America's Army Security Vulnerabilities
Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly....
0.7AI Score
IoT forecast: Running antivirus on your smart device?
In 2016, threat actors pulled off a basic but devastating botnet attack that harnessed the power of the Internet of Things (IoT). After gathering a list of 61 default username and password combinations for IoT devices, threat actors scanned the Internet for open Telnet ports and, when they found a....
-0.5AI Score
Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers
It’s a big week for gamers across the globe, with imminent, dueling releases of Xbox Series X and PlayStation PS5. However, an army of retail bots threaten to drive prices up as much as three times the retail price, putting the coveted holiday gifts well out of reach of everyday fans. Retailers...
-0.5AI Score
army-counseling-forms.com Cross Site Scripting vulnerability OBB-1497502
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
AI Score
Malspam Campaign Milks Election Uncertainty
Threat actors have taken advantage of the ongoing uncertainty around the 2020 U.S. election to unleash a new malspam campaign aimed at spreading the Qbot trojan. Criminals behind Qbot resurfaced the day after the election with a wave of spam emails that attempt to lure victims with messages...
0.3AI Score
-0.6AI Score
0.0004EPSS
MITRE ATT&CK Tactics Are Not Tactics
Just what are "tactics"? Introduction MITRE ATT&CK is a great resource, but something about it has bothered me since I first heard about it several years ago. It's a minor point, but I wanted to document it in case it confuses anyone else. The MITRE ATT&CK Design and Philosophy document from March....
7.2AI Score
Windows GravityRAT Malware Now Also Targets macOS and Android Devices
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed....
0.5AI Score
Potential for China Cyber Response to Heightened U.S.–China Tensions
Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: on October 20, 2020, the National Security Agency (NSA) released a cybersecurity advisory providing....
10CVSS
10AI Score
0.976EPSS
0.1AI Score
US Cyber Command and Microsoft Are Both Disrupting TrickBot
Earlier this month, we learned that someone is disrupting the TrickBot botnet network. Over the past 10 days, someone has been launching a series of coordinated attacks designed to disrupt Trickbot, an enormous collection of more than two million malware-infected Windows PCs that are constantly...
0.5AI Score
The Man Who Speaks Softly—and Commands a Big Cyber Army
Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you...
1.4AI Score
Microsoft and Other Tech Companies Take Down TrickBot Botnet
Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit,...
0.4AI Score
Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1
ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and the National Space Center (NSC) in Cork,...
7.3AI Score
0.975EPSS
Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1
ARCHIVED STORY Securing Space 4.0 – One Small Step or a Giant Leap? - Part 1 By Eoin Carroll · September 30, 2020 McAfee Advanced Threat Research (ATR) is collaborating with Cork Institute of Technology (CIT) and its Blackrock Castle Observatory (BCO) and the National Space Center (NSC) in Cork,...
-0.4AI Score
0.975EPSS
Researchers Uncover Cyber Espionage Operation Aimed At Indian Army
Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed "Operation SideCopy" by Indian cybersecurity firm Quick Heal, the attacks have...
7.8CVSS
0.7AI Score
0.974EPSS
UPDATE – TikTok Ban: Security Experts Weigh in on the App's Risks
UPDATE Chinese apps TikTok and WeChat over the weekend have gotten an 11th hour reprieve from a plan to cut off access to them. As a ban on U.S. downloads loomed for Sunday, TikTok owner ByteDance reached an agreement to sell significant ownership stakes to Oracle and Walmart. While the deal is...
-0.7AI Score
Exploit for Vulnerability in Apple Ipad Os
c0ntextomy an informal fallacy and a type of false...
7.8CVSS
8.8AI Score
0.001EPSS
TikTok Fixes Flaws That Opened Android App to Compromise
Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. If successful, an attacker could fully compromise the target’s TikTok account. Public disclosure of the vulnerabilities was...
-0.1AI Score
Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks
Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand. "The emails contain malicious attachments or links that the receiver is encouraged to...
0.3AI Score
4x4.army-uk.com Cross Site Scripting vulnerability OBB-1291952
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
army-medical-history-form-template.com Cross Site Scripting vulnerability OBB-1291775
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
DVS - D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife
Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs? Let's assume that we have a valid credentials, or an active session with access to a remote machine, but we are without an option for executing a process remotely in a.....
7.9AI Score
Revamped Qbot Trojan Packs New Punch: Hijacks Email Threads
Attacks attributed to the Qbot trojan, known as the “Swiss Army knife” of malware, are on the uptick with a reported 100,000 recent infections, according to researchers. Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has shifted tactics again and adopted a bevy...
AI Score
QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money
A notorious banking trojan aimed at stealing bank account credentials and other financial information has now come back with new tricks up its sleeve to target government, military, and manufacturing sectors in the US and Europe, according to new research. In an analysis released by Check Point...
7AI Score
Transparent Tribe: Evolution analysis, part 2
Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian...
7.3AI Score
Researchers Exploited A Bug in Emotet to Stop the Spread of Malware
Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits...
