SolarWinds hackers had access to components used by Azure, Intune, and Exchange
Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange....
hacking
WatchDog botnet targets Windows and Linux servers in cryptomining campaign
PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency....
WireBug – A Toolset For Voice-over-IP Penetration Testing
WireBug is a tool set for Voice-over-IP penetration testing. It is designed as a wizard which makes it easy to...
Ghidra_Kernelcache – A Ghidra Framework For iOS Kernelcache Reverse Engineering
This framework is the end product of my experience in reverse engineering iOS kernelcache,I do manually look for vulnerabilities in...
Securing Your Web App, One Robot at a Time
Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to...
The OpenSSL Project addressed three vulnerabilities
The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The...
US DoJ charges three members of the North Korea-linked Lazarus APT group
The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department...
ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams
Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift...
CrackerJack – Web GUI for Hashcat
Web Interface for Hashcat by Context Information Security Demo / Start Cracking in Under 5 MinutesIntroductionCrackerJack is a Web GUI...
Chimera – A (Shiny And Very Hack-Ish) PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions
Chimera is a (shiny and ver y hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests...
Why More Teams are Shifting Security Analytics to the Cloud This Year
As the threat landscape continues to evolve in size and complexity, so does the security skills and resource gap, leaving...
Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software
French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers....
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware In the last few years, many banking trojans...
Telegram flaw could have allowed access to users secret chats
Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to...
Monitor Google Cloud Platform (GCP) Data With InsightIDR
InsightIDR was built in the cloud to support dynamic and rapidly changing environments—including remote workers, hybrid cloud and on-premises architectures,...
Hackers abusing the Ngrok platform phishing attacks
Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at...
Popular SHAREit app is affected by severe flaws yet to be fixed
Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is...
A new Bluetooth overlay skimmer block chip-based transactions
Experts discovered a new Bluetooth overlay skimmer that interferes with the ability of the terminal to read chip-based cards, forcing...
VMware fixes command injection issue in vSphere Replication
VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches...
France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers
French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security...
Gitlab-Watchman – Monitoring GitLab For Sensitive Data Shared Publicly
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally....
OSV – Open Source Vulnerability DB And Triage Service
OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and...
The malicious code in SolarWinds attack was the work of 1,000+ developers
Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack Microsoft’s analysis of the SolarWinds supply chain attack revealed...
French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine
An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the...
