Pinecone – A WLAN Red Team Framework
Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is...
hacking
Crooks create rogue cryptocurrency-themed apps to steal crypto assets from users
The U.S. FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. The U.S....
Several apps on the Play Store used to spread Joker, Facestealer and Coper malware
Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families....
MLNK Builder 4.2 released in Dark Web – malicious shortcut-based attacks are on the rise
Cybercriminals released a new MLNK Builder 4.2 tool for malicious shortcuts (LNK) generation with an improved Powershell and VBS Obfuscator...
Tor Browser 11.5 is optimized to automatically bypass censorship
The Tor Project team has announced the release of Tor Browser 11.5, which introduces functionalities to automatically bypass censorship. The...
Koh – The Token Stealer
Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via...
A massive cyberattack hit Albania
A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack....
Watch out for the CVE-2022-30136 Windows NFS Remote Code Execution flaw
Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research...
Graff paid a $7.5M ransom and sued its insurance firm for refusing to cover this payment
The high-end British jeweler Graff paid a £6 million ransom after the ransomware attack it suffered in 2021. In September...
Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever
Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was...
Google is going to remove App Permissions List from the Play Store
Google is going to remove the app permissions list from the official Play Store for both the mobile app and...
Zenbuster – Multi-threaded URL Enumeration/Brute-Forcing Tool
ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin (@0xTas). I wrote this tool as...
Security Affairs newsletter Round 374 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
APT groups target journalists and media organizations since 2021
Researchers from Proofpoint warn that various APT groups are targeting journalists and media organizations since 2021. Proofpoint researchers warn that...
Critical flaw in Netwrix Auditor application allows arbitrary code execution
A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered...
CISA urges to fix multiple critical flaws in Juniper Networks products
CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller....
Threat actors exploit a flaw in Digium Phone Software to target VoIP servers
Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto...
Kubeaudit – Tool To Audit Your Kubernetes Clusters Against Common Security Controls
kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such...
Tainted password-cracking software for industrial systems used to spread P2P Sality bot
Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos...
Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons
Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder...
Holy Ghost ransomware operation is linked to North Korea
Microsoft researchers linked the Holy Ghost ransomware (H0lyGh0st) operation to North Korea-linked threat actors. The Microsoft Threat Intelligence Center (MSTIC)...
Dumpscan – Tool To Extract And Dump Secrets From Kernel And Windows Minidump Formats
Dumpscan is a command-line tool designed to extract and dump secrets from kernel and Windows Minidump formats. Kernel-dump parsing is...
RedAlert, LILITH, and 0mega, 3 new ransomware in the wild
Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence...
Mantis botnet powered the largest HTTPS DDoS attack in June
The largest HTTPS DDoS attack recently mitigated by Cloudflare was launched by the Mantis botnet. In June 2022, DDoS mitigation...
