analysis released on Sept. 24.

The bugs were discovered six months ago, with Bitsight, the US Cybersecurity and Infrastructure Security Agency (CISA), and the affected vendors working in tandem to mitigate the problems. As a result of those efforts, "Maglink and Franklin have released patches," Umbelino says. "The affected OPW product has been EOL'd \[end of life\] and is no longer being supported by the vendor, so they will not be releasing a patch. Proteus and Alisonic have not engaged with us or with CISA as part of the disclosure process, so it's unclear to us if they’ve released or are working on a mitigation plan."

Patching isn't where the remediation needs stop, though.

"Even for devices that have had patches issued, my top recommendation is to disconnect these devices from the public Internet," Umbelino says. "Most of them were never designed to be connected in the way they are today, so they weren't built with the level of security that is required for Internet-connected devices. They're being used in ways that vendors hadn't initially intended, and that's what is at the core of these vulnerabilities. Taking them off the public Internet is the only true solution."

Related:Concerns Over Supply Chain Attacks on US Seaports Grow

**Major Cyber-Risk From ATG Tampering**

ATGs not only automatically measure and record the level, volume, and temperature of products in storage tanks, but they're usually connected to sirens, emergency shutoff valves, ventilation systems, and peripherals like fuel dispensers.

"Part of what makes these devices attractive to security researchers, or a malicious actor for that matter, is the potential ability to control physical processes that could lead to disastrous consequences if they are abused in unintended ways," Umbelino noted.

As Umbelino explained, "We found vanilla reflected cross-site scripting (XSS). The authentication bypasses were direct path access. The command injections lacked filtering. There were hardcoded administrator credentials. The arbitrary file read was a direct path traversal access, yielding admin credentials. The SQL injection could be exploited aided by full SQL error logs."

The vulnerabilities are as follows:

Related:Name That Toon: Tug of War

Source: Bitsight TRACE.

As an example of those consequences, attackers could exploit the bugs to change the amount of liquid a tank is capable of taking on, while also tampering with overflow alarms. The result could be an undetected tank overflow, which could cause gas spills and environmental chaos.

And as Umbelino explained in the post, "The most damaging attack is making the devices run in a way that might cause physical damage to their components or components connected to it. In our research, we've shown that an attacker can gain access to a device and drive the relays at very fast speeds, causing permanent damage to them."

Other bad outcomes include making the systems inaccessible via denial of service (DoS), exposing competitive operations data (delivery dates, pricing, inventory intel, types of alarms, etc.), or the loss of compliance data leading to potential regulatory fines. In a DoS scenario for instance, an attack could "lead to downtime and would usually require human intervention," Umbelino explained in the posting. "In fact, these types of attacks are currently ongoing, with claims of exploitation of at least one brand of devices for which we published a vulnerability on just two weeks ago."

**Critical Infrastructure Under Increasing Cyber Threat**

The critical infrastructure threat landscape continues to be a thorny problem for security practitioners, starting with the fact that ICS systems and the operational technology (OT) that controls them are designed to prioritize reliability and efficiency, not security.

"As a result, they often lack modern protections," Umbelino noted. "In addition ... vendors recently started to integrate them with newer technology to improve efficiency and remote access and this significantly changes their threat model. Of course, there is also a lack of cybersecurity experts that are familiar with ICS systems. It is hard to find vulnerabilities if no one is looking for them."

Threat actors have taken notice: Chinese APTs like Volt Typhoon and others are looking to gain a foothold within physical infrastructure, for operational espionage as well as cultivating the potential for disruptive attacks. Ransomware gangs have their own reasons for targeting ICS, as seen in the infamous Colonial Pipeline cyberattack.

"While not related to the vulnerabilities we found, there is a group consistently claiming ICT/OT disruption in the Ukraine-Russia war, including ATG systems," Umbelino says. "In this tweet, we can see an OPW ATG system being targeted, but they claim to have affected many other ICT/OT devices too, indicating that attackers do see these elements within critical infrastructure as a target."

CISA itself has flagged increased threats to water supply organizations, power plants, manufacturing, telecom carriers, military footprints, and more — attacks that are largely being spearheaded by APTs backed by China, Russia, and Iran.

So far, defenders have headed off catastrophic attacks at the pass, and there's no reason to expect mass gas spills anytime soon, given the complexity and sophistication required to exploit the bugs, but it's important to stay ahead of the risk.

"It’s not just about fixing vulnerabilities, it’s about adopting security practices that make them difficult to exist in the first place," Umbelino explained in the analysis. "And it is not just about the vulnerabilities themselves, it's about their exposure. Organizations need to understand they should not expose these types of critical systems to the public Internet. They need to effectively assess their exposure, understand their current risk and start addressing such issues, regardless of vendors ability to update their systems in a timely fashion."

