SEC warns of investment scams related to Hurricane Ida
The US Securities and Exchange Commission warns investors of potential investment scams that leverages Hurricane Ida as a bait. The US Securities and...
hacking
Bugs-feed – A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities…
Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities... It's implemented...
Zuthaka – An Open Source Application Designed To Assist Red-Teaming Efforts, By Simplifying The Task Of Managing Different APTs And Other Post-Exploitation Tools
A collaborative free open-source Command & Control integration framework that allows developers to concentrate on the core function and goal...
Apple will delay the rollout of new child pornography protection tools
Apple will delay the introduction of its new child pornography protection tools due to a heated debate raised by privacy...
FIN7 group leverages Windows 11 Alpha-Themed docs to drop Javascript payloads
FIN7 cybercrime gang used weaponized Windows 11 Alpha-themed Word documents to drop malicious payloads, including a JavaScript backdoor. Anomali Threat...
Source code for the Babuk is available on a hacking forum
The complete source code for the Babuk ransomware is available for sale on a Russian-speaking hacking forum. A threat actor...
USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw
USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the...
Conti ransomware gang targets Microsoft Exchange servers with ProxyShell exploits
The Conti ransomware operators are targeting Microsoft Exchange servers leveraging recently disclosed ProxyShell vulnerability exploits. The Conti ransomware gang is...
CobaltStrikeParser – Python parser for CobaltStrike Beacon’s configuration
Python parser for CobaltStrike Beacon's configuration DescriptionUse parse_beacon_config.py for stageless beacons, memory dumps or C2 urls with metasploit compatibility mode...
MobileAudit – SAST and Malware Analysis for Android Mobile APKs
Django Web application for performing Static Analysis and detecting malware in Android APKsIn each of the scans, it would have...
PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection
Mandiant researchers spotted a new malware family, dubbed PRIVATELOG, that relies on the Common Log File System (CLFS) to evade...
FBI warns of ransomware attacks targeting the food and agriculture sector
FBI warns ransomware gangs are actively targeting organizations in the food and agriculture sector. The FBI Cyber Division issued a...
Attacks against SolarWinds Serv-U SW were possible due to the lack of ASLR mitigation
SolarWinds did not enable anti-exploit mitigation available since 2006 allowing threat actors to target SolarWinds Serv-U FTP software in July...
WhatsApp CVE-2020-1910 bug could have led to user data exposure
The now-fixed CVE-2020-1910 vulnerability in WhatApp ‘s image filter feature could have exposed user data to remote attackers. A high-severity...
New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices
Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash...
Community Contributors Program
Now that Defcon and Blackhat are checked off for the year, we can get back to real work the fun...
KnockOutlook – A Little Tool To Play With Outlook
"The best feeling is to win by knockout." - Nonito Donaire OverviewKnockOutlook is a C# project that interacts with Outlook's...
Assless-Chaps – Crack MSCHAPv2 Challenge/Responses Quickly Using A Database Of NT Hashes
Crack MSCHAPv2/NTLMv1 challenge/responses quickly using a database of NT hashes IntroductionAssless CHAPs is an efficient way to recover the NT...
Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE
Threat actors are actively exploiting a recently patched vulnerability in Atlassian’s Confluence enterprise collaboration product. Threat actors were spotted exploiting...
Cyber Defense Magazine – September 2021 has arrived. Enjoy it!
Cyber Defense Magazine September 2021 Edition has arrived. We hope you enjoy this month’s edition…packed with 161 pages of excellent...
Cisco fixes a critical flaw in Enterprise NFVIS for which PoC exploit exists
Cisco released patches for a critical authentication bypass issue in Enterprise NFV Infrastructure Software (NFVIS) for which PoC exploit code...
Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93
Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty...
Mozi infections will slightly decrease but it will stay alive for some time to come
The Mozi botnet continues to spread despite the arrest of its alleged author and experts believe that it will run...
QNAP will patche OpenSSL flaws in its NAS devices
Network-attached storage (NAS) appliance maker QNAP is working on security patches for its products affected by recently fixed OpenSSL flaws. Taiwanese...
