Raindrop, a fourth malware employed in SolarWinds attacks
The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts
Read more
hacking
Kali and BC Security Partnership
Background In November, Kali announced a new program for supporting tool developers, which kicked off with sponsoring Byt3Bl33d3r. We are
Read more
Git-Wild-Hunt – A Tool To Hunt For Credentials In Github Wild AKA Git*Hunt
A tool to hunt for credentials in the GitHub wild AKA git*hunt Getting started Install the tool Configure your GitHub
Read more
HosTaGe – Low Interaction Mobile Honeypot
HosTaGe is a lightweight, low-interaction, portable, and generic honeypot for mobile devices that aims on the detection of malicious, wireless
Read more
InsightIDR: 2020 Highlights and What’s Ahead in 2021
LEQL Multi-groupby in InsightIDR For a look at the most up-to-date list of Log Search capabilities, check out our help
Read more
FreakOut botnet target 3 recent flaws to compromise Linux devices
Security researchers uncovered a series of attacks conducted by the FreakOut botnet that leveraged recently discovered vulnerabilities. Security researchers from
Read more
Vishing attacks conducted to steal corporate accounts, FBI warns
The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. The
Read more
OpenWRT forum hacked, intruders stole user data
The OpenWRT forum, the community behind the open-source project for embedded operating systems based on Linux, disclosed a data breach.
Read more
500K+ records of C-level people from Capital Economics leaked online
Experts from Cyble recently found a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum. During a routine Darkweb monitoring, researchers
Read more
BigBountyRecon – This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial
Read more
Token-Hunter – Collect OSINT For GitLab Groups And Members And Search The Group And Group Members’ Snippets, Issues, And Issue Discussions For Sensitive Data That May Be Included In These Assets
Collect OSINT for GitLab groups and members and search the group and group members’ snippets, issues, and issue discussions for
Read more
Apple paid a $50,000 bounty to two bug bounty hunters for hacking its hosts
A duo of white hat hackers claims to have earned $50,000 from Apple for reporting serious flaws that allowed them
Read more
Rob Joyce is the new NSA Cyber Director
The U.S. National Security Agency has appointed Rob Joyce as the agency’s new director of cybersecurity, who has long experience
Read more
German laptop retailer fined €10.4m under GDPR for video-monitoring employees
German data regulator LfD announced a €10.4M fine under GDPR against the online laptop and electronic goods retailer NBB for
Read more
President Biden’s Peloton exercise equipment under scrutiny
President Joe Biden can’t bring his Peloton exercise equipment to the White House due to security reasons. According to a
Read more
EMA said that hackers manipulated stolen documents before leaking them
The European Medicines Agency (EMA) revealed Friday that COVID-19 vaccine documents stolen from its servers have been manipulated before the
Read more
ImHex – A Hex Editor For Reverse Engineers, Programmers And People That Value Their Eye Sight When Working At 3 AM.
A Hex Editor for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM. Features
Read more
MyJWT – A Cli For Cracking, Testing Vulnerabilities On Json Web Token (JWT)
This cli is for pentesters, CTF players, or dev. You can modify your jwt, sign, inject ,etc… Check Documentation for
Read more
Critical flaws in Orbit Fox WordPress plugin allows site takeover
Two vulnerabilities in the Orbit Fox WordPress plugin, a privilege-escalation issue and a stored XSS bug, can allow site takeover.
Read more
Security Affairs newsletter Round 297
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for
Read more
Two kids found a screensaver bypass in Linux Mint
The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass
Read more
SysWhispers2 – AV/EDR Evasion Via Direct System Calls
SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls. All core syscalls are
Read more
ByteDance-HIDS – A Cloud-Native Host-Based Intrusion Detection Solution Project To Provide Next-Generation Threat Detection And Behavior Audition With Modern Architecture
ByteDance-HIDS is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
Read more
Siemens fixed tens of flaws in Siemens Digital Industries Software products
Siemens has addressed tens of vulnerabilities in Siemens Digital Industries Software products that can allow arbitrary code execution. Siemens has
Read more