Aclpwn.Py – Active Directory ACL Exploitation With BloodHound
Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a...
hacking
JSFScan.sh – Automation For Javascript Recon In Bug Bounty
Blog can be found at https://medium.com/@patelkathan22/beginners-guide-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea?sk=21500dc4288281c7e6ed2315943269e7 Script made for all your javascript recon automation in bugbounty. Just pass subdomain list...
TrickBoot feature allows TrickBot bot to run UEFI attacks
TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature....
Clop Ransomware gang claims to have stolen 2 million credit cards from E-Land
E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company....
A scan of 4 Million Docker images reveals 51% have critical flaws
Security experts analyzed 4 million public Docker container images hosted on Docker Hub and found half of them was having...
K12 education giant paid the ransom to the Ryuk gang
Online education giant K12 Inc. was hit by Ryuk ransomware in the middle of November and now has paid a...
Russia-linked APT Turla used a new malware toolset named Crutch
Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT...
Fast-Security-Scanners – Security Checks For Your Researches
A small contribution to community :)We use all these tools in security assessments and in our vulnerability monitoring service Check...
Hacktory platform packed with new game-playing features
Without practice, theory is dead. Applied knowledge is essential in any area, especially in cybersecurity, and practice is the only...
Threat and Vulnerability Management Best Practices
Today’s business world is increasingly driven by e-commerce and the cloud, which means it requires a proactive approach toward vulnerability...
APT groups targets US Think Tanks, CISA, FBI warn
Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning of attacks carried out by threat actors against United States...
Google discloses a zero-click Wi-Fi exploit to hack iPhone devices
Google Project Zero expert Ian Beer on Tuesday disclosed a critical “wormable” iOS flaw that could have allowed to hack...
Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement
Security researcher Tolijan Trajanovski (@tolisec) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb, shared...
French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data
The CyberNews investigation team discovered French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data. Original post @...
Malicious npm packages spotted delivering njRAT Trojan
npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’...
DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882
The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet....
Terrascan – Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. GitHub Repo: https://github.com/accurics/terrascan...
OnionSearch – A Script That Scrapes Urls On Different .Onion Search Engines
OnionSearch is a Python3 script that scrapes urls on different ".onion" search engines. PrerequisitePython 3 Currently supported Search enginesahmia...
Rapid7 Recognized as a Strong Performer Among Security Analytics Providers by Leading Industry Report
At Rapid7, we recognize that security professionals are facing a more challenging landscape than ever before. The mission of InsightIDR—our...
Baltimore County Schools close after a ransomware attack
Baltimore County Schools were hit by a ransomware attack that forced them to close leaving more than 100,000 students out....
Vietnam-linked Bismuth APT leverages coin miners to stay under the radar
Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns Researchers from Microsoft reported...
UK gov bans new Huawei equipment installs after Sept 2021
The British government will ban the installation of new Huawei equipment in the 5G networks of Wireless carriers after September...
Talos reported WebKit flaws in WebKit that allow Remote Code Execution
Talos experts found flaws in the WebKit browser engine that can be also exploited for remote code execution via specially...
Exclusive: Experts from TIM’s Red Team Research (RTR) found 6 zero-days
TIM’s Red Team Research led by Massimiliano Brolli discovered 6 new zero-day vulnerabilities in Schneider Electric StruxureWare. Today, TIM’s Red...
