North Korea-linked Lazarus APT targets the IT supply chain
North Korea-linked Lazarus APT group is extending its operations and started targeting the IT supply chain on new targets. North...
hacking
Operations at Iranian gas stations were disrupted today. Cyber attack or computer glitch?
A cyberattack has disrupted gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) across Iran. A cyber attack...
Dark HunTOR: Police arrested 150 people in dark web drug bust
Dark HunTOR: Police corps across the world have arrested 150 individuals suspected of buying or selling illicit goods on the...
Keeweb – Free Cross-Platform Password Manager Compatible With KeePass
This webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional...
Expert managed to crack 70% of a 5,000 WiFi network sample in Tel Aviv
A researcher from the security firm CyberArk has managed to crack 70% of Tel Aviv’s Wifi Networks starting from a...
Ranzy Locker ransomware hit tens of US companies in 2021
The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised...
UltimaSMS subscription fraud campaign targeted millions of Android users
UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services....
Kansas Man pleads guilty to hacking the Post Rock Rural Water District
Kansas man Wyatt Travnichek admitted in court to tampering with the computer systems at the Post Rock Rural Water District....
Webdiscover – The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits
The purpose of this script is to automate the web enumeration process and search for exploits and vulns. Added Tools...
Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware
An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to...
A critical RCE flaw affects Discourse software, patch it now!
US CISA urges administrators to address a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. Discourse is...
Red TIM Research found two rare flaws in Ericsson OSS-RC component
The Red Team Research (RTR), the bug’s research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the...
Russia-linked Nobelium APT targets orgs in the global IT supply chain
Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. The...
VECTR – A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios
VECTR documentation can be found here: DocumentationFeature Breakdowns By ReleaseVECTR v7.1.1 Feature BreakdownTeamLEAD PROGRAMMERS:Carl VonderheidGalen FisherDaniel HongPROGRAMMERS:Andrew ScottPatrick HislopDan GuzekZara...
NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware
Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018...
Emsisoft created a free decryptor for past victims of the BlackMatter ransomware
Experts from cybersecurity firm Emsisoft announced the availability of a free decryptor for past victims of the BlackMatter ransomware. Cybersecurity...
TodayZoo phishing kit borrows the code from other kits
Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers...
ThreadStackSpoofer – PoC For An Advanced In-Memory Evasion Technique Allowing To Better Hide Injected Shellcode’S Memory Allocation From Scanners And Analysts
A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to bypass thread-based...
Security Affairs newsletter Round 337
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
NATO releases its first strategy for Artificial Intelligence
This week, NATO Defence Ministers released the first-ever strategy for Artificial Intelligence (AI) that encourages the use of AI in...
Terra – OSINT Tool On Twitter And Instagram
OSINT Tool On Twitter And Instagram. Basic Usage:~/terra$ python3 terra.py <username of target> help : -j for saving results in a...
Threat actors offer for sale data for 50 millions of Moscow drivers
Threat actors are offering for sale a database containing 50 million records belonging to Moscow drivers on a hacking forum...
Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!
Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to...
SysFlow – Cloud-native System Telemetry Pipeline
This repository hosts the documentation and issue tracker for all SysFlow projects.Quick referenceDocumentation:the SysFlow DocumentationWhere to get help:the SysFlow Community...
