Weekly news WORLD

Europol operation arrests six in $28 million crypto scam

Jeff Elder, 29 June 2019 ‘Typosquatting’ scam swiped users’ credentials, but agencies tracked suspects in the UK and the Netherlands This week Europol coordinated the arrests of six suspects in two nations accused of running a cryptocurrency ring that stole at least $28 million in Bitcoins. Europol spokesperson Claire Georges told The Avast Blog that […]

Attack/APT Hot news Social netwotrks Weekly news WORLD

Russian Tech Giant Yandex Targeted With ‘Regin’ Malware: Report

Hackers believed to be working for Western intelligence agencies breached the systems of Russian tech giant Yandex last year as part of an attack that involved a new variant of the Regin malware, Reuters reported on Thursday. Reuters learned from four sources that the breach occurred between October and November 2018, it targeted Yandex’s research […]

Uncategorized Weekly news WORLD

Cryptocurrency phish dials back the fear, cranks up the politeness

by Paul Ducklin Have you heard of a cryptocurrency outfit called Luno? We hadn’t heard of it until today – there are lots of cryptocoin companies out there, after all – but cybercrooks certainly had. According to its own website, Luno (it’s the word for moon in the constructed global language Esperanto, in case you’re […]

Hot news Weekly news WORLD

5 Common Causes of JavaScript Errors (and How to Avoid Them)

JavaScript (JS) is a ubiquitous, flexible, and widely popular programming language—though it’s also prone to errors and bugs that make most developers frown and freak. JS is used extensively to power user-interactivity on the client side of most web applications. Without JavaScript, perhaps things on the web could be lifeless and unstimulating. Nonetheless, the language’s […]

Weekly news WORLD

First American Financial Exposed Millions of Sensitive Documents

The website of financial services company First American Financial until recently exposed hundreds of millions of documents containing sensitive information, security blogger Brian Krebs reported on Friday. According to its Wikipedia page, First American Financial is “a leading provider of title insurance and settlement services to the real estate and mortgage industries.” Krebs learned from […]

Weekly news WORLD

Number Of Malicious Mobile Banker Packages Circulating Online Grew By 58% In Q1 2019.

Kaspersky Lab researchers have uncovered a worrying rise in malware designed to steal credentials and money from users’ bank accounts: in Q1 2019, researchers found 29,841 files of such malware, up from 18,501 in Q4 2018. Overall, attacks on more than 300,000 users were detected. These are among the main findings of Kaspersky Lab’s IT […]

Hot news Weekly news WORLD

One Year On And 84% Of UK Consumers Don’t Think GDPR Has Been Effective

Three-fifths (59%) of consumers would feel more secure if their personal information was protected by their fingerprint  Despite the introduction of the General Data Protection Regulation (GDPR) in May last year, research from IDEX Biometrics Asa has revealed UK consumers don’t feel their personal information is any safer. In fact, 84% of respondents don’t think GDPR […]


Google’s Titan Security Keys Vulnerable to Bluetooth Attacks

Google announced on Wednesday that it’s offering a free replacement for its Titan Security Key dongles following the discovery of a potentially serious vulnerability. The Titan Security Key is designed to help users protect themselves against phishing attacks and account takeover by using FIDO standards for two-factor authentication (2FA). The product uses cryptography to verify […]

Weekly news WORLD

School Lunch CFO Arrested in Hacking of Rival | Avast

School lunches exec faces felony charges related to the hacking of his rival’s network to expose weak security Every form of crime seems to invade the world of cybersecurity. Sooner or later that had to include the age-old childhood bullying trauma of school lunch theft. Except in this case the pilfered prize was data, not […]


The Untold Story of NotPetya, the Most Devastating Cyberattack in History

  It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind. The headquarters of A.P. Møller-Maersk sits beside the breezy, cobblestoned esplanade of Copenhagen’s harbor. A ship’s mast carrying the Danish flag is planted by the building’s northeastern corner, and six stories of blue-tinted windows […]

Detentions UKRAINE

СБУ викрила группу що продавала доступ до інформації з обмеженим доступом

Співробітники Служби безпеки України викрили у Хмельницькому організовану групу, яка створила механізм із протиправного отримання та збуту інформації з обмеженим доступом з автоматизованих систем митниці ДФС України «Інспектор-2006». Оперативники СБ України встановили, що працівник спецпідрозділу КОРД ГУ Національної поліції в Хмельницькій області організував за «допомогою» двох працівників місцевої митниці систематичний збут приватним особам інформації з обмеженим […]

CVE Data leaks Hot news Weekly news WORLD

The 2019 DBIR is out

Once again, we are happy to support a large, voluntary, collaborative effort like the 2019 Data Breach Investigations Report. While our data contribution is completely anonymous, it is based in some of the 2018 data set that our private report customers receive from our efforts to protect all of our customers against every type of […]

0-day Data leaks WORLD

Ongoing Credit Card Data Leak

DNSMon is a network-wide DNS malicious domain analysis system we build here at 360Netlab. With the 10%+ total DNS traffic coverage in China, plus the other multi-dimensional security data and security analysis capabilities we have accumulated over the years, we can “see” what is happening in the whole network in real time from a unique […]



In honor of World Telecommunication and Information Society Day, celebrated annually on May 17, CRDF Global is partnering with the Cyber School in Ukraine to host a forum-hackathon, Cyber Education Day: Catalyzing Digital Resistance in Ukraine. The aim of this event is to support the integration of Ukrainian cybersecurity (CS) students into the CS community. Students will […]

