LOLBITS – C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
LOLBITS is a C# reverse shell that uses Microsoft's Background Intelligent Transfer Service (BITS) to communicate with the Command and...
threatintel
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know
What is the CryptoAPI Spoofing Vulnerability? Who is impacted?A flaw (CVE-2020-0601) has recently been found in the way the Microsoft...
How PCI Compliance Helps Keep Your App’s Credit Card Data Safe
Nowadays, it’s easier than ever to create an app that allows customers to interact with your brand. If your app...
Comment on GitHub hosted Magecart skimmer used against hundreds of e-commerce sites by GitHub hosted Magecart skimmer used against e-commerce sites | SC Media
While skimming code is normally stored on infrastructure controlled by the attackers, researchers have observed threat actors creating thousands of...
Comment on GitHub hosted Magecart skimmer used against hundreds of e-commerce sites by Magecart Skimming Code Found on Github – Infosecurity Magazine
keep their CMS and its plugins up-to-date, as well as using secure authentication methods,” Segura concluded. “Over the past year,...
Comment on Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT by Attacchi in corso su Vulnerabilità in Internet Explorer – Yoroi Blog
“Dark Hotel” in ambito cyber-espionage (rif. Early Warning N040518), oltre che in recenti campagne di propagazione di varianti malware Original...
Comment on Under the hoodie: why money, power, and ego drive hackers to cybercrime by What Drives Hackers to a Life of Cybercrime? – Infosecurity Magazine
results of her work were published today in the long-form article "Under the Hoodie: Why Money, Power, and Ego Drive Hackers...
Comment on Obfuscated Coinhive shortlink reveals larger mining operation by Cyber One Solutions CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites
to security researchers at Malwarebytes, a large number of legitimate websites have been hacked to load short URLs unknowingly, generated...
Shell Backdoor List – PHP / ASP Shell Backdoor List
What is a shell backdoor ?A backdoor shell is a malicious piece of code (e.g. PHP, Python, Ruby) that can...
Hakrawler – Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application
hakrawler is a Go web crawler designed for easy, quick discovery of endpoints and assets within a web application. It...
Announcing the 2020 Metasploit community CTF
Metasploit’s community CTF is back by popular demand. Starting January 30, put your skills to the test for a chance...
January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
2020 starts off with a relatively heavy list of patches for Microsoft users. January is typically a light month for...
How to prevent a rootkit attack
If you’re ever at the receiving end of a rootkit attack, then you’ll understand why they are considered one of...
Kaspersky Lab recorded an increase in attacks by Russian hackers on banks in Africa
Kaspersky Lab recorded a wave of targeted attacks on major banks in several Tropical African countries in 2020. It is...
Facebook Code Update Gone Wrong Exposes Anonymous Admins
Recently Facebook encountered quite a bug crisis, as a bad code update going live on the night of 10th January...
Hackers sell data of 80 thousand cards of customers of the Bank of Kazakhstan
An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the...
Phishing Attack Alert! Los Angeles County Says No Harm Done!
A Phishing attack last month surfaced over the LA County which was immediately contained before any devices got compromised. The...
Gtfo – Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
This is a standalone script written in Python 3 for GTFOBins. You can search for Unix binaries that can be...
SWFPFinder – SWF Potential Parameters Finder
SWFPFinder is a simple and open source bash script designed to discovery the potential swf (file) parameters on the webapp...
Patch Tuesday – January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour that Microsoft would be fixing a...
How to Define and Communicate Vulnerability Risk Across Your Company
This is a guest post by Rapid7 customer Steven Maske, the Information Security Manager of a manufacturing, retail, and distribution...
A week in security (January 6 – 12)
Last week on Malwarebytes Labs, we told readers how to check the safety of websites and their related files, explored...
Hackers Blackmail Patients of Surgical Company in a Cyber attack
The patients of a facial surgical company in Florida, who were hacked recently, are now being threatened by hackers. The...
TrickBot Added New Stealthy Backdoor for High-Value Targets
The authors behind the infamous TrickBot malware – a modular banking trojan that targets sensitive financial information and also acts...