Security researchers also have an important role to play, he adds, noting that stakeholders should be expanding their ICS focus.

"We should start paying more close attention to these types of systems that control very important parts of our society and that, if abused, can have a physical effect on the world, sometimes catastrophic," Umbelino says. "We need to systematically discover, classify and mitigate the risk of them being openly exposed to the Internet faster than the attackers, and be able to communicate that risk to all affected parties. It is not an easy task."

**About the Author**

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Critical Automated Tank Gauge Bugs Threaten Critical Infrastructure

A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and in consequence gaining total control over Screen Time (Parental Control) settings. Version 17.2.1 is affected.

    Document Title:===============Apple iOS 17.2.1 - Screen Time Passcode Retrieval (Mitigation Bypass)Release Date:=============2024-09-24Affected Product(s): ==================== Vendor: Apple Inc.Product: Apple iOS 17.2.1 (possibly all < 18.0 excluding 18.0)References:====================VIDEO PoC: https://www.youtube.com/watch?v=vVvk9TR7qMo The vulnerability has been patched in the latest release of the operating system (iOS 18.0).Abstract Advisory Information:==============================A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions.It allows a local attacker to acquire the Screen Time Passcode by bypassing theanti-bruteforce protections on the four-digit Passcode, and in consequencegaining total control over Screen Time (Parental Control) settings.Common Weakness Enumeration====================================CWE-307: Improper Restriction of Excessive Authentication AttemptsCWE-799: Improper Control of Interaction FrequencyExploitation Technique:=======================LocalSeverity Level:===============ModerateDiscovery Status:=================Full DisclosureTechnical Details & Description:================================1. The Screen Time Passcode input is generally immune to bruteforce attacks, and the following document reveals a weakness in the implementation of thesemitigations.2. The Passcode always consists of four digits, therefore the range of values an attacker needs to check is low. 3. The usage of an external HID, particularly a keyboard, whether one connected through USB-C, Lightning or Bluetooth, simplifies andenhances the speed and practicality of the brute force attack.4. In nearly all cases, the Screen Time Passcode input form is fortified with strict mitigations, such as time delay imposed upon reachinga certain threshold of subsequent failed attempts.5. This can be noticed when one attempts to manually guess the Passcode in "Settings > Screen Time", where multiple consecutive failed attempts triggerthe anti-bruteforce mitigation.6. The aforementioned mitigation is akin to the one in the Screen Lock input,with increasingly long delays after every block, making it a solid mitigation against bruteforce attacks.7. In one case, such mitigations are absent, enabling rapid bruteforce attacksagainst a low-complexity, four-digit input, suggesting a CWE-307 vulnerability.8. Because of this case, all the other protections of the Screen Time Passcode in practice become null and void.9. It is possible to create an user friendly, cross-platform software, thatwould allow children, or other people under Screen Time, to easily acquirethe code to its settings.10. It is often the case that such codes are exactly the same on every deviceassociated with one iCloud account, extending the impact to other devices.Proof of Concept (PoC):=======================Assumptions: Screen Time is enabled, and the Screen Time Passcode is set.1. Open "Settings"2. Go to "General"3. Scroll down to "Erase Content and Settings"4. Once prompted, choose "Erase Content and Settings" again.5. Agree with the dialogue, proceed further. 6. Press the red button asking for confirmation of the erasure.7. Enter the current Device Passcode or Password. 8. Now you will be asked to enter the Screen Time Passcode (if one is set).This four digit input form is vulnerable to unlimited bruteforce attacks.9. Once the correct Passcode is provided, the "Uploading Data to iCloud" screen should appear. 10. The moment it happens, go back IMMEDIATELY (use the arrow on the upper left corner of the screen to stop the process before it begins erasing data)11. The device erasure process should now be stopped.12. The Screen Time Passcode should now be well-known.VIDEO PoC: https://www.youtube.com/watch?v=vVvk9TR7qMo Security Risk:==============The security risk is estimated as moderate, and context dependent.Abuse of this vulnerability results in full control over tScreen Time settings imposed on the device, making it possible to disarm all the restrictions. It is worth mentioning, that the Passcode could be shared among other devicesassociated with the same iCloud account. If this is the case, the impact of the vulnerability becomes more significant.Example restrictions provided by Screen Time, that could be then deactivated:- Harmful content protection (adult / traumatizing content, malicious websites)- Restrictions on communication with strangers- Device usage time limits (Downtime, daily usage limits).- Camera, location and microphone access permissions for specific applications.- Device activity monitoring and reporting.- Application-specific usage time limits.- Application-specific functionality limits.- Security settings that require the Screen Time Passcode to access and modify. - and possibly more...The attack, when executed properly:- can be repeated, in case the Screen Time Passcode gets changed by the parent.- can be used to change the Passcode to an arbitrary one, or disable it. - can be used to shut down all the system parental control settings on the,device, and possibly acquire similar power against other synchronized devices.- gives one the silent knowledge of the Passcode, which makes it more stealthyand detection resilient.There are no known protections against this attack, other than an upgrade of all the devices running on vulnerable versions, to the latest version.Solution - Fix & Patch:=======================Patched in iOS 18.0, despite not being acknowledged by the vendor.Fixed with a silent rate-limit enforced on the vulnerable input. Vulnerability Disclosure Timeline:==================================2023-12-21: The vulnerability has been reported to the vendor.2023-12-23: The vendor has refused to acknowledge the vulnerability.2023-12-27: The vulnerability has been reported again, more details included,and real-world impact scenarios, complete with a clear video demonstration. 2024-01-02: The vendor has refused to acknowledge the vulnerability once again.2024-09-16: The vulnerability has been patched in the next major release of the vulnerable system (iOS 18.0).2024-09-24: Full disclosure of the vulnerability.Credits & Authors:==================SivertPL (kroppoloe@protonmail.ch)

