US govt warns critical infrastructure of ransomware attacks during holidays
US CISA and the FBI issued a joint alert to warn critical infrastructure partners and public/private organizations of ransomware attacks...
hacking
New GoDaddy data breach impacted 1.2 million customers
GoDaddy suffered a data breach that impacted up to 1.2 million of its managed WordPress customer accounts. GoDaddy discloses a...
ThreatBox – A Standard And Controlled Linux Based Attack Platform
ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started...
Utah Imaging Associates data breach impacts 583,643 patients
Utah-based radiology medical center Utah Imaging Associates discloses a data breach that impacted 583,643 former and current patients. Utah Imaging...
Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite
Iranian airline Mahan Air was hit by a cyberattack on Sunday morning, the “Hooshyarane Vatan” hacker group claimed responsibility for...
ThreadBoat – Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application
Program uses Thread Usageint main(){ System sys; Interceptor incp; Exception exp; sys.returnVersionState(); if (sys.returnPrivilegeEscalationState()) { std::cout << "Token Privileges Adjustedn";...
New Memento ransomware uses password-protected WinRAR archives to block access to the files
Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security...
US SEC warns investors of ongoing fraudulent communications claiming from the SEC
The Securities and Exchange Commission (SEC) warns investors of attacks impersonating its officials in government impersonator schemes. The Securities and...
Stacs – Static Token And Credential Scanner
Static Token And Credential ScannerWhat is it?STACS is a The performance is really, really bad when running in Docker on...
Experts found 11 malicious Python packages in the PyPI repository
Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks....
Researchers were able to access the payment portal of the Conti gang
The Conti ransomware group has suffered a data breach that exposed its attack infrastructure and allowed researcher to access it....
Attackers compromise Microsoft Exchange servers to hijack internal email chains
A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails. A...
SillyRAT – A Cross Platform Multifunctional (Windows/Linux/Mac) RAT
A Replace your IP Address and Port on above commands.Running ServerThe server must be executed on Linux. You can buy...
Security Affairs newsletter Round 341
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours
U.S. banking regulators have approved a new rule that orders banks to notify federal regulators of significant cybersecurity incidents within 36...
Registry-Recon – Cobalt Strike Aggressor Script That Performs System/AV/EDR Recon
Cobalt Strike How does this work?Primarily, using Cobalt Strike's breg_query and breg_queryv functions. Then, all beacon output is hijacked with...
Study reveals top 200 most common passwords
The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us...
The newer cybercrime triad: TrickBot-Emotet-Conti
Advanced Intelligence researchers argue that the restarting of the Emotet botnet was driven by Conti ransomware gang. Early this year,...
pwnSpoof – Generates realistic spoofed log files for common web servers with customisable attack scenarios
pwnSpoof (from About The ProjectpwnSpoof was created on the back of a Road MappwnSpoof is built to produce to authentic...
Rebuilding IronNetInjector – Turla’s IronPython Toolkit
During a recent engagement, we were asked to employ Turla’s Tactics, Techniques, and Procedures (TTPs) using IronNetInjector. This is not...
Tor Project calls to bring more than 200 obfs4 bridges online by December
The Tor Project offers rewards to users who will set up a Tor server after observing a significant drop in...
Canadian teenager stole $36 Million in cryptocurrency via SIM Swapping
A Canadian teen has been arrested for his alleged role in the theft of roughly $36.5 million worth of cryptocurrency....
California Pizza Kitchen discloses a data breach
American pizza chain California Pizza Kitchen (CPK) suffered a data breach that might have exposed personal information of its employees....
Nosferatu – Lsass NTLM Authentication Backdoor
Lsass NTLM Login example using Impacket:LimitationsIn an Active Directory environment, authentication via RDP, runas, or the lock screen does not...
