Mobile malware evolution 2020
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. The
Read more
OSINT
Halogen – Automatically Create YARA Rules From Malicious Documents
Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen
Read more
StandIn – A Small .NET35/45 AD Post-Exploitation Toolkit
StandIn is a small AD post-compromise toolkit. StandIn came about because recently at xforcered we needed a .NET native solution
Read more
How to Achieve and Maintain Continuous Cloud Compliance
This blog is part of an ongoing series sharing key takeaways from Rapid7’s 2020 Cloud Security Executive Summit. Interested in
Read more
Intern caused ‘solarwinds123’ password leak, former SolarWinds CEO says
Top executives of the software firm SolarWinds blamed an intern for having used a weak password for several years, exposing
Read more
ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection
ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users for illegal data collection.
Read more
NSA embraces the Zero Trust Security Model
The National Security Agency (NSA) published a document to explain the advantages of implementing a zero-trust model. The National Security
Read more
EU leaders aim at boosting defense and security, including cybersecurity
During a video conference of the members of the European Council, EU leaders agreed on a new strategy aimed at boosting
Read more
SuperVPN & GeckoVPN – 20,339,937 breached accounts
In February 2021, a series of “free” VPN services were breached including SuperVPN and GeckoVPN, exposing over 20M records. The
Read more
Tibetan Organizations Targeted in a Chinese Sponsored Phishing Campaign
Cybersecurity experts from Proofpoint have unearthed a Chinese-sponsored phishing campaign and published a report on Thursday; as per the
Read more
American Telecommunications Firm, T-Mobile Confirmed Data Breach and Sim Swapping Attacks
After an undisclosed number of subscribers were reportedly hit by SIM swap attacks, American telecommunications company T-Mobile has announced
Read more
IBM: Cyber attacks on Linux systems of Russian government agencies will increase
The problem will also affect Russian government agencies, which are switching to domestic Linux operating systems as part of import
Read more
Alexa Skills can Easily Bypass Vetting Process
Researchers have uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could permit a
Read more
WdToggle – A Beacon Object File (BOF) For Cobalt Strike Which Uses Direct System Calls To Enable WDigest Credential Caching
A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and
Read more
Gargamel – A Forensic Evidence Acquirer
A Forensic Evidence Acquirer Compile Assuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile
Read more
New Zealand-based cryptocurrency exchange Cryptopia hacked again
The New Zealand-based cryptocurrency exchange Cryptopia suffered a new cyber heist while it is in liquidation due to a 2019
Read more
Security Affairs newsletter Round 303
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for
Read more
Experts found a critical authentication bypass flaw in Rockwell Automation software
A critical authentication bypass vulnerability could be exploited by remote attackers to Rockwell Automation programmable logic controllers (PLCs). A critical
Read more
Hotarus Corp gang hacked Ecuador’s Ministry of Finance and Banco Pichincha
‘Hotarus Corp’ Ransomware operators hacked Ecuador’s largest private bank, Banco Pichincha, and the country’s Ministry of Finance. A cybercrime group
Read more
To pay, or not to pay? That is the VPN question
VPNs have been a subject of deliberation for a long time. Is it even important to use one? I think
Read more
Steris Corporation, The Latest Victim of Ransomware Gang Called ‘Clop’.
Data related to a customer of a recently targeted California-based private cloud solutions firm Accellion is being published online
Read more
SQL Triggers Used by Hackers to Compromise User Database
Over the past year, a broader pattern of WordPress malware with SQL triggers has occurred within infected databases to
Read more
Pillager – Filesystems For Sensitive Information With Go
Pillager is designed to provide a simple means of leveraging Go’s strong concurrency model to recursively search directories for sensitive
Read more
Gatekeeper – First Open-Source DDoS Protection System
Gatekeeper is the first open source DoS protection system. It is designed to scale to any peak bandwidth, so it
Read more