Hackers are targeting Soliton FileZen file-sharing servers
Threat actors are exploiting two flaws in the popular file-sharing server FileZen to steal sensitive data from businesses and government...
hacking
Security Affairs newsletter Round 311
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely
10,000+ unpatched ABUS Secvest home alarm systems could be remotely disabled exposing customers to intrusions and thefts. Researchers from Eye Security have...
The cybersecurity researcher Dan Kaminsky has died
The cybersecurity community has lost its star, the popular hacker Dan Kaminsky has passed away. The popular cyber security researcher...
ToxicEye RAT exploits Telegram communications to steal data from victims
ToxicEye is a new Remote Access Trojan (RAT) that exploits the Telegram service as part of it command and control...
OverRide – Binary Exploitation And Reverse-Engineering (From Assembly Into C)
Explore disassembly, binary exploitation & reverse-engineering through 10 little challenges. In the folder for each level you will find: flag...
SlackPirate – Slack Enumeration And Extraction Tool – Extract Sensitive Information From A Slack Workspace
This is a tool developed in Python which uses the native Slack APIs to extract 'interesting' information from a Slack...
A new Linux Botnet abuses IaC Tools to spread and other emerging techniques
A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques....
Empire Dropbox C2 Listener
One of the lesser-known features in Empire is the ability to use alternative Command and Control (C2) methods. Specifically, we...
IPCDump – Tool For Tracing Interprocess Communication (IPC) On Linux
Announcement post ipcdump is a tool for tracing interprocess communication (IPC) on Linux. It covers most of the common IPC...
CrossLinked – LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping
CrossLinked is a LinkedIn enumeration tool that uses search engine scraping to collect valid employee names from a target organization....
New Qlocker ransomware infected hundreds of QNAP NAS devices in a few days
A new ransomware strain dubbed Qlocker is infecting hundreds of QNAP NAS devices every day and demanding a $550 ransom...
Evil Maid Attack – Vacuum Hack
Evil Maid Attack – Weaponizing an harmless vacuum cleaner hiding within it a small Rogue Device such as a Raspberry...
Darkside Ransomware gang aims at influencing the stock price of their victims
The Darkside ransomware gang is enhancing its extortion tactics to interfere with the valuation of stocks of companies that are...
Vulnerablecode – A Free And Open Vulnerabilities Database And The Packages They Impact And The Tools To Aggregate And Correlate These Vulnerabilities
VulnerableCode is a free and open database of FOSS software package vulnerabilities and the tools to create and keep the...
Kubesploit – A Cross-Platform Post-Exploitation HTTP/2 Command And Control Server And Agent Written In Golang
BuildTo build this project, run the make command from the root folder. Quick BuildTo run quick build for Linux, you...
Privacy and security in the software designing
The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information...
Cellebrite ‘s forensics tool affected by arbitrary code execution issue
Cellebrite mobile forensics tool Ufed contains multiple flaws that allow arbitrary code execution on the device, SIGNAL creator warns. Moxie...
Pareto Botnet, million infected Android devices conduct fraud in the CTV ad ecosystem
Researchers from Human Security have uncovered a huge botnet of Android devices being used to conduct fraud in the connected...
Trend Micro flaw actively exploited in the wild
Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions...
Million-dollar deposits and friends in high places: how we applied for a job with a ransomware gang
During an undercover interview, a CyberNews researcher tricked ransomware operators affiliated with Ragnar Locker into revealing their ransom payout structure,...
WhatsApp Pink malware spreads via group chat messages
A WhatsApp malware dubbed WhatsApp Pink is able to automatically reply to victims’ Signal, Telegram, Viber, and Skype messages. A WhatsApp...
Dnspeep – Spy On The DNS Queries Your Computer Is Making
dnspeep lets you spy on the DNS queries your computer is making. Here's some example output: $ sudo dnspeepquery name...
Overlord – Overlord – Red Teaming Infrastructure Automation
Overlord provides a python-based console CLI which is used to build Red Teaming infrastructure in an automated way. The user...
