These 2 attacks allow to alter certified PDF Documents
Researchers disclosed two new attack techniques that allow modifying visible content on certified PDF documents without invalidating the digital signature....
OSINT
Security Affairs newsletter Round 316
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Facefish Backdoor delivers rootkits to Linux x64 systems
Qihoo 360 NETLAB spotted a new backdoor dubbed Facefish that could allow attackers to take over Linux systems and steal...
FBI will share compromised passwords with HIBP Pwned Passwords
The FBI is going to share compromised passwords discovered during investigations with Have I Been Pwned (HIBP)’s ‘Pwned Passwords’ service....
Secure Search is a Browser Hijacker – How to Remove it Now?
Secured Search is a browser hijacker that changes your browser’s settings to promote securedsearch.com, let’s remove it. Secured Search is...
Apple’s Big Sur 11.4 Patches a Security Flaw that Could be Exploited to Take Screenshots
Big Sur 11.4 was updated this week to fix a zero-day vulnerability that allowed users to capture screenshots, capture video,...
Kaspersky detected a new method of cyber attacks on corporate data
Kaspersky Lab noted that the new attacks differ from cyberattacks using encryption viruses in that the scammers do not use...
Fearing Data Breach, BBMP Shuts Down COVID-19 Test Data Collection Portal
The Bruhat Bengaluru Mahanagara Palike (BBMP) has shut down its COVID-19 test data collection portal after a possible data breach,...
SonicWall Urges Customers to ‘immediately’ Patch NSM On-Prem Bug
SonicWall urges customers to “immediately” patch a post-authentication vulnerability that impacts on-premises versions of the Network Security Manager (NSM) multi-tenant...
This Entertainment-Themed Campaign Installs Malware in User Computer System
A popular phishing campaign tries to somehow get users to believe that they've enrolled in the film streaming platform to...
IMAPLoginTester – Script That Reads A Text File With Lots Of E-Mails And Passwords, And Tries To Check If Those Credentials Are Valid By Trying To Login On IMAP Servers
IMAPLoginTester is a simple Python script that reads a text file with lots of e-mails and passwords, and tries to...
slopShell – The Only Php Webshell You Need
php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need...
SonicWall fixes an NSM On-Prem bug, patch it asap!
SonicWall urges customers to address a post-authentication flaw that affects on-premises versions of the Network Security Manager (NSM). SonicWall urges...
CVE-2020-15782 flaw in Siemens PLCs allows remote hack
Industrial cybersecurity firm Claroty discovered a new flaw in Siemens PLCs that can be exploited by a remote and unauthenticated...
CISA-FireEye: 16 malware families from China infect Pulse Secure VPN appliances
FireEye Mandiant, working in in tandem with the Cybersecurity and Infrastructure Security Agency and Ivanti, reported details of 16 malware...
Threat spotlight: Conti, the ransomware used in the HSE healthcare attack
On the 14th of May, the Health Service Executive (HSE), Ireland’s publicly funded healthcare system, fell victim to a Conti...
SolarWinds attackers launch new campaign
Nobelium is a synthetic chemical element with the symbol No and atomic number 102. It is named in honor of...
Fujitsu ProjectWEB Tool Used as a Doorway to Target Japanese Government Offices
Cybercriminals have breached the offices of multiple Japanese agencies by hacking into Fujitsu’s software-as-a-service (SaaS) platform and gaining access to...
Solid Edge: Solid Modeling Software Affected by Vulnerabilities
Siemens published a consumer notice on Tuesday 25th of May concerning several serious vulnerabilities impacting its Solid Edge product. The...
DubaiCoin: Dubai’s First Cryptocurrency Rose Over 100% Since its Debut
Dubai appears to have developed its own cryptocurrency, known as the DubaiCoin (DBIX). It is established on a public blockchain,...
HookDump – Security Product Hook Detection
EDR function hook dumping Please refer to the Zeroperil blog post for more information https://zeroperil.co.uk/hookdump/Building sourceIn order to build this...
AnalyticsRelationships – Get Related Domains / Subdomains By Looking At Google Analytics IDs
subdomains by looking at Google Analytics IDs > Python/GO versions > By @JosueEncinar ">> Get related domains / subdomains by...
China-linked APT groups targets orgs via Pulse Secure VPN devices
Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers...
Microsoft details new sophisticated spear-phishing attacks from NOBELIUM
Microsoft experts uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind SolarWinds hack. Microsoft Threat Intelligence...
