Experts link the Black Basta ransomware operation to FIN7 cybercrime gang
Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers...
hacking
VuCSA – Vulnerable Client-Server Application – Made For Learning/Presenting How To Perform Penetration Tests Of Non-Http Thick Clients
Vulnerable Client-Server Application Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients....
Updated TikTok Privacy Policy confirms that Chinese staff can access European users’ data
TikTok updated its privacy policy for European Economic Area (“EEA”) and confirmed that its Chinese staff can access their users’ data....
Fortinet fixed 16 vulnerabilities, 6 rated as high severity
Fortinet addressed 16 vulnerabilities in some of the company’s products, six flaws received a ‘high’ severity rate. One of the...
Vitali Kremez passed away
I’m deeply saddened by the absurd death of Vitali Kremez, he died during a scuba diving off the coast of...
4 Malicious apps on Play Store totaled +1M downloads
Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. Malwarebytes researchers...
SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority
Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022,...
Jscythe – Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code
jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even...
Dropbox discloses unauthorized access to 130 GitHub source code repositories
Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File...
OpenSSL fixed two high-severity vulnerabilities
The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote...
LockBit 3.0 gang claims to have stolen data from Thales
The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is...
Experts warn of critical RCE in ConnectWise Server Backup Solution
ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the...
Ransomware activity and network access sales in Q3 2022
Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M....
Cicd-Goat – A Deliberately Vulnerable CI/CD Environment
Deliberately Download & Run There's no need to clone the repository. Linux & Mac curl -o cicd-goat/docker-compose.yaml --create-dirs https://raw.githubusercontent.com/cider-security-research/cicd-goat/main/docker-compose.yamlcd cicd-goat...
Samsung Galaxy Store flaw could have allowed installing malicious apps on target devices
A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected...
VMware warns of the public availability of CVE-2021-39144 exploit code
VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX...
Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch
An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. 0patch released...
Wannacry, the hybrid malware that brought the world to its knees
Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In...
Snatch group claims to have hacked military provider HENSOLDT France
The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics. The Snatch ransomware group claims to...
GitHub flaw could have allowed attackers to takeover repositories of other users
A critical flaw in the cloud-based repository hosting service GitHub could’ve allowed attackers to takeover other repositories. The cloud-based repository...
Reverse_SSH – SSH Based Reverse Shell
Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax...
Malicious dropper apps on Play Store totaled 30.000+ installations
ThreatFabric researchers discovered five malicious dropper apps on Google Play Store with more than 130,000 downloads. Researchers at ThreatFabric have...
Former British Prime Minister Liz Truss ‘s phone was allegedly hacked by Russian spies
According to the Daily Mail, Former British Prime Minister Liz Truss ‘s personal phone was hacked by Russian spies. The...
German BKA arrested the alleged operator of Deutschland im Deep Web darknet market
German police arrested a student that is suspected of being the administrator of ‘Deutschland im Deep Web’ (DiDW) darknet marketplace....