0.7AI Score
Hackers Are Building an Army of Cheap Satellite Trackers
NyanSat is an open source ground station that lets you listen in on low-orbit transmissions for about $100 worth of...
2.5AI Score
Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols
Mística is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into HTTP, DNS and ICMP protocols has been implemented, but more protocols are expected to be introduced....
7.4AI Score
Friday Squid Blogging: Squid Proteins for a Better Face Mask
Researchers are synthesizing squid proteins to create a face mask that better survives cleaning. (And you thought there was no connection between squid and COVID-19.) The military thinks this might have applications for self-healing robots. As usual, you can also use this squid post to talk about.....
1.6AI Score
TikTok is being discouraged and the app may be banned
In recent news retail giant Amazon sent a memo to employees telling them to delete the popular social media app TikTok from their phones. In the memo it stated that the app would pose a security risk without going into details. Later the memo was withdrawn without an explanation except that it was....
-0.2AI Score
GReAT thoughts: Awesome IDA Pro plugins
The Global Research & Analysis Team here at Kaspersky has a tradition of meeting up once a month and sharing cutting-edge research, interesting techniques and useful tools. We recently took the unprecedented decision to make our internal meetings public for a few months and present them as a...
-0.2AI Score
Replace PGP With an HTTPS Form
I asked my Twitter followers what I should talk about in this issue, and those trolls picked PGP and security vulnerability reporting, so here goes nothing. As you probably know, the school of modern cryptography thinking I subscribe to says that tools and protocols should be small, simple, and...
8.1CVSS
-0.5AI Score
0.969EPSS
army-uk.info Cross Site Scripting vulnerability OBB-1212433
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence....
-0.1AI Score
WikiLeaks Founder Charged With Conspiring With LulzSec & Anonymous Hackers
The United States government has filed a superseding indictment against WikiLeaks founder Julian Assange accusing him of collaborating with computer hackers, including those affiliated with the infamous LulzSec and "Anonymous" hacking groups. The new superseding indictment does not contain any...
0.2AI Score
Guardicore Labs has recently picked up Bondnet, a botnet of thousands of compromised servers of varying power. Managed and controlled remotely, the Bondnet is currently used to mine different cryptocurrencies and is ready to be weaponized immediately for other purposes such as mounting DDoS...
3.2AI Score
Researchers Uncover Brazilian Hacktivist's Identity Who Defaced Over 4800 Sites
It's one thing for hackers to target websites and proudly announce it on social media platforms for all to see. It's, however, an entirely different thing to leave a digital trail that leads cybersecurity researchers right to their doorsteps. That's exactly what happened in the case of a...
1.5AI Score
Jaeles v0.9 - The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation Download precompiled version here. If you have a Go environment, make sure you have Go >= 1.13 with Go Modules enable and run the following command. ...
7.1AI Score
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about a new security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device. Also, learn.....
0.6AI Score
Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting. Weapons Type | Name | Description ---|---|--- Army-Knife/ALL | BurpSuite | the BurpSuite project Army-Knife/SCAN | jaeles | The Swiss Army knife for automated Web Application Testing Army-Knife/ALL | zaproxy | The...
7.5AI Score
TikTok Violated Children’s Privacy Law, FTC Complaint Says
The popular video sharing app TikTok has landed in hot water again over privacy issues. On Thursday, a group of privacy advocates filed a complaint with the Federal Trade Commission (FTC) alleging the platform failed to adequately protect children’s privacy. The complaint alleged that TikTok...
-0.1AI Score
New US Electronic Warfare Platform
The Army is developing a new electronic warfare pod capable of being put on drones and on trucks. ...the Silent Crow pod is now the leading contender for the flying flagship of the Army's rebuilt electronic warfare force. Army EW was largely disbanded after the Cold War, except for short-range...
-0.1AI Score
army-nato-shop.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1147099 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
0.1AI Score
Contact Tracing COVID-19 Infections via Smartphone Apps
Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It's nice seeing the privacy...
-0.2AI Score
Unique P2P Architecture Gives DDG Botnet 'Unstoppable' Status
The coin-mining botnet known as DDG has seen a flurry of activity since the beginning of the year, releasing 16 different updates over the course of the past three months. Most notably, its operators have adopted a proprietary peer-to-peer (P2P) mechanism that has turned the DDG into a highly...
-0.4AI Score
-0.1AI Score
7.1AI Score
0.1AI Score
How to Do More with Less — a CISO’s Perspective
I’ve learned a ton of lessons over my years in the InfoSec world. I’ve made a lot of the right calls, but also a bunch of wrong ones. One of the lessons I have learned is how to operate in an environment of scarcity. This lesson started long before my career did. Growing up, I was the child of a...
-0.6AI Score
The Army Corps of Engineers Deploys Against Coronavirus
The US is desperate for hospital beds. The US Army Corps of Engineers can build thousands of them in a matter of...
2AI Score