A week in security (April 13 – 19)
Last week on Malwarebytes Labs, we looked at how to avoid Zoom bombing, weighed the risks of surveillance versus pandemics,...
OSINT
Russia to develop a video platform similar to Zoom
The Ministry of Digital Development, Communications and Mass Media of the Russian Federation will develop a similar Zoom platform for...
Google Is All Set To Fight The Coronavirus Themed Phishing Attacks and Scams
These days of lock-down have left cyber-criminals feeling pretty antsy about “working from home”. Not that it has mattered because...
Adamantium-Thief – Decrypt Chromium Based Browsers Passwords, Cookies, Credit Cards, History, Bookmarks
Get chromium browsers: passwords, credit cards, history, cookies, bookmarks.Chrome 80 > is supported!Examples:Get passwords from browsers:Stealer.exe PASSWORDSGet credit cards from...
Lk Scraper – An Fully Configurable Linkedin Scrape (Scrape Anything Within Linkedin)
Scrapes Any Linkedin DataInstallation$ pip install git+git://github.com/jqueguiner/lk_scraperSetupUsing Docker compose$ docker-compose up -d$ docker-compose run lk_scraper python3Using Docker only for selenium...
Confessions of a Former CISO: Promoting Individual Contributors into Leadership Roles
My name is Scott King, and I am the Senior Director of Advisory Services at Rapid7. But before that, I...
Resources on the Main Street Lending Program to Support Small and Mid-Sized Businesses
As part of Rapid7’s mission to support the community during this difficult (AKA surreal and dangerous) time, we are drawing...
Can open source software be bought?
Open-source softwares (OSS) are released under a special license that makes its source code available to the user to inspect,...
CERT-In Alerts Mozilla Firefox Users to Update their Browsers Immediately
Mozilla Firefox users are receiving alerts regarding multiple vulnerabilities in the web browser by the Indian Computer Emergency Response Team...
Google Doubling Down On Efforts to Protect Android Users
With the rise in the in-application subscription scams on Android, Google subsequently announced the introduction of new Play Store policies...
Lithuania accused the Russian media of misinformation
Lithuania has published an annual report submitted by the Ministry of Defense, in which it accused the Russian media of...
Flux-Keylogger – Modern Javascript Keylogger With Web Panel
Modern javascript keylogger with web panel Web panel:Logging:KeyloggerCookiesLocationRemote IPUser-AgentsInstallation server files:Upload files from server directory to you serverChange default username,...
Vulnx v2.0 – An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (WordPress , Joomla , Drupal , Prestashop …)
Vulnx is An Intelligent Bot Auto Shell Injector that detects vulnerabilities in multiple types of Cms, fast cms detection,informations gathering...
goBox – GO Sandbox To Run Untrusted Code
GO sandbox to run untrusted code.goBox uses Ptrace to hook into READ syscalls, giving you the option to accept or...
RS256-2-HS256 – JWT Attack To Change The Algorithm RS256 To HS256
JWT Attack to change the algorithm RS256 to HS256Usageusage: RS256_2_HS256_JWT.py payload pubkeypositional arguments: payload JSON payload from JWT to attack...
Gamaredon APT Group Use Covid-19 Lure in Campaigns
By Hiroyuki Kakara and Erina Maruyama Gamaredon is an advanced persistent threat (APT) group that has been active since 2013....
Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
By RonJay Caragay, Fe Cureg, Ian Lagrazon, Erika Mendoza, and Jay Yaneza (Threats Analysts) Adware isn’t new and they don’t...
Discord users tempted by bots offering “free Nitro games”
The last few weeks have seen multiple instances of problematic bots appearing in Discord channels. They bring tidings of gifts,...
BT Tower Delays Huawei’s Removal from EE Company’s Network by 2 Years
BT Tower, which is a communication tower in London, further suspends the replacement of Huawei from the EE company's core...
Double Extortion- A Ransomware Tactic That Leaves The Victims With No Choice!
Per reports of the researchers, the attackers would always release some kind of proof that they have the extremely valuable...
Linksys asks users to reset their smart wifi passwords after DNS routers were hacked
Linksys, a router developing firm asked its users to reset passwords to their smart wifi accounts after some of the...
PEASS – Privilege Escalation Awesome Scripts SUITE
Here you will find privilege escalation tools for Windows and Linux/Unix* (in some near future also for Mac).These tools search...
Pwndrop – Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV
pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over...
U.S. offers up to $5M for info on North Korean cyber activity
Four U.S. federal agencies on Wednesday jointly issued an advisory that warns of ongoing North Korea-sponsored cyberthreat operations, and offers...
