Alert! Your Mac maybe under threat – SHLAYER MALWARE attacks every 10th Mac OS
The macOS traditionally was always considered a safe bet compared to Windows but now even Apple is facing a dangerous security threat.Kaspersky reports that Macs have become a hot target…
Avast Antivirus Harvested Users’ Data and Sold it Google, Microsoft, IBM and Others
Avast, a popular maker of free anti-virus software being employed by almost 435 million mobiles, Windows and Mac harvested its users' sensitive data via browser plugins and sold it to…
Blinder – A Python Library To Automate Time-Based Blind SQL Injection
Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development.InstallationYou can install Blinder…
Obfuscapk – A Black-Box Obfuscation Tool For Android Apps
Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new…
R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities
A number of information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries intended to work with the Bloomsky SKY2 Weather Camera Stations. This includes individual…
Explained: the strengths and weaknesses of the Zero Trust model
In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust security model, the opposite is true. Everything and everyone must…
The website of the Echo of Moscow radio station reported a two-week hacker attack
For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been hacked.According to Sergey Buntman, First Deputy Editor-in-Chief of Echo, the…
Vulnerability found in Cisco Webex Meeting Suit- Lets unauthorized attackers join private meetings
Cisco Webex Meetings Suite, a platform that offers its customers to organize online meetings and seminars anytime anywhere, has revealed a security vulnerability that allows an unauthorized attacker to enter…
Kali Linux 2020.1 Release – Penetration Testing and Ethical Hacking Linux Distribution
We are incredibly excited to announce the first release of 2020, Kali Linux 2020.1.2020.1 includes some exciting new updates:Non-Root by defaultKali single installer imageKali NetHunter RootlessImprovements to theme & kali-undercoverNew…
PythonAESObfuscate – Obfuscates A Python Script And The Accompanying Shellcode
Pythonic way to load shellcode. Builds an EXE for you too!UsagePlace a payload.bin raw shellcode file in the same directory. Default Architecture is x86run python obfuscate.pyDefault output is out.pyRequirementsWindowsPython 2.7PyinstallerPyCrypto…
ApplicationInspector – A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question ‘What’S In It’ Using Static Analysis With A Json Based Rules Engine
Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the…
An update on trade
In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China, US-Mexico-Canada (USMCA), and US-Japan. This summary focuses on technology and…
Security Analysis of Devices That Support SCPI and VISA Protocols
By Philippe Lin, Roel Reyes, Shin Li, and Gloria Chen (Trend Micro Research) When a legacy protocol is connected via Ethernet, and subsequently to the internet, security issues arise. Standard…
Tampa Bay Times hit by Ryuk, new variant of stealer aimed at gov’t, finance
On the heels of a Ryuk ransomware attack on the Tampa Bay Times, researchers reported a new variant of the Ryuk stealer being aimed at government, financial and law enforcement…
Three Magecart operatives arrested in Indonesia
Several members of a group allegedly behind hundreds of Magecart-style attacks were arrested last month in Indonesia as the result of an international law enforcement operation. Interpol’s ASEAN Cyber Capability…
A week in security (January 20 – 26)
Last week on Malwarebytes Labs, we reported on a Ryuk ransomware attack on The Tampa Bay Times, a newspaper in Florida; unmasked an elaborate browser locking scheme behind the more…
Understand how SIM Swapping can easily be used to hack your accounts!
We've all heard about sim swapping, SIM splitting, simjacking or sim hijacking- the recent trend with cybercriminals and now a study by Princeton University prooves the vulnerability of wireless carriers…
Researchers And Army Join Hands to Protect the Military’s AI Systems
As an initiative to provide protection to the military's artificial intelligence systems from cyber-attacks, researchers from Delhi University and the Army have joined hands, as per a recent Army news…
Malware Attack! Oregon County’s Network Smashed By a Ransomware?
Per local news and reports, allegedly, a cyber-attack shook the Tillamook County of Oregon, USA when it rendered the local government’s services ineffective. Apparently owing it to the cyber-attack, the…
CredNinja – A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter
This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations (including some additions below),…
Mimir – Smart OSINT Collection Of Common IOC Types
Smart OSINT collection of common IOC types.OverviewThis application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP…
How to Analyze Your Log Data Using the Log Search API in InsightIDR
InsightIDR’s Log Search interface allows you to easily query and visualize your log data from within the product, but sometimes you may want to query your log data from outside…
Alexander Baranov says Russia has nothing to do with the cyberattack on the friendly Austrian Foreign Ministry
The hacker attack that the Austrian Ministry of Foreign Affairs underwent prompted European countries to take active measures to defend against such attacks. At the same time, the EU accuses…
U.N Officials not using WhatsApp over Security Reasons
"The United Nations officials are not using WhatsApp for purposes of communication as it is unsafe and vulnerable to hacking," said a UN spokesperson last Thursday. The statement came out…