Say Hi to Octopii, an AI-powered Personal Identifiable Information scanner that uses Tesseract’s Optical Character Recognition (OCR) and a MobileNet Convolutional Neural Network (CNN) model to detect various forms of Government IDs, passports, debit cards, driver’s licenses, photos, signatures, etc. Let’s take a closer look at how Octopii works and why it’s essential to look out for exposed PII throughout your assets.
The Spring4Shell (CVE-2022-22963) is a RCE vulnerability in the Spring framework affecting JDK versions >= 9. We analyse the vulnerability and exploits in detail in this blog.
CVE-2022-0847 dubbed the “Dirty Pipe”, is a privilege escalation vulnerability in the Linux Kernel. We demonstrate the vulnerability and analyze it in depth.
Nowadays, securing and managing a company’s digital footprint has become an even more difficult challenge. With so many subdomains, code repositories, and applications, some untracked assets are bound to be overlooked. As the attack surface expands, visibility of the complete landscape is essential to keep an organization’s assets safe.
At RedHunt Labs, (under Project Resonance), we frequently conduct internet-wide research in different shapes and formats to understand the state of security across the internet. In this iteration, we conducted a study about the current state of DNS configurations (SPF, DKIM and DMARC records) from a security perspective. We scanned more than 2.2 billion domains but before we discuss the insights, let’s quickly go over the basics.
Studies reveal that a data leak can seriously damage a company’s image and brand value. It can harm the goodwill of a brand and cause a loss of client trust.
As per the Risk Based Security research report, in 2019, over 5000 breaches were reported, exposing 7.9 billion records. A data breach is not just a matter of privacy concern; it concerns all the stakeholders interested in protecting the brand’s name.
What is Log4j Vulnerability? Apache Log4j is an open source logging framework that allows software developers to log various data within their application. This data can also include user input….
Docker is a popular tool that has become synonymous with containers. Docker can build images and run containers. The tool also allows its users to upload their docker images to Docker Hub – the container image registry from Docker Inc. that helps share images. Docker Hub allows free public repositories for images.
During this research, we found more than 1.6 million unique user accounts on Docker Hub. There are more than 6.3 million public repositories at the time of writing this blog.