Security Affairs newsletter Round 312
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
hacking
Hacking a Tesla Model X with a DJI Mavic 2 drone equipped with a WIFI dongle
A security duo has demonstrated how to hack a Tesla Model X’s and open the doors using a DJI Mavic...
Cloud hosting provider Swiss Cloud suffered a ransomware attack
Swiss cloud hosting provider Swiss Cloud has suffered a ransomware attack that seriously impacted its server infrastructure. On April 27...
AgeLocker ransomware operation targets QNAP NAS devices
Taiwanese vendor QNAP is warning its customers of AgeLocker ransomware attacks on their NAS devices. Crooks behind the AgeLocker ransomware...
Nginxpwner – Tool to look for common Nginx misconfigurations and vulnerabilities
Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities.Install:cd /optgit clone https://github.com/stark0de/nginxpwnercd nginxpwnerchmod +x install.sh./install.sh Usage:Target...
Paragon – Red Team Engagement Platform With The Goal Of Unifying Offensive Tools Behind A Simple UI
Paragon is a Red Team engagement platform. It aims to unify offensive tools behind a simple UI, abstracting much of...
Flaws in the BIND software expose DNS servers to attacks
The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE...
Babuk crew announced it will stop ransomware attacks
Babuk ransomware operators shut down their affiliate program and announced to stop using ransomware, the group plans to move on...
China-linked APT uses a new backdoor in attacks at Russian defense contractor
China-linked APT group targets Russian nuclear sub designer with an undocumented backdoor A China-linked cyberespionage group targets a Russian defense...
Vaf – Very Advanced (Web) Fuzzer
very advanced fuzzer compilingInstall nim from nim-lang.org Run nimble build A vaf.exe file will be created in your directory ready...
SniperPhish – The Web-Email Spear Phishing Toolkit
SniperPhish is a phishing toolkit for pentester or security professionals to enhance user awareness by simulating real-world phishing attacks. SniperPhish...
UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed
UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the...
Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization
UNICC and Group-IB detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. Group-IB, a...
Microsoft warns of BadAlloc flaws in OT, IoT devices
Microsoft researchers are warning of major security vulnerabilities affecting OT and IoT devices and high-risks for businesses using them. Researchers...
Command injection flaw in PHP Composer allowed supply-chain attacks
A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package....
An alleged ransomware attack hit the Italian Banca di Credito Cooperativo causing chaos
Banca di Credito Cooperativo (BCC), one of the largest Italian cooperative credit banks was hit by a ransomware attack. Banca di...
MeterPwrShell – Automated Tool That Generate The Perfect Powershell Payload
Automated Tool That Generate A Powershell Oneliner That Can Create Meterpreter Shell On Metasploit,Bypass AMSI,Bypass Firewall,Bypass UAC,And Bypass Any AVs....
M365_Groups_Enum – Enumerate Microsoft 365 Groups In A Tenant With Their Metadata
The all_groups.py script allows to enumerate all Microsoft 365 Groups in a Azure AD tenant with their metadata: name visibility:...
An issue in the Linux Kernel could allow the hack of your system
An information disclosure issue in Linux Kernel allows KASLR bypass could be potentially exploited in attacks in the wild. An...
Purple Lambert, a new malware of CIA-linked Lambert APT group
Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS...
RotaJakiro Linux backdoor has flown under the radar since 2018
Experts recently uncovered a Linux backdoor, dubbed RotaJakiro, that has flown under the radar for many years while harvest and...
Naikon APT group uses new Nebulae backdoor in attacks aimed at military orgs
China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years....
PwnLnX – An Advanced Multi-Threaded, Multi-Client Python Reverse Shell For Hacking Linux Systems
An advanced multi-threaded, multi-client python reverse shell for hacking linux systems. There's still more work to do so feel free...
Invoke-Stealth – Simple And Powerful PowerShell Script Obfuscator
Invoke-Stealth is a Simple & Powerful PowerShell Script Obfuscator. This tool helps you to automate the obfuscation process of any...