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass

Reservation Management System version 1.0 suffers from a backup disclosure vulnerability.

**Reservation Management System 1.0 Backup Disclosure**

Posted Sep 24, 2024

Authored by indoushka

Reservation Management System version 1.0 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure

SHA-256 | 3fdb31b63dd3dffcc359c8fe22cdbfc2692c268e17a6a1cc41302fd995ff1353

Download | Favorite | View

**Reservation Management System 1.0 Backup Disclosure**

    =============================================================================================================================================| # Title     : Reservation Management System 1.0 Backup Disclosure Vulnerability                                                           || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/reservation.zip                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Appears to leave backups in a world accessible directory under the document root.  [+] use Payload : /admin/backup/[+] http://127.0.0.1/reservation/admin/backup/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,935)
*   Arbitrary (17,095)
*   BBS (2,859)
*   Bypass (1,925)
*   CGI (1,047)
*   Code Execution (7,919)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,431)
*   DoS (25,287)
*   Encryption (2,395)
*   Exploit (54,293)
*   File Inclusion (4,275)
*   File Upload (1,018)
*   Firewall (822)
*   Info Disclosure (2,920)
*   Intrusion Detection (919)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,303)
*   Local (14,856)
*   Magazine (587)
*   Overflow (13,225)
*   Perl (1,435)
*   PHP (5,277)
*   Proof of Concept (2,412)
*   Protocol (3,749)
*   Python (1,661)
*   Remote (31,900)
*   Root (3,672)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,658)
*   Security Tool (8,050)
*   Shell (3,305)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,731)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,120)
*   Web (10,141)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,303)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,125)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,591)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,312)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,885)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,861)
*   UNIX (9,458)
*   UnixWare (188)
*   Windows (6,772)
*   Other

Reservation Management System 1.0 Backup Disclosure

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean

Cybersecurity / Cyber Threat

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean from the past week.

****⚡ Threat of the Week****

**Raptor Train Botnet Dismantled:** The U.S. government announced the takedown of the Raptor Train botnet controlled by a China-linked threat actor known as Flax Typhoon. The botnet consisted of over 260,000 devices in June 2024, with victims scattered across North America, Europe, Asia, Africa, and Oceania, and South America. It also attributed the Flax Typhoon threat actor to a publicly-traded, Beijing-based company known as Integrity Technology Group.

****🔔 Top News****

*   **Lazarus Group's New Malware:** The North Korea-linked cyber espionage group known as UNC2970 (aka TEMP.Hermit) has been observed utilizing job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN. The activity is also tracked as Operation Dream Job.
*   **iServer and Ghost Dismantled:** In yet another big win for law enforcement agencies, Europol announced the takedown of an international criminal network that leveraged a phishing platform to unlock stolen or lost mobile phones. The agency, in partnership with the Australian Federal Police (AFP), dismantled an encrypted communications network called Ghost that enabled serious and organized crime across the world.
*   **Iranian APT Acts as Initial Access Provider:** An Iranian threat actor tracked as UNC1860 is acting as an initial access facilitator that provides remote access to target networks by deploying various passive backdoors. This access is then leveraged by other Iranian hacking groups affiliated with the Ministry of Intelligence and Security (MOIS).
*   **Apple Drops Lawsuit against NSO Group:** Apple filed a motion to "voluntarily" dismiss the lawsuit it's pursuing against Israeli commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information. The lawsuit was filed in November 2021.
*   **Phishing Attacks Exploit HTTP Headers:** A new wave of phishing attacks is abusing refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials. Targets of the campaigns include entities in South Korea and the U.S.

