US sanctioned crypto mixer Tornado Cash used by North Korea-linked APT
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by North...
hacking
Malicious file analysis – Example 01
Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022....
Orchard botnet uses Bitcoin Transaction info to generate DGA domains
Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. 360 Netlab...
Twilio discloses data breach that impacted customers and employees
Communications company Twilio discloses a data breach after threat actors have stolen employee credentials in an SMS phishing attack. Communications...
LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities
LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing...
Attackers abuse open redirects in Snapchat and Amex in phishing attacks
Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused...
Microsoft is blocking Tutanota email addresses from registering a MS Teams account
Microsoft is actively blocking Tutanota email addresses from registering a Microsoft Teams account. Tutanota is an end-to-end encrypted email app...
Serious cyberattack hits German Chambers of Industry and Commerce (DIHK)
A massive cyberattack hit the website of the German Chambers of Industry and Commerce (DIHK) this week. A massive attack...
Security Affairs newsletter Round 377
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
GwisinLocker ransomware exclusively targets South Korea
Researchers spotted a new family of ransomware, named GwisinLocker, that encrypts Windows and Linux ESXi servers. Researchers warn of a...
BlackStone – Pentesting Reporting Tool
BlackStone project or "BlackStone Project" is a tool created in order to automate the work of drafting and submitting a...
Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports
Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance...
Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes
Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created...
Pict – Post-Infection Collection Toolkit
This set of scripts is designed to collect a variety of data from an endpoint thought to be infected, to...
Twitter confirms zero-day used to access data of 5.4 million accounts
Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of...
The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases
Dark Utilities “C2-as-a-Service” is attracting a growing number of customers searching for a command-and-control for their campaigns. The popularity of the...
DHS warns of critical flaws in Emergency Alert System encoder/decoder devices
The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security...
CISA adds Zimbra email bug to Known Exploited Vulnerabilities Catalog
US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited...
Peetch – An eBPF Playground
peetch is a collection of tools aimed at experimenting with different aspects of eBPF to bypass TLS protocol protections. Currently,...
Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor
A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch...
New Linux botnet RapperBot brute-forces SSH servers
RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers...
New Woody RAT used in attacks aimed at Russian entities
An unknown threat actor is targeting Russian organizations with a new remote access trojan called Woody RAT. Malwarebytes researchers observed an...
Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction
A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices....
Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit
Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy...
