Areas Of Expertise
Dalibor Gašić
Head Of Security Research
Dalibor is a Senior Security Engineer with experience in penetration testing, and an active Bug Bounty hunter on platforms such as HackerOne, Bugcrowd, and Integrity. He currently serves as PurpleSec’s head of security research and is responsible for the growth of our Security Insights.
In the past, Dalibor worked as a security consultant for several companies, where he gave recommendations and advice on how to protect companies from cyber attacks. He also served 8 years in the Ministry of Internal Affairs in the Department of Cyber Security in Serbia.
Recent Articles:
Microsoft Azure Services Vulnerable To SSRF
On January 17, 2023, four vulnerabilities in Microsoft Azure services were vulnerable to server-side request forgery (SSRF) attacks. Services included Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins.
Inside Slack’s GitHub Account Hack
On December 29, 2022, Slack became a victim to a hacker. The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary codebase nor were any customer data included in the downloaded repositories.
Top 10 Cyber Attacks In 2022
As cyber threats continue to evolve, it is important to stay informed and proactive in safeguarding against potential attacks. This report aims to provide valuable information for organizations and individuals to stay ahead of the constantly changing threat landscape.
Top 10 Most Exploited Vulnerabilities In 2022
The year 2022 saw its fair share of significant vulnerabilities that made headlines and affected a wide range of systems and devices. These vulnerabilities impacted a wide range of systems and devices, including web servers, collaboration platforms, office software, and network devices.
Dropbox Suffers Data Breach Following Phishing Attack
Dropbox confirmed thousands of names and email addresses belonging to Dropbox employees as well as API keys and other credentials were exposed in November.
Iranian APT Uses Log4j Vulnerability To Hack US Federal Network
According to the FBI and CISA, Iranian government-sponsored hackers accessed an undisclosed US federal agency’s network early this year, using the Log4Shell vulnerability to deploy crypto miners and compromised credentials.
Russian Hacktivists, Killnet, Take Down US Airport Websites
In October 2022, a pro-Russian hacker group claimed responsibility for hacking several US airport websites.
The No More Ransomware Project
The No More Ransom project includes 188 partners worldwide, including some well-known companies: Amazon Web Services, Barracuda Networks, CheckPoint, Cisco, Emsisoft, Bitdefender, ESET, Interpol, and other law enforcement, public and private entities.
Space X’s Starlink Dish Hacked
At BlackHat 2022 a Belgian security researcher stunned the crowd by hacking Starlink Dish with a $25 device, gaining major notoriety worldwide.
PACMAN M1 Chip Attack Explained
The team at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a way to attack the pointer authentication in Apple’s M1 chip to execute arbitrary code on Macintosh systems.
Hertzbleed Attack Impacting Intel & AMD CPUs
In June, a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University of Washington, have published an article on their website about a new attack they developed called Hertzbleed.
Follina Windows Zero-Day Vulnerability Identified
In May 2022 a new vulnerability appeared on Windows systems called “Follina”, which was reported by the nao_sec team and identified under the identifier CVE-2022-30190.
FluBot Android Malware Spreading Aggressively
Known as FluBot, this Android malware has been spreading aggressively through SMS, stealing passwords, online banking details, and other sensitive information from infected smartphones across the world.
AvosLocker Ransomware As A Service (RaaS)
AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, Financial Services, Critical Manufacturing, and Government Facilities sectors.
Nimbuspwn Vulnerability Discovered By Microsoft
In April 2022, Microsoft 365 Defender Research team discovered a vulnerability named Nimbuspwn, where an attacker can gain escalation of privilege from local users with low capabilities to root access on multiple Linux desktop environments.
