What’s New in InsightVM: Q4 2020 in Review
Improvements made to the Goals and SLAs wizardWe’re excited to announce that creating a goal or SLA in InsightVM just...
hacking
Fake Trump sex video used to spread QNode RAT
Researchers uncovered a malspam campaign that spreads the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as...
Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack
Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor...
FBI, CISA, ODNI and NSA blames Russia for SolarWinds hack
A joint statement issued by US security agencies confirmed that Russia was likely the origin of the SolarWinds supply chain...
New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users
Researchers uncovered a large scale operation targeting cryptocurrency users with a previously undetected multiplatform RAT named ElectroRAT. Security researchers from...
MaskPhish – Give A Mask To Phishing URL
MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com).Legal Disclaimer:Usage of MaskPhish for...
Drow – Injects Code Into ELF Executables Post-Build
drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables (post-build). It...
NICER Protocol Deep Dive: Internet Exposure of DNS
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
Healthcare organizations faced a 45% increase in attacks since November
According to a new report published by Check Point, organizations in the healthcare industry have faced a 45% increase in...
Over 500,000 credentials for tens of gaming firm available in the Dark Web
The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on...
How to bypass the Google Audio reCAPTCHA with a new version of unCaptcha2 attack
A German security researcher demonstrated how to break, once again, the Google Audio reCAPTCHA with Google’s own Speech to Text...
Apex Laboratory disclose data breach after a ransomware attack
At-home laboratory services provider Apex Laboratory discloses a ransomware attack and consequent data breach. Apex Laboratory, Inc. is a clinical...
EvtMute – Apply A Filter To The Events Being Reported By Windows Event Logging
This is a tool that allows you to offensively use YARA to apply a filter to the events being reported...
XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts
Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in...
Shifting Security Right: How Cloud-Based SecOps Can Speed Processes While Maintaining Integrity
When it comes to offloading security controls to the cloud, it may seem counterintuitive to the notion of “securing” things....
British Court rejects the US’s request to extradite Julian Assange
A British court has rejected the request of the US government to extradite Wikileaks founder Julian Assange to the country....
New alleged MuddyWater attack downloads a PowerShell script from GitHub
Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security...
MOSINT – OSINT Tool For Emails
MOSINT is an OSINT Tool for emails. It helps you gather information about the target email. Features:Verification Service { Check...
Over 200 million records of Chinese Citizens for Sale on the Darkweb
During a routine Dark web monitoring, the Research team at Cyble found threat actors selling 200 million+ Records of Chinese...
Top data breaches of 2020 – Security Affairs
Data from major cyber security firms revealed that tens of billion records have been exposed in data breaches exposed in 2020....
Security Affairs newsletter Round 295
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
NCA arrested 21 customers of the WeLeakInfo service
NCA arrested 21 people in the UK as part of an operation targeting customers of WeLeakInfo service that advertised stolen...
COVID-19 themed attacks December 19, 2020– January 02, 2021
This post includes the details of the COVID-19 themed attacks launched from December 19, 2020– January 02, 2021. 25 December,...
Ticketmaster will pay $10 Million fine over hacking a competitor
Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. The...
