Experts found 23 flaws in UEFI firmware potentially impact millions of devices
Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company...
hacking
Massive social engineering waves have impacted banks in several countries
A massive social engineering campaign targeting banks has been delivered in the last two years in several countries. A massive...
Ipsourcebypass – This Python Script Can Be Used To Bypass IP Source Restrictions Using HTTP Headers
This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON...
British Council exposed 144,000 files containing student details
Personal information belonging to British Council students was exposed online via an unsecured repository. The British Council is a British...
A cyber attack severely impacted the operations of German petrol distributor Oiltanking GmbH
German petrol distributor Oiltanking GmbH was a victim of a cyberattack that has a severe impact on its operations. A...
Iran-linked MuddyWater APT group campaign targets Turkish entities
The Iran-linked MuddyWater APT group is targeting private Turkish organizations and governmental institutions. Researchers from Cisco Talos have uncovered a...
Rathole – A Lightweight, Stable And High-Performance Reverse Proxy For NAT Traversal, Written In Rust. An Alternative To Frp And Ngrok
Development Status rathole is under active development. A load of features is on the way: TLS support UDP support Hot...
RCE in WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites
A critical RCE in the popular WordPress plugin Essential Addons for Elementor impacts hundreds of thousands of websites. Essential Addons...
Samba fixed CVE-2021-44142 remote code execution flaw
Samba fixes a critical flaw, tracked as CVE-2021-44142, that can allow remote attackers to execute code with root privileges. Samba has...
CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog
The US CISA added eight more flaws to its Known Exploited Vulnerabilities Catalog that are known to be used in...
RecoverPy – Interactively Find And Recover Deleted Or Overwritten Files From Your Terminal
You can already find plenty of solutions to recover deleted files, but it can be a hassle to recover overwritten...
Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP
A hacking campaign, tracked as Eternal Silence, is abusing UPnP to compromise routers and use them to carry out malicious...
Hackers stole $80M worth of cryptocurrency from the Qubit DeFi platform
Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract...
DeepDotWeb admin sentenced to 97 months in prison for money laundering scheme
The administrator of the DeepDotWeb (DDW) has received a sentence of 97 months in prison for money laundering. Tal Prihar...
Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone
Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone...
Bluffy – Convert Shellcode Into Different Formats!
Bluffy is a utility which was used in experiments to bypass Anti-Virus products (statically) by formatting shellcode into realistic looking...
Americans lost $770 million from social media fraud in 2021, FTC reports
A report from the US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media...
Hybrid cloud campaign OiVaVoii targets company executives
A new hacking campaign, tracked as ‘OiVaVoii’, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered...
Kerbrute – An Script To Perform Kerberos Bruteforcing By Using Impacket
An script to perform kerberos bruteforcing by using the Impacket library. When is executed, as input it receives a user...
Expert releases PoC for CVE-2022-21882 Windows local privilege elevation issue
A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges...
Security Affairs newsletter Round 351
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Novel device registration trick enhances multi-stage phishing attacks
Microsoft has disclosed details of a large-scale phishing campaign using a novel device registration technique to target other enterprises. Microsoft...
CRT – CrowdStrike Reporting Tool for Azure
This tool queries the following configurations in the Azure AD/O365 tenant which can shed light on hard-to-find permissions and configuration...
QNAP force-installs update against the recent wave of DeadBolt ransomware infections
QNAP forces its customers to update the firmware of their Network Attached Storage (NAS) devices to protect against the DeadBolt...
