Google addresses a high severity flaw in V8 engine in Chrome
Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227, in the V8 JavaScript engine...
hacking
UK rail network Merseyrail hit by ransomware gang
UK rail network Merseyrail was hit by a cyberattack, ransomware operators breached the corporate email system to disclose the attack...
Cloud misconfiguration, a major risk for cloud security
Misconfigured cloud-based databases continue to cause data breaches, millions of database servers are currently exposed across cloud providers. Fugue’s new State...
FBI shares with HIBP 4 million email addresses involved in Emotet attacks
The FBI has shared with Have I Been Pwned service 4 million email addresses collected by Emotet botnet and employed...
Fav-Up – IP Lookup By Favicon Using Shodan
Lookups for real IP starting from the favicon icon and using Shodan.Installationpip3 install -r requirements.txt Shodan API key (not the...
Ldsview – Offline search tool for LDAP directory dumps in LDIF format
Offline search tool for LDAP directory dumps in LDIF format. FeaturesFast and memory efficient parsing of LDIF files Build ldapsearch...
CISA, NIST published an advisory on supply chain attacks
CISA and NIST published a report on software supply chain attacks that shed light on the associated risks and provide...
Ransomware hit Guilderland Central School District near Albany
Officials revealed that the school district near Albany was hit by a ransomware attack that forced students in grades 7...
Microsoft Defender uses Intel TDT technology against crypto-mining malware
Microsoft announced an improvement of its Defender antivirus that will leverage Intel’s Threat Detection Technology (TDT) to detect processes associated...
Shlayer macOS malware abuses zero-day to bypass Gatekeeper feature
Apple addresses a zero-day in macOS exploited by Shlayer malware to bypass Apple’s security features and deliver second-stage malicious payloads. Apple...
Boffins found a bug in Apple AirDrop that could leak users’ personal info
Experts found a bug in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information. Boffins from the...
Cook – A Customizable Wordlist And Password Generator
Easily create permutations and combinations of words with predefined sets of extensions, words and patterns/function. You can use this tool...
Profil3r – OSINT Tool That Allows You To Find A Person’S Accounts And Emails + Breached Emails
Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well...
Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet
European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows...
Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws
Attackers are exploiting the ProxyLogon flaws in Microsoft Exchange to recruit machines in a cryptocurrency botnet tracked as Prometei. Experts...
A supply chain attack compromised the update mechanism of Passwordstate Password Manager
The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Another...
Tscopy – Tool to parse the NTFS $MFT file to locate and copy specific files
Introducing TScopyIt is a requirement during an Incident Response (IR) engagement to have the ability to analyze files on the...
Posta – Cross-document Messaging Security Research Tool
Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and...
Hackers are targeting Soliton FileZen file-sharing servers
Threat actors are exploiting two flaws in the popular file-sharing server FileZen to steal sensitive data from businesses and government...
Security Affairs newsletter Round 311
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely
10,000+ unpatched ABUS Secvest home alarm systems could be remotely disabled exposing customers to intrusions and thefts. Researchers from Eye Security have...
The cybersecurity researcher Dan Kaminsky has died
The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher...
ToxicEye RAT exploits Telegram communications to steal data from victims
ToxicEye is a new Remote Access Trojan (RAT) that exploits the Telegram service as part of it command and control...
OverRide – Binary Exploitation And Reverse-Engineering (From Assembly Into C)
Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag...
