Gitjacker – Leak Git Repositories From Misconfigured Websites
Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will...
OSINT
Phishing scam lures employees by teasing secrets of Trump COVID diagnosis
Pictured: President Donald Trump in the Presidential Suite at Walter Reed National Military Medical Center on Oct. 3, after being...
Russian scientists and a graduate student from Syria create a tool for detecting network anomalies of the Internet
Samara Maykhub, a Syrian-born graduate student, to conduct Research at the Samara National Research University named after Academician S. P....
Sharkcop: Google Chrome Extension Makes Use of SVM Machine Learning Algorithm to Detect Phishing URLs
Sharkcop, a Google Chrome browser extension that analyses SSL certificates, URL length, domain age, and the number of redirections to...
NashaVM – A Virtual Machine For .NET Files And Its Runtime Was Made In C++/CLI
Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI Installationgit clone https://github.com/Mrakovic-ORG/NashaVM --recursecd NashaVMNashaVMnuget...
SwiftBelt – A macOS Enumeration Tool Inspired By Harmjoy’S Windows-based Seatbelt Enumeration Tool
SwiftBelt is a macOS enumerator inspired by @harmjoy's Windows-based Seatbelt enumeration tool. SwiftBelt does not utilize any command line utilities...
Cisco Webex Teams Client for Windows DLL Hijacking Vulnerability
Posted by houjingyi on Oct 09new dll hijacking scenario found by accident <http://houjingyi233.com/2020/10/09/new-dll-hijacking-scenario-found-by-accident/> Speaking of dll hijacking, many people may...
SEC Consult SA-20201008-0 :: Multiple Cross-Site Scripting Vulnerabilities in Confluence Marketplace Plugins
Posted by SEC Consult Vulnerability Lab on Oct 09SEC Consult Vulnerability Lab Security Advisory < 20201008-0 > ======================================================================= title: Multiple...
Credit card skimmer targets virtual conference platform
We’ve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In...
Healthcare security update: death by ransomware, what’s next?
A recent ransomware attack which played a significant role in the death of a German woman has put into focus...
Hackers Can Use AI and Machine Learning to Attack Cybersecurity
According to researchers at NCSA and Nasdaq cybersecurity summit, hackers can use Machine and AI (Artificial Intelligence) to avoid identification...
Group-IB spotted a new fraud scheme to steal money from Zoom users
Under the guise of receiving monetary compensation "in connection with COVID-19" or for subscribing to the service, users are lured...
MontysThree: Industrial espionage with steganography and a Russian accent on both sides
In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back...
C41N – An Automated Rogue Access Point Setup Tool
c41n is an automated Rogue Access Point setup tool. c41n provides automated setup of several types of Rogue Access Points,...
vPrioritizer – Tool To Understand The Contextualized Risk (vPRisk) On Asset-Vulnerability Relationship Level Across The Organization
As indicated by sources like vulndb & cve, on a daily basis, approximately 50 new vulnerabilities become known to industry...
How InsightVM Helps You Save Time and Prove Value
For many security teams, vulnerability risk management can feel like an endless climb. The truth is, no IT environment will...
[RT-SA-2020-002] Denial of Service in D-Link DSR-250N
Posted by RedTeam Pentesting GmbH on Oct 08Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability...
Risky business: survey shows majority of people use work devices for personal use
There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel...
Russian business expressed fear about the isolation from the global Internet
Representatives of big business warned that banning modern website encryption protocols in Russia is tantamount to disconnecting the country from...
Kaspersky Lab detected a new threat to user data
Kaspersky Lab experts discovered a targeted cyber espionage campaign, where attackers infect computers with malware that collects all recent documents...
India And Japan Agree on The Need for Robust and Resilient Digital and Cyber Systems
India and Japan finalize a cybersecurity deal as both agreed to the need for vigorous and 'resilient digital and cyber...
CSRFER – Tool To Generate CSRF Payloads Based On Vulnerable Requests
CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a...
GHunt – Investigate Google Accounts With Emai
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract...
This One Time on a Pen Test: Doing Well With XML
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
