SolarWinds confirmes 18,000 customers may have been impacted
18,000 SolarWinds customers may have been impacted by the attack against its supply chain, the company said in a SEC filing....
hacking
WSMan-WinRM – A Collection Of Proof-Of-Concept Source Code And Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object
A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object.BackgroundFor background...
Stegseek – Worlds Fastest Steghide Cracker, Chewing Through Millions Of Passwords Per Second
Stegseek is a lightning fast steghide cracker that can be used to extract hidden data from files. It is built...
SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know
On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds...
Details for 1.9M members of Chinese Communist Party Members leaked
Security experts from Cyble discovered that the details of 1.9 million members of the Chinese Communist Party were leaked on...
US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software
Hackers broke into the networks of federal agencies and FireEye by compromising SolarWinds’ Orion Network Management Products. The cyber espionage...
Robotic Process Automation vendor UiPath discloses data breach
Last week, ZDnet reported in an exclusive that the tech unicorn UiPath admitted having accidentally exposed the personal details of...
Pay2Key hackers stole data from Intel’s Habana Labs
Pay2Key ransomware operators claim to have compromised the network of the Intel-owned chipmaker Habana Labs and have stolen data. Intel-owned...
Hacked Subway UK marketing system used in TrickBot phishing campaign
Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to...
Slipstream – NAT Slipstreaming Allows An Attacker To Remotely Access Any TCP/UDP Services Bound To A Victim Machine, Bypassing The Victim’s NAT/firewall, Just By The Victim Visiting A Website
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim's NAT/firewall...
403Bypasser – Burpsuite Extension To Bypass 403 Restricted Directory
An burpsuite extension to bypass 403 restricted directory. By using PassiveScan (default enabled), each 403 request will be automatically scanned...
Security Affairs Newsletter is back!
Security Affairs newsletter is back, it is the right time to subscribe to it. Every day I receive several emails...
Security Affairs newsletter Round 293
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs
Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner....
NI CompactRIO controller flaw could allow disrupting production
A serious flaw in National Instruments CompactRIO controllers could allow remote attackers to disrupt production processes in an organization. A...
WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack
Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than...
Spotify reset user passwords after accidentally personal information exposure
Spotify is informing users that their personal information might have been accidentally shared with some of its business partners. Spotify...
Facebook links cyberespionage group APT32 to Vietnamese IT firm
Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has...
Gustave – Embedded OS kernel fuzzer
GUSTAVE is a fuzzing platform for embedded OS kernels. It is based on QEMU and AFL (and all of its...
Carnivore – Tool For Assessing On-Premises Microsoft Servers Authentication Such As ADFS, Skype, Exchange, And RDWeb
Carnivore is an assessment tool for Skype for Business, Exchange, ADFS, and RDWeb servers as well as some O365 functionality....
Threat actors target K-12 distance learning education, CISA and FBI warn
The US Cybersecurity Infrastructure and Security Agency and the FBI warned about the increase in ransomware attacks targeting the US...
Interview with Massimiliano Brolli, Head of TIM Red Team Research
Interview with Massimiliano Brolli, Head of TIM Red Team Research, which is a team of experts that focus on zero-day...
Adrozek malware silently inject ads into search results in multiple browsers
Microsoft warns of a new malware named Adrozek that infects devices and hijacks Chrome, Edge, and Firefox browsers by changing...
Cisco addresses critical RCE vulnerability in Jabber
Cisco addressed a new critical RCE vulnerability that affects several versions of Cisco Jabber for Windows, macOS, and mobile platforms. Cisco...
