New Zealand central bank hit by a cyber attack
A cyber attack hit the New Zealand central bank, sensitive information has been potentially accessed by the intruders The New...
hacking
Security Affairs newsletter Round 296
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
TeamTNT botnet now steals Docker API and AWS credentials
Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS...
Dassault Falcon Jet hit by Ragnar Locker ransomware gang
Dassault Falcon Jet has disclosed a data breach that exposed personal information belonging to current and former employees. In December...
Longtongue – Customized Password/Passphrase List Inputting Target Info
Customized Password/Passphrase List inputting Target InfoInstallationgit clone https://github.com/edoardottt/longtongue.git cd longtongue python3 longtongue.pyUsageusage: longtongue.py Customized Password/Passphrase List inputting Target Infooptional arguments:...
Emp3R0R – Linux Post-Exploitation Framework Made By Linux User
hide processes and filescurrently emp3r0r uses libemp3r0r to hide its files and processes, which utilizes glibc hijacking persistencecurrently implemented methods:...
SolarWinds hackers also used common hacker techniques, CISA revealed
CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks. Cybersecurity...
Twitter has permanently suspended the account of President Donald Trump
Twitter has permanently suspended the account of President Donald Trump on Friday, due to the risk of further incitement of...
Nvidia releases security updates for GPU display driver and vGPU flaws
Nvidia has released security updates to address high-severity vulnerabilities affecting the Nvidia GPU display driver and vGPU software. Nvidia has...
Welcome Bureau of Cyberspace Security and Emerging Technologies (CSET)
United States Department of State approved the creation of the Bureau of Cyberspace Security and Emerging Technologies (CSET). The United...
Solarflare – SolarWinds Orion Account Audit / Password Dumping Utility
Credential Dumping Tool for SolarWinds Orion Blog post: https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/Credit to @asolino, @gentilkiwi, and @skelsec for helping me figuring out DPAPI....
Exif-Gps-Tracer – A Python Script Which Allows You To Parse GeoLocation Data From Your Image Files Stored In A dataset
A python script which allows you to parse GeoLocation data from your Image files stored in a dataset.It also produces...
Unsecured Git server exposed Nissan North America
A misconfigured Git server is the root cause for the leak of source code of mobile apps and internal tools...
Ezuri memory loader used in Linux and Windows malware
Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the...
FBI alert warns private organizations of Egregor ransomware attacks
The US Federal Bureau of Investigation (FBI) issued a security alert warning private sector companies of Egregor ransomware attacks. The...
Ryuk ransomware operations already made over $150M
The Ryuk ransomware had a disruptive impact on multiple industries around the world, operators already earned more than $150 million....
North Korea-linked APT37 targets South with RokRat Trojan
Experts spotted the RokRat Trojan being used by North Korea-linked threat actors in attacks aimed at the South Korean government....
UhOh365 – A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration)
A script that can see if an email address is valid in Office365. This does not perform any login attempts,...
Sarenka – OSINT Tool – Data From Services Like Shodan, Censys Etc. In One Place
SARENKA is an Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface. The main goal is...
How COVID-19 Reinforced the Need for Mobile Device Management
How many of you got that call at the beginning of the pandemic to make your company’s workforce 100% capable...
Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack
An expert found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to hack....
US Govt kicked off ‘Hack the Army 3.0’ bug bounty program
The U.S. government is going to launch the ‘Hack the Army 3.0’ bug bounty program in collaboration with the HackerOne...
SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes
The US DoJ revealed that threat actors behind the SolarWinds attack have gained access to roughly 3% of the department’s...
WhatsApp will share your data with Facebook and its companies
WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving...
