An update on the Hive ransomware takedown. More DDoS from Killnet. Advisories from CISA, and an addition to the Known Exploited Vulnerabilties Catalog.
An update on the takedown of the Hive ransomware gang, plus insights from CrowdStrike’s Adam Meyers. If you say you’re going to unleash the Leopards, expect a noisy call from Killnet.…
Racial slurs discovered in leaked Yandex source code
Russian tech giant Yandex apologized on Friday for racial slurs uncovered in the company’s source code. The apology came in response to the discovery of multiple references to the N-word…
Inside TikTok’s proposal to address US national security concerns
TikTok has presented a detailed proposal to a secretive federal panel that will decide its future in the U.S. that relies extensively on the American tech giant Oracle to mitigate…
Russia’s Sandworm hackers blamed in fresh Ukraine malware attack
One of the Russian military’s most prolific hacking units deployed yet another destructive malware attack against Ukrainian targets this week, researchers with cybersecurity firm ESET said Friday. The researchers attributed…
fuzzable v2.0.5 releases: Automating Fuzzable Target Discovery with Static Analysis
Fuzzable Framework for Automating Fuzzable Target Discovery with Static Analysis Vulnerability researchers conducting security assessments on software will often harness the capabilities of coverage-guided fuzzing through powerful tools like AFL++ and libFuzzer.…
Octosuite v3.0.4 releases: Advanced Github OSINT Framework
Octosuite Octosuite is an open-source lightweight yet advanced osint framework that targets GitHub users and organizations. With over 20+ features, Octosuite only runs on 2 external dependencies. And returns the…
CVE-2022-29841: RCE flaw found in Western Digital My Cloud OS
Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution and gain a reverse shell on unpatched My Cloud OS 5 devices. Western Digital’s…
CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security vulnerability in User Interface (UI) for ASP.NET AJAX to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence…
firebaseExploiter: discovers open and exploitable Firebase Database
firebaseExploiter FirebaseExploiter is a vulnerability discovery tool that discovers Firebase databases which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing. Features…
Loki v2.7.2 releases: horizontally-scalable, highly-available, multi-tenant log aggregation system
Loki: like Prometheus, but for logs. Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost-effective and easy to operate. It does…