Attack/APT Weekly news WORLD

Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor

Turla APT found exploiting LightNeuron backdoor, a first of its kind targeting Microsoft Exchange email servers. A Russian cyber-espionage group has developed and has been using one of the most complex backdoors ever spotted on an email server, according to new research published today by cyber-security firm ESET. The backdoor, named LightNeuron, was specifically designed […]

Weekly news WORLD

First Physical Retaliation for a Cyberattack

Israel has acknowledged that its recent airstrikes against Hamas were a real-time response to an ongoing cyberattack. From Twitter: CLEARED FOR RELEASE: We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed. pic.twitter.com/AhgKjiOqS7 ­Israel Defense […]


Kostebek – Reconnaissance Tool Which Uses Firms Trademark Information To Discover Their Domains

  The Kostebek is a reconnaissance tool which uses firms’ trademark information to discover their domains. Installation Tested on Kali Linux 2018.2, Ubuntu 16.04 sudo apt-get -y install python3-pip pip3 install -r requirements.txt download latest version of Chromedriver and configure your driver-path #sudo apt-get install unzip #sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/ download latest version […]


Popular Online Tutoring Marketplace ‘Wyzant’ Suffers Data Breach

Wyzant—an online marketplace that makes it easy for parents and students to connect with private tutors, in-person and online, in over 250 different subjects—has suffered a data breach exposing “certain personal identification information” for its customers. The Hacker News received a copy of an email notification Wyzant recently sent to its affected customers, which reveals […]

Attack/APT Weekly news WORLD

In a first, Israel responds to Hamas hackers with an air-strike

Israel military said it bombed building housing Hamas cyber forces. For the first time, Israel has used brute military force to respond to a Hamas cyber-attack, three years after NATO proclaimed “cyber” an official battlefield in modern warfare. The “bomb-back” response took place on Saturday when Israel Defense Forces (IDF) launched an air-strike against a […]

Hot news

Кіберполіція викрила двох братів у створенні піратських ресурсів з обігом у сотні тисяч гривень

Щомісячно за рекламу на піратських онлайн кінотеатрах зловмисники отримували кілька тисяч доларів, які розподіляли між собою. Один зі спільників – діючий співробітник фіскальної служби України. Наразі за місцем проживання зловмисників та у одному із регіональних управлінь Державної фіскальної служби України проведено обшуки. Роботу усіх чотирьох піратських ресурсів припинено.Працівники Департаменту кіберполіції спільно зі слідчими Головного слідчого […]

Hot news Weekly news WORLD

Facebook bans ‘dangerous individuals’.

Facebook is banning several prominent figures it regards as “dangerous individuals”. The social network accused Alex Jones, host of right-wing conspiracy website InfoWars, its UK editor Paul Joseph Watson and ex-Breitbart News editor Milo Yiannopoulos of hate speech. Louis Farrakhan, the Nation of Islam leader who has expressed anti-Semitic views, will also be excluded. Facebook […]

Weekly news WORLD

Trump Signs Executive Order to Boost Federal Cyber Workforce

Initiatives include cyber aptitude assessments for agency insiders and a President’s Cup cybersecurity competition. The White House launched its latest effort to bolster the government’s cybersecurity workforce. President Trump issued an executive order Thursday that introduces new initiatives and expands existing national efforts aimed to “grow and strengthen” America’s cyber workforce. The programs laid out in […]

Weekly news WORLD

Criminals are hiding in Telegram – but backdoors are not the answer

by John E Dunn When it comes to an easy life, the criminals behind the fearful Anubis banking malware have become big fans of Twitter and, increasingly, the secure messaging of Telegram. There’s nothing new in malware piggybacking on popular services but why Twitter and Telegram, and is the recent migration to secure messaging significant? […]


DumpTheGit – Searches Through Public Repositories To Find Sensitive Information Uploaded To The Github Repositories

DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories. The tool will flag the matches for potentially sensitive files like credentials, secret keys, tokens etc which have been accidentally uploaded by the developers. DumpTheGit just require your Github Access Token to fetch the information. INSTALL Download the DumpTheGit repository into […]

Weekly news WORLD

TSA Lacks Cybersecurity Expertise to Manage Pipeline Security Program: Report

Audit Finds Weaknesses in TSA’s Pipeline Security Program Management The U.S. Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) needs to address weaknesses in the management of key aspects of its pipeline security program, an audit from the Government Accountability Office (GAO) shows. The TSA is responsible for the federal oversight of the physical […]


Published Exploits for Accessing SAP Systems Put Security Teams on Alert

In April 2019, researchers Dmitry Chastuhin and Mathieu Geli presented a talk at the OPCDE Cyber Security Conference about two pieces of exploit code that allow anyone to interact with SAP and perform unauthorized transactions. For example, attackers could use the code to shut down an entire SAP system, execute commands as the operating system […]

VULNERABILITIES Weekly news Windows tips WORLD

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers. Dell SupportAssist, formerly known as Dell System Detect, checks the health of your […]

TIPS Weekly news WORLD

Domain Investigations Using Open-Source Tools And DomainTools Iris

This blog post is sponsored by DomainTools. For more information and product trials please visit https://securityweekly.com/domaintools.  Malicious or Not? The above question runs through the brains of SOC analysts across the world multiple times per day. When you are analyzing security events looking for the “bad” things, you often come across a domain that requires […]

Hot news Weekly news WORLD

What Can League of Legends Teach Us About Cybersecurity?

