Azur3Alph4 – A PowerShell Module That Automates Red-Team Tasks For Ops On Objective
Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE...
threatintel
Improper Certificate Validation issue in LibreOffice and OpenOffice allows signed docs spoofing
LibreOffice and OpenOffice released security updates to address a vulnerability that can be exploited by an attacker to spoof signed...
Donot Team targets a Togo prominent activist with Indian-made spyware
A Togolese human rights advocate was hit by mobile spyware that has been allegedly developed by an Indian firm called...
Google warns some users that FancyBear’s been prowling around
APT28, also known as FancyBear, is at the heart of another targeted campaign. This time, it’s sniffing around users of...
BruteLoops – Protocol Agnostic Online Password Guessing API
A dead simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces. See various Wiki...
A week in security (Oct 4 – Oct 10)
Last week on Malwarebytes Labs Does Cybersecurity Awareness Month actually improve security?Police take a piece out of a ransomware gang,...
NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks
The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA...
FUSE – A Penetration Testing Tool For Finding File Upload Bugs
FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload (UEFU) vulnerabilities. The details of the testing...
Medtronic recalls some controllers used with some of its insulin pumps over cyberattack risks
Medical device maker Medtronic recalled the remote controllers used with some of its insulin pumps because of dangerous vulnerabilities. Medical device maker...
Security Affairs newsletter Round 335
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Qu1cksc0pe – All-in-One Static Malware Analysis Tool
This tool allows you to statically analyze Windows, Linux, OSX executables and APK files.You can get:What DLL files are used.Functions...
Previously undetected FontOnLake Linux malware used in targeted attacks
ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers...
GitOops – All Paths Lead To Clouds
GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by...
Google addresses four high-severity flaws in Chrome
Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released...
Security expert published NMAP script for Apache CVE-2021-41773 vulnerability
Security expert Dhiraj Mishra published an NMAP script for the CVE-2021-41773 Path Traversal vulnerability affecting Apache Web Server version 2.4.49. Security...
Sky.com servers exposed via misconfiguration
CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ https://cybernews.com/news/sky-com-servers-exposed-via-misconfiguration/ CyberNews...
AF-ShellHunter – Auto Shell Lookup
AF-ShellHunter: Auto shell lookupAF-ShellHunter its a script designed to automate the search of WebShell's in AF TeamHow topip3 install -r...
Cox Media Group took down broadcasts after a ransomware attack
American media conglomerate Cox Media Group (CMG) was hit by a ransomware attack that took down live TV and radio...
Hacktoberfest 2021
It’s that time of year again! This means it’s the season for Halloween, Oktoberfest, and HACKTOBERFEST! So what is Hacktoberfest?...
Firefox reveals sponsored ad “suggestions” in search and address bar
Mozilla is trying a novel experiment into striking a balance between ad revenue generation and privacy protection by implementing a...
58% of all nation-state attacks in the last year were launched by Russian nation-state actors
Microsoft revealed that Russia-linked cyberespionage groups are behind the majority of the nation-state cyber attacks on US government agencies. Microsoft...
Viper – Intranet Pentesting Tool With Webui
Viper is a graphical intranet penetration tool, which modularizes and weaponizes the tactics and technologies commonly used in the process...
At long last, Microsoft is disabling Excel 4.0 macros by default
Sometimes good news in the security world comes unexpectedly. This is one of those times. After three decades of macro...
The Netherlands declares war on ransomware operations
The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services...
