Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

informer

Subdomain Takeover: How to Protect Your Domain

Jun 8, 2023 By Elise Imison In Informer
A subdomain is a prefix added to a domain name to separate a section of your website. It’s a part of the Domain Name System (DNS) hierarchy and is a domain that is a part of another (main) domain. Subdomains are primarily used to manage extensive sections of a web application that require their own content hierarchy, such as online stores, blogs, job boards, or support platforms.
Read Post
cyberint

The Potential Surfacing of Cardpool's Gift Cards

Jun 7, 2023 By Yehonatan Wiesel In Cyberint
Cyberint discovered in the ‘wild’ what could possibly be associated with the ‘Cardpool’ gift card breach, a file named ‘cardpool leak’. It was collected by our platform, Argos. ‘Cardpool’ was an online business where customers exchanged or sold their unwanted or partially used gift cards. It was shut down in early 2021, but it’s been discovered that in late April 2021, a Russian Threat Actor allegedly sold $38 million worth of gift cards there.
Read Post
SecurityScorecard

Three Steps to Prevent a Cybersecurity Breach from MOVEit Exploit

Jun 7, 2023 By SecurityScorecard In SecurityScorecard

SecurityScorecard conducted an extensive investigation into the Zellis breach. This research revealed alarming insights about the scale and persistence of the attack. The data exfiltration was carried out in several steps: Netflow data from Zellis IP ranges indicated large outbound transfers over HTTPS, which pointed towards the presence of a web shell. Additionally, SecurityScorecard researchers detected exfiltration over SSH to known malicious IP addresses.

Read Post

MOVEit and Lose it: Exploitation and Patching Hell

Jun 7, 2023 By Cato Networks In Cato Networks
Join Bill Carter and Robin Johns as they talk about the latest and greatest Cybersecurity topics and incidents happening across our digital landscape. In this episode we explore how the BBC, British Airways, Aer Lingus and other organisations have become victim to a 'mass hack' due to an alleged vulnerability in the MOVEit secure file transfer system, as well as explore how an old iPhone vulnerability could give threat actors full access to your device, without you even opening a file or clicking a link....
View Video
bitsight

What is a Third-Party Data Breach?

Jun 7, 2023 By Sabrina Pagnotta In BitSight

A data breach is an IT security incident where data is compromised or stolen from a system without the knowledge or authorization of its owner. But what happens when a third party is involved? Stolen data may include sensitive, proprietary, or confidential information such as credit card numbers, trade secrets, customer, or patient data. Third party breaches cost millions of dollars every year to companies of all sizes.

Read Post
outpost 24

Outpost24 acquires external attack surface management provider Sweepatic to reduce risk exposure of internet facing assets

Jun 7, 2023 By Outpost 24 In Outpost 24

Outpost24, a leading cybersecurity risk management platform, today announced the acquisition of Sweepatic. Outpost24, a leading cybersecurity risk management platform, today announced the acquisition of Sweepatic. Based in Leuven (BE), Sweepatic is an innovative external attack surface management (EASM) platform. Gartner identified EASM as a top Security and Risk Management (SRM) trend for 2022.

Read Post
kroll

Responding to the Critical MOVEit Transfer Vulnerability (CVE-2023-34362)

Jun 7, 2023 By Scott Downie In Kroll

On May 31, 2023, Kroll received multiple reports that a zero-day vulnerability in MOVEit Transfer was being actively exploited to gain access to MOVEit servers. Kroll has observed threat actors using this vulnerability to upload a web shell, exfiltrate data and initiate intrusion lifecycles. This vulnerability may also enable a threat actor to move laterally to other areas of the network.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.