Join the Telegram channel In a recent cybersecurity incident, Google cleared 25 applications from its google play store as they were alleged to steal the users’ FB credentials. According to Google, these applications were downloaded for around 2..35 million before the play store decided to shut them down. All these […]
Join the Telegram channel IS Raid is a native IIS module that abuses the extendibility of IIS to backdoor the web server and carry out custom actions defined by an attacker. DocumentationWhen installed, IIS-Raid will process every request and method, check if the X-Password header exists and compare it against […]
Join the Telegram channel 2020-06-06 Update: this trick no longer works on the latest builds of Windows 10 Insider Preview. This means that, although it still works on the mainstream version of Windows 10, you should expect it to be patched in the coming months. DescriptionThis PoC shows a technique […]
Join the Telegram channel Despite the summer season entering full swing, we know cyber-threats take no vacations. That’s why our team has been working diligently behind the scenes to bring you a slew of improvements in InsightAppSec, our leading cloud-based DAST solution. We’ve recapped the latest and greatest ways to […]
Join the Telegram channel This post is part two of a two-part blog series on policy customization in InsightVM, Rapid7’s vulnerability risk management solution. In the first blog post of our Custom Policy Builder series, we learned about how to edit the Common Platform Enumeration (CPE) of a policy in […]
Join the Telegram channel After publishing a final security update for Magento 1 last week, Adobe is ending support for its popular 12-year-old ecommerce platform. “If you have a store that continues to run on Magento 1 after June 30, please be aware that from that date forward you have […]
Join the Telegram channel StrongPity, aka Promethium, a potentially state-sponsored APT group active since 2012, isn’t letting exposed campaigns in recent years stop it from trying to install malware around the world, particularly in warzones such as Syria. Two separate reports this week from Cisco Talos and Bitdefender suggest the […]
Join the Telegram channel A Twitter user going by the handle @beatsballert messaged me yesterday after learning of an apparently malicious Little Snitch installer available for download on a Russian forum dedicated to sharing torrent links. A post offered a torrent download for Little Snitch, and was soon followed by […]
Join the Telegram channel Apps and their permissions have been in the news recently, particularly in relation to tracking/privacy issues and Bluetooth. Why Bluetooth, though? What is it, and what is it doing to raise concerns in some security quarters? Bluetooth: your cool, then uncool, but mostly cool again cousin […]
Join the Telegram channel For the past year and a half, a rather small group of activists known as Distributed Denial of Secrets, or DDoSecrets, has discreetly yet consistently released a flood of hacked and leaked documents, from Russian oligarchs’ emails to the stolen communications of Chilean military leaders to […]
Join the Telegram channel Cybersecurity experts at Barracuda Networks have discovered a unique kind of crypto mining malware called “Golang.” The malware can attack Windows as well as Linux systems, according to the experts. This latest malware is targeting Monero cryptocurrency with the help of Xmrig, a popular miner. The […]
Join the Telegram channel Researchers at IntSight have discovered that IM platforms such as WhatsApp, Telegram, Discord, IRC, and Jabber are being used by cybercriminals for advertising and putting their goods and services on sale. One of the major reason as to why cybercriminals are switching to these IM platforms […]
Join the Telegram channel BaseCrack is a tool written in Python that can decode all alphanumeric base encoding schemes. This tool can accept single user input, multiple inputs from a file, input from argument, multi-encoded bases and decode them incredibly fast.Decode Base16, Base32, Base36, Base58, Base62, Base64, Base64Url, Base85, Base91, […]
Join the Telegram channel A quick way to generate various “basic” Meterpreter payloads via msfvenom (part of the Metasploit framework). AboutMSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) […]
Join the Telegram channel This blog post is part two of a three-part series on macro authentication. Be sure to catch up on part one here! Welcome to part two in our “Unlocking the Power of Macro Authentication” series! Where we last left off, we added a macro file into […]
Join the Telegram channel A tax software program installed by business clients of an unidentified Chinese bank was trojanized with malware that installs a backdoor granting attackers SYSTEM-level privileges, researchers warn. In a company blog post and more detailed threat report, Trustwave and its SpiderLabs team identified the accounting softwa […]
Join the Telegram channel Last week on Malwarebytes Labs, we provided a zero-day guide for 2020 featuring recent attacks and advanced preventive techniques, and we learned how to cough in the face of scammers, offering security tips for the 2020 tax season. We also looked at a web skimmer hiding […]
Join the Telegram channel The US Department of Justice considers Sergei Medvedev one of the founders of the transnational organization Infraud, which sold stolen personal, banking and financial data, as well as information from credit and debit cards Russian Sergei Medvedev, accused in the United States of cybercrime and causing […]
Join the Telegram channel Apple announced its latest OS iOS14 at this year’s WWDC and during the beta testing for the same, the tech giant caught TikTok recording user’s cut-paste data and whatever the user was typing on their keyboard. The new alert on iOS14 lets the user know if […]
Join the Telegram channel kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.Tests are configured with YAML files, making this tool easy to update as test specifications evolve. Please Note kube-bench implements the CIS Kubernetes Benchmark as […]
Join the Telegram channel Network Attack wifi attack vlan attack arp attack Mac Attack Attack revealed etc../ install : sudo pip3 install -r requirements.txt EvilNet Attack Network Scan Network Wifi Attack ARP Attack Brute Force Attack protocol Vlan Hopping Attack Mac Flooding Attack Twitter: https://twitter.com/matrix0700 Download EvilNet If you like […]