VMware fixes three critical flaws in Workspace ONE Assist
VMware address three critical bugs in the Workspace ONE Assist solution that allow remote attackers to bypass authentication and elevate...
hacking
Citrix ADC and Citrix Gateway are affected by a critical authentication bypass flaw
Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging...
SmokeLoader campaign distributes new Laplas Clipper malware
Researchers observed a SmokeLoader campaign that is distributing a new clipper malware dubbed Laplas Clipper that targets cryptocurrency users. Cyble...
Medibank confirms ransomware attack impacting 9.7M customers, but doesn’t pay the ransom
Australian health insurer Medibank confirmed that personal data belonging to around 9.7 million current and former customers were exposed as...
US DoJ seizes $3.36B Bitcoin from Silk Road hacker
The U.S. Department of Justice condemned James Zhong, a hacker who stole 50,000 bitcoins from the Silk Road dark net...
‘Justice Blade’ Hackers are Targeting Saudi Arabia
Threats actors calling themselves “Justice Blade” published leaked data from an outsourcing IT vendor. The group of threat actors calling...
Robin Banks phishing-as-a-service platform continues to evolve
The phishing-as-a-service (PhaaS) platform Robin Banks migrated its infrastructure to DDoS-Guard, a Russian bulletproof hosting service. The phishing-as-a-service (PhaaS) platform Robin...
Water sector in the US and Israel still unprepared to defeat cyber attacks
Expert warns that the US and Israel are still unprepared to defeat a cyber attack against organizations in the water...
Evilgophish – Evilginx2 + Gophish
Combination of Once you have run setup.sh, the next steps are: Configure SMS message template. You will use Text only...
UK NCSC govt agency is scanning the Internet for flawed devices in the UK
The UK National Cyber Security Centre (NCSC) announced that is scanning all Internet-exposed devices hosted in the UK for vulnerabilities....
Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks
Researchers uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims. Microsoft’s Dynamics 365 Customer...
LockBit 3.0 gang claims to have stolen data from Kearney & Company
The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company. Kearney is...
A cyberattack blocked the trains in Denmark
At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party...
Collect-MemoryDump – Automated Creation Of Windows Memory Snapshots For DFIR
Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR Collect-MemoryDump.ps1 is Fig 3: Automated Creation of Windows Memory Snapshot...
Security Affairs newsletter Round 392
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
29 malicious PyPI packages spotted delivering the W4SP Stealer
Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages...
Zero-day are exploited on a massive scale in increasingly shorter timeframes
Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks. According to the Digital...
Prefetch-Hash-Cracker – A Small Util To Brute-Force Prefetch Hashes
Motivation During the forensic analysis of a Windows machine, you may find the name of a deleted prefetch file. While...
RomCom RAT campaigns abuses popular brands like KeePass and SolarWinds NPM
A new campaign spreading RomCom RAT impersonates popular software brands like KeePass, and SolarWinds. The threat actor behind the RomCom...
Appshark – Static Taint Analysis Platform To Scan Vulnerabilities In An Android App
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. Prerequisites Appshark requires a specific version...
The 10th edition of the ENISA Threat Landscape (ETL) report is out!
I’m proud to announce the release of the 10th edition of the ENISA Threat Landscape (ETL) on the state of...
Cisco addressed several high-severity flaws in its products
Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple...
LockBit ransomware gang claims the hack of Continental automotive group
The LockBit ransomware group claimed to have hacked the multinational automotive group Continental and threatens to leak stolen data. LockBit...
250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack
Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US....
