Phishing Campaigns Evolving Rapidly; Using Innovative Tactics to Avoid Detection
In the past few months, Microsoft Office 365 phishing campaigns have evolved drastically, using innovative tricks like inverted login pages,...
News
Jupyter Trojan Steals Chrome Firefox Data and Opens Backdoor
Researchers at Morphisec has recently discovered a trojan malware campaign targeted at stealing information from businesses and higher education. Reportedly,...
Cyber Attacks in India At A Steady Rise as Per India’s Cybersecurity Chief
National Cyber Security Coordinator Lt Gen (retd) Rajesh Pant recently discussed cyberattacks in India 'having gone up a multifold' in...
Rehex – Reverse Engineers’ Hex Editor
A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else.FeaturesLarge (1TB+) file support Decoding of integer/floating point...
Gping – Ping, But With A Graph
Ping, but with a graph.InstallFYI: The old Python version can be found under the python tag. Homebrew (MacOS + Linux)brew...
Don’t Put It on the Internet: Tesla Backup Gateway Edition
Derek Abdine, formerly Director of Rapid7 Labs, now CTO at Censys, contributed this blog post.This blog post aims to increase...
Malsmoke operators abandon exploit kits in favor of social engineering scheme
Exploit kits continue to be used as a malware delivery platform. In 2020, we’ve observed a number of different malvertising...
A week in security (November 9 – November 15)
Last week on Malwarebytes Labs, we reported on multiple patch releases: from Mozilla’s Firefox and Thunderbird to Google’s Chrome. We...
Banks offered the Central Bank of Russia to create a centralized mechanism to combat fraudsters
According to the Vice-President of the Association of Banks of Russia Alexey Voilukov, information processing can take several hours or...
Interview with experts who lead the project ONTOCHAIN
On 9 November E Hacking News conducted an interesting interview with experts from different parts of the world that lead...
Clothing Brand ‘The North Face’ Hit By Credential Stuffing Attack, Suffers Data Breach
After North Face's website faced a credential stuffing attack, the company has reset the customers' credentials. In a recent cybersecurity...
MacC2 – Mac Command And Control That Uses Internal API Calls Instead Of Command Line Utilities
MacC2 is a macOS post exploitation tool written in python that uses Objective C calls or python libraries as opposed...
Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters....
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time (just a handful of years ago), vulnerability management programs focused solely on servers, running quarterly scans...
Hackers attacked major Telegram channels via video on Yandex
On November 10, hackers conducted a major attack on popular Telegram channels. Reddit's administrators completely lost access to the channel,...
Go_Parser – Yet Another Golang Binary Parser For IDAPro
Yet Another Golang Binary Parser For IDAPro NOTE: This master branch is written in Python2 for IDAPython, and tested only...
FinalRecon v1.1.0 – The Last Web Recon Tool You’ll Need
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the...
Decentralized Finance (Defi) Protocol Akropolis Hacked For $2 Million In DAI
Decentralized finance (defi) protocol Akropolis was recently hacked for $2 million in DAI, in the most recent flash loan attack...
Herpaderping – Process Herpaderping Bypasses Security Products By Obscuring The Intentions Of A Process
Process Herpaderping is a method of obscuring the intentions of a process by modifying the content on disk after the...
Linux-Evil-Toolkit – A Framework That Aims To Centralize, Standardize And Simplify The Use Of Various Security Tools For Pentest Professionals
Linux evil toolkit is a framework that aims to centralize, standardize and simplify the use of various security tools for...
Government in Australia issues Clop Ransomware warning to Healthcare Organizations
The Australian Cyber Security Center has issued a security alert for the health sector to check their barriers and defenses...
Tfsec – Security Scanner For Your Terraform Code
tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform v0.12+ support. Example OutputInstallationInstall...
Scripthunter – Tool To Find JavaScript Files On Websites
Scripthunter is a tool that finds javascript files for a given website. To scan Google, simply run ./scripthunter.sh https://google.com. Note...
Hat trick for Google as it patches two more zero-days in Chrome
Slightly over a week ago we advised you to update your Chrome browser. That warning came only a week or...
