U.S. Cyber Command increases budget for international operations
Biden signed a bill on defense policy worth $858 billion, expanding the possibilities of conducting cyber operations of the US government, The Record reports.
Experts from CrowdStrike have discovered a new strain of the advanced GuLoader loader.
As it turned out, the authors of malware carried out a decent upgrade and added a wide range of features to bypass security software.
By the end of the year, everyone is trying to knock out all the cases, as well as extortionists
By the end of the year, everyone is trying to knock out all the cases, as well as extortionists. Ransom House has added the Republic of Vanuatu (an island nation located in the South Pacific Ocean) to its list of victims by stealing more than 3 TB of data from the government network.
On Breached, hackers put up for sale a database with information on 400 million unique Twitter users.
A seller named Ryushi claims that the data was collected as a result of parsing using an already fixed API vulnerability, offering an exclusive sale for $200,000.
Apparently, New Year's Eve is not up to updates
Apparently, New Year's Eve is not up to updates, especially when online stores on WordPress are actively selling gift cards through the popular plugin YITH WooCommerce Gift Cards Premium.
Let's go back to Zerobot
Let's go back to Zerobot, which was originally reported by Fortinet two weeks ago. The Internet of Things (IoT) botnet is a self-replicating and self-propagating malware written in the Golang (Go) language and aimed at more than twelve architectures, with a wide range of distributed DDoS capabilities.
ReSolver researcher discovered a backdoor in ZyXEL LTE3301-M209 LTE routers.
CVE-2022-40602 is associated with hard-coded credentials by analogy with similar problems in Telnet in D-Link DWR-921. He analyzed ELF, focusing on amit features that contained a loophole in D-Link routers.
Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale,
Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB servers and can lead to RCE. The critical vulnerability of the Linux kernel makes SMB servers with ksmbd enabled (a Linux kernel server that implements the SMB3 protocol in the kernel space for file exchange over the network) vulnerable to hacking.
Microsoft, as usual, quietly fixed an important security vulnerability in the
Microsoft, as usual, quietly fixed an important security vulnerability in the Azure service (ACS) after researchers from Mnemonic discovered that the problematic function allows attacks to bypass the network between tenants.
How to conduct an online investigation: 5 useful tools
If you are interested in someone's data, but you can't find it, then you have outdated tools. Today we have prepared the best extensions and services that work in 2022:
Anonymize your traffic using 4nonimizer
Friends, today I would like to tell you about a great tool called 4nonimizer. This utility allows you to mask all your traffic from the provider by changing the IP address using one of the 19 VPN services that support OpenVPN technology.
Finding SQL vulnerabilities
Sqlifinder is a tool with the function of detecting SQL injection vulnerabilities based on GET in web applications using backlinks, web scanners and SQL injection payloads.
500 hacking tools in Termux
DarkFly-Tool includes a huge variety of tools. From viruses to downloading videos from YouTube. It contains both harmless tools and utilities for hacking cameras, viruses, spammers and the like.
Malware Database
theZoo is an open source project aimed at providing the ability to analyze various malware. There are about 300 viruses in the theZoo database, which are sorted by categories such as operating system, type, programming language, etc.
We collect information about the goal by email
Infoga is a tool that collects information about email accounts (ip, hostname, country, etc.) from various publicly available sources (search engines, pgp and shodan key servers) and checks whether emails have been leaked using the haveibeenpwned API.
