HaXmas Hardware Hacking
BinwalkWhen mucking about with firmware (the packaged operating system and applications that makes IoT devices go), Binwalk from Refirm Labs...
hacking
Predicting the Unpredictable: What Will the Cybersecurity Space Look Like in 2021?
Not to start off another blog post about how insane this year has been, but let’s just take a moment...
Top stories of 2020
Below the list of the top stories of 2020. December 21 – SUPERNOVA, a backdoor found while investigating SolarWinds hack...
FBI warns swatting attacks on owners of smart devices
The Federal Bureau Investigation (FBI) is warning owners of smart home devices with voice and video capabilities of ‘swatting’ attacks....
AutoHotkey-Based credential stealer targets bank in the US and Canada
Experts spotted a new credential stealer written in AutoHotkey (AHK) scripting language that is targeting the US and Canadian bank...
Facebook ads used to steal 615000+ credentials in a phishing campaign
Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims’ login credentials. Researchers from security firm...
Expert found a secret backdoor in Zyxel firewall and VPN
Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account....
Oblivion – Data Leak Checker And OSINT Tool
Oblivion is a tool focused in real time monitoring of new data leaks, notifying if the credentials of the user...
RogueWinRM – Windows Local Privilege Escalation From Service Account To System
RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System...
Today Adobe Flash Player reached the end of life (EOL)
Today Adobe Flash Player has reached its end of life (EOL), its vulnerabilities were exploited by multiple threat actors in...
Alleged docs relating to Covid-19 vaccine leaked in darkweb
Experts from threat intelligence firm Cyble have found documents relating to Covid-19 vaccine of European Medicines Agency in the Darkweb...
SolarWinds hackers gained access to Microsoft source code
The threat actors behind the SolarWinds supply chain attack could have had access to the source code of several Microsoft...
Threat actor is selling 368.8 million records from 26 data breaches
A data breach broker is selling user records allegedly from twenty-six data breaches on a hacker forum. Security experts from...
New Golang-based Crypto worm infects Windows and Linux servers
Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered...
Emotet campaign hits Lithuania’s National Public Health Center and several state institutions
An Emotet campaign hit Lithuania, the malware has infected systems at the National Center for Public Health (NVSC) and several...
T-Mobile data breach: CPNI (Customer Proprietary Network Information) exposed
T-Mobile has disclosed a data breach that exposed customers’ network information (CPNI), including phone numbers and calls records. T-Mobile has...
CISA demands US govt agencies to update SolarWinds Orion software
US Cybersecurity and Infrastructure Security Agency (CISA) urges US federal agencies to update the SolarWinds Orion software by the end...
Metasploit 2020 Wrap-Up
2020 was certainly an interesting year. There were quite a few newsworthy events and some fantastic exploit content released. Let’s...
Google Docs bug could have allowed hackers to hijack screenshots
Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view...
US Treasury warns of ransomware attacks on COVID-19 vaccine research
The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns of ransomware attacks on COVID-19 vaccine research organizations. The US...
SolarWinds hackers aimed at access to victims’ cloud assets
Microsoft says that SolarWinds hackers aimed at compromising the victims’ cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst). The...
Japanese Kawasaki Heavy Industries discloses security breach
Japanese giant Kawasaki Heavy Industries discovered unauthorized access to a Japanese company server from multiple overseas offices. Kawasaki Heavy Industries...
CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365
Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments. The Cybersecurity...
Threat actor is selling a dump allegedly including 2,5M customers of service provider Ho Mobile
Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile....
