Google patches zero-day vulnerability, and others, in Android
Google has issued security patches for the Android Operating System. In total, the patches address 39 vulnerabilities. There are indications...
OSINT
Google triples bounty for new Linux Kernel exploitation techniques
Google is going to increase the bounty for finding and exploiting privilege escalation vulnerabilities in the Linux kernel. Good news...
50% of internet-facing GitLab installations are still affected by a RCE flaw
Researchers warn of a now-fixed critical remote code execution (RCE) vulnerability in GitLab ‘s web interface actively exploited in the...
What is Twitch?
Twitch is primarily a site dedicated to live streaming content. It also offers the ability to chat with others in...
Trojan Source attack method allows hiding flaws in source code
Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software...
aDLL – Adventure of Dinamic Link Library
aDLL is a binary analysis tool focused on the automatic discovery of DLL Hijacking vulnerabilities. The tool analyzes the image...
Is Apple’s Safari browser the last, best hope for web privacy?
What browser do you use? There’s a good chance—roughly one in seven—that it’s Google Chrome. And even if you prefer...
The Toronto Transit Commission (TTC) hit by a ransomware attack
A ransomware attack hit the systems at the Toronto Transit Commission public transportation agency and disrupted its operations. The Toronto...
Spam and phishing in Q3 2021
Quarterly highlights Scamming championship: sports-related fraud This summer and early fall saw some major international sporting events. The delayed Euro 2020...
Vimana – An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications
Vimana is a modular security framework designed to audit Python web applications.The base of the Vimana is composed of crawlers...
HelloKitty ransomware gang also targets victims with DDoS attacks
The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands)....
Lessons from a real-life ransomware attack
Ransomware attacks, despite dramatically increasing in frequency this summer, remain opaque for many potential victims. It isn’t anyone’s fault, necessarily,...
Squid Game Cryptocurrency exit scam! Operators made $2.1 Million
Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million. Operators behind the Squid Game cryptocurrency have exit...
Celebrity jewelry house Graff falls victim to ransomware
Data on countless celebrities, including politicians, is apparently now in the hands of ransomware attackers after a group using the...
How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash
Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Positive...
Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen
Cybersecurity researchers uncovered a huge botnet, tracked as Pink, that already infected over 1.6 million devices most of them located...
Melting-Cobalt – A Cobalt Strike Scanner That Retrieves Detected Team Server Beacons Into A JSON Object
A tool to hunt/mine for Cobalt Strike beacons and "reduce" their beacon configuration for later indexing. Hunts can either be...
A week in security (Oct 25 – Oct 31)
Last week on Malwarebytes Labs Beyond the VPN: Ultimate online privacy with the Tor Project’s Isabela Bagueros: Lock and Code...
Balikbayan Foxes group spoofs Philippine gov to spread RATs
Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t Experts uncovered a new threat actor, tracked as Balikbayan Foxes,...
Microsoft warns of an increase in password spraying attacks
The Microsoft Detection and Response Team (DART) warns of a rise in password spray attacks targeting valuable cloud accounts. The...
Web-Hacking-Toolkit – A Multi-Platform Web Hacking Toolkit Docker Image With Graphical User Interface (GUI) Support
A multi-platform web hacking toolkit Docker image with Graphical User Interface (GUI) support.InstallationDockerPull the image from Docker Hub: docker pull...
Iranian Black Shadow hacking group breached Israeli Internet hosting firm
Irananian hacking group Black Shadow breached the Israeli internet hosting company Cyberserve, taking down several of its sites. Iranian hacking...
Minecraft Japanese gamers hit by Chaos ransomware using alt lists as lure
Chaos Ransomware operators target gamers’ Windows devices using Minecraft alt lists as a lure and promoting them on gaming forums....
PeTeReport – An Open-Source Application Vulnerability Reporting Tool
PeTeReport (PenTest Report) is an open-source application Sample ReportsPDF SampleHTML SampleMD SampleCSV SampleDownload Petereport If you like the site, please...
