Microsoft is open sourcing CyberBattleSim Enterprise Environment Simulator
Microsoft released as open-source the ‘CyberBattleSim Python-based toolkit which is an Enterprise Environment Simulator. Microsoft has recently announced the open-source...
hacking
LinkedIn confirmed that it was not a victim of a data breach
LinkedIn has formally denied that the recently disclosed data leak was caused by a security breach, data were obtained via...
Fitch Ratings: Cyberattacks could pose a material risk to water and sewer utilities
Fitch Ratings is warning that cyberattacks could pose a risk to water and sewer utilities potentially impacting their ability to...
Cpufetch – Simplistic Yet Fancy CPU Architecture Fetching Tool
Simplistic yet fancy CPU architecture fetching tool1. Supportcpufetch currently supports x86_64 CPUs (both Intel and AMD) and ARM. Platform x86_64...
AzureC2Relay – An Azure Function That Validates And Relays Cobalt Strike Beacon Traffic By Verifying The Incoming Requests Based On A Cobalt Strike Malleable C2 Profile
AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on...
Is the recent accident at Iran Natanz nuclear plant a cyber attack?
On Sunday, an “accident” occurred in the electricity distribution network at Iran’s Natanz nuclear facility, experts speculate it was caused...
Personal data of 1.3 million Clubhouse users leaked online
An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days...
Security Affairs newsletter Round 309
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Joker malware infected 538,000 Huawei Android devices
More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android...
Hackers compromised APKPure client to distribute infected Apps
APKPure, one of the largest alternative app stores, was the victim of a supply chain attack, threat actors compromised client...
Gotestwaf – Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques
An open-source Go project to test different web application firewalls (WAF) for detection logic and bypasses.How it worksIt is a...
Crooks abuse website contact forms to deliver IcedID malware
Microsoft researchers spotted a malware campaign abusing contact forms on legitimate websites to deliver the IcedID malware. Security experts from...
This man was planning to kill 70% of Internet in a bomb attack against AWS
The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70%...
Zerodium will pay $300K for WordPress RCE exploits
Zero-day broker Zerodium announced that will triples payouts for remote code execution exploits for the popular WordPress content management system....
Cisco will not release updates to fix critical RCE flaw in EoF Business Routers
Cisco announced it will not release security updates to address a critical security vulnerability affecting some of its Small Business...
PoisonApple – macOS Persistence Tool
Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters...
Redcloud – Automated Red Team Infrastructure Deployement Using Docker
Redcloud is a powerful and user-friendly toolbox for deploying a fully featured Red Team Infrastructure using Docker. Harness the cloud's...
Pwn2Own 2021: participants earned $1,2M of the $1.5M prize pool
The Pwn2Own 2021 hacking competition was concluded, participants earned more than $1.2 million, the greatest total payout ever. The Pwn2Own...
CISA releases post-compromise tool Aviary to review Microsoft 365
CISA released a Splunk-based dashboard for post-compromise activity in Microsoft Azure Active Directory (AD), Office 365, and MS 365 environments. The Cybersecurity...
330K stolen payment cards and 895K stolen gift cards sold on dark web
A threat actor has sold almost 900,000 gift cards and over 300,000 payment cards on a cybercrime forum on the...
Moodle flaw exposed users to account takeover
Wizcase experts discovered a security flaw in the open-source learning platform Moodle that could allow accounts takeover. At the beginning...
Max – Maximizing BloodHound
Maximizing BloodHound.DescriptionNew Release: dpat - The BloodHound Domain Password Audit Tool (DPAT) A simple suite of tools: get-info - Pull...
NtHiM – Super Fast Sub-domain Takeover Detection
NtHiM - Super Fast Sub-domain Takeover DetectionInstallationMethod 1: Using Pre-compiled BinariesThe pre-compiled binaries for different systems are available in the...
Attackers Targeting Fortinet Devices and SAP Applications
The following blog was co-authored by Caitlin Condon and Bob Rudis, also known (in his own words) as “some caveman...
