Attackers deploy Linux backdoor on e-stores compromised with software skimmer
Researchers discovered threat actors installing a Linux backdoor on compromised e-commerce servers after deploying a credit card skimmer into e-stores....
hacking
Kubernetes-Goat – Is A “Vulnerable By Design” Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security
The Kubernetes Goat is designed to be an intentionally Upcoming Training's and SessionsDEFCON DEMO Labshttps://forum.defcon.org/node/237237Cloud Village - DEFCONhttps://cloud-village.org/#talks?collapseMadhuAkulaRecent Kubernetes Goat...
Zero-Day flaw in FatPipe products actively exploited, FBI warns
The FBI is warning of a zero-day vulnerability in FatPipe products that has been under active exploitation since at least...
Kube-Applier – Enables Automated Deployment And Declarative Configuration For Your Kubernetes Cluster
kube-applier is a service that enables kube-applier hosts a status page on a webserver, served at the service endpoint URL....
Phishing campaign targets Tiktok influencer accounts
Threat actors have launched a phishing campaign targeting more than 125 TikTok ‘Influencer’ accounts in an attempt to hijack them....
US, UK and Australia warn of Iran-linked APTs exploiting Fortinet, Microsoft Exchange flaws
U.S., U.K. and Australia warn that Iran-linked APT groups exploiting Fortinet and Microsoft Exchange flaws to target critical infrastructure. A...
Netgear fixes code execution flaw in many SOHO devices
Netgear addressed a code execution vulnerability, tracked as CVE-2021-34991, in its small office/home office (SOHO) devices. Netgear addressed a pre-authentication...
CISA releases incident response plans for federal agencies
CISA released the Federal Government Cybersecurity Incident Response Playbooks for the federal civilian executive branch agencies. The Cybersecurity and Infrastructure Security...
JVMXRay – Make Java Security Events Of Interest Visible For Analysis
JVMXRay is a technology for monitoring access to system resources within the Java Virtual Machine. It’s designed with application security...
The rise of millionaire zero-day exploit markets
Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are...
Hyenae-Ng – An Advanced Cross-Platform Network Packet Generator And The Successor Of Hyenae
Hyenae NG (Next Generation) is a re-write of the original Hyenae tool which was originally published back in the year...
Iran-linked APT groups continue to evolve
The researchers at Microsoft Threat Intelligence Center (MSTIC) are warning of increasingly sophisticated operations carried out by Iranian threat actors....
Mandiant links Ghostwriter operations to Belarus
Security researchers at the Mandiant Threat Intelligence team believe that Ghostwriter APT group is linked to the government of Belarus....
GitHub addressed two major vulnerabilities in the NPM package manager
Maintainers of the npm package manager for the JavaScript programming language disclosed multiple flaws that were recently addressed. GitHub disclosed two major vulnerabilities...
Gotanda – Browser Web Extension For OSINT
Gotanda is OSINT(Open Source Intelligence) Web Extension for Firefox/Chrome.This Web Extension could search OSINT information from some IOC in web...
Adult cam site StripChat exposes the data of millions of users and cam models
The popular adult cam site StripChat has suffered a security breach, the personal data of millions of users and adult...
Fhex – A Full-Featured HexEditor
This project is born with the aim to develop a lightweight, but useful tool. The reason is that the existing...
Intel addresses 2 high-severity issues in BIOS firmware of several processors
Intel disclosed two high-severity vulnerabilities, tracked as CVE-2021-0157 and CVE-2021-0158, that affect the BIOS firmware in several processor families. Intel...
SharkBot, a new Android Trojan targets banks in Europe
Security researchers from Cleafy discovered a new Android banking trojan, named SharkBot, that is targeting banks in Europe. At the...
Operation Reacharound – Emotet malware is back
The Emotet botnet is still active, ten months after an international operation coordinated by Europol shut down its infrastructure. Early...
Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date
Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare,...
EXOCET – AV-evading, Undetectable, Payload Delivery Tool
EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode (Galois/Counter Mode). Metasploit's Evasion Payloads...
North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro
North Korea-linked APT Lazarus targets security researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software....
Microsoft rolled out emergency updates to fix Windows Server auth failures
Microsoft has released out-of-band security updates to address authentication issues affecting Windows Server. Microsoft has released out-of-band updates to fix...
