The August cyber attacks targeted a dozen Russian banks
Up to 15 Russian financial organizations were subjected to a large-scale cyberattack in August and September of this year. The
Read more
OSINT
Exchange/Outlook Autodiscover Bug Exposed $100K Email Passwords
Guardicore Security Researcher, Amit Serper identified a critical vulnerability in Microsoft’s autodiscover- the protocol, which permits for the automatic
Read more
SonicWall Patches Critical Flaw in SMA 100 Products
SonicWall has released a security advisory to warn users regarding a critical flaw impacting some of its Secure Mobile
Read more
Hackers Discover Technique to Make Malware Undetectable on Windows
Investigators within the cybersecurity industry have revealed a unique approach used by a threat actor to purposefully avoid detection
Read more
Drinik Malware is Fooling Users to Give in their Mobile Banking Details
There’s a new malware, and it’s wreaking havoc on Android users. Drinik is a malware that steals vital data
Read more
JadedWraith – Light-weight UNIX Backdoor
Lightweight UNIX backdoor for ethical hacking. Useful for red team engagements and CTFs. Something I wrote a few years ago
Read more
DongTai – An Interactive Application Security testing(IAST) Product That Supports The Detection Of OWASP WEB TOP 10 Vulnerabilities, Multi-Request Related Vulnerabilities (Including Logic Vulnerabilities, Unauthorized Access Vulnerabilities, Etc.), Third-Party Component Vulnerabilities, Etc.
中文版本(Chinese version) About DongTai IAST DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks
Read more
Port of Houston was hit by an alleged state-sponsored attack
Last month, the Port of Houston, one of the major US ports, was hit by a cyber attack allegedly orchestrated
Read more
JSC GREC Makeyev and other Russian entities under attack
A cyberespionage campaign hit multiple Russian organizations, including JSC GREC Makeyev, a major defense contractor, exploiting a recently disclosed zero-day.
Read more
Security Affairs newsletter Round 333
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free
Read more
Google TAG spotted actors using new code signing tricks to evade detection
Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers
Read more
GSS, one of the major European call center providers, suffered a ransomware attack
The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its
Read more
Ajarn – 266,399 breached accounts
In September 2021, the Thai-based English language teaching website Ajarn discovered they’d been the victim of a data breach dating
Read more
Malware Creators Use Malformed Certificates To Trick Windows Validation
Google researchers have identified malware developers generating malformed code signatures that appear to be valid in Windows to bypass
Read more
African Bank Alerts of Data Breach With Personal Details Compromised
South African retail bank African Bank has confirmed that one of its debt recovery partners, Debt-IN, was targeted by
Read more
Port of Houston Attacked Employing Zoho Zero-Day Vulnerability
CISA officers on 23rd of September reported about a potential government-backed hacker organization that has tried to break the
Read more
3.8 Billion Clubhouse and Facebook User Records are Being Sold Online
According to CyberNews, a database holding the records of about 3.8 billion Clubhouse and Facebook users is being auctioned
Read more
QueenSono – Golang Binary For Data Exfiltration With ICMP Protocol
QueenSono tool only relies on the fact that ICMP protocol isn’t monitored. It is quite common. It could also been
Read more
PoW-Shield – Project Dedicated To Fight DDoS And Spam With Proof Of Work, Featuring An Additional WA
Project dedicated to provide DDoS protection with proof-of-work Description PoW Shield provides DDoS protection on OSI application layer by acting
Read more
Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw
Immediately after the public release of the exploit code for the VMware vCenter CVE-2021-22005 flaw threat actors started using it.
Read more
Google addressed the eleventh Chrome zero-day flaw this year
Google released a Chrome emergency update for Windows, Mac, and Linux that addresses a high-severity zero-day flaw exploited in the wild.
Read more
European Union formally blames Russia for the GhostWriter operation
European Union representatives formally accused Russia of attempting to target the elections and political systems of several EU states. European
Read more
CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!
SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that
Read more
Beware! Uber scam lures victims with alert from a real Uber number
This morning Malwarebytes Labs received a scam masquerading as a security alert from Uber. The alert was pretty convincing and
Read more