Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective....
hacking
Security Affairs newsletter Round 359 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church
Anonymous claims to have hacked the Russian Orthodox Church ‘s charitable wing and leaked 15 GB of alleged stolen data....
Odin – Central IoC Scanner Based On Loki
Odin is a central IoC Collecting Parsing Download Odin If you like the site, please consider joining the telegram channel...
UK Police charges two teenagers for their alleged role in the Lapsus$ extortion group
The City of London Police charged two of the seven teenagers who were arrested for their alleged role in the...
Beastmode Mirai botnet now includes exploits for Totolink routers
Operators behind the Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) added exploits for Totolink routers. The Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka...
Ukraine intelligence leaks names of 620 alleged Russian FSB agents
The Ukrainian Defense Ministry’s Directorate of Intelligence leaked personal data belonging to 620 alleged Russian FSB agents. The Ukrainian Defense...
Subdomains.Sh – A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain. This Script Is Written With The Aim To Automate The Workflow
subdomains.sh wrapper around tools I use for subdomain enumeration, to automate the workflow, on a given domain. Usage To display...
Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts
GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over...
Trend Micro fixed high severity flaw in Apex Central product management console
Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management...
Auto-Elevate – Escalate From A Low-Integrity Administrator Account To NT AUTHORITYSYSTEM Without An LPE Exploit By Combining A COM UAC Bypass And Token Impersonation
This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates...
Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked
Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues...
AcidRain, a wiper that crippled routers and modems in Europe
Researchers spotted a new destructive wiper, tracked as AcidRain, that is likely linked to the recent attack against Viasat. Security...
Slyther – AWS Security Tool
Slyther is AWS Security tool to check read/write/delete access for S3 buckets Requirements aws-cli Installation pip3 install -r requirements.txt Usage...
Zyxel fixes a critical bug in its business firewall and VPN devices
Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment...
CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to...
Flaws in Wyze cam devices allow their complete takeover
Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds....
Apple issues emergency patches to fix actively exploited zero-days
Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs. Apple has released...
Spring-Spel-0Day-Poc – Spring-Cloud / spring-cloud-function, spring.cloud.function.routing-expression, RCE, 0day, 0-day, POC, EXP
spring-cloud/spring-cloud-function get path lists for test find . -name "*.java"|xargs -I % cat %|grep -Eo '"({8,})"'|sort -u|sed 's/"//g' ...functionRouteruppercaselowercase... poc1...
Google TAG details cyber activity with regard to the invasion of Ukraine
The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The Google Threat Analysis Group (TAG) provided...
Anonymous hacked Russian Thozis Corp, but denies attacks on Rosaviatsia
The Anonymous collective hacked the Russian investment firm Thozis Corp, but it’s a mystery the attack against the Russian Civil...
CVE-2022-22963 – PoC Spring Java Framework 0-day Remote Code Execution Vulnerability
To run the Credits https://github.com/hktalent/spring-spel-0day-poc Download CVE-2022-22963 If you like the site, please consider joining the telegram channel or supporting...
Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring
An unauthenticated zero-day RCE vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed. Researchers disclosed a...
Bad OPSEC allowed researchers to uncover Mars stealer operation
The Morphisec Labs researchers analyzed a new malware, tracked as Mars stealer, which is based on the older Oski Stealer. Morphisec...
