Maze Ransomware Operators Leaked 2GB of Financial Data from Bank of Costa Rica (BCR)
Bank of Costa Rica (BCR) has been receiving threats from the threat actors behind Maze ransomware who have stolen credit...
Online education takes a boost in lockdown
Sandeep Gupta from California, a technology manager is taking an online course in artificial intelligence as a way “to try...
RepoPeek – A Python Script To Get Details About A Repository Without Cloning It
RepoPeek is a Python script to get details about a repository without cloning it. All the information are retrieved using...
Pivotnacci – A Tool To Make Socks Connections Through HTTP Agents
Pivot into the internal network by deploying HTTP agents. Pivotnacci allows you to create a socks server which communicates with...
Finding Flexibility in Your Vulnerability Management Solution
For fast-moving security teams today, it’s about doing more with less—in other words, leveraging the tools and resources you use...
Mathway breach latest caper for Shiny Hunters
While the Mathway breach in which 25 million email addresses and salted passwords were reportedly stolen didn’t hit the news...
Lock and Code S1Ep7: Sounding the trumpet on web browser privacy with Pieter Arntz
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
The Blue Mockingbird Malware Group Exploits Vulnerabilities in Organizations’ Networks
Another notorious crypto-currency mining malware has surfaced which allegedly has been infecting the systems of countless organizations. The group with...
Spam and phishing in Q1 2020
Quarterly highlights Don’t get burned Burning Man is one of the most eagerly awaited events among fans of spectacular performance...
OhMyQR – Hijack Services That Relies On QR Code Authentication
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all...
FinalRecon – The Last Web Recon Tool You’ll Need
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new...
Supporting Our Medical Professionals in the Age of COVID-19: Cybersecurity in the Healthcare Sector
Now more than ever, healthcare workers need and deserve top-notch technical support. But between skyrocketing demand for telepractitioners and rising...
Turla’s ComRAT v4 uses Gmail web UI to receive commands, steal data
Researchers have uncovered version of the ComRat backdoor, one of the Turla Group’s oldest malware families, that distinguishes itself by...
Russian experts assessed the level of protection of corporate data from hacker attacks
Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than...
China and Digital Currency : multifaceted advantages or a surveillance and tracking juncture?
People’s Bank of China (PBoC), China's central bank issued a public notice on April 29, 2020, “In order to implement...
Aggressive in-app advertising in Android
Recently, we’ve been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in...
Jaeles v0.9 – The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.InstallationDownload precompiled...
Game-based learning platform provides full immersion into cybersecurity
Working and learning have gone remote, and we have to come to terms with this new reality. Nowadays, several organizations...
AutoRDPwn v5.1 – The Shadow Attack Framework
AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This...
New Spectra Attack that breaks the division between Wi-Fi and Bluetooth to be released at Black Hat Security Conference
The developers call it "Spectra." This assault neutralizes "combo chips," specific chips that handle various kinds of radio wave-based remote...
Email Phishing Scam: Scammers Impersonate LogMeIn to Mine Users’ Account Credentials
A Boston, Massachusetts based company, LogMeIn that provides software as a service and cloud-based remote connectivity services for collaboration, IT...
EvilApp – Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)
Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass...
S3BucketList – Firefox Plugin The Lists Amazon S3 Buckets Found In Requests
S3BucketList is a Firefox plugin that records S3 Buckets found in requests. It is currently a work in progress and...
TV Equipment Used To Eavesdrop On Sensitive Satellite Communications
With just £270 ($300) of home television equipment an Oxford University-based security researcher caught terabytes of real-world satellite traffic including...
