Borat RAT, a new RAT that performs ransomware and DDoS attacks
Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from...
hacking
Experts discovered 15-Year-Old vulnerabilities in the PEAR PHP repository
SonarSource discovered a 15-year-old flaw in the PEAR PHP repository that could have enabled supply chain attacks. Researchers from SonarSource...
Empire 4.5
It has been another exciting week for the team. First we are just a week away for our inaugural course...
Phantun – Transforms UDP Stream Into (Fake) TCP Streams That Can Go Through Layer 3 &Amp; Layer 4 (NAPT) firewalls/NATs
Phantun is a project that obfuscated UDP packets into TCP connections. It aims to achieve maximum performance with minimum processing...
China-linked APT Deep Panda employs new Fire Chili Windows rootkit
The China-linked hacking group Deep Panda is targeting VMware Horizon servers with the Log4Shell exploit to install a new Fire...
CobaltBus – Cobalt Strike External C2 Integration With Azure Servicebus, C2 Traffic Via Azure Servicebus
Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus Setup Create an Azure Service Bus Create...
Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective....
Security Affairs newsletter Round 359 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church
Anonymous claims to have hacked the Russian Orthodox Church ‘s charitable wing and leaked 15 GB of alleged stolen data....
Odin – Central IoC Scanner Based On Loki
Odin is a central IoC Collecting Parsing Download Odin If you like the site, please consider joining the telegram channel...
UK Police charges two teenagers for their alleged role in the Lapsus$ extortion group
The City of London Police charged two of the seven teenagers who were arrested for their alleged role in the...
Beastmode Mirai botnet now includes exploits for Totolink routers
Operators behind the Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) added exploits for Totolink routers. The Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka...
Ukraine intelligence leaks names of 620 alleged Russian FSB agents
The Ukrainian Defense Ministry’s Directorate of Intelligence leaked personal data belonging to 620 alleged Russian FSB agents. The Ukrainian Defense...
Subdomains.Sh – A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain. This Script Is Written With The Aim To Automate The Workflow
subdomains.sh wrapper around tools I use for subdomain enumeration, to automate the workflow, on a given domain. Usage To display...
Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts
GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over...
Trend Micro fixed high severity flaw in Apex Central product management console
Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management...
Auto-Elevate – Escalate From A Low-Integrity Administrator Account To NT AUTHORITYSYSTEM Without An LPE Exploit By Combining A COM UAC Bypass And Token Impersonation
This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates...
Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked
Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues...
AcidRain, a wiper that crippled routers and modems in Europe
Researchers spotted a new destructive wiper, tracked as AcidRain, that is likely linked to the recent attack against Viasat. Security...
Slyther – AWS Security Tool
Slyther is AWS Security tool to check read/write/delete access for S3 buckets Requirements aws-cli Installation pip3 install -r requirements.txt Usage...
Zyxel fixes a critical bug in its business firewall and VPN devices
Zyxel issued security updates for a critical vulnerability that affects some of its business firewall and VPN devices. Networking equipment...
CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to...
Flaws in Wyze cam devices allow their complete takeover
Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds....
Apple issues emergency patches to fix actively exploited zero-days
Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs. Apple has released...
