Overlord – Overlord – Red Teaming Infrastructure Automation
Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user...
REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack
The REvil ransomware operators are attempting to blackmail Apple after they has allegedly stolen product blueprints of the IT giant...
3 Zero-Day in SonicWall Enterprise Email Security Appliances actively exploited
Security vendor SonicWall has addressed three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. SonicWall is warning its customers...
China-linked APT used Pulse Secure VPN zero-day to hack US defense contractors
At least one China-linked APT group exploited a new zero-day flaw in Pulse Secure VPN equipment to break into the...
Hacking a X-RAY Machine with WHIDelite & EvilCrowRF
The popular cyber security expert Luca Bongiorni demonstrated how to hack an X-Ray Machine using his WHIDelite tool. Recently I...
Critical update: Facebook Messenger users hit by scammers in over 80 states
Researchers from security firm Group-IB have detected a large-scale scam campaign targeting Facebook Messenger users all over the world. Group-IB...
CVE-2015-2876
Summary: Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie...
CVE-2015-7788
Summary: ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. Reference...
CVE-2015-7907
Summary: Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors...
CVE-2015-6481
Summary: The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password,...
CVE-2015-6480
Summary: The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to...
FIN7 sysadmin behind “billions in damage” gets 10 years
In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken...
CodeCov supply-chain compromise likened to SolarWinds attack
CodeCov, a company that creates software auditing tools for developers, was recently breached (the company says it was breached on...
Interview with a bug bounty hunter: Youssef Sammouda
Behind the scenes there are many people working in cyber-security that make the internet a safer place. Youssef Sammouda is...
Fake Microsoft Store, Spotify Distribute Malware to Steal User Data
Attackers are promoting sites that imitate the Microsoft Store, Spotify, and an online document converter to spread malware that steals...
Positive Technologies rejected accusations of the U.S. Department of the Treasury of Russia’s cooperation with intelligence services
Russian cyber security company Positive Technologies rejected the accusations of interference in the American elections, made by the U.S. Treasury...
Two Outdated Software Bug Patched, Says WhatsApp
WhatsApp on Monday stated that it has addressed two bugs that existed on its outdated software program and that it...
Zero Trust & Basic Cyber Hygiene: Best Defense Against Third-Party Attacks
Since the beginning of the year, there has been a slew of third-party cybersecurity attacks, with the repercussions affecting a...
OTP Generating Firm at a Risk, as Hacker Claims to have Sold its Sensitive Data
A hacker seems to sell confidential information that is claimed to have been robbed from an OTP firm. And this...
BetterXencrypt – A Better Version Of Xencrypt – Xencrypt It Self Is A Powershell Runtime Crypter Designed To Evade AVs
A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs. cause Xencrypt is not...
Reproxy – Simple Edge Server / Reverse Proxy
Reproxy is a simple edge HTTP(s) server / reverse proxy supporting various providers (docker, static, file). One or more providers...
KubiScan – A Tool To Scan Kubernetes Cluster For Risky Permissions
A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model. The tool was...
North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection
North Korea-linked Lazarus APT group is abusing bitmap (.BMP) image files in a recent spear-phishing campaign targeting entities in South...
Watch out, hackers can take over your Cosori Smart Air Fryer
Watch out, hackers could breach into your house by exploiting two remote code execution (RCE) vulnerabilities in the Cosori Smart...
