SharpDPAPI – A C# Port Of Some Mimikatz DPAPI Functionality
SharpDPAPI is a C# port of some DPAPI functionality from @gentilkiwi's Mimikatz project.I did not come up with this logic,...
Seatbelt – A C# Project That Performs A Number Of Security Oriented Host-Survey “Safety Checks” Relevant From Both Offensive And Defensive Security Perspectives
Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and...
DeepDotWeb admin pleads guilty to money laundering conspiracy
One of the administrators for the DeepDotWeb dark web portal pleads guilty to receiving kickbacks from the operators of the...
VMware fixed flaws in vROps that can be chained to compromise organizations
VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks...
Akamai dealt with an 800Gbps ransom DDoS against a gambling company
Akamai has recently involved in the mitigation of two of the largest known ransom DDoS attacks, one of them peaked...
Ubiquiti security breach may be a catastrophe
The data breach disclosed by Ubiquiti in January could be just the tip of the iceberg, a deeper incident could...
US CISA warns of DoS flaws in Citrix Hypervisor
Citrix addressed vulnerabilities in Hypervisor that could be exploited by threat actors to execute code in a virtual machine to...
North Korea-linked hackers target security experts again
Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. The...
CVE-2020-19641
Summary: An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with...
CVE-2021-28669
Summary: Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to...
CVE-2021-21727
Summary: A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully constructed IPv6 packets...
CVE-2021-25349
Summary: Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via...
CVE-2021-25353
Summary: Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of...
The npm netmask vulnerability explained so you can actually understand it
The popular npm netmask library recently encountered a serious problem, explained as follows: The npm netmask package incorrectly evaluates individual...
IRS Warned of an Ongoing IRS-Impersonation Scam
The Internal Revenue Service (IRS) has cautioned of ongoing phishing assaults impersonating the IRS and targeting educational establishments. The assaults...
Here’s How to Safeguard Against Mobikwik Data Breach
Cybersecurity researchers claimed that the KYC data of as many as 11 crores Mobikwik users had been leaked and put...
Data Leak of 10cr Users: ‘The Largest KYC Data Leak in History’
According to cybersecurity researcher Rajshekahar Rajaharia, mobile payment app Mobikwik came under attack after the data of 10 crores of...
Financial Cyberthreats in 2020
2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of...
Rubeus – C# Toolset For Raw Kerberos Interaction And Abuses
Rubeus is a C# toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project...
InveighZero – Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool
InveighZero is a C# LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to...
5-star customer service: fraudsters launch massive campaign against Indonesia’s major banks on Twitter
Experts warn that cybercriminals are targeting Indonesia’s major banks posing as bank representatives or customer support team members on Twitter....
Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape
Researchers have reported to Google a sandbox escape vulnerability in the Chrome web browser to Google that awarded them $20,000....
Email accounts of DHS members were compromised in the SolarWinds hack
Russian hackers accessed the email accounts of US Department of Homeland Security (DHS) officials as a result of the SolarWinds...
IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions
IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms...
