Sitemap

Pages

• About
• English
• Feedback
• Privacy policy
• Search by tags
• Sitemap

Posts by category

• Category: Cybercrime
  • Category: Carding
    • Google Analytics Used By Cybercriminals to Steal Credit Card Data
    • 400,000 Korean Credit Cards Leaked Overseas
    • New Yorker Arrested For Major Credit Card Fraud & Hacking Spree
  • Category: Darkweb
    • Australian Man Sentenced for Selling Ecstasy on the Darkweb
    • Brave Browser Leaked DNS Queries for Onion Services
    • Australian Border Force Seizes Meth Inside a Stuffed Llama
    • New Change to German Postal Law Targets Internet Drug Trade
    • Dream Market Vendor “Rackjaw2” Sentenced to Prison
    • Feds Traced Bitcoin Transactions to a Drug Dealer’s Apartment
  • Category: Fraud
    • Chinese APT SilentFade Defrauded Facebook Users of 4 Million
    • Fake SpaceX Youtube Channels Defraud 150,000 in Bitcoin
  • Category: Ransomware
    • The ransomware landscape changes as fewer victims decide to pay
    • Another ransomware payment recovered by the Justice Department
    • Elden Ring maker Bandai Namco hit by ransomware and data leaks
    • North Korean APT targets US healthcare sector with Maui ransomware
    • AstraLocker 2.0 ransomware isn’t going to give you your files back
    • Conti ransomware group’s pulse stops, but did it fake its own death?
    • ALPHV squeezes victim with dedicated leak site for employees and customers
    • BlackBasta is the latest ransomware to target ESXi virtual machines on Linux
    • Ransomware Task Force priorities see progress in first year
    • Ransomware attack turns 2022 into 1977 for Somerset County
    • Eerie GoodWill ransomware forces victims to publish videos of good deeds on social media
    • Chicago students lose data to ransomware attackers
  • Category: The Deep Web
    • Commodified Cybercrime Infrastructure
    • Commodified Cybercrime Infrastructure: Exploring the Underground Services Market for Cybercriminals
    • Securing Enterprise Security: How to Manage the New Generation of Access Control Devices
• Category: Hackers
  • Category: Attacks
    • Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.
    • New ‘HrServ.dll’ Web Shell Detected in APT Attack Targeting Afghan Government
    • Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions
    • Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
    • CISA Sets a Deadline – Patch Juniper Junos OS Flaws Before November 17
    • New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks
    • Stealthy Kamran Spyware Targeting Urdu-speaking Users in Gilgit-Baltistan
    • Iran-Linked Imperial Kitten Cyber Group Targeting Middle East’s Tech Sectors
    • Alert: ‘Effluence’ Backdoor Persists Despite Patching Atlassian Confluence Servers
    • Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes
    • MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
    • Iranian Hackers Launch Destructive Cyber Attacks on Israeli Tech and Education Sectors
    • Iranian Hackers Launches Destructive Cyberattacks on Israeli Tech and Education Sectors
    • Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
    • Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East
    • Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
    • Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Malware
    • Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks
    • Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors
    • Researchers Uncover Grayling APT’s Ongoing Attack Campaign Across Industries
    • Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants
    • FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure
    • CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
    • ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges
    • Malvertisers Using Google Ads to Target Users Searching for Popular Software
    • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
    • Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads
    • Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware
  • Category: Breaches
    • Okta Discloses Broader Impact Linked to October 2023 Support System Breach
    • Discover Why Proactive Web Security Outsmarts Traditional Antivirus Solutions
    • How Hackers Phish for Your Users’ Credentials and Sell Them
    • Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
    • Tell Me Your Secrets Without Telling Me Your Secrets
    • AI Solutions Are the New Shadow IT
    • Play Ransomware Goes Commercial – Now Offered as a Service to Cybercriminals
    • Product Walkthrough: Silverfort’s Unified Identity Protection Platform
    • New Ransomware Group Emerges with Hive’s Source Code and Infrastructure
    • Offensive and Defensive AI: Let’s Chat(GPT) About It
    • Confidence in File Upload Security is Alarmingly Low. Why?
    • Okta’s Recent Customer Support Data Breach Impacted 134 Customers
    • Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
    • HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability
    • Attacks Erase Western Digital Network-Attached Storage Drives
    • 34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams
    • Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia
  • Category: Phishing
    • OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
    • Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
• Category: Malware
  • Category: Malware Analysis
    • Chinese government hackers attack Russian companies for the first time
