Using AWS + Socat Port Forwarder
This script is designed for using AWS and SOCAT as a forwarder to another IP or Server, for Red Team...
AMSITrigger – The Hunt For Malicious Strings
Hunting for Malicious StringsUsage:AMSI calls (xmas tree mode) -d, --debug Show Debug Info -m, --maxsiglength=VALUE Maximum signature Length to cater...
SQLFluff – A SQL Linter And Auto-Formatter For Humans
SQLFluff is a dialect-flexible and configurable SQL linter. Designed with ELT applications in mind, SQLFluff also works with jinja templating...
CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers
The wormable CVE-2021-31166 vulnerability in the HTTP Protocol Stack of the Windows IIS server also affects WinRM on Windows 10...
Security Affairs newsletter Round 315
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
A malware attack hit the Alaska Health Department
The Alaska health department website was forced offline by a malware attack, officials are investigating the incident. The website of...
Qlocker ransomware leverages HBS flaw to infect QNAP NAS devices
QNAP warns customers of updating the HBS 3 disaster recovery app to prevent Qlocker ransomware attack. Taiwanese vendor QNAP is...
CVE-2021-24190
Summary: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2,...
CVE-2021-32918
Summary: An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via...
CVE-2021-32919
Summary: An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for...
CVE-2021-32920
Summary: Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. Reference Links(if available): https://blog.prosody.im/prosody-0.11.9-released/ http://www.openwall.com/lists/oss-security/2021/05/13/1...
Moneycontrol – 762,874 breached accounts
In April 2021, hackers posted data for sale originating from the online Indian financial platform, Moneycontrol. The data included 763...
Japanese E-Commerce Platform Mercari Suffers Major Data Breach
 Mercari, an e-commerce platform, has disclosed a major data breach that occurred as a result of the Codecov supply-chain attack....
45 Lakh Customer Data Compromised as Air India Servers Gets Hacked
 A massive cyberattack was perpetrated against the domestic carrier Air India, which compromised passengers' data including passports, contacts, ticket information,...
Apple isn’t Happy About the Amount of Mac Malware
 During testimony defending Apple in a lawsuit with Fortnite developer Epic Games, a top Apple executive said that Mac malware...
Charlotte – C++ Fully Undetected Shellcode Launcher
c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborndescription13/05/2021: c++ shellcode launcher, fully undetected...
GraphQLmap – A Scripting Engine To Interact With A Graphql Endpoint For Pentesting Purposes
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.Install$ git clone https://github.com/swisskyrepo/GraphQLmap$ python graphqlmap.py _____...
Foreign hackers breached Russian federal agencies, said FSB
FSB National Coordination Center for Computer Incidents (NKTsKI) revealed that foreign hackers have breached networks of Russian federal agencies. A...
Conti Ransomware hit 16 US health and emergency Services, said FBI
Conti ransomware targeted over 400 organizations worldwide, 290 in the US, and at least 16 healthcare and first responder networks....
Air India suffered a data breach, 4.5 million customers impacted
Air India disclosed a data breach that impacted roughly 4.5 million of its customers, two months after its Passenger Service...
Report: how cybercriminals abuse API keys to steal millions
CyberNews researchers found that crooks could abuse cryptocurrency exchange API keys and steal cryptocurrencies. Original post available here: https://cybernews.com/security/report-how-cybercriminals-abuse-api-keys-to-steal-millions/ CyberNews...
Indonesia ‘s government confirms social security data breach for some citizens
Indonesia has launched an investigation into a possible security incident that caused the leak of social security data for more...
CVE-2021-24193
Summary: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before...
CVE-2021-24190
Summary: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2,...
