Microsoft links new malware to SolarWinds hackers
Microsoft released details on later-stage malware the company says was used by the group behind the SolarWinds espionage campaign. (Microsoft)Microsoft...
OSINT
Update now! Chrome fix patches in-the-wild zero-day
The Microsoft Browser Vulnerability Research team has found and reported a vulnerability in the audio component of Google Chrome. Google...
Kaspersky detected new ransomware attack on Russian companies
Kaspersky Lab has recorded a series of targeted attacks targeting Russian financial and transport companies. Hackers used a previously unknown...
US Telemarketing Company Leaks Data of 114,000 Consumers In a Cloud Storage Error
In a recent cybersecurity incident, a US telemarketing firm leaked sensitive data of tens of thousands of customers after a...
Zee5 Once Again Caught In Data Breach; Info Of 9 Million Users Exposed
Zee5, an Indian Leading giant over-the-top (OTT) platform has witnessed a data breach. According to the information, the data breach...
Crypto Exchange Platform WazirX Hit a Record High of $2 Billion in Trading Volumes
Cryptocurrency exchange platform, WazirX has almost doubled its trading volumes since February 1st, 2021 regardless of fears of a government-imposed...
FacePay fare payment system to launch in Moscow metro by the end of the year
"In the Moscow metro, by the end of 2021, we plan to launch contactless fare payment for travel through a...
Zero-day vulnerabilities in Microsoft Exchange Server
What happened? On March 2, 2021 several companies released reports about in-the-wild exploitation of zero-day vulnerabilities inside Microsoft Exchange Server....
PyBeacon – A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python
PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic. It can encrypt/decrypt beacon metadata, as well...
SharpSphere – .NET Project For Attacking vCenter
SharpSphere gives red teamers the ability to easily interact with the guest operating systems of virtual machines managed by vCenter....
Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys
Cybersecurity firm Qualys seems to have suffered a data breach, threat actors allegedly exploited zero-day flaw in their Accellion FTA server....
The Ursnif Trojan has hit over 100 Italian banks
Avast researchers reported that the infamous Ursnif Trojan was employed in attacks against at least 100 banks in Italy. Avast...
21 million free VPN users’ data exposed
Detailed credentials for more than 21 million mobile VPN app users were swiped and advertised for sale online last week,...
Patch now! Exchange servers attacked by Hafnium zero-days
Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted...
AI makes fewer mistakes than experienced radiologists and takes into account ethnic differences
CureMetrix: AI provides an equalization of care across countries. A well-trained algorithm that has been trained on a variety of...
Top Dairy Group Lactalis Suffers Cyberattack, Company Confirms No Data Breach
Lactalis, the world's one of the best dairy groups disclosed that it was recently hit by cyberattacks after hackers breached...
European E-Ticketing Platform TicketCounter Extorted In Data Breach
A Dutch e-ticketing network witnessed a data breach. The whereabouts came to be known after a customer’s database containing...
New Jailbreak Tool Released By Hackers to Unlock Latest iPhones
Unc0ver, one of the most popular iPhone jailbreaking tools has got a new update. The latest version 6.0 works on...
JFC International Compromised with a Ransomware Attack
JFC International has reported that some of its IT networks have been compromised by a ransomware attack. The food giant...
Teatime – An RPC Attack Framework For Blockchain Nodes
Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes. It detects a...
Threatspec – Continuous Threat Modeling, Through Code
Threatspec is an open source project that aims to close the gap between development and security by bringing the threat...
Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know
On March 2, 2021, the Microsoft Threat Intelligence Center (MSTIC) released details on an active state-sponsored threat campaign exploiting four...
IAM Never Gonna Give You Up, Never Gonna Breach Your Cloud
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in...
Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw
A researcher received a $50,000 bug bounty by Microsoft for having reported a vulnerability that could’ve allowed to hijack any...
