Security Affairs newsletter Round 294
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
News
HackerOne announces first bug hunter to earn more than $2M in bug bounties
White hat hacker could be a profitable profession, Cosmin Iordache earned more than $2M reporting flaws through the bug bounty...
SolarWinds releases updated advisory for SUPERNOVA backdoor
SolarWinds released an updated advisory for the SuperNova malware discovered while investigating the recent supply chain attack. SolarWinds has released...
GoDaddy apologized for insensitive phishing email sent to its employees offering a fake bonus
GoDaddy made the headlines for an initiative that is dividing cybersecurity community, it sent phishing messages offering bonuses to its...
Kaspersky Lab and Yandex have detected malicious browser extensions
Kaspersky Lab and Yandex have identified malicious code in browser extensions. Through them, attackers could gain access to the account...
TruKno TTP based Threat Intelligence Platform
TruKno’s ThreatBoard is a platform that helps security professionals uncover the root causes behind emerging cyber-attacks, Improving proactive defense postures.....
Social-Analyzer – API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)
An API for analyzing & finding a person profile across +300 social media websites. It includes different string analysis and...
ApkLeaks – Scanning APK File For URIs, Endpoints And Secrets
Scanning APK file for URIs, endpoints & secrets.InstallationTo install apkLeaks, simply: $ git clone https://github.com/dwisiswant0/apkleaks$ cd apkleaks/$ pip install -r...
The Emotet botnet is back and hits 100K recipients per day
Emotet is back on Christmas Eve, cybercrime operators are sending out spam messages to deliver the infamous Trickbot Trojan. Emotet...
REvil gang threatens to release intimate pictures of celebs who are customers of The Hospital Group
REvil ransomware gang, aka Sodinokibi, hacked The Hospital Group and threatens to release before-and-after pictures of celebrity clients. The Hospital...
CrowdStrike releases free Azure tool to review assigned privileges
CrowdStrike released a free Azure security tool after it was notified by Microsoft of a failed attack leveraging compromised Azure...
North Korea-linked Lazarus APT targets the COVID-19 research
The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The...
URL Spoofing: Interview With Bug Bounty Hunter Narendra Bhati
On 24th December, E-Hacking News conducted an interesting interview with Mr. Narendra Bhati, a Bug Bounty Hunter/Ethical Hacker. He was...
Aura – Python Source Code Auditing And Static Analysis On A Large Scale
Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code...
Vulmap – Web Vulnerability Scanning And Verification Tools
Vulmap is a vulnerability scanning tool that can scan for vulnerabilities in Web containers, Web servers, Web middleware, and CMS...
Rapid7 Labs’ 2020 Naughty List Summary Report to Santa
As requested, your dutiful elves here at Rapid7 Labs have compiled a list of the naughty country networks being used...
The Russian cryptocurrency exchange Livecoin hacked on Christmas Eve
Russian cryptocurrency exchange Livecoin was compromised on Christmas Eve, hackers breached its network and gained control of some of its...
DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)
Citrix confirmed that a DDoS attack is targeting Citrix Application Delivery Controller (ADC) networking equipment. The threat actors are using...
Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye
Millions of devices are potential exposed to attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of...
VideoBytes: Offensive security tools and the bad guys that use them
Hello Folks! In this Videobyte, we’re talking about what penetration testing tools malware gangs love to use and why they...
Credential Phishing Attack Impersonating USPS Targets Consumers Over the Holidays
As the year is coming to a wrap, the 2020 holiday season is being actively attacked by malicious actors. In recent...
‘Ransomware Task Force’: Microsoft, McAfee and Rapid7 Coalition
19 tech companies, cybersecurity firms, and non-profits have collaborated with the Institute for Security and Technology (IST) to form a...
Censys-Python – An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine
An easy-to-use and lightweight API wrapper for the Censys Search Engine (censys.io). Python 3.6+ is currently supported.Getting StartedThe library can...
Swego – Swiss Army Knife Webserver In Golang
Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features.UsageHelp$ ./webserver -helpweb subcommand -bind...
