QNAP firmware updates fix Apache HTTP vulnerabilities in its NAS
Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP...
hacking
Pwn2Own Miami hacking contest awarded $400,000 for 26 unique ICS exploits
Which hat hackers that participated in the Pwn2Own Miami 2022 hacking contest earned a total of $400,000 for their ICS...
Lemon_Duck cryptomining botnet targets Docker servers
The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet...
Ecapture – Capture SSL/TLS Text Content Without CA Cert By eBPF
How eCapture works SSL/TLS text context capture, support opensslgnutlsnspr(nss) libraries. bash audit, eCapture User Manual Getting started use ELF binary...
Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack
A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users’ media files....
Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors
Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Cybercriminals...
Jfscan – A Super Fast And Customisable Port Scanner, Based On Masscan And NMap
Killing features Scan with nmap fast! Allows you to scan targets with Masscan and run Nmap on discovered ports...
Static SSH host key in Cisco Umbrella allows stealing admin credentials
Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) that could allow stealing admin credentials. Cisco...
CVE-2022-20685 flaw in the Modbus preprocessor of the Snort makes it unusable
CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective...
US, Australia, Canada, New Zealand, and the UK warn of Russia-linked threat actors’ attacks
Cybersecurity agencies of the Five Eyes intelligence alliance warn of cyberattacks conducted by Russia-linked threat actors on critical infrastructure. Cybersecurity...
Ma2Tl – macOS Forensic Timeline Generator Using The Analysis Result DBs Of Mac_Apt
This is a DFIR tool for generating a macOS Presentation This tool was published on Japan Security Analyst Conference 2022...
Russian Gamaredon APT continues to target Ukraine
Russia-linked threat actor Gamaredon targets Ukraine with new variants of the custom Pterodo backdoor. Russia-linked Gamaredon APT group (a.k.a. Armageddon, Primitive Bear, and...
Anonymous hacked other Russian organizations, some of the breaches could be severe
The Anonymous collective and affiliate groups intensify their attacks and claimed to have breached multiple organizations. Anonymous and groups linked...
DumpSMBShare – A Script To Dump Files And Folders Remotely From A Windows SMB Share
A script to Contributing Pull requests are welcome. Feel free to open an issue if you want to add other...
CISA adds Windows Print Spooler to its Known Exploited Vulnerabilities Catalog
US Critical Infrastructure Security Agency (CISA) adds a Windows Print Spooler vulnerability to its Known Exploited Vulnerabilities Catalog. The Cybersecurity...
New BotenaGo variant specifically targets Lilin security camera DVR devices
Researchers spotted a new variant of the BotenaGo botnet malware that is considered highly evasive and has a zero-detection rate....
QNAP users are recommended to disable UPnP port forwarding on routers
QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to secure their NAS devices....
Smap – A Drop-In Replacement For Nmap Powered By Shodan.Io
Smap is a replica of Nmap which uses shodan.io's free API for port scanning. It takes same command line arguments...
ESET warns of three flaws that affect over 100 Lenovo notebook models
Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. Lenovo has...
Kaspersky releases a free decryptor for Yanluowang ransomware
Kaspersky discovered a flaw in the encryption process of the Yanluowang ransomware that allows victims to recover their files for...
ADReaper – A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go
ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation...
NSO Group Pegasus spyware leverages new zero-click iPhone exploit in recent attacks
Researchers reported that threat actors leveraged a new zero-click iMessage exploit to install NSO Group Pegasus on iPhones belonging to Catalans....
New SolarMarker variant upgrades evasion abilities to avoid detection
Researchers disclosed a new variant of the SolarMarker malware that implements new techniques to avoid detection. Cybersecurity researchers from Palo...
Crooks steal $182 million from Beanstalk DeFi platform
Credit-based stablecoin protocol Beanstalk discloses a security breach that resulted in the loss of all of its $182 million. The...
