Iran announced to have foiled massive cyberattacks on public services
State television announced that Iran has foiled massive cyberattacks that targeted public services operated by both government and private organizations....
hacking
DDexec – A Technique To Run Binaries Filelessly And Stealthily On Linux Using Dd To Replace The Shell With Another Process
In Linux in order to run a program it must exist as a file, it must be accessible in some...
BlackCat Ransomware gang breached over 60 orgs worldwide
At least 60 entities worldwide have been breached by BlackCat ransomware, warns a flash report published by the U.S. FBI....
Experts warn of a surge in zero-day flaws observed and exploited in 2021
The number of zero-day vulnerabilities exploited in cyberattacks in the wild exploded in the last years, security firm report. Google...
Spring4Shell-Scan – A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities
A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of...
Atlassian addresses a critical Jira authentication bypass flaw
Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540, that could be exploited to bypass authentication. Atlassian...
Malwarescanner – Simple Malware Scanner Written In Python
Simple Malware Scanner written in python Very basic malware Scanner by hash comparison Sometimes this can be needed when an...
Since declaring cyber war on Russia Anonymous leaked 5.8 TB of Russian data
OpRussia continues unabated, since declaring ‘cyber war’ on Russia Anonymous has now published approximately 5.8 TB of Russian data. The...
Apr 17 – Apr 23 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective....
Security Affairs newsletter Round 362 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Git-Dumper – A Tool To Dump A Git Repository From A Website
A tool to dump a git repository from a website. Install This can be installed easily with pip: pip install...
T-Mobile confirms Lapsus$ had access its systems
Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. Telecom company T-Mobile on Friday revealed that...
Are you using Java 15/16/17 or 18 in production? Patch them now!
A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java. Security researcher Khaled Nassar released...
Phishing attacks using the topic “Azovstal” targets entities in Ukraine
Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The...
Conti ransomware claims responsibility for the attack on Costa Rica
Conti ransomware gang claimed responsibility for a ransomware attack that hit the government infrastructure of Costa Rica. Last week a...
Spock SLAF – A Shared Library Application Firewall “SLAF”
Spock SLAF is a Shared Library Application Firewall "SLAF". It has the purpose to protect any service that uses the...
Cyber Insurance and the Changing Global Risk Environment
When security fails, cyber insurance can become crucial for ensuring continuity. Cyber has changed everything around us – even the...
A stored XSS flaw in RainLoop allows stealing users’ emails
Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users’...
Sub3Suite – A Free, Open Source, Cross Platform Intelligence Gathering Tool
Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information Preface If you're just getting started with...
QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS
Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP...
Pwn2Own Miami hacking contest awarded $400,000 for 26 unique ICS exploits
Which hat hackers that participated in the Pwn2Own Miami 2022 hacking contest earned a total of $400,000 for their ICS...
Lemon_Duck cryptomining botnet targets Docker servers
The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet...
Ecapture – Capture SSL/TLS Text Content Without CA Cert By eBPF
How eCapture works SSL/TLS text context capture, support opensslgnutlsnspr(nss) libraries. bash audit, eCapture User Manual Getting started use ELF binary...
Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack
A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users’ media files....
