Security Affairs newsletter Round 364 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
hacking
US DoS offers a reward of up to $15M for info on Conti ransomware gang
The US Government offers up to $15 million for information that helps identify and locate leadership and co-conspirators of the...
Zi – A Swiss Army Knife for Zsh – Unix Shell
A Swiss Army Knife for Zsh - Unix Shell.RoadmapSee the open issues for a list of proposed features (and known...
Raspberry Robin spreads via removable USB devices
Researchers discovered a new Windows malware, dubbed Raspberry Robin, with worm-like capabilities that spreads via removable USB devices. Cybersecurity researchers...
Malware campaign hides a shellcode into Windows event logs
Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event...
GoSH – Golang Reverse/Bind Shell Generator
Golang reverse/bind shell generator. Description This tool generates a Go binary that launches a shell of the desired type on...
US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT
The U.S. Department of Treasury sanctioned cryptocurrency mixer Blender.io used by North Korea-linked Lazarus APT. The U.S. Department of Treasury...
Email-Prediction-Asterisks – Script That Allows You To Identify The Emails Hidden Behind Asterisks
Email prediction asterisks is a script that allows you to identify the emails hidden behind asterisks. It is a perfect...
How the thriving fraud industry within Facebook attacks independent media
Experts investigate how stolen Facebook accounts are used as part of a well-established fraud industry inside Facebook. No eyebrows were raised...
QNAP fixes multiple flaws, including a QVR RCE vulnerability
QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP has addressed multiple...
Anonymous and Ukraine IT Army continue to target Russian entities
The Anonymous collective and the volunteer group Ukraine IT Army continues to launch cyber attacks on Russian entities. The Anonymous...
NetDooka framework distributed via a pay-per-install (PPI) malware service
Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. Trend Micro...
PEzor-Docker – With The Help Of This Docker Image, You Can Easily Access PEzor On Your System!
With the help of this References https://hub.docker.com/r/4d0niis/pezor_included_kali https://github.com/phra/PEzor https://hub.docker.com/r/kalilinux/kali-rolling Download PEzor-Docker If you like the site, please consider joining the...
Vulnerable Docker Installations Are A Playhouse for Malware Attacks
Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has...
Ukraine IT Army hit EGAIS portal impacting Russia’s alcohol distribution
Ukraine IT Army launched massive DDoS attacks on the EGAIS portal that has a crucial role in Russia’s alcohol distribution....
Malicious-Pdf – Generate A Bunch Of Malicious Pdf Files With Phone-Home Functionality
Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Used for penetration...
Google addresses actively exploited Android flaw in the kernel
Google released the May security bulletin for Android, 2022-05-05 security patch level, which fixed an actively exploited Linux kernel flaw....
Cisco addresses three bugs in Enterprise NFVIS Software
Cisco addresses three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could allow the compromise of the hosts. Cisco...
A couple of 10-Year-Old flaws affect Avast and AVG antivirus
Researcher discovered a couple of high-severity security flaws that affect a driver used by Avast and AVG antivirus solutions. SentinelOne...
Graphql-Threat-Matrix – GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations
Why graphql-threat-matrix? graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple...
F5 warns its customers of tens of flaws in its products
Cybersecurity provider F5 released security patches to address tens of vulnerabilities affecting its products. Security and application delivery solutions provider...
China-linked Winnti APT steals intellectual property from companies worldwide
A sophisticated cyberespionage campaign, dubbed Operation CuckooBees, conducted by the China-linked Winnti group remained undetected since at least 2019. Researchers...
Cliam – Multi Cloud IAM Permissions Enumeration Tool
Multi cloud iam permissions enumeration tool. Currently covers: AWS GCP Azure Oracle Description Cliam is a simple cloud permissions identifier....
Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites
Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites. Pro-Ukraine hackers, likely linked...
