Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution
More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security...
Free Decryptor Released for Black Basta and Babuk’s Tortilla Ransomware Victims
A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain...
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C...
Malware uses WiFi BSSID for victim identification
Malware authors are using the WiFi AP MAC address (also referred to as the BSSID) as how to geo-locate infected hosts.
Malware operators who want...
CrowdStrike Warns of New Phishing Scam Targeting German Customers
CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers...
RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers
Several companies operating in the cryptocurrency sector are the target of a newly discovered Apple macOS backdoor codenamed RustDoor.RustDoor was first documented by Bitdefender...
GHunt – Investigate Google Accounts with emails.
GHunt is an OSINT tool to extract information from any Google Account using an email.
It can currently extract:
Owner’s name
The last time the...
PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI)...
New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for...
Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan
Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy...