Lucene search
K

75 matches found

HackRead
HackRead
added 2023/12/14 9:45 p.m.8 views

New Hacker Group GambleForce Hacks Targets with Open Source Tools

By Waqas Yet another day, yet another threat actor posing a danger to the cybersecurity of companies globally. This is a post from HackRead.com Read the original post: New Hacker Group GambleForce Hacks Targets with Open Source Tools...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/14 6:30 a.m.64 views

New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks

A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific APAC region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and th...

5.3CVSS6AI score0.99827EPSS
Exploits43
The Hacker News
The Hacker News
added 2023/09/20 10:34 a.m.33 views

Do You Really Trust Your Web Application Supply Chain?

Well, you shouldn't. It may already be hiding vulnerabilities. It's the modular nature of modern web applications that has made them so effective. They can call on dozens of third-party web components, JS frameworks, and open-source tools to deliver all the different functionalities that keep the...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/07/11 5:4 p.m.36 views

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/15 3:0 a.m.12 views

LockBit ransomware advisory from CISA provides interesting insights

The US Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Multi-State Information Sharing and Analysis Center MS-ISAC, and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, France, and New Zealand CERT NZ, NCSC-NZ have all...

7AI score
Exploits0
Kitploit
Kitploit
added 2023/04/17 12:30 p.m.22 views

Scriptkiddi3 - Streamline Your Recon And Vulnerability Detection Process With SCRIPTKIDDI3, A Recon And Initial Vulnerability Detection Tool Built Using Shell Script And Open Source Tools

Streamline your recon and vulnerability detection process with SCRIPTKIDDI3, A recon and initial vulnerability detection tool built using shell script and open source tools. How it works • Installation • Usage • MODES • For Developers • Credits Introducing SCRIPTKIDDI3, a powerful recon and initi...

7.3AI score
Exploits0References7
hivepro
hivepro
added 2023/03/01 8:42 a.m.35 views

Blackfly Chinese APT targets Asian conglomerate in materials sector

Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Blackfly espionage group, also known as APT41, Winnti Group, or Bronze Atlas, has been targeting multiple subsidiaries of an Asian conglomerate operating in the...

1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/22 10:59 a.m.3 views

Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia

Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-lan...

7AI score
Exploits0
hivepro
hivepro
added 2023/02/16 1:7 p.m.45 views

Dalbit Threat Actor Launches Attack Campaign Against Multiple Korean Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Dalbit is a threat actor group that has been active since at least 2022. They have been targeting South Korean companies, with more than 50 confirmed attack attempts so far. The group relies on open-sourc...

1.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/19 2:25 p.m.167 views

Pushing Open-Source Security Forward: Insights From Black Hat 2022

Open-source security has been a hot topic in recent years, and it's proven to be something of a double-edged sword. On the one hand, there's an understanding of the potential that open-source tools hold for democratizing security, making industry best practices accessible to more organizations an...

10CVSS9.4AI score0.86132EPSS
Exploits66
Rapid7 Blog
Rapid7 Blog
added 2022/08/03 8:19 p.m.58 views

[Security Nation] Curt Barnard on Defaultinator (Black Hat Arsenal Preview)

!\Security Nation\ Curt Barnard on Defaultinator \Black Hat Arsenal Preview\https://blog.rapid7.com/content/images/2022/08/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Curt Barnard, Principal Security Researcher at Rapid7, about a new tool he’ll be presenting a...

10CVSS9.7AI score0.15666EPSS
Exploits3
ICS
ICS
added 2022/02/24 12:0 p.m.73 views

Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks

Summary Actions to Take Today to Protect Against Malicious Activity Search for indicators of compromise. Use antivirus software. Patch all systems. Prioritize patching known exploited vulnerabilities. Train users to recognize and report phishing attempts. Use multi-factor authentication. Note: th...

10CVSS8.6AI score0.99965EPSS
Exploits134References134
Trellix
Trellix
added 2022/01/20 12:0 a.m.22 views

Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update

Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update By Taylor Mullins, Mo Cashman and Raj Samani · January 20, 2022 Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not only...

0.8AI score
Exploits0
Trellix
Trellix
added 2022/01/20 12:0 a.m.12 views

Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update

Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update By Taylor Mullins, Mo Cashman and Raj Samani · January 20, 2022 Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not only...

7.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.5 views

The vulnerability of the program tools and libraries used for working with OpenSC smart cards involves improper memory release before deleting the last pointer, allowing a malicious actor to cause a service failure.

The vulnerability of the programmatic tools and libraries used to work with OpenSC smart cards is related to improper memory release before deleting the last references. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

7.5CVSS6.4AI score0.02198EPSS
Exploits1References8Affected Software4
ThreatPost
ThreatPost
added 2021/11/30 1:56 p.m.75 views

Yanluowang Ransomware Tied to Thieflock Threat Actor

A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers from Symantec, a division of Broadcom Software, found ties between Thieflock and Yanluowan...

7.6AI score
Exploits0References9
Gitee
Gitee
added 2021/09/27 3:6 p.m.5 views

Red-Teaming-Toolkit

This is a collection of open source and commercial tools that aid in red team operations. The repository includes tools for reconnaissance, weaponization, delivery, command and control, lateral movement, establishing a foothold, escalating privileges, data exfiltration, and miscellaneous...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/09/08 5:3 p.m.28 views

TeamTNT’s New Tools Target Multiple OSes

The TeamTNT malware pushers have a slew of new toys with which to wreak havoc – multiple shell/batch scripts, open-source tools, a cryptocurrency miner, an IRC and more – that have inflicted more than 5,000 infections globally as antivirus AV tools struggle to catch up with the newest malware...

6.7AI score
Exploits0References14
Gitee
Gitee
added 2021/07/26 2:11 p.m.7 views

Red-Teaming-Toolkit

This repository is an offensive tool for Red Teaming/Adversary Simulation. It contains a collection of open source and commercial tools that aid in red team operations. The primary target product/service or framework is not explicitly stated, but the tools are designed to be used in various stage...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/22 4:0 p.m.49 views

Attack Surface Analysis Part 3: Red and Purple Teaming

Part 3: Red and Purple Teaming This is the third and final installment in our 2021 series around attack surface analysis. In part 1 I offered a description and the value and challenge of vulnerability assessment. Part 2 explored the why and how of conducting penetration testing and gave some tips...

6.6AI score
Exploits0
Rows per page
Query Builder