AzureHound – Azure Data Exporter For BloodHound
The BloodHound data collector for Microsoft Azure Get AzureHound Release Binaries Download the appropriate binary for your platform from one...
hacking
CISA adds Veeam Backup and Replication bugs to Known Exploited Vulnerabilities Catalog
US CISA added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure...
MCCrash botnet targets private Minecraft servers, Microsoft warns
Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a...
Microsoft revised CVE-2022-37958 severity due to its broader scope
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022....
Chinese MirrorFace APT group targets Japanese political entities
A Chinese-speaking APT group, tracked as MirrorFace, is behind a spear-phishing campaign targeting Japanese political entities. ESET researchers recently discovered a...
Database of the FBI’s InfraGard US Critical Infrastructure Intelligence portal available for sale
The portal of the FBI’s InfraGard US Critical Infrastructure Intelligence was hacked, and data is available for sale on a...
ADFSRelay – Proof Of Concept Utilities Developed To Research NTLM Relaying Attacks Targeting ADFS
This repository includes two utilities NTLMParse and ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information...
FBI seized 48 domains linked to DDoS-for-Hire service platforms
The U.S. Department of Justice (DoJ) seized forty-eight domains that offered DDoS-for-Hire Service Platforms to crooks. The U.S. Department of...
Crooks use HTML smuggling to spread QBot malware via SVG files
Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a...
GoTrim botnet actively brute forces WordPress and OpenCart sites
Researchers discovered a new Go-based botnet, dubbed GoTrim, attempting to brute force WordPress websites. Fortinet FortiGuard Labs researchers spotted a...
December 2022 Patch Tuesday fixed 2 zero-day flaws
Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates...
Apple fixed the tenth actively exploited zero-day this year
Apple rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari to fix a new actively exploited zero-day (CVE-2022-42856)....
FarsightAD – PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise
FarsightAD is a PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an...
3.5m IP cameras exposed, with US in the lead
The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a...
VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest
VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition....
Citrix and NSA urge admins to fix actively exploited zero-day in Citrix ADC and Gateway
Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges...
Lockbit ransomware gang hacked California Department of Finance
LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit...
Experts detailed a previously undetected VMware ESXi backdoor
A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted...
Codecepticon – .NET Application That Allows You To Obfuscate C#, VBA/VB6 (Macros), And PowerShell Source Code
Codecepticon is a .NET application that allows you to obfuscate C#, VBA/VB6 (macros), and The command generator's output format can...
Twitter says recently leaked user data are from 2021 breach
Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022....
Fortinet urges customers to fix actively exploited FortiOS SSL-VPN bug
Fortinet fixed an actively exploited FortiOS SSL-VPN flaw that could allow a remote, unauthenticated attacker to execute arbitrary code on devices....
Indian foreign ministry’s Global Pravasi Rishta portal leaks expat passport details
The Cybernews research team reported that India’s government platform Global Pravasi Rishta Portal was leaking sensitive user data. Original post...
Cryptomining campaign targets Linux systems with Go-based CHAOS Malware
Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers...
Evilnum group targets legal entities with a new Janicab variant
A hack-for-hire group dubbed Evilnum is targeting travel and financial entities with the new Janicab malware variant. Kaspersky researchers reported that...