****📰 Around the Cyber World****

*   **Sandvine Leaves 56 "Non-democratic" Countries:** Sandvine, the company behind middleboxes that have facilitated the delivery of commercial spyware as part of highly-targeted attacks, said it has exited 32 countries and is in process of ceasing operations in another 24 countries, citing elevated threats to digital rights. Earlier this February, the company was added to the U.S. Entity List. "The misuse of deep packet inspection technology is an international problem that threatens free and fair elections, basic human rights, and other digital freedoms we believe are inalienable," it said. It did not disclose the list of countries it's exiting as part of the overhaul.
*   **.mobi Domain Acquired for $20:** Researchers from watchTowr Labs spent a mere $20 to acquire a legacy WHOIS server domain associated with the .mobi top-level domain (TLD) and set up a WHOIS server on that domain. This led to the discovery that over 135,000 unique systems still queried the old WHOIS server over a five day period ending on September 4, 2024, including cybersecurity tools and mail servers for government, military and university entities. The research also showed that the TLS/SSL process for the entire .mobi TLD had been undermined as numerous Certificate Authorities (CAs) were found to be still using the "rogue" WHOIS server to "determine the owners of a domain and where verification details should be sent." Google has since called for stopping the use of WHOIS data for TLS domain verifications.
*   **ServiceNow Misconfigurations Leak Sensitive Data:** Thousands of companies are inadvertently exposing secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations. AppOmni attributed the issue to "outdated configurations and misconfigured access controls in KBs," likely indicating "a systematic misunderstanding of KB access controls or possibly the accidental replication of at least one instance's poor controls to another through cloning." ServiceNow has published guidance on how to configure their instances to prevent unauthenticated access to KB articles.
*   **Google Cloud Document AI Flaw Fixed:** Speaking of misconfigurations, researchers have found that overly permissive settings in Google Cloud's Document AI service could be leveraged by threat actors to hack into Cloud Storage buckets and steal sensitive information. Vectra AI described the vulnerability as an instance of transitive access abuse.
*   **Microsoft Plans End of Kernel Access for EDR Software:** Following the massive fallout from the CrowdStrike update mishap in July 2024, Microsoft has highlighted Windows 11's "improved security posture and security defaults" that allow for more security capabilities to security software makers outside of kernel mode access. It also said it will collaborate with ecosystem partners to achieve "enhanced reliability without sacrificing security."

**🔥 **Cybersecurity Resources & Insights******— **Upcoming Webinars****

*   **Zero Trust: Anti-Ransomware Armor**: Join our next webinar with Zscaler's Emily Laufer for a deep dive into the 2024 Ransomware Report, uncovering the latest trends, emerging threats, and the zero-trust strategies that can safeguard your organization. Don't become another statistic – Register now and fight back!
*   **SIEM Reboot: From Overload to Oversight:** Drowning in data? Your SIEM should be a lifesaver, not another headache. Join us to uncover how legacy SIEM went wrong, and how a modern approach can simplify security without sacrificing performance. We'll dive into the origins of SIEM, its current challenges, and our community-driven solutions to cut through the noise and empower your security. Register now for a fresh take on SIEM!

**— **Ask the Expert****

*   **Q:** How does Zero Trust differ fundamentally from traditional Perimeter Defense, and what are the key challenges and advantages when transitioning an organization from a Perimeter Defense model to a Zero Trust architecture?

*   **A:** Zero Trust and perimeter defense are two ways to protect computer systems. Zero Trust is like having multiple locks on your doors AND checking IDs at every room, meaning it trusts no one and constantly verifies everyone and everything trying to access anything. It's great for stopping hackers, even if they manage to sneak in, and works well when people work from different places or use cloud services. Perimeter defense is like having a strong wall around your castle, focusing on keeping the bad guys out. But, if someone breaks through, they have easy access to everything inside. This older approach struggles with today's threats and remote work situations. Switching to Zero Trust is like upgrading your security system, but it takes time and money. It's worth it because it provides much better protection. Remember, it's not just one thing, but a whole new way of thinking about security, and you can start small and build up over time. Also, don't ditch the wall completely, it's still useful for basic protection.

**— **Cybersecurity Jargon Buster****

*   **Polymorphic Malware:** Imagine a sneaky virus that keeps changing its disguise (signature) to trick your antivirus. It's like a chameleon, making it tough to catch.
*   **Metamorphic Malware:** This one's even trickier! It's like a shapeshifter, not just changing clothes, but completely transforming its body. It rewrites its own code each time it infects, making it nearly impossible for antivirus to recognize.

**— **Tip of the Week****

**"Think Before You Click" Maze:** Navigate a series of decision points based on real-world scenarios, choosing the safest option to avoid phishing traps and other online threats.

****Conclusion****

"To err is human; to forgive, divine." - Alexander Pope. But in the realm of cybersecurity, forgiveness can be costly. Let's learn from these mistakes, strengthen our defenses, and keep the digital world a safer place for all.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#ios