The League of Legends game and human psychology are two things we don’t often associate with cybersecurity.As an avid gamer, I encountered and observed many parallels between the tactics used to win games like League of Legends and the mentality that guides human behavior in general.Thus, when I began teaching security awareness and being a […]

Attack/APT Weekly news WORLD

AESDDoS Botnet Targets Vulnerability in Atlassian’s Confluence Server

A recently detected variant of the AESDDoS botnet malware is targeting a recent vulnerability Atlassian’s collaborative software Confluence, Trend Micro’s security researchers have discovered.  The attack attempts to exploit a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Confluence Server to install malware capable of performing distributed denial of service (DDoS) attacks, […]

Attack/APT Weekly news WORLD

Hacker Can Kill Car Engines Around the World | Avast

Avast Security News Team, 27 April 2019 A hacker broke into ProTrack and iTrack vehicle-tracking GPS services to extort “reward” money and reveal the systems’ vulnerabilities. A hacker with the username “L&M” has infiltrated two GPS vehicle-tracking services, ProTrack and iTrack, gaining access to more than 27,000 accounts in South Africa, Morocco, India, the Philippines, […]

Linux OS (Windows, Linux, iOS) WORLD

Docker Hub Suffers a Data Breach, Asks Users to Reset Password

Docker Hub, one of the largest cloud-based library of Docker container images, has suffered a data breach after an unknown attacker gained access to the company’s single Hub database. Docker Hub is an online repository service where users and partners can create, test, store and distribute Docker container images, both publicly and privately. The breach […]

Hot news Weekly news WORLD

Swiss Swish Bish – Runway Sweeper Seller Sabotaged

Aebi Schmidt, Swiss manufacturer of the vehicles that clean and makes runways worldwide safe for planes to land on, has been hit by ransomware, systems going down across company networks following the attack. Manufacturing operations connected to the network were rendered unresponsive, forcing workers to be sent home.  Ronan David, VP of Business Development at EfficientIP: “This […]

Hot news Weekly news WORLD

42% Of Used Drives Sold On eBay Hold Sensitive Data: Study

A new report from Blancco Technology Group has warned that those looking to make some money by selling used storage drives may be putting themselves at risk of falling victim to cybercrime. As detailed in Privacy for Sale: Data Security Risks in the Second-Hand IT Asset Marketplace, Blancco, in conjunction with Ontrack, analysed 159 leading brand drives purchased through […]


P2P Flaws Expose Millions of IoT Devices to Remote Attacks

Vulnerabilities discovered by a researcher in a peer-to-peer (P2P) system named iLnkP2P expose millions of cameras and other Internet of Things (IoT) devices to remote attacks from the Internet, and no patches are available. Paul Marrapese, a California-based security engineer, discovered two serious flaws in iLnkP2P, a system developed by Chinese firm Shenzhen Yunni Technology […]


P2P Weakness Exposes Millions of IoT Devices

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly […]

Weekly news WORLD

Why You Need a Healthy Mix of Security Analytics to Investigate Threats

Effective threat management requires security teams to combine security analytics with the abundance of machine-generated data that is prevalent in most enterprise environments. Tools such as network traffic analysis, endpoint detection, security information and event management (SIEM), and user behavior analytics (UBA) harvest this data and reveal who is doing what in the IT environment […]

0-day WORLD

Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension

If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called “Plugin Vulnerabilities“—that recently gone rogue in order to protest against moderators of the WordPress’s official support […]

Weekly news WORLD

Rethinking the Industry’s Approach to the Cybersecurity Skills Gap

At a time when cybersecurity careers should be flourishing — the pay is good, opportunities abound and many colleges now offer degrees in security — positions remain unfilled. ISACA’s “State of Cybersecurity 2019” survey revealed that 58 percent of organizations have unfilled security positions and 32 percent said it takes at least six months to […]

0-day Attack/APT Cryptography Weekly news WORLD

NSA asks to end mass phone surveillance

by Danny Bradbury The National Security Agency (NSA) has asked to end its mass phone surveillance program because the work involved outweighs its intelligence value, according to reports this week. Sources told the Wall Street Journal that the NSA has recommended the White House terminates its call data records (CDR) program. The logistics of operating […]

0-day Attack/APT Data leaks VULNERABILITIES Weekly news Windows tips WORLD

Fingerprint glitch in passports swapped left and right hands

by Lisa Vaas True, we accidentally swapped fingerprints for Danish citizens’ left and right hands on their passports, but it probably won’t cause much grief for these 228,000 people, said the head of Kube Data, which encoded the biometric data on the passports’ microprocessors. The Copenhagen Post quoted Jonathan Jørgensen: It’s difficult to imagine that […]

Social netwotrks Weekly news WORLD

Canada Privacy Watchdog Taking Facebook to Court

Canada’s privacy czar said Thursday that he is taking Facebook to court after finding that lax practices at the social media giant allowed personal information to be used for political purposes. A joint report from privacy commissioner Daniel Therrien and his British Columbia counterpart said major shortcomings were uncovered in Facebook’s procedures. It called for […]


Vulnerability Spotlight: Multiple vulnerabilities in Sierra Wireless AirLink ES450

Threat Research Carl Hurd and Jared Rittle of Cisco Talos discovered these vulnerabilities. Several exploitable vulnerabilities exist in the Sierra Wireless AirLink ES450, an LTE gateway designed for distributed enterprise, such as retail point-of-sale or industrial control systems. These flaws present a number of attack vectors for a malicious actor, and could allow them to […]

