Accusations of the British authorities against Russia of allegedly stealing coronavirus developments by Russian hackers are “typical corona – madness” and a new round of information warfare, said Oleg Morozov, member of the Federation Council Committee on Foreign Affairs. According to the Senator, the West this time did not miss […]
Security researchers have found a Chrome extension that turns Chrome browsers in proxy bots that enables the hacker to browse chrome using an infected identity. This tool was created by Matthew Bryan, a security researcher, he named it “Cursed Chrome” and released it on GitHub as an open-source project. The […]
A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan module. Usage [ [email protected] ~ ]$ sshprank -H--==[ sshprank by nullsecurity.net ]==--usage sshprank <mode> [opts] | <misc>modes -h <host:[ports]> - single host to crack. multiple ports can be seperated by comma, e.g.: 22,2022,22222 (default port: 22) -l […]
Everything You Need About Burp Extension Generation InstallationFirst, install Yeoman and generator-burp-extension using npm (we assume you have pre-installed node.js). npm install -g yonpm install -g generator-burp-extension Then generate your new project: yo burp-extension Burp Extension featuresWhen you generate your plugin project, the generator will ask you what features should […]
This blog post was co-authored by Andrew Silberman and Justin Buchanan. It’s well known in the world of cybersecurity that you can’t secure what you don’t know exists. With today’s evolving threat landscape, it’s never been more of a challenge or a necessity to be able to discover and manage […]
Last week on Malwarebytes Labs, we looked at how secure the cloud is, understood why unexpected demand can influence an organization to consider their “just in time” (JIT) system, speculated on why the threat actors behind the Troldesh ransomware suddenly released thousands of decryption keys, preached the good news about […]
The Churchman Tikhon (Mr. Shevkunov), who is called “Vladimir Putin’s Confessor” in the media, told about the hacking of his mail. Now blackmailers are threatening to publish information of many years “A few months ago it turned out that my email was hacked for many years. My private and business […]
The hackers are exploiting mobile ad networks that take the android users to malicious websites. After this, hackers can either steal personal user information or attack the victim’s Android device with spams. The Google play store has more than 400 apps that come with ads as a means to generate […]
Homepage: https://parsec.cloudDocumentation: https://parsec-cloud.readthedocs.org.Parsec is a free software (AGPL v3) aiming at easily share your work and data in the cloud in total privacy thanks to cryptographic security. Key features: Works as a virtual drive on you computer. You can access and modify all the data stored in Parsec with your […]
Penetration testing utility.The goal is to use this tool when access to some Windows OS features through GUI is restricted.Some features require administrative privileges.Capabilities: invoke the Command Prompt and PowerShell, download a file, schedule a task, add a registry key, connect to a remote host, list unquoted service paths and […]
From the comfort of the Gloucester Shed—my “home office” that’s now gaining notoriety internally at Rapid7—I recently watched three colleagues speak in a webinar about the ways the world is changing around us and the relationships we have to nurture as a business community in order to navigate the inconstant […]
Internet users have been alerted by national federal cybersecurity agency against a fake email campaign that is going on in the country; the authors behind the campaign are threatening to post a personal video of a victim that they claim to have recorded if the demanded ransom in the form […]
Dreambot’s backend servers as per a report published by the CSIS Security Group, a cyber-security firm situated in Copenhagen, seem to have gone quiet and potentially shut down completely. It started in March around the same time when the cybersecurity community likewise stopped seeing the new Dreambot samples disseminated in […]
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through. Unauthenticated user are redirected to Authelia […]
A tool to assess data quality, built on top of the awesome OSSEM project. Mission Answer the question: I want to start hunting ATT&CK techniques, what log sources and events are more suitable? Create transparency on the strengths and weaknesses of your log sources Provide an easy way to evaluate […]
According to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February. Hackers select the username and password from an employee’s account to log into the corporate infrastructure, explains Kaspersky Lab’s […]
SophosLabs, a cybersecurity firm has discovered a range of apps on Google Play Store and Apple’s iOS App Store whose sole purpose is to charge huge subscriptions and other fees to clients for the features and services they could avail for free. These apps though tricks the user they however […]
Integration of Clair and Docker Registry (supports both Clair API v1 and v3)Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relies on enviroment variables. […]
PowerShell script for connecting to a remote host.Remote host will have full control over client’s PowerShell and all its underlying commands.Tested with PowerShell v5.1.18362.752 on Windows 10 Enterprise OS (64 bit).Made for educational purposes. I hope it will help! How to RunChange the IP address and port number inside the […]
In the last few weeks, there has been an upswing in people receiving threatening, extortion email messages, demanding payment to avoid release of sensitive information. Most of the time, these emails are what we call “sextortion” emails, as they claim that malware on your computer has captured embarrassing photos of […]
Some independent security software affiliates are scamming people by sending emails with the false message that their antivirus is expiring and renew their license, whereby if the user does so, they can earn a commission. A software affiliate program is a marketing technique in which the affiliate recommends the software […]