Blog Welcome to PureID Research Blog

FluBot is a banking malware that is specifically attacking Android phones and stealing bank details and passwords from your device. Like Covid-19, this malware has spread across a wide range of English speaking countries rapidly causing some irreparable damage.  FluBot uses “smishing” – phishing using SMS and text messages. These attacks have seen a huge […]
Read More...

Ramya Erramilli May 4, 2021 Credential Stealing,  Malware

The VPN Meltdown Throughout the March & April month, Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agent (CISA)  has reported numerous  incidents where old vulnerabilities in popular VPNs were exploited by organized (or state sponsored)   hackers, around the world. Large numbers of malware families & malicious actors across the globe […]
Read More...

Shivani Thopte April 27, 2021 Uncategorized

Online world majorly relies on passwords for access control and content security. Enterprises and individuals alike use passwords to keep sensitive information out of the wrong hands. However, enterprises are an extremely high value target for attackers and that level of attention cannot be handled by the humble passwords.  In this blog I will be […]
Read More...

Atharva Chincholkar February 22, 2021 Uncategorized

Slack introduced a bug on 21st December 2020 that caused their android app to store user passwords in plain text on their local storage. Slack communicated users to change their Slack passwords as well as to clear the Slack app data on android devices. The affected users’ passwords have been invalidated and they will be […]
Read More...

Aman Shakya February 15, 2021 Passwordless

Amongst the many known cyber-attacks, Phishing takes the throne. Users, including the experienced ones, can fall prey to phishing. Phishing has become a very cost effective, low skill & straightforward way for cyber criminals over the years now to harvest credentials from across the globe. The effectiveness of phishing attacks is getting better and better […]
Read More...

Ramya Erramilli February 4, 2021 Uncategorized

Git Server with default credentials When you set up things that are connected to the internet, they generally require protection from unauthorized access. This protection is often provided by passwords. In most of these cases, a default password with a username is given for first time configuration. As a general security practice, you are supposed […]
Read More...

Atharva Chincholkar February 4, 2021 Uncategorized

About SolarWinds: SolarWinds is an American company that provides IT management and administration software that can be used by the Sysadmins and IT administrators in their organization. The reach of the SolarWinds Products is quite high and their products are used by many fortune-500 companies, spreading across the globe. What is Supply Chain Attack: Supply […]
Read More...

Satyam Dubey December 28, 2020 Threat Intelligence

In 2018, a vulnerability (CVE-2018-13379) allowed attackers to read FortiOS files without authentication by sending a carefully crafted HTTP request. This vulnerability only existed in the SSL VPN. It affected FortiOS version 5.6.3 to FortiOS version 6.0.4. According to CloudSEK this vulnerability has come back to haunt networks that use FortiOS and missed the memo […]
Read More...

Atharva Chincholkar November 27, 2020 Uncategorized

As reported by Zscaler in April 2020, a significant increase (about 85%) in phishing attacks were seen, targeting remote workers. Attackers had registered domains featuring Covid-19 related keywords such as “virus”, “vaccine” etc. in order to steal credentials, disseminate malware, most notably ransomware for conducting financial frauds. With ever-growing advanced spear-phishing attacks, vulnerabilities like Address […]
Read More...

Khush Bhatt October 22, 2020 Spoofing

Introduction: We all know how crucial our credentials are to us, these shared secrets are basically the access to our resources present on various platforms. The whole process of authentication and authorization is pretty much always dependent on these shared secrets which can be in the format of passwords, access tokens, keys, tickets etc. Today […]
Read More...

Satyam Dubey September 13, 2020 Uncategorized