Bitcoin Miner [oom_reaper] targets QNAP NAS devices
Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers...
hacking
Swurg – Parse OpenAPI Documents Into Burp Suite For Automating OpenAPI-based APIs Security Assessments
Swurg is a Burp Suite extension designed for OpenAPI testing. The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface...
Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group
Microsoft seized dozens of malicious domains used by the China-linked APT15 group to target organizations worldwide. Microsoft announced to have obtained...
Nobelium continues to target organizations worldwide with custom malware
Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. Mandiant researchers have...
Nobelium APT targets French orgs, French ANSSI agency warns
The French cyber-security agency ANSSI said that the Russia-linked Nobelium APT group has been targeting French organizations since February 2021....
STEWS – A Security Tool For Enumerating WebSockets
STEWS is a tool suite for security testing of WebSockets This research was first presented at OWASP Global AppSec US...
330 SPAR stores close or switch to cash-only payments after a cyberattack
A cyber attack hit the international supermarket franchise SPAR forcing 330 shops in North East England to shut down. A...
DMEA Colorado electric utility hit by a disruptive cyberattack
A ransomware attack hit an electric utility in Colorado causing a significant disruption and damage. The Delta-Montrose Electric Association (DMEA)...
Threat actors stole more than $150 million worth of cryptocurrency tokens from BitMart platform
Threat actors stole more than $150 million in various cryptocurrencies from the cryptocurrency trading platform BitMart. Cryptocurrency trading platform BitMart...
Toutatis – A Tool That Allows You To Extract Information From Instagrams Accounts Such As E-Mails, Phone Numbers And More
Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more...
Hackers are sending receipts with anti-work messages to businesses’ printers
Hackers are targeting printers of businesses around the world to print ‘anti-work’ slogans pushing workers to demand better pay. Multiple...
Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers
Experts spotted a series of malvertising campaigns using fake installers of popular apps and games to deliver a backdoor and...
Forbidden – Bypass 4Xx HTTP Response Status Codes
Bypass 4xx HTTP response status codes. Based on PycURL. Script uses multithreading, and is based on brute forcing so might...
Security Affairs newsletter Round 343
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users
Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Security researchers and...
AirStrike – Automatically Grab And Crack WPA-2 Handshakes With Distributed Client-Server Architecture
Tool that automates cracking of WPA-2 Wi-Fi credentials using client-server architecture Requirements Airstrike uses Hashcat Brain Architecture, aircrack-ng suite, entr...
German BSI agency warns of ransomware attacks over Christmas holidays
German BSI warns of ransomware attacks over the Christmas and end-of-year holidays, fearing Emotet return and attacks on Microsoft Exchange...
IAM Vulnerable – Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary...
Cuba ransomware gang hacked 49 US critical infrastructure organizations
The FBI has revealed that the Cuba ransomware gang breached the networks of at least 49 US critical infrastructure organizations....
DLLHijackingScanner – This Is A PoC For Bypassing UAC Using DLL Hijacking And Abusing The “Trusted Directories” Verification
This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification. Generate Header from CSV...
CISA warns of vulnerabilities in Hitachi Energy products
CISA has released six advisories to warn organizations about security vulnerabilities affecting Hitachi Energy products The U.S. Cybersecurity and Infrastructure...
NSO Group spyware used to compromise iPhones of 9 US State Dept officials
Apple warns that the mobile devices of at least nine US Department of State employees were compromised with NSO Group ‘s...
IDA2Obj – Static Binary Instrumentation
IDA2Obj is a tool to implement SBI (Static Binary Instrumentation). The working flow is simple: Dump object files (COFF) directly...
KAX17 threat actor is attempting to deanonymize Tor users running thousands of rogue relays
Since 2017, an unknown threat actor has run thousands of malicious Tor relay servers in the attempt to unmask Tor...
