CVE-2022-27254 – PoC For Vulnerability In Honda’s Remote Keyless System
PoC for vulnerability in Honda's Remote Keyless System(CVE-2022-27254) Disclaimer: For educational purposes only. Kindly note that the discoverers for this...
hacking
A critical RCE vulnerability affects SonicWall Firewall appliances
SonicWall released security updates to address a remote code execution vulnerability that affects multiple firewall appliances. SonicWall has released security...
CISA and DoE warns of attacks targeting UPS devices
The US CISA and the Department of Energy issued guidance on mitigating attacks against uninterruptible power supply (UPS) devices. The...
Lapsus$ extortion gang claims to have hacked IT Giant Globant
The Lapsus$ extortion group claims to have hacked IT giant Globant and leaked tens of gigabytes of stolen data. The...
Casper-Fs – A Custom Hidden Linux Kernel Module Generator. Each Module Works In The File System To Protect And Hide Secret Files
Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of...
Threat actors actively exploit recently fixed Sophos firewall bug
Cybersecurity firm Sophos warned that the recently addressed CVE-2022-1040 flaw in Sophos Firewall is actively exploited in attacks. Sophos has recently fixed...
$625M stolen from Axie Infinity ‘s Ronin bridge, the largest ever crypto hack
Threat actors have stolen approximately $625 million worth of Ethereum and USDC tokens from Axie Infinity ‘s Ronin network bridge....
LAZYPARIAH – A Tool For Generating Reverse Shell Payloads On The Fly
A low-dependency command-line tool for generating reverse shell payloads on the fly. Description LAZYPARIAH is a simple and easily installable...
Compromised WordPress sites launch DDoS on Ukrainian websites
Threat actors compromised WordPress sites to deploy a script that was used to launch DDoS attacks, when they are visited,...
Socid-Extractor – Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose
Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a...
CISA adds Chrome, Redis bugs to the Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Chrome and Redis flaws to its Known Exploited Vulnerabilities Catalog. The...
What is credential stuffing? And how to prevent it?
This post explains what is a credential stuffing attack and which are the countermeasures to prevent them. A credential stuffing...
Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure
Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure. On March...
Anonymous is working on a huge data dump that will blow Russia away
The Anonymous collective hacked the Russian construction company Rostproekt and announced that a leak that will Blow Russia Away. Anonymous...
Hive ransomware ports its encryptor to Rust programming language
The Hive ransomware gang ported its encryptor to the Rust programming language and implemented new features. The Hive ransomware operation...
Fennec – Artifact Collection Tool For *Nix Systems
fennec is an artifact collection tool written in Rust to be used during incident response on *nix based systems. fennec...
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability
The Muhstik botnet has been observed targeting Redis servers exploiting the recently disclosed CVE-2022-0543 vulnerability. Muhstik is a botnet that is...
While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio
While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). On Friday, Anonymous...
Gitcolombo – Extract And Analyze Contributors Info From Git Repos
OSINT tool to extract info about persons from git repositories: common names, emails, matches between different (as it may seems)...
GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon
Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine...
Shopping trap: The online stores’ scam that hits users worldwide
Shopping trap: Criminal gangs from China have been using copies of online stores of popular brands to target users all...
Empire 4.4
It has been a while since we have been able to discuss the new features in Empire. We wanted to...
Sophos Firewall affected by a critical authentication bypass flaw
Sophos has addressed a critical vulnerability, tracked as CVE-2022-1040, in its Sophos Firewall that allows remote code execution (RCE). Sophos has fixed an...
Ostorlab – A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way
The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales...
