GitHub paid out over $500K through its bug bounty program for 203 flaws in 2020
Code repository hosting service GitHub announced that it has paid out more than $1.5 million through its bug bounty program since...
hacking
AWS Pen-Testing Laboratory – Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet
PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard...
Heappy – A Happy Heap Editor To Support Your Exploitation Process
Heappy is an editor based on gdb/gef that helps you to handle the heap during your exploitation development. The project...
Microsoft investigates threat actor distributing malicious Netfilter Driver
Microsoft is investigating an strange attack, threat actor used a driver signed by the company, the Netfilter Driver, to implant...
The builder for Babuk Locker ransomware was leaked online
The builder for the Babuk Locker ransomware was leaked online, threat actors can use it to create their own ransomware...
Six typosquatting packages in PyPI repository laced with crypto miner
Researchers discovered six rogue packages in the official Python programming language’s PyPI repository containg cryptocurrency mining malware. Experts from security firm Sonatype have...
Mythic – A Collaborative, Multi-Platform, Red Teaming Framework
A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide...
HoneyCreds – Network Credential Injection To Detect Responder And Other Network Poisoners
HoneyCreds network credential injection to detect responder and other network poisoners. RequirementsRequires Python 3.6+ (tested on Python 3.9)smbprotocolcffisplunk-sdk Installationgit clone https://github.com/Ben0xA/HoneyCreds.gitcd...
Crackonosh Monero miner made $2M after infecting 222,000 Win systems
Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. Researchers from Avast...
Security Affairs newsletter Round 320
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Hackers target Cisco ASA devices after a PoC exploit code was published online
Experts warn of attacks against Cisco ASA devices after researchers have published a PoC exploit code on Twitter for a...
Mercedes-Benz data breach impacted roughly 1000 individuals
Mercedes-Benz USA disclosed a data breach that impacted 1.6 million customers, exposed data includes financial data and social security numbers...
SharpHook – Tool Tath Uses Various API Hooks In Order To Give Us The Desired Credentials
SharpHook is inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials....
CamRaptor – Tool That Exploits Several Vulnerabilities In Popular DVR Cameras To Obtain Network Camera Credentials
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain network camera credentials. FeaturesExploits vulnerabilities in...
Microsoft: Russia-linked SolarWinds hackers breached three new entities
Microsoft discovered that Russia-linked SolarWinds hackers, tracked as Nobelium, have breached the network of three new organizations. Microsoft revealed on...
New ransomware group Hive leaks Altus group sample files
On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang...
Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable
CyberNews researchers analyzed the recently discovered Epsilon Red operations and found that more than 3.5K servers are still vulnerable Several...
Marketo Marketplace – Cybercriminals are targeting major law firms
Cybercriminals published for sale in Dark Web 58GB of data stolen from Hollingsworth LLP. One of the emerging underground marketplaces...
Hackers exploit 3-years old flaw to wipe Western Digital devices
Threat actors are wiping many Western Digital (WD) My Book Live and My Book Live Duo NAS devices likely exploiting...
BlobHunter – Find Exposed Data In Azure With This Public Blob Scanner
An opensource tool for scanning Azure blob storage accounts for publicly opened blobs. BlobHunter is a part of "Hunting Azure...
RomBuster – A Router Exploitation Tool That Allows To Disclosure Network Router Admin Password
RomBuster is a router exploitation tool that allows to disclosure network router admin password. FeaturesExploits vulnerabilities in most popular routers...
Flaws in FortiWeb WAF expose Fortinet devices to remote hack
Fortinet has recently fixed a high-severity vulnerability affecting its FortiWeb web application firewall (WAF) that can be exploited by remote...
Clop gang members recently arrested laundered over $500M in payments
The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors. The members of...
Flaws in Dell BIOSConnect feature affect 128 device models
Flaws affecting the BIOSConnect feature of Dell Client BIOS could be exploited by a privileged attacker to execute arbitrary code...
