Massive Cyberattack On US Government Exposes Shortcomings, Russia Named Top Suspect
Not long ago, US agencies had confirmed a massive data breach that compromised their networks. The problem persists, and US...
Putin: the US State Department and the US intelligence agencies come up with fake about Russian hackers
According to the Russian President, he is counting on the experience of the President-elect of the United States, which will...
Sunburst: connecting the dots in the DNS requests
On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to...
The future of cyberconflicts
The ever-increasing role of technology in every aspect of our society has turned cybersecurity into a major sovereignty issue for...
Scilla – Information Gathering Tool (DNS/Subdomain/Port Enumeration)
Information Gathering Tool - Dns/Subdomain/Port EnumerationInstallationFirst of all, clone the repo locally git clone https://github.com/edoardottt/scilla.git Scilla has external dependencies, so...
Go365 – An Office365 User Attack Tool
Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365)....
Defense in depth — the Microsoft way (part 68): where compatibility means vulnerability
Posted by Stefan Kanthak on Dec 18Hi @ll, this post is a shortened version of <https://skanthak.homepage.t-online.de/detour.html> With Windows 2000 and...
Rocket.Chat quietly patches XSS vulnerability
Posted by Moe Szyslak on Dec 18Rocket.Chat has quietly fixed a stored XSS vulnerability in the following commits:https://github.com/RocketChat/Rocket.Chat/commit/96d3155245ec65f681664b48b6dafc94c1ea021chttps://github.com/RocketChat/Rocket.Chat/commit/43fe12d775b2329e780a1369a1b2c25070cdcab9 Exploitation of...
CA20201215-01: Security Notice for CA Service Catalog
Posted by Kevin Kotas via Fulldisclosure on Dec 18CA20201215-01: Security Notice for CA Service Catalog Issued: December 15, 2020 Last...
Programi Bilanc – Build 007 Release 014 31.01.2020 – Software-update packages are downloaded via unencrypted HTTP [CVE-2020-11718]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18Programi Bilanc - Build 007 Release 014 31.01.2020 - Software-update...
Programi Bilanc – Build 007 Release 014 31.01.2020 – Broken encryption with guessable static encryption key [CVE-2020-8995]
Posted by Georg Ph E Heise via Fulldisclosure on Dec 18Programi Bilanc - Build 007 Release 014 31.01.2020 - Broken...
All-source intelligence: reshaping an old tool for future challenges
An enhanced version of the old all-source intelligence discipline could serve the purpose. By Boris Giannetto Hybrid, interconnected and complex...
Microsoft confirms breach in SolarWinds hack, but denies its clients were affected
Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its...
Fake mobile version of Cyberpunk 2077 spreads ransomware
A threat actor is spreading ransomware dubbed CoderWare that masquerades as Windows and Android versions of the recent Cyberpunk 2077....
5 million WordPress sites potentially impacted by a Contact Form 7 flaw
The development team behind the Contact Form 7 WordPress plugin discloses an unrestricted file upload vulnerability. Jinson Varghese Behanan from Astra Security discovered...
DoppelPaymer ransomware gang now cold-calling victims, FBI warns
FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay, threatening to send individuals to their homes. FBI...
3 million users hit with infected Google Chrome and Microsoft Edge extensions
The Google logo adorns the outside of the Google building in New York City. Google Chrome extensions are being used...
VideoBytes: Brute force attacks increase due to more open RDP ports
Hello Folks! In this Videobyte, we’re talking about why brute force attacks are increasing and why that is a problem...
Smart toy security: How to keep your kids safe this Christmas
Christmas is coming, and so are the smart toys. The ever-present pandemic has meant a lot more staying at home...
Sberbank predicts an outflow of up to ₽4 trillion from banks to the digital ruble
Sberbank predicted an outflow of two to four trillion rubles (around $5,5 billion), which are currently stored in banks, to...
E9Patch – A Powerful Static Binary Rewriting Tool
E9Patch is a powerful static binary rewriting tool for x86_64 Linux ELF binaries. E9Patch is: Scalable: E9Patch can reliably rewrite...
PoshBot – Powershell-based Bot Framework
PoshBot is a chat bot written in PowerShell. It makes extensive use of classes introduced in PowerShell 5.0. PowerShell modules...
Help Others Be “Cyber Aware” This Festive Season—And All Year Round!
Are you tired of being the cybersecurity help desk for everyone you know? Are you frustrated with spending all your...
How to Gain Visibility Into Audit Logs for Policy Customization in InsightVM
Since the launch of InsightVM’s Custom Policy Builder in June of this year, hundreds of organizations have created and customized...