Applications Attack/APT TIPS VULNERABILITIES Weekly news WORLD

ExtraPulsar backdoor based on leaked NSA code – what you need to know

by Paul Ducklin A US security researcher has come up with an open-source Windows backdoor that is loosely based on NSA attack code that leaked back in 2017 as part of the the infamous Shadow Brokers breach. The researcher, who goes by @zerosum0x0 online and Sean Dillon in real life, has dubbed his new malware […]

Weekly news WORLD

Facebook Anticipates an FTC Privacy Fine of up to $5 Billion

Facebook said it expects a fine of up to $5 billion from the Federal Trade Commission, which is investigating whether the social network violated its users’ privacy. The company set aside $3 billion in its quarterly earnings report Wednesday as a contingency against the possible penalty but noted that the “matter remains unresolved.” The one-time […]

Weekly news WORLD

Five Hot Button Cybersecurity Conversations that Dominated Cisco Live Melbourne

Last month, I attended our biggest-ever Cisco Live Melbourne that saw over 8,300 people registered. It was an action-packed week filled with partner and customer meetings, media engagements, analyst dialogues, and coffee, lots of coffee. They say it takes a village to pull something this incredible off, and I have to agree. We kicked off […]

Hot news Weekly news WORLD

Cyber Security Skills Shortage Hampering Internet Of Things Development

New research from Experis explores the impact of Internet of Things on the cyber security jobs market  UK businesses are struggling to find the right blend of security skills to harness the power of the Internet of Things (IoT). This is according to the latest Experis Industry Insiders report, which examines how the growth of IoT is impacting the […]


Congress Asks Google 10 Questions On Its Location Tracking Database

U.S. Congress has sent an open letter to Google CEO Sundar Pichai asking for more information about its Sensorvault database that’s reportedly being used by law enforcement agencies to solve crime cases. Last week, we reported a story based upon NY Times findings that revealed how using a “geofence” warrant, authorities obtain location history of […]

Attack/APT Weekly news WORLD

Ex-student records himself using USB Killer to fry college computers

by Danny Bradbury Malware isn’t the only toxin you can deliver to a computer via a USB key. Just ask Vishwanath Akuthota, who faces a potential ten-year stretch after frying at least 66 computers at his former college. Akuthota originally pled not guilty to intentionally damaging a protected computer at the College of St. Rose, in […]

Hot news Weekly news WORLD

A Hotspot Finder App Exposed 2 Million Wi-Fi Network Passwords

It has been reported that that a popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks. The app allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use.  Experts Comments:  […]

0-day Social netwotrks VULNERABILITIES WORLD

Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress

Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more […]


Shopify, Intezer, & Weaponized Vuln. – Hack Naked News #215

[embedded content] This week, a weather channel that was knocked off air by a malicious attack, how bad bots make up 20 percent of web traffic, ransomware ravages municipalities nationwide, a flaw in Shopify API exposed revenue and traffic data of thousands of stores, and how attackers are weaponizing more vulnerabilities than ever before! In […]

Weekly news WORLD Атаки/APT

DNSpionage brings out the Karkoff

Threat Research In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers’ command and control(C2). Since then, there have been several other public reports of additional DNSpionage attacks, and in January, the U.S. Department of […]


Insights About the Global Internet Routing Table Reaching the 768k Milestone

Back in 2014, I wrote an article that highlighted that global Internet routing table passed the 512,000 or 512k route mark. Today we know that another significant milestone has been reached, as we passed the 768k route mark!  Many have predicted Internet outages may be expected. In short, the “sky is not falling”. The possibility […]

Weekly news WORLD

WannaCry hero Hutchins now officially a convicted cybercriminal

by Paul Ducklin The featured image comes from @MalwareTechBlog, the Twitter feed of Marcus Hutchins. Louise Mensch is an independent British/American journalist. Remember the reluctant WannaCry hero? WannaCry was ransomware that made big headlines in mid-2017 for two important reasons. First, it was a true computer worm, or virus, that automatically propagated itself to the […]

Detentions WORLD

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. Marcus Hutchins, just after he was revealed as the security expert who stopped the WannaCry […]

Hot news Weekly news WORLD

Chipotle Breach – Cequence Expert Comments

Customers of fast food chain Chipotle are reported by TechCrunch to have had their accounts hacked. The company says it believes credential stuffing might be the cause, but some customers have said their passwords are unique to the Chipotle account, and others note that they don’t have accounts and used Chipotle’s guest checkout.   Ameya Talwalkar, Co-founder and CPO at Cequence: “Without fully […]

Hot news Weekly news WORLD

Explained – APT34 Code Leak

Hackers, going by the online name of Lab Dookhtegan, have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government.   Alexander Heid, White Hat Hacker and Chief Research Officer at SecurityScorecard: “Now that these scripts are public, they will likely be leveraged by cybercriminal groups […]

OS (Windows, Linux, iOS) REVIEWS Social netwotrks Weekly news WORLD

Mobile Security Versus Desktop and Laptop Security: Is There Even a Difference Anymore?

Do you remember your first mobile phone, and the newfound feelings of connectedness and convenience that came with it? I was one of the first in my circles to have a cellular phone. One of the coolest features my phone and network could support was the receipt of short email messages — no send capabilities. […]

Hot news Weekly news WORLD

The Weather Channel Suffers Ransomware Attack

Local and national weather forecast provider The Weather Channel suffered a ransomware attack that temporarily prevented it from going live on the air. Regular viewers got a surprise when they tuned into The Weather Channel on the morning of 18 April. They were expecting to watch “AMHQ,” the network’s live morning show which begins at […]

Weekly news WORLD

The Ping Is The Thing: Popular HTML5 Feature Used To Trick Chinese Mobile Users Into Joining Latest DDoS Attack.

