Threat actors added thousands of Tor exit nodes to carry out SSL stripping attacks
Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites...
hacking
WhatsApp will not deactivate accounts for not accepting new privacy terms
WhatsApp will not deactivate the accounts of users who don’t accept the new privacy policy update that requires sharing data...
CISA MAR report provides technical details of FiveHands Ransomware
U.S. CISA has published an analysis of the FiveHands ransomware, the same malware that was analyzed a few days ago...
Lucifer – A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration And More…
A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build...
Waybackurls – Fetch All The URLs That The Wayback Machine Knows About For A Domain
Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for *.domain and output them on stdout. Usage...
SQL injection issue in Anti-Spam WordPress Plugin exposes User Data
‘Spam protection, AntiSpam, FireWall by CleanTalk’ anti-spam WordPress plugin could expose user sensitive data to an unauthenticated attacker. A Time-Based...
Security Affairs newsletter Round 313
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
TsuNAME flaw exposes DNS servers to DDoS attacks
A flaw in some DNS resolvers, tracked as TsuNAME, can allow attackers to launch DDoS attacks against authoritative DNS servers....
A cyberattack shutdown US Colonial Pipeline
A cyberattack forced the shutdown of one of the largest pipelines in the United States, the Colonial Pipeline facility in...
Kiterunner – Contextual Content Discovery Tool
For the longest of times, content discovery has been focused on finding files and folders. While this approach is effective...
Red-Detector – Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io
Scan your EC2 instance to find its vulnerabilities using Vuls (https://vuls.io/en/). Audit your EC2 instance to find security misconfigurations using...
Microsoft warns of a large-scale BEC campaign to make gift card scam
Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the...
Russia-linked APT29 group changes TTPs following April advisories
The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka...
WordPress-Brute-Force – Super Fast Login WordPress Brute Force
WordPress Brute Force Super Fast Login .---. .----------- / __ / ------ / / ( )/ ----- ////// ' /...
CANalyse – A Vehicle Network Analysis And Attack Tool
CANalyse is a tool built to analyze the log files to find out unique datasets automatically and able to connect...
19 petabytes of data exposed across 29,000+ unprotected databases
CyberNews researchers found more than 29,000 unprotected databases worldwide that are still publicly accessible, leaving close to 19,000 terabytes of...
[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)
HideezKey- This is a deep-dive into a nice concept for a security token & password manager that turned into a...
VMware addresses critical RCE in vRealize Business for Cloud
VMware has fixed a new critical RCE flaw in VMware vRealize Business for Cloud that was reported by sanctioned Russian...
Connecting the Bots – Hancitor fuels Cuba Ransomware Operations
The Cuba Ransomware gang has partnered with the crooks behind the Hancitor malware in attacks aimed at corporate networks. The Hancitor downloader...
Possible attacks on the TCP/IP protocol stack and countermeasures
Let’s look at what types of threats each layer of the TCP/IP protocol stack may be susceptible to. The task...
Windows Moriya rootkit used in highly targeted attacks
Experts spotted a new malware, dubbed Moriya rootkit, that targets Windows systems as part of cyberespionage campaign dubbed TunnelSnake. An...
Judge-Jury-and-Executable – A File System Forensics Analysis Scanner And Threat Hunting Tool
Features:Scan a mounted filesystem for threats right away Or gather a system baseline before an incident, for extra threat hunting...
Priv2Admin – Exploitation Paths Allowing You To (Mis)Use The Windows Privileges To Elevate Your Rights Within The OS
The idea is to "translate" Windows OS privileges to a path leading to: administrator, integrity and/or confidentiality threat, availability threat,...
Chinese PLA Unit 61419 suspected to have purchased AVs for cyber-espionage
Chinese military unit PLA Unit 61419 is suspected to be involved in cyber-espionage campaigns against multiple antivirus companies. Researchers from...
