Tether says it is a Victim of a 500 BTC Ransom
Only days after the conclusion of its long-running fight with the Office of the Attorney General of New York, Tether...
Microsoft Lures Populate Half of Credential-Swiping Phishing Emails
According to the sources nearly half of the emails, phishing attacks in the year 2020 aimed to swipe credentials...
Russian Hackers Sabotaging Critical U.S Infrastructure
Among every state-sponsored hacking group that has attacked the U.S power grid, and went beyond to compromise American Electric Utilities,...
US Senate’s Selection Committe Raises Some Serious Concerns Regarding SolarWinds Attack
The US Senate’s select committee has blamed Russia for the massive intelligence operation that infiltrated SolarWinds, a Texas-based software company,...
Nation States Are Using Cyber Crime Groups to Carry Attacks: States Blackberry Threat Report 2021
Nation-states are employing cybercriminals for hacking activities to perpetrate assaults in order to conceal their own presence. An e-security report...
Mobile malware evolution 2020
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. The...
Halogen – Automatically Create YARA Rules From Malicious Documents
Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document.Halogen helppython3...
StandIn – A Small .NET35/45 AD Post-Exploitation Toolkit
StandIn is a small AD post-compromise toolkit. StandIn came about because recently at xforcered we needed a .NET native solution...
How to Achieve and Maintain Continuous Cloud Compliance
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in...
Intern caused ‘solarwinds123’ password leak, former SolarWinds CEO says
Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing...
ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection
ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users for illegal data collection....
NSA embraces the Zero Trust Security Model
The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security...
EU leaders aim at boosting defense and security, including cybersecurity
During a video conference of the members of the European Council, EU leaders agreed on a new strategy aimed at boosting...
CVE-2021-21156
Summary: Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap...
CVE-2021-21157
Summary: Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to...
CVE-2021-23336
Summary: The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from...
CVE-2020-9484
Summary: When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if...
CVE-2021-27509
Summary: In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code....
SuperVPN & GeckoVPN – 20,339,937 breached accounts
In February 2021, a series of "free" VPN services were breached including SuperVPN and GeckoVPN, exposing over 20M records. The...
Tibetan Organizations Targeted in a Chinese Sponsored Phishing Campaign
Cybersecurity experts from Proofpoint have unearthed a Chinese-sponsored phishing campaign and published a report on Thursday; as per the findings,...
American Telecommunications Firm, T-Mobile Confirmed Data Breach and Sim Swapping Attacks
After an undisclosed number of subscribers were reportedly hit by SIM swap attacks, American telecommunications company T-Mobile has announced a...
IBM: Cyber attacks on Linux systems of Russian government agencies will increase
The problem will also affect Russian government agencies, which are switching to domestic Linux operating systems as part of import...
Alexa Skills can Easily Bypass Vetting Process
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could permit a threat...
WdToggle – A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Caching
A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and...
