Flawfinder – A Static Analysis Tool For Finding Vulnerabilities In C/C++ Source Code
This is "flawfinder" by David A. Wheeler. Flawfinder is a simple program that scans C/C++ source code and reports potential...
News
Web-Brutator – Modular Web Interfaces Bruteforcer
Fast Modular Web Interfaces BruteforcerInstallpython3 -m pip install -r requirements.txt Usage$ python3 web-brutator.py -h __ __ ___. __________ __ __...
Addressing the OT-IT Risk and Asset Inventory Gap
Cyber-espionage and exploitation from nation-state-sanctioned actors have only become more prevalent in recent years, with recent examples including the SolarWinds...
Rapid7 Acquires Leading Kubernetes Security Provider, Alcide
Organizations around the globe continue to embrace the flexibility, speed, and agility of the cloud. Those that have adopted it...
Experts warn of active exploitation of SonicWall zero-day in the wild
Researchers from the security firm NCC Group warn of the exploitation in the wild of a SonicWall zero-day vulnerability. Security...
Google discloses a severe flaw in widely used Libgcrypt encryption library
Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code...
Exploiting a bug in Azure Functions to escape Docker
Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them....
A week in security (January 25 – January 31)
January 28 was Data Privacy Day, but for Malwarebytes Labs, it was Data Privacy Week. As such, we’re packed with...
‘Android Worm’ Malware is Spreading Via WhatsApp User Contact List
Security expert Lucas Stefanko unearthed the malware known as ‘Android Worm’. Threat actors are using this malware as a weapon...
Google Researcher Groß Identifies the BlastDoor Device in Apple iOS 14
Last year, Apple rolled out iOS 14 with many new features, tighter privacy laws, and elements that make the iPhone...
MOSE – Post Exploitation Tool For Configuration Management Servers.
MOSE is a post exploitation tool that enables security professionals with little or no experience with configuration management (CM) technologies...
OpenCVE – CVE Alerting Platform
OpenCVE, formerly known as Saucs, is a platform used to locally import the list of CVEs and perform searches on...
Experts explain how to bypass recent improvement of China’s Great Firewall
Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented. Members...
Security Affairs newsletter Round 299
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs
The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and...
UScellular data breach: attackers ported customer phone numbers
US wireless carrier UScellular discloses data breach, personal information of customers may have been exposed and their phone numbers ported....
UK Research and Innovation (UKRI) discloses ransomware attack
A ransomware infected the systems at the UK Research and Innovation (UKRI), at leat two services were impacted. The UK...
Perl.com, the Official Site for Perl Programming Language Hijacked
The domain Perl.com was made in 1994 and was the official site for the Perl programming language, it is enlisted...
Sberbank is the most targeted organization in Europe by hackers, says Herman Gref
At the moment, Sberbank is more often than other institutions in Europe is subjected to hacker attacks, but successfully repels...
Trickbot- A Banking Trojan Returns With Latest Phishing Campaigns and Attacks
Trickbot, a banking malware has resurged again with new phishing campaigns and attacks after the collaboration of cybersecurity and technology...
Ghost Accounts used by Nefilim Ransomware Actors
Recently we are witnessing that the Ransomware operators are teaming up to exchange software and infrastructure to further accelerate the...
Rocke Group’s Pro Ocean Crypto-jacking Malware now Comes with Worm Feature
The Rocke Group's used cloud-targeted malware for carrying out crypto-jacking attacks for Monero that was documented in 2019 by Unit...
PSC – E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward
DNS lookup and SSH session forwarded across an UART connection to a Pi PSC allows to e2e encrypt shell sessions,...
SSRF-King – SSRF Plugin For Burp Automates SSRF Detection In All Of The Request
SSRF plugin for burp that Automates SSRF Detection in all of the RequestUpcoming Features ChecklistIt will soon have a user...