By Vitaly Simonovich and Dima Bekerman DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to build advanced mitigations. We recently investigated a DDoS attack which was […]

0-day Attack/APT WORLD

Wipro Intruders Targeted Other Major IT Firms

The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new evidence suggests. The clues so far suggest the work of a fairly […]

Weekly news WORLD

New DNS Hijacking Attacks

DNS hijacking isn’t new, but this seems to be an attack of unprecedented scale: Researchers at Cisco’s Talos security division on Wednesday revealed that a hacker group it’s calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise […]


This Week in Security News: Medical Malware and Monitor Hacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware. Read on: Is Your Baby Monitor […]


SOC Intel: Wire, Logs, & Endpoint – Enterprise Security Weekly #133

    Matt Cauthorn is the VP of Cyber Security Engineering at ExtraHop. Matt Cauthorn leads a team of technical security engineers who work directly with customers and prospects. Matt uses his expertise with ExtraHop to explain The Three Horsemen of SOC Intel: Wire, Logs, Endpoint! To get involved with ExtraHop, vist: https://securityweekly.com/extrahopFull Show Notes […]

0-day Attack/APT Hot news Weekly news WORLD

Ransomware Attack Targeted Data Intelligence Firm Verint

Bad actors used a ransomware attack to target the Israeli offices of the customer engagement and digital intelligence company Verint.On 17 April, ZDNet received a screenshot taken by an employee who works at one of Verint’s Israeli offices. The screenshot shows what appears to be a warning message which the data intelligence firm displayed on […]

0-day Attack/APT Hot news VULNERABILITIES Weekly news WORLD

‘NamPoHyu Virus’ Ransomware Targets Remote Samba Servers

A new ransomware family called ‘NamPoHyu Virus’ or ‘MegaLocker Virus’ is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim’s computer, the attacker is running the ransomware locally and having it remotely encrypt over half a million accessible Samba servers.   Roy Rashti, Cybersecurity Expert at BitDam: “The reason that the attackers […]

Weekly news WORLD

Automation in Cyber Resilient Organizations: Key Findings From 2019 Ponemon Study

In the Ponemon Institute’s fourth annual study on “The Cyber Resilient Organization,” cyber resilience is defined as the alignment of prevention, detection and response capabilities to manage, mitigate and move on from cyberattacks. Every organization strives for more cyber resilience. What the Ponemon study uncovered is that there is a set of habits or practices […]

Research Social netwotrks VULNERABILITIES WORLD

Is Your Baby Monitor Susceptible to Hacking?

There’s no doubt that digital technology, in many of its forms, brings everyday tasks much closer-to-hand. From discovering breaking news, to online shopping, to keeping tabs on your home via security cameras—everything is within the touch of a button. Even so, with the growing reach of the Internet of Things (IoT), new and unsuspected threats […]

Social netwotrks Weekly news WORLD

State Launches Online Data Survey as Part of Facebook Probe

The Cuomo administration has launched a survey to give New Yorkers an opportunity to provide feedback about online data privacy issues. Democratic Gov. Andrew Cuomo announced Tuesday that information provided through an online consumer data privacy survey will help state regulators make policy decisions regarding the internet marketplace and how personal data is used by […]


Security Money – Business Security Weekly #124

[embedded content] This week we have our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update the Security Weekly 25 index. Let’s understand how the security market is doing.   SCWX   Secureworks PANW   Palo Alto Networks Inc CHKP   Check Point Software […]


How To Think Like An Investor, Will Lin – Business Security Weekly #124

[embedded content] Will is a Partner and a Founding Investor at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley. Full Show Notes Matt Alderman – CEO, Security Weekly. Register for […]

Hot news Weekly news WORLD

Watch out! Don’t fall for the Instagram ‘Nasty List’ phishing attack

by John E Dunn For nearly a week, Instagram users have been receiving odd messages from followers expressing shock that their accounts have somehow ended up on something called the “Nasty List.” If you receive one, the message with an embedded link will look something like the following example (the list and placement numbers vary): […]

Weekly news WORLD

Hackers Access Microsoft Email Services Accounts

Hackers breached Microsoft email services (Outlook.com, Hotmail, MSN) and accessed user accounts after compromising a support agent’s credentials, Microsoft has confirmed. In a breach notification sent to impacted users, the software giant revealed that hackers had access to its email services for roughly three months this year, between January 1 and March 28. Microsoft informed […]

Weekly news WORLD

New HawkEye Reborn Variant Emerges Following Ownership Change

Threat Research Edmund Brumaghin and Holger Unterbrink authored this blog post. Executive summary Malware designed to steal sensitive information has been a threat to organizations around the world for a long time. The emergence of the greyware market and the increased commercialization of keyloggers, stealers, and remote access trojans (RATs) has magnified this threat by […]

Weekly news WORLD

Google Helps Police Identify Devices Close to Crime Scenes Using Location Data

It’s no secret that Google tracks you everywhere, even when you keep Google’s Location History feature disabled. As revealed by an Associated Press investigation in 2018, other Google apps like Maps or daily weather update service on Android allows the tech giant to continuously collect your precise latitude and longitude. According to Google, the company […]

