Cisco warns of hard-coded credentials and default SSH key issues in some products
Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH...
OSINT
Androidqf – (Android Quick Forensics) Helps Quickly Gathering Forensic Evidence From Android Devices, In Order To Identify Potential Traces Of Compromise
androidqf (Android Quick Forensics) is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It...
Expert found a critical remote code execution bug in Linux Kernel
A critical heap-overflow vulnerability, tracked as CVE-2021-43267, in Linux Kernel can allow remote attackers to takeover vulnerable installs. A SentinelOne...
Hacker allegedly involved in 2020 Twitter hack charged with theft of $784K in crypto
The US DoJ charged the suspected Twitter hacker ‘PlugWalkJoe’ with the theft of $784,000 worth of cryptocurrency using SIM swap attacks....
CISA shares a catalog of 306 actively exploited vulnerabilities
The US CISA shared a list of vulnerabilities known to be exploited in the wild and orders US federal agencies...
LDAPmonitor – Monitor Creation, Deletion And Changes To LDAP Objects Live During Your Pentest Or System Administration!
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! With this tool you can...
CERT-FR warns of Lockean ransomware attacks against French companies
CERT-France warns of a new ransomware group named Lockean that is behind a series of attacks against French organizations over...
The U.K. Labour Party discloses a data breach
The U.K. Labour Party discloses a data breach after a ransomware attack hit a service provider that is managing its...
TIWAP – Totally Insecure Web Application Project
TIWAP is a web security testing lab made using Flask for budding security enthusiasts to learn about various web vulnerabilities....
Cyber Defense Magazine – November 2021 has arrived. Enjoy it!
Cyber Defense Magazine September 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with 155 pages of excellent...
NSO Group, Positive Technologies and other firms sanctioned by the US government
The U.S. sanctioned four companies for the development of surveillance malware or the sale of hacking tools used by nation-state...
Credit card skimmer evades Virtual Machines
This blog post was authored by Jérôme Segura There are many techniques threat actors use to slow down analysis or,...
Update now! Mozilla fixes security vulnerabilities in Firefox 94
In a security advisory, Mozilla’s announced that several security issues in its Firefox browser have been fixed. Several of these...
Trojan Source: Hiding malicious code in plain sight
Researchers at the University of Cambridge, UK, have released details of a cunning and insidious new class of software vulnerability...
BlackMatter ransomware group announces shutdown. But for how long?
The BlackMatter ransomware gang has announced they are going to shut down their operation, citing pressure from local authorities. And...
HandleKatz – PIC Lsass Dumper Using Cloned Handles
This tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of cloned handles to Lsass...
Cybercrime underground flooded with offers for initial access to shipping and logistics orgs
Experts warn of the availability in the cybercrime underground of offers for initial access to networks of players in global...
BlackMatter ransomware gang is shutting down due to pressure from law enforcement
The BlackMatter ransomware gang announced it is going to shut down its operation due to pressure from law enforcement. The...
Google fixes actively exploited Zero-Day Kernel flaw in Android
Google’s Android November 2021 security updates address a zero-day vulnerability in the Kernel that is actively exploited in the wild....
This Steam phish baits you with free Discord Nitro
Weeks ago, we talked about the one effective lure that could get a Discord user to consider clicking on a...
Facebook is going to shut down Face Recognition system and data it collected
Facebook announced to shut down its Face Recognition system and is going to delete over 1 billion people’s facial recognition...
ADLab – Custom PowerShell Module To Setup An Active Directory Lab Environment To Practice Penetration Testing
The purpose of this module is to automate the deployment of an Active Directory lab for practicing internal penetration testing....
Ransomware gangs target companies involved in time-sensitive financial events, FBI warns
The FBI warns of ransomware attacks on businesses involved in “time-sensitive financial events” such as corporate mergers and acquisitions. The Federal...
Zuckerberg’s Metaverse, and the possible privacy and security concerns
The news is currently jam-packed with tales of Facebook’s Meta project. Of particular interest to me is Facebook’s long-stated desire...
