njRAT RAT operators leverage Pastebin C2 tunnels to avoid detection
Threat actors behind the njRAT Remote Access Trojan (RAT) are leveraging active Pastebin Command and Control Tunnels to avoid detection....
hacking
Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware
Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is...
Attack on Vermont Medical Center is costing the hospital $1.5M a day
The attack that hit the University of Vermont Medical Center at the end of October is costing the hospital about $1.5 million...
European Medicines Agency targeted by cyber attack
The European Medicines Agency (EMA) announced it has been targeted by a cyber attack. The European Medicines Agency (EMA) announced...
RESTler – The First Stateful REST API Fuzzing Tool For Automatically Testing Cloud Services Through Their REST APIs And Finding Security And Reliability Bugs In These Services
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding...
Depix – Recovers Passwords From Pixelized Screenshots
Depix is a tool for recovering passwords from pixelized screenshots. This implementation works on pixelized images that were created with...
New All Apps and Asset Report Combines Power of InsightVM and InsightAppSec for Boosted Visibility
Just using InsightAppSec and still want access to the new executive reports? Don’t worry—we have you covered. Check out your...
Crooks hide software skimmer inside CSS files
Security researchers have uncovered a new technique to inject a software skimmer onto websites, the malware hides in CSS files....
Microsoft December 2020 Patch Tuesday fixes 58 bugs, 9 are critical
Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code execution vulnerabilities. Microsoft December...
The importance of computer identity in network communications: how to protect it and prevent its theft
The importance of computer identity in network communications: how to protect it and prevent threat actors from spying or stealing...
Apache Software Foundation fixes code execution flaw in Apache Struts 2
The Apache Software Foundation addressed a possible remote code execution vulnerability in Struts 2 related to the OGNL technology. The...
Top cybersecurity firm FireEye hacked by a nation-state actor
The cyber security giant FireEye announced that it was hacked by nation-state actors, likely Russian state-sponsored hackers. The cybersecurity firm...
OpenSSL is affected by a ‘High Severity’ security flaw, update it now
The OpenSSL Project disclosed a serious security vulnerability in TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The OpenSSL...
Packer-Fuzzer – A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack
With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in...
Wp_Hunter – Static Analysis Of WordPress Plugins
Static analysis to search for vulnerabilities in Wordpress plugins. __ ____________ ___ ___ __ / / ______ / | __...
Patch Tuesday – December 2020
We close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than...
2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities
Penetration testing (“pentesting”) is the practice of simulating a criminal breach of a sensitive area in order to uncover and...
Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering
Russian citizen Alexander Vinnik was sentenced in Paris to five years in prison for money laundering and ordered to pay 100,000...
Expert discloses zero-click, wormable flaw in Microsoft Teams
Security expert disclosed technical details about a wormable, cross-platform flaw in Microsoft Teams that could allow stealth attacks. Security researcher...
Critical remote code execution fixed in PlayStation Now
Security flaws in the PlayStation Now cloud gaming Windows application allowed hackers to execute arbitrary code on Windows systems. Bug bounty...
QNAP fixed eight flaws that could allow NAS devices takeover
Network-attached storage (NAS) vendor QNAP addressed vulnerabilities that could enable attackers to take over unpatched NAS devices. The Taiwanese vendor...
DoppelPaymer ransomware gang hit Foxconn electronics giant
Electronics contract manufacturer Foxconn is the last victim of the DoppelPaymer ransomware operators that hit a Mexican facility. DoppelPaymer ransomware operators...
Cisco fixes exploitable RCEs in Cisco Security Manager
Cisco released security updates to fix multiple pre-authentication RCE flaws with public exploits affecting Cisco Security Manager. Cisco has released security updates...
Baphomet – Basic Concept Of How A Ransomware Works
This is a proof of concept of how a ransomware works, and some techniques that we usually use to hijack...