    • Rare UEFI Malware Found in the wild Kaspersky says
    • How the Trickbot C2 uses rDNS to disguise as a legitimate Australian government service
    • IcedID Malware Updates new techniques To Avoid Detection
    • New Info Stealer Poulight From The Russian Underground
  • Category: Threats
    • Forced Chrome extensions get removed, keep reappearing
    • ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
    • Credential-stealing malware disguises itself as Telegram, targets social media users
    • Don’t let scammers ruin your Valentine’s Day
    • SolarWinds attackers launch new campaign
    • Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
    • The UNC2529 Triple Double: A Trifecta Phishing Campaign
    • UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
    • Abusing Replication: Stealing AD FS Secrets Over the Network
    • Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
    • Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
• Category: Podcasts
  • Category: CyberWire Daily
    • Government security advisories, and the difficulty of recovering from ransomware attacks. Authority for offensive cyber under deliberation. Google wins Glupteba suit.
    • Privileged insiders and the abuse of “Oops.” Nemesis Kitten exploits Log4Shell. TrojanOrders in the holiday season. Emotet’s back. RapperBot notes. And an arrest in the Zeus cybercrime case.
    • Getting tangled up in the blockchain. RDS vulnerabilities. The language of fraud. An offer of help to the G19.
    • Software supply chains, C2C markets, criminals, and cyber auxiliaries in a hybrid war. CISA releases its Stakeholder Specific Vulnerability Categorization (SSVC).
    • An update on three threat actors: Fangxiao, Killnet, and Billbug, one of them in it for money, another for the glory, and a third for the intell. Twitter and SMS 2FA. Zendesk patches. CISA adds a KEV.
    • A look back at midterm cybersecurity. Communications security lessons learned in Ukraine. Known Exploited Vulnerabilities and Patch Tuesday. Off-boarding deserves some attention.
    • US midterms conclude without cyber interference. NATO on cyber defense. New APT41 activity identified. Russia’s FSB and SVR continue cyberespionage. Trends in phishing and API risks.
    • Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.
    • Election security on the eve of the US midterms. US FBI rates the hacktivist threat. Microsoft says China uses disclosure laws to develop zero-days. Remember SIlk Road? The Feds do.
    • Flight-planning and rail services disrupted in separate incidents. BEC gang impersonates law firms. Effects of the hybrid war on action in cyberspace. And a farewell to Vitali Kremez, gone far too soon.
    • OpenSSL indeed patched. CISA is confident of election security. Killnet attempted DDoS against the US Treasury. XDR data reveals threat trends. BEC and gift cards. And that’s one sweet ride.
    • “Static expressway” tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?
  • Category: Darknet Diaries
    • EP 137: Predator
    • EP 139: D3f4ult
    • EP 138: The Mimics of Punjab
    • EP 136: Team Xecuter
    • EP 135: The D.R. Incident
    • EP 134: Deviant
    • EP 133: I’m the Real Connor
    • EP 132: Sam the Vendor
    • EP 131: Welcome To Video
    • EP 130: Jason’s Pen Test
    • EP 129: Gollumfun (Part 2)
    • EP 128: Gollumfun Part 1
    • EP 127: Maddie
  • Category: Hacking Humans
    • Ways to make fraud less lucrative.
    • New laws and the effect on small businesses.
    • Protecting your identity.
    • Setting tech limits with a new tool.
    • The difference between shallow fakes vs. deep fakes.
    • Falling for a phishing kit scam.
    • What is cyber quantum computing?
    • A cryptoqueen on the run and the cons she got away with.
    • The rise in fraudulent online content.
    • Is inflation affecting the Dark Web?
    • A travel surge and a host of different scams.
    • Is there a growing number of public and private partnerships forming?
• Category: Security
  • Category: Cloud Security
    • Crawl, Walk, Run: Operationalizing Your IaC Security Program
    • How To Prevent the IaC Misconfiguration Snowball Effect
    • Prevent Secret Leaks: Find and Secure Secrets Across Your Repositories and Pipelines
    • You Must Comply! Why You Need Proactive Open-Source License Compliance
    • Infrastructure as Code Security and AppSec: Streamlined DevSecOps From App to Infra
    • Prisma Cloud Provides New Extensive Use Cases for Azure Customers
    • 6 Key Kubernetes DevSecOps Principles: People, Processes, Technology
    • 9 Essential Infrastructure Security Considerations for Kubernetes
    • Software Composition Analysis (SCA): How Does It Help Keep Cloud Applications Secure?
    • Web Application Firewalls (WAFs): What You Need To Know About the Security Checkpoint for Your Web Application
    • Building the Business Case for DevSecOps
    • What is Infrastructure as Code? The Best Way to Fully Control Your Cloud Configuration
  • Category: Crypto
    • More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm
    • Euler Finance blocks vulnerable module, working on recovering funds
    • OpenSea patches vulnerability that potentially exposed users’ identities
    • Euler Finance hacked for over $195M in a flash loan attack
    • How the Bitcoin network can solve the pitfalls of DeFi token bridges
    • What is ethical hacking, and how does it work?
    • Hedera confirms exploit on mainnet led to theft of service tokens
