Secondary Infektion: A Russian Disinformation Operation Agency You Need to Know About
The secret campaign was famous as "Secondary Infektion," and it worked separately from the IRA and GRU, staying hidden for...
OSINT
Microcin is here
In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned...
OSS-Fuzz – Continuous Fuzzing Of Open Source Software
Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow,...
Vhosts-Sieve – Searching For Virtual Hosts Among Non-Resolvable Domains
Searching for virtual hosts among non-resolvable domains.Installationgit clone https://github.com/dariusztytko/vhosts-sieve.gitpip3 install -r vhosts-sieve/requirements.txtUsageGet a list of subdomains (e.g. using Amass)$ amass...
Malicious Google extensions research points out ‘unintended consequence’ of cloud computing
Researchers at Awake Security have made news over the past 24 hours exposing a scheme in which some 79 malicious...
Sapphire Software’s Nicholas Takacs asks: Is self-aware malware possible yet?
“Two can play at this game…” Cybersecurity is a non-stop arms race between white hats and malicious hackers, and the...
Facial recognition: tech giants take a step back
Last week, a few major tech companies informed the public that they will not provide facial recognition software to law...
Hackers can now spy your conversations via a simple house bulb
What if hackers can spy and record your conversation without a digital device? What if your conversations could be retrieved...
Formphish – Auto Phishing Form-Based Websites
Auto Phishing form-based websites. This tool can automatically detect inputs on html form-based websites to create a phishing page.Features:Auto detect...
SGN – Encoder Ported Into Go With Several Improvements
SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a...
How Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response
In case you missed it, we introduced Network Traffic Analysis for our InsightIDR and MDR customers a few months back....
Cyber snoops targeted aerospace, defense employees with fake job offers on LinkedIn
A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies...
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document...
End of line: supporting IoT in the home
Trouble is potentially brewing in Internet of Things (IoT) land, even if the consequences may still be a little way...
The Russian quality system (Roskachestvo) spoke about the vulnerabilities of “smart” homes
According to Roskachestvo, the Internet of things devices can violate the physical and information security of the owner if hackers...
All You Need to Know About the Recent DDoS Attacks and Threats that have Surfaced in the U.S
Cybersecurity experts have denied incidents of any DDoS s attacks in recent times. However, the attacks on T-Mobile's services that...
Devicelock: data from 115 thousand Russians was put up for sale on the Web
A database with the data of Russians stuck abroad because of the coronavirus and returning to their homeland was put...
Know ways to avoid credit or debit card frauds
Since 2016, when India decided to go cashless the growth of online payments increased exponentially but not without risks. Online...
Apple’s APSDaemon Vulnerability Abused by Malware Distributors
Attackers can maliciously redirect users on websites sharing counterfeit products, adult content or videos and dupe them into installing malware...
Do cybercriminals play cyber games during quarantine?
Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. Some...
TeaBreak – A Productivity Burp Extension Which Reminds To Take Break While You Are At Work!
TeaBreak is a simple burp extension for security researchers and bug bounty hunters for helping them to increase their work...
Digital Signature Hijack – Binaries, PowerShell Scripts And Information About Digital Signature Hijacking
Hijacking legitimate digital signatures is a technique that can be used during red team assessments in order to sign PowerShell...
The Security Practitioner’s Intro to the Cloud: Everything You Ever Wanted to Know But Were Afraid to Ask
Before I bought a house a few years ago, my understanding of mortgages was pretty shaky at best. I only...
In Armenia data about thousands of patients with coronavirus were leaked
The National Security Service of Armenia (NSS) finds out that the personal data of 3,500 patients with coronavirus and their...
