Watch out for the Steam skin “free knife” scam
Have you ever had someone run up to you in the street and insist you take their free knife? I...
threatintel
Update now! Apple patches bugs in iOS and iPadOS
On two consecutive days Apple has released a few important patches. iOS 14.8.1 comes just a month after releasing iOS...
Lorsrf – SSRF Parameter Bruteforce
Bruteforcing on Hidden parameters to find SSRF vulnerability using GET and POST MethodsNOTELorsrf has been added to scant3r with useful...
North Korea-linked Lazarus APT targets the IT supply chain
North Korea-linked Lazarus APT group is extending its operations and started targeting the IT supply chain on new targets. North...
Operations at Iranian gas stations were disrupted today. Cyber attack or computer glitch?
A cyberattack has disrupted gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) across Iran. A cyber attack...
APT trends report Q3 2021
For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of...
Dark HunTOR: Police arrested 150 people in dark web drug bust
Dark HunTOR: Police corps across the world have arrested 150 individuals suspected of buying or selling illicit goods on the...
Keeweb – Free Cross-Platform Password Manager Compatible With KeePass
This webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional...
Expert managed to crack 70% of a 5,000 WiFi network sample in Tel Aviv
A researcher from the security firm CyberArk has managed to crack 70% of Tel Aviv’s Wifi Networks starting from a...
How social media mistakes can impact cybersecurity
We talked to members of our Malware Removal Support team and asked them what kind of problems they get asked...
Ranzy Locker ransomware hit tens of US companies in 2021
The FBI published a flash alert to warn of the activity of the Ranzy Locker ransomware that had already compromised...
Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates
In a Firefox security announcement, Mozilla said 455,000 users have downloaded Firefox add-ons that interfere with how they connect to...
UltimaSMS subscription fraud campaign targeted millions of Android users
UltimaSMS, a massive fraud campaign is using Android apps with million of downloads to subscribe victims to premium subscription services....
Kansas Man pleads guilty to hacking the Post Rock Rural Water District
Kansas man Wyatt Travnichek admitted in court to tampering with the computer systems at the Post Rock Rural Water District....
US-CERT Bulletin (SB21-298):Vulnerability Summary for the Week of October 18, 2021
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Webdiscover – The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits
The purpose of this script is to automate the web enumeration process and search for exploits and vulns. Added Tools...
Unknown ransomware gang uses SQL injection bug in BillQuick Web Suite to deploy ransomware
An unknown ransomware gang leverages a critical SQL injection flaw in the BillQuick Web Suite time and billing solution to...
Beyond the VPN: Ultimate online privacy, with The Tor Project’s Isabella Bagueros: Lock and Code S02E20
“What does online privacy mean to you?” This beguilingly simply question can produce dozens of overlapping and distinct answers, all...
A critical RCE flaw affects Discourse software, patch it now!
US CISA urges administrators to address a critical remote code execution flaw, tracked as CVE-2021-41163, in Discourse installs. Discourse is...
Red TIM Research found two rare flaws in Ericsson OSS-RC component
The Red Team Research (RTR), the bug’s research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the...
Russia-linked Nobelium APT targets orgs in the global IT supply chain
Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. The...
VECTR – A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios
VECTR documentation can be found here: DocumentationFeature Breakdowns By ReleaseVECTR v7.1.1 Feature BreakdownTeamLEAD PROGRAMMERS:Carl VonderheidGalen FisherDaniel HongPROGRAMMERS:Andrew ScottPatrick HislopDan GuzekZara...
A week in security (Oct 18 – Oct 24)
Last week on Malwarebytes Labs Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache.“Killware”: Is it just as bad as...
NYT Journalist’s iPhone infected twice with NSO Group’sPegasus spyware
Threat actors infected the iPhone of New York Times journalist Ben Hubbard with NSO Group’s Pegasus spyware between June 2018...
