Norwegian Parliament Hit by a Cyber-Attack on Its Internal Email System
Stortinget, the Norwegian Parliament succumbed to a cyber-attack that targeted its internal email system. The news came in on Tuesday...
OSINT
Emotet Botnet Operators Switching to a New Template Named ‘Red Dawn’
Emotet malware has been continually evolving to the levels of technically sophisticated malware that has a major role in the...
IT threat evolution Q2 2020. Mobile statistics
IT threat evolution Q2 2020. ReviewIT threat evolution Q2 2020. PC statistics These statistics are based on detection verdicts of...
IT threat evolution Q2 2020. PC statistics
IT threat evolution Q2 2020. ReviewIT threat evolution Q2 2020. Mobile statistics These statistics are based on detection verdicts of...
IT threat evolution Q2 2020
IT threat evolution Q2 2020. PC statisticsIT threat evolution Q2 2020. Mobile statistics Targeted attacks PhantomLance: hiding in plain sight...
Geo-Recon – An OSINT CLI Tool Desgined To Fast Track IP Reputation And Geo-locaton Look Up For Security Analysts
An OSINT CLI tool desgined to fast track IP Reputation and Geo-locaton look up for Security Analysts.SetupThis tool is compactible...
Bbrecon – Python Library And CLI For The Bug Bounty Recon API
Bug Bounty Recon (bbrecon) is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide...
How to keep K–12 distance learners cybersecure this school year
With the pandemic still in full swing, educational institutions across the US are kicking off the 2020–2021 school year in...
Cyber Criminals broke into the database of patients of the Russian cancer center and demanded a ransom
The Sverdlovsk Regional Clinical Center was hacked. Svetlana Lavrova, a neurophysiologist, told about this on her Facebook page.“The data of...
Anubis Malware that Attacks Windows Users
In a recent cybersecurity incident, Microsoft reports of a new malware called 'Anubis.' Anubis is not related to any banking...
Operation PowerFall: CVE-2020-0986 and variants
In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a...
SpaceSiren – A Honey Token Manager And Alert System For AWS
SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and...
LOLBITS v2.0.0 – C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion
LOLBITS is a C2 framework that uses Microsoft's Background Intelligent Transfer Service (BITS) to establish the communication channel between the...
SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W
Posted by SEC Consult Vulnerability Lab on Sep 02SEC Consult Vulnerability Lab Security Advisory < 20200902-0 > ======================================================================= title: Multiple...
This One Time on a Pen Test: Playing Social Security Slots
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Apple notarization process, meant to protect, approved Shlayer malware
Apple appears to have inadvertently approved OSX.Shlayer malware as part of the security notarization process it has touted would boost...
Experian (South Africa) – 1,284,637 breached accounts
In August 2020, Experian South Africa suffered a data breach which exposed the personal information of tens of millions of...
[RT-SA-2020-004] Inconsistent Behavior of Go’s CGI and FastCGI Transport May Lead to Cross-Site Scripting
Posted by RedTeam Pentesting GmbH on Sep 02Advisory: Inconsistent Behavior of Go's CGI and FastCGI Transport May Lead to Cross-Site...
New web skimmer steals credit card data, sends to crooks via Telegram
The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid...
Russian engineer raised $5 million for Tamagotchi for hackers
Russian techno enthusiast Pavel Zhovner raised almost $5 million for the production of Tamagotchi for hackers Flipper Zero. The project...
Amazons gets FAA’s approval for Drone Delivery Trails
Retail giant Amazon got the approval to deliver their products from the sky (like your package dropped straight from the...
Killchain – A Unified Console To Perform The “Kill Chain” Stages Of Attacks
What is “Kill Chain”?From Wikipedia: The term kill chain was originally used as a military concept related to the structure...
CrossC2 – Generate CobaltStrike’s Cross-Platform Payload
A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms (Linux / MacOS /...
Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner
This blog post is part two of a two-part series. For more insights from Gisela and Carlota, check out part...
