In the last blog post we covered full, incremental, and differential backup. In this one, we will talk about backup types which are a variance of them: forever incremental, synthetic, reverse incremental.
Read moreXopero Blog
Beware! Two new WhatsApp bugs expose you to a man-in-the-middle attack
Android users have new reasons to worry… again. About a week ago, we provided information about the FlixOnline application which operators were able to successfully bypass the application authentication system in the Google Play Store. This time we report two serious bugs found in WhatsApp. They enable the so-called ‘man-in-the-disk’ attack. What is it exactly? Attackers are able to manipulate the data exchanged between the application and external memory. Details can be found below.
Read moreGitHub security – key basic security measures you should consider
GitHub, Bitbucket or GitLab? What to choose? For some businesses, especially those for which code as intellectual property is the most valuable asset, the security of code hosting and version control service aspect might be a decision-maker. In this article, we take a closer look at GitHub security.
Read moreFull copy, incremental copy, and differential copy – backup types
Full copy, incremental copy, differential copy… today we are going to talk about different backup types. We will start from absolute basics, but more experienced in that field reader should be able to find something interesting as well.
Read moreFlixOnline – if you too have this app installed, delete it now
A promise of two months Premium Netflix subscription free of charge and there will always be someone willing to save some money. But in this case, some people got surprised with hijacked WhatsApp and stolen credit card data. While most of our readers were probably smart enough to avoid the FlixOnline app, we can see that this scam is totally working on many people. Everything in this campaign was designed to confuse and get them to believe they are getting free Netflix for real. Word of advice: there is no easy way to get Netflix for free.. Or HBO Max, Disney Plus or anything else.
Read moreMonthly summary: Git Backup Guide / GitProtect beta tests
The first week of April is already behind us. It’s the final time to make some summary of our activities and special projects we have prepared for you last month.
Check it out!
Read moreBugs in VMware vRealize Operations platform make RCE and admin’s credentials theft possible
Welcome to the next episode of the Xopero Security Center. Stealing admin credentials or gaining access to the platform capable of managing IT operations in various cloud deployments, allowing admins to monitor the health and capacity of virtual environments is a serious security breach. And these black scenarios become more than possible thanks to two newly discovered [and patched] vulnerabilities in VMware vRealize Operations platform. How severe is this new threat? To uncover this true check the whole post below.
Read moreBitbucket security – best practices
For some businesses, especially those for which code is the most critical resource, the security of the code hosting and version control service might be a key decision factor. There are three main such services on the market – GitHub, Bitbucket, GitLab. In this article, we will take a closer look at Bitbucket security.
Read morePurple Fox malware has gained new and alarming worm capabilities
Welcome to the next episode of the Xopero Security Center. This week we are taking a break from MS Exchange and ProxyLogon vulnerabilities. Maybe except this small update: according to Microsoft, 92% of vulnerable Exchange servers are now patched or mitigated. But Microsoft’s ecosystems are profitable targets and attackers take advantage of newer vulnerabilities to infect systems over and over again. Thus, this time we are taking a closer look into an upgraded variant of Purple Fox malware with worm capabilities that targets Microsoft Windows machines. Which one exactly? To find out more, read the full post.
Read moreMicrosoft releases a one-click ProxyLogon mitigation tool
Welcome to the next episode of the Xopero Security Center. Race against time – that’s the best description of the ProxyLogon situation. First Microsoft has released emergency patches for vulnerable systems. No more than a week later researchers spotted the first ransomware actively exploiting these vulnerabilities. Now users got a one-click ProxyLogon mitigation tool (details below). The keyword is „mitigation” – it mitigates the risk of exploit until the update will be applied. This is not an alternative. The good news – tens of thousands of Microsoft Exchange servers have been patched already. Experts have never seen patch rates this high for any system before. Still, there are about 82k devices vulnerable to the attack. Hence the new tool. Need to find out more? Check the rest of the article.
Read more