How to Protect Your Data When Ransomware Strikes

How to Protect Your Data When Ransomware Strikes

Ransomware is not a new attack vector. In fact, the first malware of its kind appeared more than 30 years ago and was distributed via 5.25-inch floppy disks. To pay the ransom, the victim had to mail money to a P.O. Box in Panama. Fast forward to today, affordable ransomware-as-a-service (RaaS) kits are...

Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang

Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang

The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to breach high-value targets,"...

Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility

Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility

Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of the utility "sqlps.exe," the tech giant said in a...

U.S. Warns Against North Korean Hackers Posing as IT Freelancers

U.S. Warns Against North Korean Hackers Posing as IT Freelancers

Highly skilled software and mobile app developers from the Democratic People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in hopes of landing freelance employment in an attempt to enable the regime's malicious cyber intrusions. That's according to a joint advisory from the U.S. Department of State, the Department of the Treasury,...

Microsoft Warns of “Cryware” Info-Stealing Malware Targeting Crypto Wallets

Microsoft Warns of “Cryware” Info-Stealing Malware Targeting Crypto Wallets

Microsoft is warning of an emerging threat targeting internet-connected cryptocurrency wallets, signaling a departure in the use of digital coins in cyberattacks. The tech giant dubbed the new threat "cryware," with the attacks resulting in the irreversible theft of virtual currencies by means of fraudulent transfers to an adversary-controlled wallet....

The Basics of Subdomain Takeovers

The Basics of Subdomain Takeovers

A subdomain takeover is a vulnerability which allows an attacker to serve content from a subdomain which is not owned by that attacker. The most common situations which make a subdomain takeover possible are: 1) the CNAME record of the affected subdomain points to a domain that can be claimed by...

Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government

Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government

The notorious Conti ransomware gang, which last month staged an attack on Costa Rican administrative systems, has threatened to "overthrow" the new government of the country. "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power," the...

UpdateAgent Returns with New macOS Malware Dropper Written in Swift

UpdateAgent Returns with New macOS Malware Dropper Written in Swift

A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. "Perhaps one of the most identifiable features of the malware is that it relies on the AWS infrastructure to host its...

Are You Investing in Securing Your Data in the Cloud?

Are You Investing in Securing Your Data in the Cloud?

Traditional businesses migrating to the cloud need robust information security mechanisms. Gartner predicts that more than 95% of new digital workloads will continue to be deployed on cloud-native platforms by 2025. Robust cloud data security is imperative for businesses adopting rapid digital transformation to the cloud. While a traditional hosting model could be considered...

U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware

U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware

The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind Thanos ransomware, charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers Nosophoros, Aesculapius, and Nebuchadnezzar, is alleged...

New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners

New Sysrv Botnet Variant Hijacking Windows and Linux with Crypto Miners

Microsoft is warning of a new variant of the srv botnet that's exploiting multiple security flaws in web applications and databases to install coin miners on both Windows and Linux systems. The tech giant, which has called the new version Sysrv-K, is said to weaponize an array of exploits to gain control...

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information.  "Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants," Trend Micro analysts Cifer Fang, Ford...

Bypassing WAF to Weaponize a Stored XSS

Bypassing WAF to Weaponize a Stored XSS

While testing a bug bounty program, I’ve noticed my <u>html injection</u> payload worked while spraying it to every field that is reflected in the application. Then, my first urge to get an alert with <img src=x onerror=alert()> had failed me. Alert() was blocked by cloudflare WAF. So, I used console.log()...

Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)

Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 3)

In the previous article details regarding syntax, variables, and their usage was conveyed. This Final Part Will be about the Installation and running of the program. GitHub - tarunKoyalwar/talosplus: Create and Run Intelligent Automation Scripts Without learning bash scripting Prerequisites — Install MongoDB on your distro. You can find more instructions...

Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)

Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 2)

In the last part. I introduced the core components, In this part, we will dig deeper into syntax and its usage. If you have not read the previous part I recommend reading it. GitHub - tarunKoyalwar/talosplus: Create and Run Intelligent Automation Scripts Without learning bash scripting Visit here to view/download the image...

What is SSH and How to use it? | With Examples

What is SSH and How to use it? | With Examples

ssh illustration Introduction SSH that is also known as Secure Shell or Secure Socket Shell is a protocol or a tool that can be used to connect to a remote computer. SSH enables computers to communicate and share data even in an unsecure network. SSH works with the client-server model. The...

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection...

Fake Clickjacking Bug Bounty Reports: The Key Facts

Fake Clickjacking Bug Bounty Reports: The Key Facts

Are you aware of fake clickjacking bug bounty reports? If not, you should be. This article will get you up to speed and help you to stay alert. What are clickjacking bug bounty reports? If we start by breaking up the term into its component parts, a bug bounty is...

Researchers Find Way to Run Malware on iPhone Even When It’s OFF

Researchers Find Way to Run Malware on iPhone Even When It’s OFF

A first-of-its-kind security analysis of iOS Find My function has demonstrated a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to...

Researchers Warn of “Eternity Project” Malware Service Being Sold via Telegram

Researchers Warn of “Eternity Project” Malware Service Being Sold via Telegram

An unidentified threat actor has been linked to an actively in-development malware toolkit called the "Eternity Project" that lets professional and amateur cybercriminals buy stealers, clippers, worms, miners, ransomware, and a distributed denial-of-service (DDoS) bot. What makes this malware-as-a-service (MaaS) stand out is that besides using a Telegram channel to...

Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit

Module-1 | Introduction -Pentesting & Bypassing AWS/Azure/GCP Cloud WAF Fun & Profit

Why you should not trust the cloud WAF?Thanks to Themistocles Introduction & Objective A web application firewall (WAF) or WAF appliance provides security by operating through an application or service thus blocking malicious calls, inputs, and outputs that do not meet the policy of a firewall. Today due to increasing cloud...

Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity

Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity

The European Parliament announced a "provisional agreement" aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called "NIS2" (short for network and information systems), is expected to replace the existing legislation on cybersecurity that was established in July 2016. The revamp...

Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers

Ukrainian Hacker Jailed for 4-Years in U.S. for Selling Access to Hacked Servers

A 28-year-old Ukrainian national has been sentenced to four years in prison for siphoning thousands of server login credentials and selling them on the dark web for monetary gain as part of a credential theft scheme. Glib Oleksandr Ivanov-Tolpintsev, who pleaded guilty to his offenses earlier this February, was arrested...

Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off

Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off

Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification...

SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

SonicWall has published an advisory warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below - CVE-2022-22282 (CVSS score:...

Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects

Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects

Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might...

New Saitama backdoor Targeted Official from Jordan’s Foreign Ministry

New Saitama backdoor Targeted Official from Jordan’s Foreign Ministry

A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. "Like many of these attacks, the...

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands...

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks

A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to...

E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse

The European Commission on Wednesday proposed new regulation that would require tech companies to scan for child sexual abuse material (CSAM) and grooming behavior, raising worries that it could undermine end-to-end encryption (E2EE). To that end, online service providers, including hosting services and communication apps, are expected to proactively scan...

Api endpoint- Revealed Transaction Details of about Millions of users

Api endpoint- Revealed Transaction Details of about Millions of users

Today i will be talking about my one of finding which reveals transaction details of millions of users ….. Lets begin … undestand what is api ? Api is abbreviation of Application programmming Interface which is used to comunicate with another application without sharing any system password to other application … in simple words So...

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites

Cybersecurity researchers have disclosed a massive campaign that's responsible for injecting malicious JavaScript code into compromised WordPress websites that redirects visitors to scam pages and other malicious websites to generate illegitimate traffic. "The websites all shared a common issue — malicious JavaScript had been injected within their website's files and...

