Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%
Group-IB published a report titled “Ransomware Uncovered 2020-2021”. analyzes ransomware landscape in 2020 and TTPs of major threat actors. Group-IB, a...
hacking
PyBeacon – A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python
PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic. It can encrypt/decrypt beacon metadata, as well...
SharpSphere – .NET Project For Attacking vCenter
SharpSphere gives red teamers the ability to easily interact with the guest operating systems of virtual machines managed by vCenter....
Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys
Cybersecurity firm Qualys seems to have suffered a data breach, threat actors allegedly exploited zero-day flaw in their Accellion FTA server....
The Ursnif Trojan has hit over 100 Italian banks
Avast researchers reported that the infamous Ursnif Trojan was employed in attacks against at least 100 banks in Italy. Avast...
Teatime – An RPC Attack Framework For Blockchain Nodes
Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes. It detects a...
Threatspec – Continuous Threat Modeling, Through Code
Threatspec is an open source project that aims to close the gap between development and security by bringing the threat...
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, 2021, the Microsoft Threat Intelligence Center (MSTIC) released details on an active state-sponsored threat campaign exploiting four...
IAM Never Gonna Give You Up, Never Gonna Breach Your Cloud
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in...
Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw
A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any...
Attackers took over the Perl.com domain in September 2020
The Perl.com domain was hijacked in January, but a senior editor at the site revealed that the hackers took control of...
Four zero-days in Microsoft Exchange actively exploited in the wild
Microsoft released emergency out-of-band security updates for all supported Microsoft Exchange versions that fix four zero-day flaws. Microsoft has released...
Google fixes Critical Remote Code Execution issue in Android System component
Google addressed 37 vulnerabilities with the release of the Android security updates for March 2021, including a critical flaw in...
Pwn20wnd released the unc0ver v 6.0 jailbreaking tool
The popular jailbreaking tool called “unc0ver” now supports iOS 14.3 and earlier releases, and is able to unlock almost every...
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange 0-day
Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in...
Fake-Sms – A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy
A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone...
OWASP ASST (Automated Software Security Toolkit) – A Novel Open Source Web Security Scanner
OWASP ASST (Automated Software Security Toolkit) | A Novel Open Source Web Security Scanner. Note: AWSS is the older name...
French multinational dairy Lactalis hit by a cyber attack
French multinational dairy products corporation Lactalis discloses cyberattack, but claimed that had no evidence of a data breach. France-based dairy...
Alleged China-linked APT41 group targets Indian critical infrastructures
Recorded Future researchers uncovered a campaign conducted by Chinese APT41 group targeting critical infrastructure in India. Security researchers at Recorded...
Distributor of Asian food JFC International hit by Ransomware
JFC International, a major wholesaler and distributor of Asian food products in the United States, was hit by ransomware. JFC...
Gootkit delivery platform Gootloader used to deliver additional payloads
The Javascript-based infection framework for the Gootkit RAT was enhanced to deliver a wider variety of malware, including ransomware. Experts...
Halogen – Automatically Create YARA Rules From Malicious Documents
Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document.Halogen helppython3...
StandIn – A Small .NET35/45 AD Post-Exploitation Toolkit
StandIn is a small AD post-compromise toolkit. StandIn came about because recently at xforcered we needed a .NET native solution...
How to Achieve and Maintain Continuous Cloud Compliance
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in...