0-day Android Applications OS (Windows, Linux, iOS) VULNERABILITIES Weekly news WORLD

Google Play and Microsoft Stores Delete Suspected Compromised Apps

Recently, Google Play Store and Microsoft Store both deleted multiple applications from their online stores, because the apps were malicious. Google deleted a total of 29 beauty camera apps from its Play Store, most of which show users pornographic contents or send them to phishing websites. The malicious beauty camera apps, discovered by Trend Micro, looked legitimate, but […]

CVE Hot news Research TIPS Weekly news WORLD

New zero-day vulnerability CVE-2019-0859 in win32k.sys

In March 2019, our automatic Exploit Prevention (EP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. It was the fifth consecutive exploited Local Privilege Escalation vulnerability in Windows that we have discovered in recent months […]

Hot news Linux TIPS Weekly news WORLD

How to Install GRR Server on Ubuntu 18?

A step-by-step guide to installing Google Rapid Response server on Ubuntu. Introduction GRR (Google Rapid Response) is an incident response framework based on Python that can be used for live forensics and investigations. It allows you to examine and attacks and perform analysis remotely. GRR can be deployed in a server-client architecture. It comes with […]

0-day Attack/APT WORLD

‘Land Lordz’ Service Powers Airbnb Scams

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “Land Lordz,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. The ne’er-do-well who set up the account below has been paying $550 […]

Weekly news Windows tips WORLD

Microsoft’s Work with Chinese Military University Raises Eyebrows

Microsoft has been collaborating with researchers linked to a Chinese military-backed university on artificial intelligence, elevating concerns that US firms are contributing to China’s high-tech surveillance and censorship apparatus. Over the past year, researchers at Microsoft Research Asia in Beijing have co-authored at least three papers with scholars affiliated with China’s National University of Defence […]

Hot news Weekly news WORLD

Increased Internet Regulations in The U.K.

Making the internet safer, especially for children and vulnerable individuals, is a decidedly noble pursuit. Doing so, however, would certainly be a considerable undertaking, and not without significant ethical, legal, and societal concerns. In an ambitious effort to make the internet a safer place for people to interact and communicate, the UK government has laid […]

Attack/APT Data leaks Hot news Weekly news WORLD

Home Office Apologises For EU Citizen Data Breach

The Home Office has apologised to hundreds of EU citizens seeking settled status in the UK after accidentally sharing their details.  It blamed an “administrative error” for sending an email that revealed 240 personal email addresses – a likely breach of the Data Protection Act.  The Home Office sent the email on Sunday 7 April asking applicants, who […]

OS (Windows, Linux, iOS) VULNERABILITIES Weekly news WORLD

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with […]

Social netwotrks Weekly news WORLD

Bitcoin, WikiLeaks, & Julian Assange – Paul’s Security Weekly #600

[embedded content] In the news, Bitcoin mining ban considered by China’s economic planner, Yahoo strikes $117.5 million data breach settlement, Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords, WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy, and How HTML5 Ping Is Used in DDoS Attacks. Paul’s Stories […]


Merissa & Jessica, WSC – Paul’s Security Weekly #600

[embedded content] Merissa Villalobos is the North America Talent Acquisition Leader for NCC Group, a global security consulting firm and has been recruiting in security for 10 years. She got her start in Virginia, at a Federal Government contractor, filling roles for the intelligence community and various Government Agencies. Jessica Gulick leads Katzcy Consulting, a […]

Social netwotrks WORLD

Russia Fines Facebook $47 Over Citizens’ Data Privacy Dispute

Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country’s controversial Data Localization law. It’s bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that […]

Weekly news WORLD

Microsoft Introduces Security Configuration Framework

A security configuration framework for Windows 10 unveiled by Microsoft this week defines five different levels of discrete prescriptive security configurations. Having customers define this aspect of their security until now has resulted in a huge number of configurations, and Microsoft is now looking to simplify the process while still providing customers with flexibility. The […]

OS (Windows, Linux, iOS) TIPS Weekly news WORLD

Microsoft Introduces Security Configuration Framework

A security configuration framework for Windows 10 unveiled by Microsoft this week defines five different levels of discrete prescriptive security configurations. Having customers define this aspect of their security until now has resulted in a huge number of configurations, and Microsoft is now looking to simplify the process while still providing customers with flexibility. The […]

Weekly news WORLD

Many New Security Features, Services Added to Google Cloud

Google Boosts Security of Google Cloud Google this week announced a series of tools meant to increase the overall security of Google Cloud and improve customer trust in the service. The new functionality will allow users to gain better visibility into their environments, detect threats and accelerate response and remediation, mitigate data exfiltration risks, ensure […]

Android Hot news WORLD

Android 7.0+ Phones Can Now Double as Google Security Keys

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft. As first disclosed by […]


Popular Video Editing Software Website Hacked to Spread Banking Trojan

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer. The official website of the VSDC software — one of the most popular, free video editing and converting app with […]

Attack/APT Weekly news Windows tips WORLD

Dark Web TLS/SSL Certificates Highlight Need for Shift to Zero Trust Security

More and more, organizations and end users are embracing encryption to protect their data and traffic. By far the most visible part of this adaptation is the use of Hypertext Transfer Protocol Secure (HTTPS) for accessing websites. As opposed to the more basic HTTP, which is the plain text version, HTTPS makes use of Transport […]

