SonicWall strongly urges customers to apply patches to SMA 100 devices
SonicWall strongly urges customers using SMA 100 series appliances to install security patches that address multiple security flaws, some of...
hacking
CS Energy foiled a ransomware attack
A cyberattack hit CS Energy in Australia on Saturday, November 27, experts believe the attack was orchestrated by Chinese hackers....
Fileless-Xec – Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk
Certainly useful , mainly for fun, rougly inspired by 0x00 article Pentest use: fileless-xec is used on target machine to...
Emotet directly drops Cobalt Strike beacons without intermediate Trojans
The Emotet malware continues to evolve, in the latest attacks, it directly installs Cobalt Strike beacons to give the attackers...
KaliIntelligenceSuite – Shall Aid In The Fast, Autonomous, Central, And Comprehensive Collection Of Intelligence By Executing Standard Penetration Testing Tools
Kali Intelligence Suite (KIS) shall aid in the fast, autonomous, central, and comprehensive collection of intelligence by automatically: executing...
Google disrupts the Glupteba botnet
Google announced to have disrupted the Glupteba botnet, a huge infrastructure composed of more than 1 million Windows PCs worldwide....
Bitcoin Miner [oom_reaper] targets QNAP NAS devices
Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers...
Swurg – Parse OpenAPI Documents Into Burp Suite For Automating OpenAPI-based APIs Security Assessments
Swurg is a Burp Suite extension designed for OpenAPI testing. The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface...
Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group
Microsoft seized dozens of malicious domains used by the China-linked APT15 group to target organizations worldwide. Microsoft announced to have obtained...
Nobelium continues to target organizations worldwide with custom malware
Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. Mandiant researchers have...
Nobelium APT targets French orgs, French ANSSI agency warns
The French cyber-security agency ANSSI said that the Russia-linked Nobelium APT group has been targeting French organizations since February 2021....
STEWS – A Security Tool For Enumerating WebSockets
STEWS is a tool suite for security testing of WebSockets This research was first presented at OWASP Global AppSec US...
330 SPAR stores close or switch to cash-only payments after a cyberattack
A cyber attack hit the international supermarket franchise SPAR forcing 330 shops in North East England to shut down. A...
DMEA Colorado electric utility hit by a disruptive cyberattack
A ransomware attack hit an electric utility in Colorado causing a significant disruption and damage. The Delta-Montrose Electric Association (DMEA)...
Threat actors stole more than $150 million worth of cryptocurrency tokens from BitMart platform
Threat actors stole more than $150 million in various cryptocurrencies from the cryptocurrency trading platform BitMart. Cryptocurrency trading platform BitMart...
Toutatis – A Tool That Allows You To Extract Information From Instagrams Accounts Such As E-Mails, Phone Numbers And More
Toutatis is a tool that allows you to extract information from instagrams accounts such as e-mails, phone numbers and more...
Hackers are sending receipts with anti-work messages to businesses’ printers
Hackers are targeting printers of businesses around the world to print ‘anti-work’ slogans pushing workers to demand better pay. Multiple...
Magnat malvertising campaigns spreads malicious Chrome extensions, backdoors and info stealers
Experts spotted a series of malvertising campaigns using fake installers of popular apps and games to deliver a backdoor and...
Forbidden – Bypass 4Xx HTTP Response Status Codes
Bypass 4xx HTTP response status codes. Based on PycURL. Script uses multithreading, and is based on brute forcing so might...
Security Affairs newsletter Round 343
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users
Researchers discovered a total of 226 potential security vulnerabilities in nine Wi-Fi popular routers from known manufacturers. Security researchers and...
AirStrike – Automatically Grab And Crack WPA-2 Handshakes With Distributed Client-Server Architecture
Tool that automates cracking of WPA-2 Wi-Fi credentials using client-server architecture Requirements Airstrike uses Hashcat Brain Architecture, aircrack-ng suite, entr...
German BSI agency warns of ransomware attacks over Christmas holidays
German BSI warns of ransomware attacks over the Christmas and end-of-year holidays, fearing Emotet return and attacks on Microsoft Exchange...
IAM Vulnerable – Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary...
