Geopolitical targets figuring in latest StrongPity attacks
StrongPity, aka Promethium, a potentially state-sponsored APT group active since 2012, isn’t letting exposed campaigns in recent years stop it...
OSINT
New Mac ransomware spreading through piracy
A Twitter user going by the handle @beatsballert messaged me yesterday after learning of an apparently malicious Little Snitch installer...
Bluetooth beacons: one free privacy debate with your next order
Apps and their permissions have been in the news recently, particularly in relation to tracking/privacy issues and Bluetooth. Why Bluetooth,...
DDoSecrets Banned From Twitter ; But Has No Plans To Slow Down
For the past year and a half, a rather small group of activists known as Distributed Denial of Secrets, or...
Golang: A Cryptomining Malware that Maybe Targetting Your PC
Cybersecurity experts at Barracuda Networks have discovered a unique kind of crypto mining malware called "Golang." The malware can attack...
IM Platforms Increasingly Used by Threat Actors in Place of Dark Web Marketplaces
Researchers at IntSight have discovered that IM platforms such as WhatsApp, Telegram, Discord, IRC, and Jabber are being used by...
Basecrack – Best Decoder Tool For Base Encoding Schemes
BaseCrack is a tool written in Python that can decode all alphanumeric base encoding schemes. This tool can accept single...
MSFPC – MSFvenom Payload Creator
A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework).AboutMSFvenom Payload Creator (MSFPC) is...
Unlocking the Power of Macro Authentication in Application Security: Part Two
This blog post is part two of a three-part series on macro authentication. Be sure to catch up on part...
Tax software used by Chinese bank clients installs GoldenSpy backdoor
A tax software program installed by business clients of an unidentified Chinese bank was trojanized with malware that installs a...
A week in security (June 22 – 28)
Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and...
Russian Medvedev pleaded guilty to cybercrime in a US court
The US Department of Justice considers Sergei Medvedev one of the founders of the transnational organization Infraud, which sold stolen...
Apple catches TikTok spying on million of iPhone users globally
Apple announced its latest OS iOS14 at this year's WWDC and during the beta testing for the same, the tech...
Kube-Bench – Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark
kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS...
EvilNet – Network Attack Wifi Attack Vlan Attack Arp Attack Mac Attack Attack Revealed Etc…
Network Attack wifi attack vlan attack arp attack Mac Attack Attack revealed etc../install :sudo pip3 install -r requirements.txtEvilNet Attack NetworkScan...
CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed
Overview of the SAML authentication vulnerability on PAN-OS devicesOn Monday, June 29, 2020, Palo Alto released details on CVE-2020-2021, a...
Building a Printed Circuit Board Probe Testing Jig
When working on embedded hardware, there is often a need to connect into the printed circuit board (PCB) for testing....
US Local Government Services Targeted by New Magecart Credit Card Skimming Attack
Eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these...
UCSF paid $1.4 million ransom in NetWalker attack
The University of California, San Francisco (UCSF) ponied up a $1.4 million to hackers to retrieve data encrypted during a...
Hackers Leak Tons of Personal Data as IndiaBulls Fails to Meet the First Ransomware Deadline
Hackers demanding ransom released data, as the IndiaBull failed to meet the first ransom deadline. It happened after a 24-hour...
Business Email Compromise: Most Common Online Scam?
More and more small and medium enterprises are being affected by business e-mail compromise, according to a webinar, conducted by...
Xeexe – Undetectable And XOR Encrypting With Custom KEY (FUD Metasploit RAT)
Undetectable Reverse shell & Xor encrypting with custom KEY(FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,...(PYTHON 3)Undetectable Reverse shell (Metasploit...
BSF – Botnet Simulation Framework
BSF provides a discrete simulation environment to implement and extend peer-to-peer botnets, tweak their settings and allow defenders to evaluate...
Texas Hit By a Human-Operated Ransomware That Targets against Government Agencies and Enterprises
May 2020 was not a good month for both the Texas Courts and the Texas Department of Transportation (TxDOT) as...