    • DeFi lender Tender.fi suffers exploit, white hat hacker returns funds
    • Hacker returns stolen funds to Tender.fi, gets $97K bounty reward
    • Algodex reveals wallet infiltrated by ‘malicious’ actor as MyAlgo renews warning: Withdraw now
    • DeFi lender Tender.fi suffers exploit, white hat hacker suspected
    • 7 DeFi protocol hacks in Feb see $21 million in funds stolen: DefiLlama
  • Category: IoT
    • A Roadmap to Secure Connected Cars: Charting the WP.29’s UN Regulation No. 155
    • The Transition to 5G: Security Implications of Campus Networks
    • Lost in Translation
    • The Cybersecurity Blind Spots of Connected Cars
    • New P2P Botnet Targeting IoT Devices
    • IoT Security, Attacks And The Industrial Systems at Risk
  • Category: Mobile
    • Google removes 16 malicious apps from play store found to be part of the Joker malware family
    • WhatsApp can be forced to decrypt WhatsApp Google Drive backups by state surveillance
    • Vulnerabilities in old GTP protocol could affect 4G and 5G networks
    • Google is indexing the phone numbers of WhatsApp Users
    • Chinese authorities monitor content of WeChat users registered outside China
  • Category: Threat Intelligence
    • Microsoft to Block Excel Add-ins to Stop Office Exploits
    • ‘DragonSpark’ Malware: East Asian Cyberattackers Create an OSS Frankenstein
    • Pair of Galaxy App Store Bugs Offer Cyberattackers Mobile Device Access
    • Hunting Insider Threats on the Dark Web
    • FanDuel Sportsbook Bettors Exposed in Mailchimp Breach
    • Ransomware Profits Decline as Victims Dig In, Refuse to Pay
    • Attackers Crafted Custom Malware for Fortinet Zero-Day
    • Cybercriminals Target Telecom Provider Networks
    • Name That Toon: Poker Hand
    • New Coalfire Report Reveals CISOs Rising Influence
    • ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn
    • Initial Access Broker Market Booms, Posing Growing Threat to Enterprises
  • Category: Vulnerabilities
    • Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
    • Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
    • Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
    • Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes
    • Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)
    • There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
    • Cybercriminals Are Selling Access to Chinese Surveillance Cameras
    • Firewall Bug Under Active Attack Triggers CISA Warning
    • iPhone Users Urged to Update to Patch 2 Zero-Days
    • Google Patches Chrome’s Fifth Zero-Day of the Year
    • Xiaomi Phone Bug Allowed Payment Forgery
    • Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
    • Restaurant Reservation System Patches Easy-to-Exploit XSS Bug
  • Category: Web Applications
    • Magento Based Stores See Biggest Attack Due to 0day flaw
• Category: Tools
  • Category: Defensive Security
    • tsharkVM – Tshark + ELK Analytics Virtual Machine
    • Retoolkit – Reverse Engineer’s Toolkit
  • Category: Exploits & CVE's
    • osCommerce 4 Cross Site Scripting
    • TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution
    • FireBear Improved Import And Export 3.8.6 XSLT Server Side Injection
    • Jorani Leave Management System 1.0.2 Host Header Injection
    • PyroCMS 3.0.1 Cross Site Scripting
    • CE Phoenix 1.0.8.20 Cross Site Scripting
    • Magento 2.4.6 XSLT Server Side Injection
    • WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
    • F5 BIG-IP TMUI Directory Traversal / File Upload / Code Execution
    • MagnusBilling Remote Command Execution
    • Cisco IOX XE Unauthenticated Remote Code Execution
    • ZoneMinder Snapshots Command Injection
    • Magento 2.4.6 XSLT Server Side Injection / Command Execution
    • mtk-jpeg Driver Out-Of-Bounds Read / Write
    • EnBw SENEC Legacy Storage Box Log Disclosure
    • EzViz Studio 2.2.0 DLL Hijacking
    • Apache ActiveMQ Unauthenticated Remote Code Execution
    • AjaxPro Deserialization Remote Code Execution
    • Citrix Bleed Session Token Leakage Proof Of Concept
    • Oracle 19c / 21c Sharding Component Password Hash Exposure
    • WordPress AI ChatBot 4.8.9 SQL Injection / Traversal / File Deletion
    • TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution
    • TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery
    • XAMPP 3.3.0 Buffer Overflow
    • SugarCRM 13.0.1 Server-Side Template Injection
    • SugarCRM 13.0.1 Shell Upload
    • phpFox 4.8.13 PHP Object Injection
    • Splunk edit_user Capability Privilege Escalation
    • VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service
    • PowerVR Out-Of-Bounds Access / Information Leak
    • Linux DCCP Information Leak
    • Chrome ReduceJSLoadPropertyWithEnumeratedKey Out-Of-Bounds Access
    • edgetpu_pin_user_pages Race Condition
    • Chrome SKIA Integer Overflow
  • Category: Offensive Security
    • Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built With Python, Can Make It Easier For You To Find Many URLs/IPs At Once With Fast Time
    • Sniffle – A Sniffer For Bluetooth 5 And 4.X LE
    • Cerbrutus – Network Brute Force Tool, Written In Python
    • GitDorker – Scrape Secrets From GitHub Through Usage Of A Large Repository
    • Pesidious – Malware Mutation Using Reinforcement Learning
    • Macro Pack- Macro & VBS Obfuscation Automation

Forums

• Forum

Topics

• Business
• Sport
• Forex Trading
• Coronavirus
• Cryptocurrencies
• Without politics
• World news
• UK News
• US News
• Politics