Turla’s ComRAT v4 uses Gmail web UI to receive commands, steal data
Researchers have uncovered version of the ComRat backdoor, one of the Turla Group’s oldest malware families, that distinguishes itself by...
Russian experts assessed the level of protection of corporate data from hacker attacks
Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than...
China and Digital Currency : multifaceted advantages or a surveillance and tracking juncture?
People’s Bank of China (PBoC), China's central bank issued a public notice on April 29, 2020, “In order to implement...
Aggressive in-app advertising in Android
Recently, we’ve been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in...
Jaeles v0.9 – The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.InstallationDownload precompiled...
Game-based learning platform provides full immersion into cybersecurity
Working and learning have gone remote, and we have to come to terms with this new reality. Nowadays, several organizations...
AutoRDPwn v5.1 – The Shadow Attack Framework
AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This...
New Spectra Attack that breaks the division between Wi-Fi and Bluetooth to be released at Black Hat Security Conference
The developers call it "Spectra." This assault neutralizes "combo chips," specific chips that handle various kinds of radio wave-based remote...
Email Phishing Scam: Scammers Impersonate LogMeIn to Mine Users’ Account Credentials
A Boston, Massachusetts based company, LogMeIn that provides software as a service and cloud-based remote connectivity services for collaboration, IT...
EvilApp – Phishing Attack Using An Android App To Grab Session Cookies For Any Website (ByPass 2FA)
Man-in-the-middle phishing attack using an Android app to grab session cookies for any website, which in turn allows to bypass...
S3BucketList – Firefox Plugin The Lists Amazon S3 Buckets Found In Requests
S3BucketList is a Firefox plugin that records S3 Buckets found in requests. It is currently a work in progress and...
TV Equipment Used To Eavesdrop On Sensitive Satellite Communications
With just £270 ($300) of home television equipment an Oxford University-based security researcher caught terabytes of real-world satellite traffic including...
Locator – Geolocator, Ip Tracker, Device Info By URL (Serveo And Ngrok)
Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link.Legal disclaimer:Usage of...
Guardedbox – Online Client-Side Manager For Secure Storage And Secrets Sharing
GuardedBox is an open-source online client-side manager for secure storage and secrets sharing.It allows users to upload secrets to a...
Going dark: encryption and law enforcement
UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given...
Russia puts cryptocurrency under a ban
Russian parliamentarians have developed a package of bills that assume administrative and criminal responsibility for the use of cryptocurrencies. Experts...
Israeli Security Company NSO Pretends to Be Facebook
As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to...
Wishbone Breach: Hacker Leaks Personal Data of 40 Million Users
Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like...
Russian banks revealed new types of fraud
Stanislav Kuznetsov, Deputy Chairman of the Board of the Bank, said that fake Internet recruiting agencies that offer employment have...
Faraday v3.11 – Collaborative Penetration Test and Vulnerability Management Platform
This new release brings strong improvements to your security team’s daily performance, allowing them to operate quicker and smarter by...
Minimalistic-offensive-security-tools – A Repository Of Tools For Pentesting Of Restricted And Isolated Environments
Minimalistic SMB login bruteforcer (smblogin.ps1)A simple SMB login attack and password spraying tool.It takes a list of targets and credentials...
Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
By Raphael Centeno and Llallum Victoria With additional insights from Bren Matthew Ebriega Cybercriminals are taking advantage of “the new...
ZeuS byproduct ‘Silent Night’ Zbot ‘not a game-changer’
The Silent Night Zbot, a new variant of the infamous banking trojan ZeuS that wreaked havoc in mid-2009 may be...
Modular backdoor sneaked into video game developers’ servers
A suspected Chinese APT group used a newly discovered modular backdoor to infect at least one video game developer’s build...