Everything We Learned From the LAPSUS$ Attacks

Everything We Learned From the LAPSUS$ Attacks

In recent months, a cybercriminal gang known as LAPSUS$ has claimed responsibility for a number of high-profile attacks against technology companies, including: T-Mobile (April 23, 2022) Globant  Okta Ubisoft Samsung Nvidia Microsoft Vodafone In addition to these attacks, LAPSUS$ was also able to successfully launch a ransomware attack against the...

Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

Government Agencies Warn of Increase in Cyberattacks Targeting MSPs

Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory warning of threats targeting managed service providers (MSPs) and their customers. Key among the recommendations include identifying and disabling accounts that are no longer in use, enforcing multi-factor authentication (MFA) on MSP accounts...

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

Hackers Deploy IceApple Exploitation Framework on Hacked MS Exchange Servers

Researchers have detailed a previously undocumented .NET-based post-exploitation framework called IceApple that has been deployed on Microsoft Exchange server instances to facilitate reconnaissance and data exfiltration. "Suspected to be the work of a state-nexus adversary, IceApple remains under active development, with 18 modules observed in use across a number of...

CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild. The flaw, assigned the identifier CVE-2022-1388 (CVSS score: 9.8), concerns a critical bug in the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to

[White Paper] Social Engineering: What You Need to Know to Stay Resilient

[White Paper] Social Engineering: What You Need to Know to Stay Resilient

Security and IT teams are losing sleep as would-be intruders lay siege to the weakest link in any organization's digital defense: employees. By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Cybercriminals find it easier to manipulate people before resorting...

Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia

Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia

An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based...

11 Essential Tools for Java Developers

11 Essential Tools for Java Developers

It has been twenty-six years since Java saw the light of the day, and it is still going strong. Sure, things have changed since Oracle Corp. took charge of Sun Microsystems. But, the hype around Java doesn’t seem to die anytime soon (much to the dismay of its opponents). Over...

PWN101 Walkthrough | TryHackMe

PWN101 Walkthrough | TryHackMe

Hello, infosec 👋 I’m back with another one after a short-term break. I’m exterior the box to make new connections, Social relationships and take care of my mental health. But today, I planned to solve some binary exploitation challenges & I wrote this walkthrough of 3 challenges from PWN101 — TryHackMe. PWN101 is...

Cryptography essential for H4CK3R and CTF player 0x1(encoding).

Cryptography essential for H4CK3R and CTF player 0x1(encoding).

Cryptography essential for H4CK3Rs and CTF players 0x1(encoding). Photo by sippakorn yamkasikorn on Unsplash Hello dear hackers in this series we will teach you basic concept of cryptography which is very helpful during CTF competition and hacking challenge and also cybersecurity exam and interview. What is Cryptography? Cryptography is the practice...

Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K

Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K

A previously undocumented remote access trojan (RAT) written in the Go programming language has been spotted disproportionately targeting entities in Italy, Spain, and the U.K. Called Nerbian RAT by enterprise security firm Proofpoint, the novel malware leverages COVID-19-themed lures to propagate as part of a low volume email-borne phishing campaign that started...

Malicious NPM Packages Target German Companies in Supply Chain Attack

Malicious NPM Packages Target German Companies in Supply Chain Attack

Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent companies based in Germany to carry out supply chain attacks. "Compared with most malware found in the NPM repository, this payload seems particularly dangerous: a highly-sophisticated, obfuscated piece of malware that acts...

E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat

E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat

The Five Eyes nations comprising Australia, Canada, New Zealand, the U.K., and the U.S., along with Ukraine and the European Union, formally pinned Russia for masterminding an attack on an international satellite communication (SATCOM) provider that had "spillover" effects across Europe. The cyber offensive, which took place one hour before the Kremlin's military invasion of Ukraine...

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. Of the 74 issues, seven are rated Critical, 66 are rated Important, and one is rated low in severity. Two of the flaws are listed...