Hijacked routers and attempted WHO hack highlight latest COVID-19 attacks
Businesses remain closed in many major cities around the world as the coronavirus pandemic rages, but cybercriminals are still open...
OSINT
Open redirect on Dept. of HHS website benefits COVID-19 phishing scam
A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability...
Windows 7 is EOL: What next?
End-of-life (EOL) is an expression commonly used by software vendors to indicate that a product or version of a product...
Amid COVID-19 Pandemic and Scams, FTC Alarms Public
Amid the coronavirus epidemic and panic among the public, FTC (Federal Trade Commission) has urged the public to stay aware...
WildPressure targets industrial-related entities in the Middle East
In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the...
Zphisher – Automated Phishing Tool
Zphisher is an upgraded form of Shellphish. The main source code is from Shellphish . But I have not fully...
XSS-LOADER – XSS Payload Generator / XSS Scanner / XSS Dork Finder
All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDERWritten by Hulya KarabagInstagram: Hulya KarabagScreenshotsHow to useRead MeThis...
Active Exploitation of Unpatched Windows Font Parsing Vulnerability
Yesterday (March 23), Microsoft (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006) in a font rendering technology in many versions of Microsoft Windows with a warning that...
Cybersecurity Vulnerability Disclosure in Trade Agreements
Cybersecurity has now become a feature of modernized US trade agreements, with new cybersecurity provisions in the US-Mexico-Canada Agreement and...
Proactive Security Is the New Black: Lessons from the Trenches of Building a Security Product
On this week’s episode of Security Nation, we had the pleasure of speaking with Alex Kreilein, CISO for RapidDeploy, a...
CVE-2020-0069: Autopsy of the Most Stable MediaTek Rootkit
Introduction In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices . This vulnerability had been known...
FBI warns of COVID-19 phishing scams promising stimulus checks, vaccines
The FBI’s Internet Crime Complaint Center (IC3) has issued a public service announcement warning citizens to watch out for email-based...
Fake “Corona Antivirus” distributes BlackNET remote administration tool
Scammers and malware authors are taking advantage of the coronavirus crisis in full swing. We have seen a number of...
A week in security (March 16 – 22)
Last week on Malwarebytes Labs, we concluded our series on child identity theft. We also looked into threat actors and...
Rostelecom detected more than a hundred thousand cyberattacks in the North-Western Federal district of Russia
In 2019, the Rostelecom Solar JSOC Monitoring and Response Center for Cyberthreats detected and repelled over 1.1 million external attacks...
DDoS Attacks on the Gaming Giant Blizzard Causing Worldwide Service Disruption
In order to ruin the users' stay at home during their work from home period brought about by COVID-19, the...
Canada Cybersecurity: Health Care Industry Battles Cyberattacks as Experts Call-in Federal Support
Canada's hospitals and clinics are suffering massive cyber threats as the cyberattacks targeting the Canadian healthcare industry saw a sudden...
Starkiller – A Frontend For PowerShell Empire
Starkiller is a Frontend for Powershell Empire. It is an Electron application written in VueJS. If you'd like to contribute...
FinalRecon v1.0.2 – OSINT Tool For All-In-One Web Reconnaissance
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new...
Three Botnets Abuse Zero-Day Vulnerabilities in LILIN’s DVRs!
Not of late, LILIN recorders were found to be vulnerable. Reportedly, botnet operators were behind the zero-day vulnerabilities that were...
ScoringEngine – Scoring Engine For Red/White/Blue Team Competitions
Scoring Engine for Red/White/Blue Team CompetitionsGetting startedDownload Docker. If you are on Mac or Windows, Docker Compose will be automatically...
Astra – Automated Security Testing For REST API’s
REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be...
A Brand New Virus That Incorporates Mining, Hacking and Backdoor Modules
Dubbed as CrazyCoin, a brand new virus has been recently discovered by researchers, which spreads through the NSA leaked EternalBlue...
HTTPS Everywhere – A Browser Extension That Encrypts Your Communications With Many Websites That Offer HTTPS But Still Allow Unencrypted Connections
A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.Getting StartedGet the...
