New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new 'Dante' spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability CVE-2025-2783 and COM hijacking for persistence, confirming the continued deployment o...

Handala’s Wiper Targets Israel

Handala’s Wiper Targets Israel By Tomer Shloman · July 26, 2024 This blog was also written by Mathanraj Thangaraju and Max Kersten CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickl...

CVE-2023-0459

creationtimestamp| type| source ---|---|--- 2023-04-19 08:40:50+00:00| published-proof-of-concept| https://t.me/RespaldoHackingTeam/1397...

Xolo - Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph

Author: ET Lownoise Version: 1.0 Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest hacking team exercises. Requirements: Requests==2.18.4 Flask==0.12.2 Json Pypyodbc beautifulsoup4==4.6.0 lxml==4.1.0 Example: pip...

SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)

Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution Unauthenticated Exploit Author: Darren Martyn Vendor Homepage: https://www.home-assistant.io/ Version: SMA 8.0.0.4 Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/...

New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild

Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI or Unified Extensible Firmware Interface containing a malicious implant, making it the secon...

This Week in Security News: Skimming and Phishing Scams Ahead of Black Friday and Polish Hacking Team Wins Capture the Flag Competition

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about recent skimming and phishing scams as we head into the holidays and how you can protect yourself and your organization. Also, re...

CB TAU Threat Intelligence Notification – Karagany Malware

Secureworks recently reported in regards to an update of Karagany malware last month. The malware is used by the IRON LIBERTY threat group also known as DragonFly2.0 and Energetic Bear, targeting energy companies and organizations. Carbon Black Threat Analysis Unit TAU provides the product rules ...

Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign

An Adobe Flash Player zero-day exploit has been spotted in the wild as part of a widespread campaign, researchers said on Wednesday. Adobe has just issued a patch for the previously unknown critical flaw. The vulnerability, CVE-2018-15982, is a use-after-free flaw enabling arbitrary code executio...

Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4314)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-4314 DESCRIPTION: OpenID4Java could allow a remote attacker to bypass security restrictions, caused by the improper...

Hacking Team to make a comeback it? CVE-2018-5002 Flash 0day vulnerability APT attack analysis and Association-bug warning-the black bar safety net

60 Enterprise Security Threat Intelligence Center recently captured an example of the use of the Flash 0day vulnerability with Microsoft Office documents initiated by the APT attack case, the attack of the samples used for the first time using the non-Flash file built-in technologies, the Office...

Skygofree: New Government Malware for Android

Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was...

Skygofree — Powerful Android Spyware Discovered

Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely. Dubbed Skygofree, the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large...

Adobe Patches Flash Zero Day Exploited by Black Oasis APT

Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group. The group known as Black Oasis was, as recently as this month, using exploits for the flaw to drop FinSpy as a payload. Sold by the controversial...

Police Arrested Suspected Hacker Who Hacked the 'Hacking Team'

Remember the Hacker who hacked Hacking Team? In 2015, a hacker named Phineas Fisher hacked Hacking Team – the Italy-based spyware company that sells spying software to law enforcement agencies worldwide – and exposed some 500 gigabytes of internal data for anyone to download. Now, the Spanish...

Phony Pokémon GO Android App Gave Attackers Root Access

A rogue and malicious app that billed itself as a “Guide for Pokémon GO” managed to make it into Google Play’s marketplace. Once installed, the malware-laced app gave attackers root access to any Android device it was installed on. The app, actually a Trojan in disguise, contained a nasty piece o...

Microsoft Windows - Kernel ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode...

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of...

Chrome Defaults to HTML5 over Adobe Flash Starting in Q4

As zero days in Adobe Flash Player continue to bubble to the surface, major technology players are announcing their plans to shove the maligned software aside in favor of HTML5. Google is the latest, announcing recently that by Q4 of this year, HTML5 would be the default in the Chrome browser,...

Android Ransomware Attacks Using Towelroot, Hacking Team Exploits

A menacing wave of ransomware that locks up Android devices and demands victims pay $200 in Apple iTunes gift card codes is raising concern among security researchers. The ransomware attacks, they say, open a new chapter for Android vulnerabilities similar to Microsoft’s obsolete, unpatched and...