Multiple flaws in Fortinet FortiWeb WAF could allow corporate networks to hack
An expert found multiple serious vulnerabilities in Fortinet’s FortiWeb web application firewall (WAF) that could expose corporate networks to hack....
hacking
US Govt kicked off ‘Hack the Army 3.0’ bug bounty program
The U.S. government is going to launch the ‘Hack the Army 3.0’ bug bounty program in collaboration with the HackerOne...
SolarWinds hackers had access to roughly 3% of US DOJ O365 mailboxes
The US DoJ revealed that threat actors behind the SolarWinds attack have gained access to roughly 3% of the department’s...
WhatsApp will share your data with Facebook and its companies
WhatsApp is notifying users that starting February 8, 2021, they will be obliged to share their data with Facebook, leaving...
Google fixed a critical Remote Code Execution flaw in Android
Google released an Android security update that addressed tens of flaws, including a critical Android remote code execution vulnerability. Google...
Hack-Tools v0.3.0 – The All-In-One Red Team Extension For Web Pentester
The all-in-one Red Team browser extension for Web PentestersHackTools, is a web extension facilitating your web application penetration tests, it...
What’s New in InsightVM: Q4 2020 in Review
Improvements made to the Goals and SLAs wizardWe’re excited to announce that creating a goal or SLA in InsightVM just...
Fake Trump sex video used to spread QNode RAT
Researchers uncovered a malspam campaign that spreads the QNode remote access Trojan (RAT) using fake Trump’s sex scandal video as...
Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack
Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor...
FBI, CISA, ODNI and NSA blames Russia for SolarWinds hack
A joint statement issued by US security agencies confirmed that Russia was likely the origin of the SolarWinds supply chain...
New ElectroRAT employed in a wide-ranging operation targeting cryptocurrency users
Researchers uncovered a large scale operation targeting cryptocurrency users with a previously undetected multiplatform RAT named ElectroRAT. Security researchers from...
MaskPhish – Give A Mask To Phishing URL
MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com).Legal Disclaimer:Usage of MaskPhish for...
Drow – Injects Code Into ELF Executables Post-Build
drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables (post-build). It...
NICER Protocol Deep Dive: Internet Exposure of DNS
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
Healthcare organizations faced a 45% increase in attacks since November
According to a new report published by Check Point, organizations in the healthcare industry have faced a 45% increase in...
Over 500,000 credentials for tens of gaming firm available in the Dark Web
The gaming industry under attack, Over 500,000 credentials for the top two dozen leading gaming firms, including Ubisoft, leaked on...
How to bypass the Google Audio reCAPTCHA with a new version of unCaptcha2 attack
A German security researcher demonstrated how to break, once again, the Google Audio reCAPTCHA with Google’s own Speech to Text...
Apex Laboratory disclose data breach after a ransomware attack
At-home laboratory services provider Apex Laboratory discloses a ransomware attack and consequent data breach. Apex Laboratory, Inc. is a clinical...
EvtMute – Apply A Filter To The Events Being Reported By Windows Event Logging
This is a tool that allows you to offensively use YARA to apply a filter to the events being reported...
XSS-Scanner – XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts
Cross-Site Scripting (XSS) is one of the most well known web application vulnerabilities. It even has a dedicated chapter in...
Shifting Security Right: How Cloud-Based SecOps Can Speed Processes While Maintaining Integrity
When it comes to offloading security controls to the cloud, it may seem counterintuitive to the notion of “securing” things....
British Court rejects the US’s request to extradite Julian Assange
A British court has rejected the request of the US government to extradite Wikileaks founder Julian Assange to the country....
New alleged MuddyWater attack downloads a PowerShell script from GitHub
Security expert spotted a new piece of malware that leverages weaponized Word documents to download a PowerShell script from GitHub. Security...
MOSINT – OSINT Tool For Emails
MOSINT is an OSINT Tool for emails. It helps you gather information about the target email. Features:Verification Service { Check...
