Nexfil – OSINT Tool For Finding Profiles By Username
NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over...
The-Bastion – Authentication, Authorization, Traceability And Auditability For SSH Accesses
Bastions are a cluster of machines used as the unique entry point by operational teams (such as sysadmins, developers, database...
Kaseya warns customers of ongoing malspam campaign posing as security updates
Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates Kaseya is...
CVE-2021-34549
Summary: An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data....
CVE-2021-34550
Summary: An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory...
CVE-2021-35331
Summary: ** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated...
CVE-2020-25868
Summary: Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can...
CVE-2020-24144
Summary: Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to...
How to send an anonymous email
Sometimes readers ask us how to send an anonymous email or how criminals and scammers manage to send anonymous emails....
Judge drops hammer, dishes 7 years slammer for BEC and romance scammer
A Texas resident has finally paid the price for a heady mix of malicious mail antics. A combination of business...
How one word can disable an iPhone’s WiFi functionality
A researcher has found a way to disable the WiFi functionality on iPhones by getting them to join a WiFi...
Cyber Criminals Sending Phishing Mails Pretending to be from Russian Government Domain
The administration of RSNet (Russian State Network) recommended not to open letters from unknown senders, not to click on links...
Cobalt Strike Payloads: Hackers Capitalizing on Ongoing Kaseya Ransomware Attacks
Cyberattack actors are trying to monetize off the currently ongoing Kaseya ransomware attack incident by attacking probable victims in a...
MageCart Group12 Employing New Technique to Target E-Commerce Websites
MageCart Group12 is known for targeting e-commerce websites with the goal of skimming payment information from online shoppers and selling...
Consumers Loosing Trust In Financial and E-commerce Industries
Callsign, a digital identity pioneer, revealed that the rise of scams is harming organizations’ reputations across the world. UK-based company...
Researchers Learn from ITG18 Group’s OpSec Mistakes
A team of IBM X-Force security experts analyzed attackers' operational security mistakes to disclose the core details of how the...
Security Scorecards – Security Health Metrics For Open Source
Security Health Metrics For Open SourceMotivationA short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and...
WFH – Windows Feature Hunter
Windows Feature Hunter (WFH) is a proof of concept python script that uses Frida, a dynamic instrumentation toolkit, to assist...
Insurance firm CNA discloses data breach after March ransomware attack
Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance...
Hackers use a new technique in malspam attacks to disable Macro security warnings in weaponized docs
Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in malspam attacks. Most...
Microsoft says that the emergency patch recently released correctly fix the PrintNightmare flaw
Microsoft confirmed that the emergency security updates (KB5005010) correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527). Microsoft says that the...
Cisco fixes High Severity issue in BPA and WSA
Cisco addresses high severity privilege escalation vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users...
Multiple Sage X3 vulnerabilities expose systems to hack
Rapid7 researchers discovered security vulnerabilities in the Sage X3 ERP product that could allow to take control of vulnerable systems. Researchers from...
Morgan Stanley discloses data breach after the hack of a third-party vendor
The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server...
