US CISA appointed Kiersten Todt as new chief of staff
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has appointed Kiersten Todt as its new chief of staff. The U.S....
hacking
Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day
Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day flaw actively exploited in targeted attacks. Microsoft Patch...
Mēris Bot infects MikroTik routers compromised in 2018
Latvian vendor MikroTik revealed that recently discovered Mēris botnet is targeting devices that were compromised three years ago. Last week, the Russian...
Millions of HP OMEN gaming PCs impacted by CVE-2021-3437 driver flaw
A high severity vulnerability, tracked as CVE-2021-3437, in HP OMEN laptop and desktop gaming computers exposes millions of systems to DoS...
BoobSnail – Allows Generating Excel 4.0 XLM Macro
BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation....
targetedKerberoast – Kerberoast With ACL Abuse Capabilities
targetedKerberoast is a Python script that can, like many others (e.g. GetUserSPNs.py), print "kerberoast" hashes for user accounts that have...
Google addresses a new Chrome zero-day flaw actively exploited in the wild
Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released...
Vermilion Strike, a Linux implementation of Cobalt Strike Beacon used in attacks
Researchers discovered Linux and Windows implementations of the Cobalt Strike Beacon developed by attackers that were actively used in attacks in the...
Popular NPM package Pac-Resolver affected by a critical flaw
Experts found a critical flaw, tracked as CVE-2021-23406, in the popular NPM package ‘Pac-Resolver‘ that has millions of downloads every week....
Apple fixes actively exploited FORCEDENTRY zero-day flaws
Apple released security patches to fix two zero-day vulnerabilities in iOS and macOS that are actively exploited in attacks in...
Facebook announces WhatsApp end-to-end encrypted (E2EE) backups
Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to...
Peirates – Kubernetes Penetration Testing Tool
What is Peirates?Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster. It...
Gokart – A Static Analysis Tool For Securing Go Code
GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignment) form of Go...
New Spook.Js attack allows to bypass Google Chrome Site Isolation protections
Spook.js is a new side-channel attack on modern processors that can allow bypassing Site Isolation protections implemented in Google Chrome. Boffins...
BlackMatter ransomware gang hit Technology giant Olympus
Technology giant Olympus announced it was the victim of a ransomware attack and is currently investigating the extent of the...
The new maxtrilha trojan is being disseminated and targeting several banks
A new banking trojan dubbed maxtrilha (due to its encryption key) has been discovered in the last few days and targeting customers...
Department of Justice and Constitutional Development of South Africa hit by a ransomware attack
The Department of Justice and Constitutional Development of South Africa was hit by a ransomware attack that crippled bail services....
Google implements new Private Compute Services for Android
Google introduces Private Compute Services, a collection of services aimed at designing to improve privacy in the Android operating system....
Autoharness – A Tool That Automatically Creates Fuzzing Harnesses Based On A Library
AutoHarness is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing...
ODBParser – OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And MongoDB Directories That Have The Data You Care About Exposing
ODBParser is a tool to search for PII being exposed in open databases. ONLY to be used to identify exposed...
Revil ransomware operators are targeting new victims
Recently we observed that part of the REvil ransomware infrastructure was up and running again, now we can confirm that...
Security Affairs newsletter Round 331
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Cisco released security patches for High-Severity flaws in IOS XR software
Cisco fixed multiple high-severity flaws in the IOS XR software that can allow attackers to trigger a DoS condition, elevate...
Pollenisator – Collaborative Pentest Tool With Highly Customizable Tools
Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of...
