According to security experts at Fox-IT, a recently addressed flaw in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers. Security experts at Fox-IT discovered that a recently addressed vulnerability in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers. The vulnerability was addressed in Cobalt Strike […]
Sergiy P. Usatyuk (20), from Orland Park, Illinois pleaded guilty for owning, administrating, and supporting an illegal DDo-for-hire service. According to the U.S. Department of Justice, the booting service operated by Sergiy P. Usatyuk (20) was used to carry out millions of distributed denial of service attacks. Usatyuk developed and operated other DDoS-for-hire services with […]
SI-LAB captured a piece of the FlawedAmmyy malware that leverages undetected XLM macros as an Infection Vehicle to compromise userâs devices. In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 macro, also known as XLM macro, and used to download and execute a final […]
Cyber Defense Magazine March 2019 Edition has arrived. MARCH 2019 EDITION (RSA CONFERENCE PRINT EDITION & E-MAG COMING NEXT WEEK) Cyber Defense eMagazine March 2019 Edition has arrived. Sponsored by: Aristotle Insight HelpSystems Inky Regent University White Hat Security We hope you enjoy this month’s edition…packed with 157 pages of excellent content. InfoSec Knowledge is Power. We […]
Bug bounty platform HackerOne announced that two of its members have each earned more than $1 million by participating bug bounty programs. Bug bounty programs could be a profitable activity, the popular bug bounty platform HackerOne announced that two of its members have each earned more than $1 million by helping companies in discovering flaws […]
Adobe has released out-of-band updates to address a critical flaw in ColdFusion web application development platform that has been exploited in the wild. Adobe has released out-of-band updates to address a zero-day vulnerability in the ColdFusion web application development platform that has been exploited in the wild. The vulnerability, tracked as CVE-2019-7816, has been described by […]
Cisco addressed CVE-2019-1663critical flaw in several wireless routers that could be exploited by attackers to remotely execute code on the impacted devices. Cisco released security updates to address a critical flaw (CVE-2019-1663) in several wireless routers that could be exploited by attackers to remotely execute code on the impacted devices. The CVE-2019-1663 flaw received a […]
Experts analyzed tools and intrusion methods used by theChina-linked cyber-espionage group Emissary Panda in attacks over the past 2 years. This morning I wrote about a large-scale cyber attack that hit the International Civil Aviation Organization (ICAO) in November 2016, Emissary Panda was suspected to be the culprit. Experts at Secureworks reports who investigated the […]
Cybaze-Yoroi ZLab analyze a new GoLang botnet named GoBrut, the investigation allowed to discover that the bot supports a lot more features Introduction Malware written in Go programming language has roots almost a decade ago, few years after its first public release back in 2009: starting from InfoStealer samples discovered since 2012 and abused in […]
Researchers from RiskIQ and FlashPoint analyzed the evolution of Magecart groups, in particular of a gang tracked as Group 4 that appears to be very sophisticated. Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use to implant skimming script into compromised online stores in order to […]