Experts warn of anomalous spyware campaigns targeting industrial firms
Researchers spotted several spyware campaigns targeting industrial enterprises to steal credentials and conduct financial fraud. Researchers from Kaspersky Lab have...
Security
Google Project Zero discloses details of two Zoom zero-day flaws
Google Project Zero experts disclosed details of two zero-day flaws impacting Zoom clients and Multimedia Router (MMR) servers. Google Project Zero researchers...
MoonBounce UEFI implant spotted in a targeted APT41 attack
Researchers have spotted China-linked APT41 cyberespionage group using a UEFI implant, dubbed MoonBounce, to maintain persistence. Kaspersky researchers spotted the...
Conti ransomware gang started leaking files stolen from Bank Indonesia
The central bank of the Republic of Indonesia, Bank Indonesia, confirmed the ransomware attack that hit it in December. Bank...
Pwndora – Massive IPv4 Scanner, Find And Analyze Internet-Connected Devices In Minutes, Create Your Own IoT Search Engine At Home
Pwndora is a massive and fast IPv4 address range scanner, integrated with multi-threading. Using sockets, it analyzes which ports are...
Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware
We found waves of Emotet spam campaigns using unconventional IP addresses to evade detection. If you like the site, please...
Codex Exposed: Task Automation and Response Consistency
Being able to automate tasks or programmatically execute them unsupervised is an essential part of both regular and malicious computer...
This Week in Security News – January 21, 2022
This week, read about various cybersecurity threats that affect industrial control and the Cybersecurity and Infrastructure Security Agency (CISA)’s latest cyberattack warnings....
T-Reqs-HTTP-Fuzzer – A Grammar-Based HTTP Fuzzer
T-Reqs (Two Requests) is a grammar-based HTTP Fuzzer written as a part of the paper titled "T-Reqs: HTTP Request Smuggling...
CISA calls for urgent action against critical threats
In a CISA Insights bulletin the Cybersecurity & Infrastructure Security Agency (CISA) warns that every organization in the United States...
Wireshark-Forensics-Plugin – A cross-platform Wireshark plugin that correlates network traffic data with threat intelligence, asset categorization & vulnerability data
Wireshark is the most widely used network traffic analyzer. It is an important tool for both live traffic analysis &...
Cobalt Stike Beacon Detected – 69[.]49[.]245[.]200:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 1[.]13[.]3[.]175:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
MoonBounce: the dark side of UEFI firmware
What happened? At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our...
Cobalt Stike Beacon Detected – 23[.]227[.]198[.]246:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 81[.]249[.]211[.]30:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Defending Users’ NAS Devices From Evolving Threats
In our latest research, we analyze the threats targeting well-known brands of network-attached storage (NAS) devices. If you like the...
Cybersecurity for Industrial Control Systems: Part 2
To cap off the series, we’ll discuss malware detection and distribution in various countries. Our team also rounds up several...
Microservice Security: How to Proactively Protect Apps
Microservices are growing in popularity—how can development teams embed seamless security into the entire pipeline? Fernando Cardoso, solutions architect at...
Red Cross begs attackers to “Do the right thing” after family reunion service compromised
Restoring Family Links is a program most commonly associated with The Red Cross. It’s been around since 1870, and aims...
Update now! Chrome patches critical RCE vulnerability in Safe Browsing
Google has issued an update for the Chrome browser which includes 26 security fixes. What stands out is that one...
Combatting SMS and phone fraud: UK government issues guidance
The UK’s National Cyber Secuity Centre (NCSC) has published a guide to help make your organization’s SMS and telephone messages...
Open Subtitles breach: The dangers of password reuse
Popular website Open Subtitles has been breached. The impact so far: almost seven million accounts “breached and ransomed” back in...
Dep-Scan – Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Container Images. Integrates With Various CI Environments Such As Azure Pipelines, CircleCI, Google CloudBuild
dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both...