Attack/APT Hot news Weekly news WORLD

Researchers Uncover New Version Of The Infamous Flame Malware

Flame, the nation-state-developed malware kit that targeted computers in Iran, has reemerged after going quiet when researchers exposed it back in 2012. The attackers tried to hide their tracks by scrubbing servers used to talk to infected computers. Some thought they had seen the last of the potent malware platform.  Tracing early components of Flame, researchers found a new […]

Software updates Weekly news WORLD

Gmail making email more secure with MTA-STS standard

Posted by Nicolas Lidzborski, Senior Staff Software Engineer, Google Cloud and Nicolas Kardas, Senior Product Manager, Google Cloud  We’re excited to announce that Gmail will become the first major email provider to follow the new SMTP MTA Strict Transport Security (MTA-STS) RFC 8461 and SMTP TLS Reporting RFC 8460 internet standards. Those new email security standards […]

CVE Hot news Weekly news WORLD Атаки/APT

Project TajMahal – a sophisticated new APT framework

Executive summary ‘TajMahal’ is a previously unknown and technically sophisticated APT framework discovered by Kaspersky Lab in the autumn of 2018. This full-blown spying framework consists of two packages named ‘Tokyo’ and ‘Yokohama’. It includes backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers, and even its […]


Patch Tuesday Lowdown, April 2019 Edition

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player. […]


Apache Bug, Cancer Hack, & Ekran – Hack Naked News #213

[embedded content] In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code, Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution, Computer virus alters cancer scan images, A Serious Apache server bug gives root to baddies in shared host environments, Cybercrime Groups Are Still Rampant on Facebook, 90% of OT organizations are cyberattack […]

Attack/APT Data leaks Weekly news WORLD

Hackers Can Add, Remove Cancer From CT Scans: Researchers

A team of researchers has demonstrated that hackers can modify 3D medical scans to add or remove evidence of a serious illness, such as cancer. Experts from the Ben-Gurion University and the Soroka University Medical Center, Beer-Sheva, in Israel have developed proof-of-concept (PoC) malware that uses a machine learning technique known as generative adversarial network […]


Alleged Chief of Romanian ATM Skimming Gang Arrested in Mexico

An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges. The arrest comes months after the accused allegedly ordered the execution of a former bodyguard who was trying to […]


NVIDIA Patches High Severity Flaws in Tegra Drivers

NVIDIA this week released security patches to address multiple vulnerabilities in the Tegra Linux Driver Package (L4T), including several flaws assessed with a “high” severity rating. The most important of the bugs is CVE‑2018‑6269, a vulnerability residing in the Tegra kernel driver (the issue features a CVSS score of 8.8). It affects the input/output control […]

Android Weekly news WORLD

Stalkerware was installed in 58,000 Android users phones last year.

Over 58,000 Android users had “stalkerware” installed on their phones last year, researchers from Kaspersky Lab have revealed today. Of these, more than 35,000 had no idea about stalkerware being present on their Android devices until they installed Kasperksy’s mobile antivirus, which flagged the infection. Kaspersky’s findings come to confirm a growing trend in the […]

CVE Hot news Weekly news WORLD

BasBanke: Trend-setting Brazilian banking Trojan

BasBanke is a new Android malware family targeting Brazilian users. It is a banking Trojan built to steal financial data such as credentials and credit/debit card numbers, but not limited to this functionality. The propagation of this threat began during the 2018 Brazilian elections, registering over 10,000 installations to April 2019 from the official Google […]

Weekly news WORLD

XLoader Trojan Poses as Security App for Android

A new variant of the XLoader Trojan is targeting Android devices by posing as a security application, and also attempts to infect iPhones and iPads through a malicious iOS profile, Trend Micro reports.  Previously, the malware was observed posing as Facebook, Chrome, and other legitimate applications, in an attempt to trick users into downloading it. […]

Data leaks Weekly news WORLD

540M Facebook Records Exposed on Amazon Servers | Avast

 Here we go again… Half a billion Facebook records including user names, passwords and likes posted publicly online. Facebook strikes again. In the latest security gaffe by the social media giant, over half a billion Facebook records have been found sitting in plain sight by third parties using Amazon’s cloud services. None of the cloud […]

CVE Hot news Weekly news WORLD

Roaming Mantis, part IV

Mobile config for Apple phishing, and re-spreading an updated malicious APK (MoqHao/XLoader) By GReAT on April 3, 2019. 4:30 pm One year has passed since we published the first blogpost about the Roaming Mantis campaign on securelist.com, and this February we detected new activities by the group. This blogpost is follow up on our earlier […]

Data leaks WORLD

Millions of card details stolen from Earl Enterprises Restaurants

More than a few restaurant-goers in the US will want to check their bank statements. Earl Enterprises has confirmed that hackers used point-of-sale malware to scoop up credit and card data at some of its US restaurants. It happened between May 2018 and March 2019. Including restaurants are all Buca di Beppo locations, a few […]


What Hacker History Can Tell Enterprises About Future Attack Strategy

There’s an oft-quoted saying: “History repeats itself.” For those that believe in the cyclical patterns that sometimes emerge over time, this aphorism definitely rings true. Today, we’ll be applying this type of thinking to the cybercrime realm. Over the course of hacker history, numerous trends have arisen, including those that hinge upon sophisticated approaches to […]

0-day Attack/APT Hot news Weekly news WORLD

Ransomware Attack Forces Aluminum Manufacturer to Shutdown Systems Worldwide

Photo by Terje Pedersen / NTB scanpix One of the world’s largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an “extensive cyber attack” hit its operations, leaving companies’ IT systems unusable. According to a press release shared by Aluminum giant Norsk Hydro today, […]

