Lifting the veil on DeathStalker, a mercenary triumvirate
State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day...
Year: 2020
Yeti – Your Everyday Threat Intelligence
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified...
Parth – Heuristic Vulnerable Parameter Scanner
Some HTTP parameter names are more commonly associated with one functionality than the others. For example, the parameter ?url= usually...
Life as a Rapid7 Rotato: Launch Your Career
At Rapid7, we believe that by hiring a team with a strong diversity of mindset, different levels of experience, and...
Here’s how to Ensure Data Security Using FShred App
Users are well aware of the fact that while deleting photos, videos, files, or any other form of data on...
Uber’s Former Chief Security Officer Charged for Covering up A Massive Data Breach
Uber's former chief security officer, Joe Sullivan, was very recently charged by the federal prosecutors in the United States for...
Pyre-Check – Performant Type-Checking For Python
Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines...
Intel Owl – Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale
Do you want to get threat intelligence data about a file, an IP or a domain?Do you want to get...
Russian media reported on fake domains for pre-ordering coronavirus vaccine
After the Russian Ministry of Health registered the first coronavirus vaccine, the number of new domains associated with the vaccine...
Scan-For-Webcams – Scan For Webcams In The Internet
Automatically scan for publically accessible webcams around the internetUsage python MJPG.py : for public MJPG streamers around the internet python...
Cloud-Sniper – Virtual Security Operations Center
Cloud Security OperationsWhat is Cloud Sniper?Cloud Sniper is a platform designed to manage Security Operations in cloud environments. It is...
LiveAuctioneers – 3,385,862 breached accounts
In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed...
‘Just tell me how to fix my computer:’ a crash course on malware detection
Malware. You’ve heard the term before, and you know it’s bad for your computer—like a computer virus. Which begs the...
SecGen – Create Randomly Insecure VMs
SecGen creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques.Boxes like Metasploitable2...
ADBSploit – A Python Based Tool For Exploiting And Managing Android Devices Via ADB
A python based tool for exploiting and managing Android devices via ADBCurrently on developmentScreenrecordStream ScreenrecordExtract ContactsExtract SMSExtract Messasing App Chats...
Open-Xchange Security Advisory 2020-08-20
Posted by Open-Xchange GmbH via Fulldisclosure on Aug 21Dear subscribers, we're sharing our latest advisory with you and like to...
Payment bypass in WordPress – WooCommerce – NAB Transact plugin disclosure
Posted by Jack Misiura via Fulldisclosure on Aug 21Title: Payment bypass Product: WordPress NAB Transact WooCommerce Plugin Vendor Homepage: https://woocommerce.com/products/nab-transact-direct-post/...
Threat hunters watch as Chinese hackers forage forums for tools
Pictured: The Forbidden City, in Beijing. Experts say Chinese APT operations use a mix of proprietary and publicly available tools...
Apple OS developer supply chain threatened by ‘clever’ malware attack
In an attack described as a “clever” supply-chain threat, XCSSET malware is being injected undetected into programs created by unwitting...
DHS and FBI warn of North Korean malware targeted at defense contractors
The Department of Homeland Security and Federal Bureau of Investigation published an alert Wednesday about malware it claims North Korea...
Hackers Can Now Clone Your Key Using Just a Smartphone Microphone and a Program
Earlier this year researchers at the National University of Singapore came up and published a paper enumerating how, utilizing just...
More than 100 websites selling air tickets in Russia turned out to be fraudulent
Cybercriminals continue to deceive people. According to the Group-IB, over the past few months, more than 100 fraudulent sites in...
Expert Malnev gave tips on detecting Keylogger
Alexey Malnev, head of the Jet CSIRT Information Security Monitoring and Incident Response Center of Jet Infosystems, spoke about how...
REvil/Sodinokibi Ransomware Specifically Targeting Food and Beverages Organizations
REvil, also known as Sodinokibi ransomware was first spotted in April 2019, it attacks Windows PCs to encrypt all the...
