Group-IB spotted a new fraud scheme to steal money from Zoom users
Under the guise of receiving monetary compensation "in connection with COVID-19" or for subscribing to the service, users are lured...
Security
MontysThree: Industrial espionage with steganography and a Russian accent on both sides
In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back...
C41N – An Automated Rogue Access Point Setup Tool
c41n is an automated Rogue Access Point setup tool. c41n provides automated setup of several types of Rogue Access Points,...
vPrioritizer – Tool To Understand The Contextualized Risk (vPRisk) On Asset-Vulnerability Relationship Level Across The Organization
As indicated by sources like vulndb & cve, on a daily basis, approximately 50 new vulnerabilities become known to industry...
How InsightVM Helps You Save Time and Prove Value
For many security teams, vulnerability risk management can feel like an endless climb. The truth is, no IT environment will...
[RT-SA-2020-002] Denial of Service in D-Link DSR-250N
Posted by RedTeam Pentesting GmbH on Oct 08Advisory: Denial of Service in D-Link DSR-250N RedTeam Pentesting discovered a Denial-of-Service vulnerability...
Risky business: survey shows majority of people use work devices for personal use
There’s no denying the coronavirus pandemic is having a significant impact on the way we use technology. Some changes feel...
Russian business expressed fear about the isolation from the global Internet
Representatives of big business warned that banning modern website encryption protocols in Russia is tantamount to disconnecting the country from...
Kaspersky Lab detected a new threat to user data
Kaspersky Lab experts discovered a targeted cyber espionage campaign, where attackers infect computers with malware that collects all recent documents...
India And Japan Agree on The Need for Robust and Resilient Digital and Cyber Systems
India and Japan finalize a cybersecurity deal as both agreed to the need for vigorous and 'resilient digital and cyber...
CSRFER – Tool To Generate CSRF Payloads Based On Vulnerable Requests
CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a...
GHunt – Investigate Google Accounts With Emai
GHunt is an OSINT tool to extract a lot of informations of someone's Google Account email. It can currently extract...
This One Time on a Pen Test: Doing Well With XML
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Release the Kraken: Fileless APT attack abuses Windows Error Reporting service
This blog post was authored by Hossein Jazi and Jérôme Segura. On September 17th, we discovered a new attack called...
Cloudfare will now send you DDoS attack alert when your website is under attack
Cloudfare has announced a new feature for their paid customers to set up alert notifications for when their website or...
Offering Users More For Their Activity – Similar Items Upon Checkout
The shopping isn't finished once you've purchased your item. If you've ever done shopping online, then you know all about...
Lockphish – The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode
Lockphish it's the first tool (07/04/2020) for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN...
IoTMap – Research Project On Heterogeneous IoT Protocols Modelling
IoTMap is a tool that models IoT networks using one or multiple protocols simultaneously. This is work in progress, as...
Easily Explore Your Log Data with a Single Query in InsightIDR
We are delighted to announce that Log Search now supports grouping by multiple fields in your log data. By running...
Ransomware Payments and Sanctions – U.S. Treasury Advisory
On Oct. 1, the United States Treasury Department Office of Foreign Assets Control (OFAC) issued an advisory concerning ransomware payments...
Student Result Management System 1.0 – Multiple SQL Injection Vulnerabilities
Posted by b1nary on Oct 06# Exploit Title: Student Result Management System 1.0 - Multiple SQL Injection Vulnerabilities # Date:...
CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues
Posted by Stefan Marsiske via Fulldisclosure on Oct 06GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722) Summary The TX...
CVE-2020-25790
Posted by Rodolfo Augusto do Nascimento Tavares on Oct 06Hello, all Could you please publish the item below? I attached...
FortSIEM <= 5.2.8 RCE due to EL Injection – analysis
Posted by Red Timmy Security on Oct 06On June 21st 2020 Fortinet has released a security bulletin for its FortiSIEM...