Weekly news

DARPA Is Developing an Open-Source Voting System

This sounds like a good development: …a new $10 million contract the Defense Department’s Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking. The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with […]

Attack/APT Data leaks

Ad Network Sizmek Probes Account Breach

Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who’s been known to sell access […]

0-day CVE Software updates WORLD

Patch Tuesday, March 2019 Edition

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws […]

Attack/APT IoT, embedded Weekly news WORLD

Insert Skimmer + Camera Cover PIN Stealer

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer […]


Thunder, thunder, thunder… Thunderclap: Feel the magic, hear the roar, macOS, Windows pwnage tools are loose

Open memory defenses allow mischief from connected kit Analysis  Computers have enough trouble defending sensitive data in memory from prying eyes that you might think it would be unwise to provide connected peripherals with direct memory access (DMA).… …


When the bits hit the FAN: US military accused of knackering Russian trolls, news org’s IT gear amid midterm elections

Despite fried RAID and deleted hard drives, Federal News Agency calls US Cyber Command attack a failure A Russian new service is claiming that US attacks on it and an organisation accused of state-sponsored trolling has left storage systems damaged and international servers wiped after multiple malware attacks.… …

Weekly news WORLD

CSA and Whistic Unveil Streamlined Consensus Assessments Initiative Questionnaire (CAIQ)

Beta release of CAIQ-Lite, based on Whistic and CSA research, available for community review Seattle – March 1, 2019 –The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, and Whistic, the Complete Vendor Security Assessment Platform, today announced […]

IoT, embedded Social netwotrks Weekly news WORLD

National Geographic Channel Tonight: Pwnie Express’s Jayson E. Street Breaks into Banks Designed To Keep Him Out

Not all hackers are bad guys. After all, a hacker is simply someone who figures how to repurpose a tool, a gadget, or a device to carry out a task the object wasn’t designed to do. Steve Wozniak was a hacker before he co-created Apple. Tesla, Turing, and DaVinci, are all hackers in their own […]


Jaeles v0.4 – The Swiss Army Knife For Automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. InstallationDownload precompiled version here.If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command. GO111MODULE=on go get -u github.com/jaeles-project/jaeles Please visit the Official Documention for […]


Dufflebag – Search Exposed EBS Volumes For Secrets

Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally left in. You may be surprised by all the passwords and secrets just laying around!The tool is organized as an Elastic Beanstalk (“EB”, not to be confused with EBS) application, and definitely won’t work if […]


Qiling – Advanced Binary Emulation Framework

Qiling is an advanced binary emulation framework, with the following features: Cross platform: Windows, MacOS, Linux, BSD Cross architecture: X86, X86_64, Arm, Arm64, Mips Multiple file formats: PE, MachO, ELF Emulate & sandbox machine code in a isolated environment Provide high level API to setup & configure the sandbox Fine-grain instrumentation: allow hooks at various […]


Nfstream – A Flexible Network Data Analysis Framework

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common […]


WhatTheHack – A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates

WhatTheHack is a collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates. What, Why and How “What the Hack” is a challenge based hackathon format Challenges describe high-level tasks and goals to be accomplished Challenges are not step-by-step labs Attendees work in teams of 3 to 5 people […]


Injectus – CRLF And Open Redirect Fuzzer

Simple python tool that goes through a list of URLs trying CRLF and open redirect payloads. ▪ ▐ ▄ ▐▄▄▄▄▄▄ . ▄▄· ▄▄▄▄▄▄• ▄▌.▄▄ · ██ •█▌▐█ ·██▀▄.▀·▐█ ▌▪•██ █▪██▌▐█ ▀. ▐█·▐█▐▐▌▪▄ ██▐▀▀▪▄██ ▄▄ ▐█.▪█▌▐█▌▄▀▀▀█▄ ▐█▌██▐█▌▐▌▐█▌▐█▄▄▌▐███▌ ▐█▌·▐█▄█▌▐█▄▪▐█ ▀▀▀▀ ██▪ ▀▀▀• ▀▀▀ ·▀▀▀ ▀▀▀ ▀▀▀ ▀▀▀▀ ~ BOUNTYSTRIKE ~usage: Injectus [-h] [-f FILE] [-u URL] [-r] […]


PCFG Cracker – Probabilistic Context Free Grammar (PCFG) Password Guess Generator

PCFG = Probabilistic Context Free GrammarPCFG = Pretty Cool Fuzzy GuesserIn short: A collection of tools to perform research into how humans generate passwords. These can be used to crack password hashes, but also create synthetic passwords (honeywords), or help develop better password strength algorithms Documentation Academic Papers:Original 2009 IEEE Security and Privacy paper on […]


DVNA – Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at fixes-2017 branch.The application is powered by commonly used libraries such as express, passport, […]


GDA Android Reversing Tool – A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat

Here, a new Dalvik bytecode decompiler, GDA(this project started in 2013 and released its first version 1.0 in 2015 at www.gda.com: 9090) , is proposed and implemented in C++ to provide more sophisticated, fast and convenient decompilation support. GDA is completely self-independent and very stable. It supports APK, DEX, ODEX, oat files, and run without […]


Project-Black – Pentest/BugBounty Progress Control With Scanning Modules

Scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project. What is this tool for?The tools encourages more methodical work on pentest/bugbounty, tracking the progress and general scans information.It can launch masscan nmap dirsearch amass patator against the scope you work on and store the data in a […]