VBA macro, remote template injectors included in Gamaredon post-compromise tool kit
The Gamaredon threat group has built a post-compromise tool arsenal that includes remote template injectors for Word and Excel documents...
Security
Black Lives Matter phishing scam looks to spread TrickBot malware
Scammers often craft social engineering schemes around major crises and news events, as demonstrated by the wealth of coronavirus-themed phishing...
Search hijackers change Chrome policy to remote administration
The latest type of installer in the saga of search hijacking changes a Chrome policy which tells users it can’t...
Experts fear an increase in the number of cyber attacks after the end of self-isolation
As 62% of respondents answered, when companies transferred employees to remote work at the beginning of the pandemic, the most...
All Windows Versions Hit By A Vulnerability; Attackers Take Full Control Over Computer
A vulnerability that existed in every single current Window versions allowing an attacker to misuse the Windows Group Policy feature...
Needle – Instant Access To You Bug Bounty Submission Dashboard On Various Platforms + Publicly Disclosed Reports + #Bugbountytip
Chrome extension for Instant access to your bug bounty submission dashboard of various platforms + publicly disclosed reports + #bugbountytipNeedle...
RMIScout – Wordlist And Bruteforce Strategies To Enumerate Java RMI Functions And Exploit RMI Parameter Unmarshalling Vulnerabilities
RMIScout performs wordlist and bruteforce attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.On misconfigured servers,...
Support FAQs: Managing Your Organization’s Security in Response to COVID-19
The security industry has always evolved rapidly, but we have never dealt with changes as drastic and unprecedented as we...
MSPs, know what you’re really looking for in an RMM platform
MSPs naturally adapt and mature as innovative technologies and more effective processes are introduced into the industry. But with ransomware...
UPnP Vulnerability Affects Billion of Devices Allowing DDoS Attacks, Data Exfiltration
A new security vulnerability affecting devices running UPnP protocol has been discovered by a researcher named Yunus Çadırcı; dubbed as...
Three defendants in the case of the hacker group Lurk released from jail
The court of Yekaterinburg replaced the preventive measures in the form of detention with house arrest for three defendants in...
Atlas – Quick SQLMap Tamper Suggester
Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned...
Stegcloak – Hide Secrets With Invisible Characters In Plain Text Securely Using Passwords
StegCloak is a pure JavaScript steganography module designed in functional programming style, to hide secrets inside text by compressing and...
How Team Collaboration Can Help You Scale the Vulnerability Mountain
“I feel like I’m buried under my growing mountain of vulnerabilities,” said every security professional ever. While this is a...
Patch Tuesday: Fixes for LNK, SMB, and SharePoint Bugs
This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation...
Honda and Enel impacted by cyber attack suspected to be ransomware
Car manufacturer Honda has been hit by a cyber attack, according to a report published by the BBC, and later...
ParetoLogic facing complaint of alleged wrongdoing
A short while ago we reported on the FTC ruling against payment provider RevenueWire. Now, another Canadian company is under...
Russians were warned about the danger of installing banking apps on the phones
In some situations, the use of the program could lead to leakage of personal information. The specialist gave advice on...
Is a cyber pandemic looming over our heads?
The year 2020 is proving to be quite a hassle and the adversities don't seem to be slowing down. COVID-19...
Singapore’s Move to Facilitate Contact Tracing Amidst the Covid-19 Pandemic Rejected by Its Residents
While each country is attempting to stymie the outbreak of the disastrous coronavirus in different ways, Singapore attempted the same...
Looking at Big Threats Using Code Similarity. Part 1
Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for...
BabyShark – Basic C2 Server
This is a basic C2 generic server written in Python and Flask. This code has based ideia to GTRS, which...
URLCrazy – Generate And Test Domain Typos And Variations To Detect And Perform Typo Squatting, URL Hijacking, Phishing, And Corporate Espionage
URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typo squatting, URL...
Patch Tuesday – June 2020
June 2020's Microsoft Patch Tuesday gives us a whopping 129 CVEs patched (excluding Adobe Flash which addresses CVE-2020-9633 -- a...
