Critical Magento zero-day flaw CVE-2022-24086 actively exploited
Adobe addressed a critical vulnerability (CVE-2022-24086) impacting Magento Open Source products that is being actively exploited in the wild. Adobe...
hacking
Alleged ransomware attack disrupted operations at Slovenia’s Pop TV station
Last week, a cyberattack hit Pop TV, Slovenia’s most popular TV channel, disrupting the operations. Last week, a cyber-attack has...
Exrop – Automatic ROP Chain Generation
Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints Requirements :...
Organizations paid at least $602 million to ransomware gangs in 2021
Organizations have paid more than $600 million in cryptocurrency during 2021, nearly one-third to the Conti ransomware gang. Last week,...
San Francisco 49ers NFL team discloses BlackByte ransomware attack
A ransomware attack hit the corporate IT network of the San Francisco 49ers NFL team, The Record reported. The San...
Get-RBCD-Threaded – Tool To Discover Resource-Based Constrained Delegation Attack Paths In Active Directory Environments
Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments Based almost entirely on wonderful blog posts "Wagging...
Analyzing Phishing attacks that use malicious PDFs
Cybersecurity researchers Zoziel Pinto Freire analyzed the use of weaponized PDFs in phishing attacks Every day everybody receives many phishing...
Security Affairs newsletter Round 353
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Weaponizing WebDAV for Offensive Security
Today, we will talk about combining two fascinating Tactics, Techniques, and Procedures (TTPs) together for deploying Command and Control (C2):...
Organizations are addressing zero-day vulnerabilities more quickly, says Google
Organizations are addressing zero-day vulnerabilities more quickly, compared to last year, Google’s Project Zero reported. According to Google’s Project Zero...
truffleHog – Searches Through Git Repositories For High Entropy Strings And Secrets, Digging Deep Into Commit History
Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally...
CISA, FBI, NSA warn of the increased globalized threat of ransomware
CISA, FBI and NSA published a joint advisory warning of ransomware attacks targeting critical infrastructure organizations. Cybersecurity agencies from the...
Croatian phone carrier A1 Hrvatska discloses data breach
Croatian phone carrier A1 Hrvatska has disclosed a data breach that has impacted roughly 200,000 customers. Croatian phone carrier A1...
Cloudsploit – Cloud Security Posture Management (CSPM)
Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$ npm install$ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$...
FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors
FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. FritzFrog...
CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog
The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The...
Dive – A Tool For Exploring Each Layer In A Docker Image
A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image....
Apple addressed a third zero-day in 2022, which is actively exploited
Apple addressed a new WebKit zero-day affecting iOS, iPadOS, macOS, and Safari that may have been actively exploited in the wild. Apple...
TerraGoat – Vulnerable Terraform Infrastructure
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration...
Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts
Spanish National Police arrested eight alleged members of a crime ring specialized in SIM swapping attacks. Spanish National Police has...
Php-Malware-Finder – Detect Potentially Malicious PHP Files
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells....
Threat actors compromised +500 Magento-based e-stores with e-skimmers
Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity...
Attackers Increasingly Adopting Regsvr32 Utility Execution Via Office Documents
The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe heavily via various types of Microsoft...
How Does An IPv6 Proxy Work & How Enterprises Can Get Benefit?
IPv6 became imperative after developers discovered that IPv4 had a finite number and addresses. How does an IPv6 Proxy work?...
