Areas Of Expertise
Areas Of Expertise
Dalibor is a Senior Security Engineer with experience in penetration testing, and an active Bug Bounty hunter on platforms such as HackerOne, Bugcrowd, and Integrity. He currently serves as PurpleSec’s head of security research and is responsible for the growth of our Security Insights.
In the past, Dalibor worked as a security consultant for several companies, where he gave recommendations and advice on how to protect companies from cyber attacks. He also served 8 years in the Ministry of Internal Affairs in the Department of Cyber Security in Serbia.
Recent Articles:
On January 17, 2023, four vulnerabilities in Microsoft Azure services were vulnerable to server-side request forgery (SSRF) attacks. Services included Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins.
On December 29, 2022, Slack became a victim to a hacker. The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary codebase nor were any customer data included in the downloaded repositories.
As cyber threats continue to evolve, it is important to stay informed and proactive in safeguarding against potential attacks. This report aims to provide valuable information for organizations and individuals to stay ahead of the constantly changing threat landscape.
The year 2022 saw its fair share of significant vulnerabilities that made headlines and affected a wide range of systems and devices. These vulnerabilities impacted a wide range of systems and devices, including web servers, collaboration platforms, office software, and network devices.
Dropbox confirmed thousands of names and email addresses belonging to Dropbox employees as well as API keys and other credentials were exposed in November.
According to the FBI and CISA, Iranian government-sponsored hackers accessed an undisclosed US federal agency’s network early this year, using the Log4Shell vulnerability to deploy crypto miners and compromised credentials.
In October 2022, a pro-Russian hacker group claimed responsibility for hacking several US airport websites.
The No More Ransom project includes 188 partners worldwide, including some well-known companies: Amazon Web Services, Barracuda Networks, CheckPoint, Cisco, Emsisoft, Bitdefender, ESET, Interpol, and other law enforcement, public and private entities.
At BlackHat 2022 a Belgian security researcher stunned the crowd by hacking Starlink Dish with a $25 device, gaining major notoriety worldwide.
The team at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a way to attack the pointer authentication in Apple’s M1 chip to execute arbitrary code on Macintosh systems.
In June, a group of researchers from the University of Texas, the University of Illinois Urbana-Champaign, and the University of Washington, have published an article on their website about a new attack they developed called Hertzbleed.
In May 2022 a new vulnerability appeared on Windows systems called “Follina”, which was reported by the nao_sec team and identified under the identifier CVE-2022-30190.
Known as FluBot, this Android malware has been spreading aggressively through SMS, stealing passwords, online banking details, and other sensitive information from infected smartphones across the world.
AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, Financial Services, Critical Manufacturing, and Government Facilities sectors.
In April 2022, Microsoft 365 Defender Research team discovered a vulnerability named Nimbuspwn, where an attacker can gain escalation of privilege from local users with low capabilities to root access on multiple Linux desktop environments.