● SolarWinds once claimed that open source software is more vulnerable and risky. 😅
Link from where screenshot was taken: https://thwack.solarwinds.com/t5/Geek-Speak-Blogs/The-Pros-and-Cons-of-Open-source-Tools/ba-p/478665
Link from where screenshot was taken: https://thwack.solarwinds.com/t5/Geek-Speak-Blogs/The-Pros-and-Cons-of-Open-source-Tools/ba-p/478665
■■□□□ Facebook bug Bounty - Finding the hidden members of the private events.
https://vivekps143.medium.com/facebook-bug-bounty-finding-the-hidden-members-of-the-private-events-977dc1784ff9
https://vivekps143.medium.com/facebook-bug-bounty-finding-the-hidden-members-of-the-private-events-977dc1784ff9
Medium
Facebook bug Bounty -Finding the hidden members of the private events.
Hi All,
cKure
■■■■■ 📢 Microsoft's technical analysis of SolarWinds Orion signed dll #CyberAttack. Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers. https://www.microsoft.com/se…
■■■□□ SolarWinds Solorigate: U.K. National Health Service, European Parliament, and NATO were also the customers of the breached organisation. NATO assessing if they were conpromised.
■■■■□ #DataLeak: Facebook discloses but that leaked emails and birthdays of its users. The bug was identified by a security researcher from #Nepal 🇳🇵; Saugat Pokharel.
https://www.theverge.com/2020/12/18/22189494/facebook-bug-instagram-email-birthdays-messages
https://www.theverge.com/2020/12/18/22189494/facebook-bug-instagram-email-birthdays-messages
The Verge
A Facebook bug exposed Instagram users’ personal email addresses and birthdays
The information isn’t supposed to be visible to anyone
cKure
■■■□□ SolarWinds Solorigate: U.K. National Health Service, European Parliament, and NATO were also the customers of the breached organisation. NATO assessing if they were conpromised.
■■■■■ Solorigate/SolarWinds: Second hacking team was targeting SolarWinds at time of big breach
https://mobile.reuters.com/article/amp/idUSKBN28T0U1
https://mobile.reuters.com/article/amp/idUSKBN28T0U1
Reuters
Second hacking team was targeting SolarWinds at time of big breach
A second hacking group, different from the suspected Russian team now associated with the major SolarWinds data breach, also targeted the company's products earlier this year, according to a security research blog by Microsoft.
■■■■□ #DataLeak: Ledger was involved in a data breach in July 2020 and now a hacker has leaked the data that was stolen 5 months ago. Here's what happened.
https://www.hackread.com/ledger-data-breach-database-leaked-hacker-forum/
https://www.hackread.com/ledger-data-breach-database-leaked-hacker-forum/
Hackread - Latest Cybersecurity, Tech, AI, Crypto & Hacking News
Ledger data breach: Hacker leaks stolen database on hacker forum
Like us on Facebook @ /HackRead
■■■□□ Bheem - Simple Collection Of Small Bash-Scripts Which Runs Iteratively To Carry Out Various Tools And Recon Process.
https://github.com/harsh-bothra/Bheem
https://github.com/harsh-bothra/Bheem
GitHub
GitHub - harsh-bothra/Bheem
Contribute to harsh-bothra/Bheem development by creating an account on GitHub.
■■■■■ Fawkes - Tool to search targets vulnerable to SQLi 💉 (via Google).
https://github.com/0xdutra/fawkes
https://github.com/0xdutra/fawkes
■□□□□ Cybereason and Oracle Team Up for Security at Scale from the Endpoint to the Cloud.
https://securityboulevard.com/2020/12/cybereason-and-oracle-team-up-for-security-at-scale-from-the-endpoint-to-the-cloud/
https://securityboulevard.com/2020/12/cybereason-and-oracle-team-up-for-security-at-scale-from-the-endpoint-to-the-cloud/
Security Boulevard
Cybereason and Oracle Team Up for Security at Scale from the Endpoint to the Cloud
The sudden transition to remote work brought on by the pandemic resulted in many companies ensuring employees had the necessary tools to work remotely. However, that left little focus on the rising security risks that come with home networks and endpoints.
■■■■□ #Privacy: iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit. #0day / #zeroday
https://thehackernews.com/2020/12/iphones-of-36-journalists-hacked-using.html
https://thehackernews.com/2020/12/iphones-of-36-journalists-hacked-using.html
■■□□□ Android Hooking and SSLPinning using Objection Framework.
https://www.hackingarticles.in/android-hooking-and-sslpinning-using-objection-framework/
https://www.hackingarticles.in/android-hooking-and-sslpinning-using-objection-framework/
Hacking Articles
Android Hooking and SSLPinning using Objection Framework
Introduction Objection is runtime mobile exploration toolkit built on top of frida which is used in Android and iOS pentesting. We can use Objection to
■■□□□ #DataLeak: Flavor and fragrance producer Symrise is the last victim of the Clop ransomware team that claims to have stolen 500 GB of unencrypted files.
https://securityaffairs.co/wordpress/112494/malware/clop-ransomware-symrise.html
https://securityaffairs.co/wordpress/112494/malware/clop-ransomware-symrise.html
Security Affairs
Clop Ransomware gang claims to have stolen 2M credit cards from E-Land
E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company.
cKure
■■■■□ #Privacy: iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit. #0day / #zeroday https://thehackernews.com/2020/12/iphones-of-36-journalists-hacked-using.html
■■■■□ #CyberWar via #Zeroday: Zero-click iOS zero-day found deployed against #Qatar 🇶🇦 based Al Jazeera employees / journalists.
The spyware was created by #Israel 🇮🇱 based NSO-Group and supplied to various nation states customers.
https://www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/ | #0day
The spyware was created by #Israel 🇮🇱 based NSO-Group and supplied to various nation states customers.
https://www.zdnet.com/article/zero-click-ios-zero-day-found-deployed-against-al-jazeera-employees/ | #0day
ZDNet
Zero-click iOS zero-day found deployed against Al Jazeera employees
Zero-day exploited a vulnerability in the iMessages app, patched in iOS 14.
■■□□□ US 🇺🇸 Indicts Former Zoom China Liaison for Doing PRC’s Bidding
A former China liaison at Zoom has been indicted by the US for interfering in meetings, monitoring users and fabricating evidence against them as per Beijing’s 🇨🇳 instructions.
https://www.infosecurity-magazine.com:443/news/us-indicts-former-zoom-china/ | #UnitedStates #China
A former China liaison at Zoom has been indicted by the US for interfering in meetings, monitoring users and fabricating evidence against them as per Beijing’s 🇨🇳 instructions.
https://www.infosecurity-magazine.com:443/news/us-indicts-former-zoom-china/ | #UnitedStates #China
Infosecurity Magazine
US Indicts Former Zoom China Liaison for Doing PRC’s Bidding
Employee accused of disrupting meetings to commemorate Tiananmen Square massacre
■■■■□ Watcher - Open Source Cybersecurity Threat Hunting Platform.
https://github.com/Felix83000/Watcher
https://github.com/Felix83000/Watcher
GitHub
GitHub - thalesgroup-cert/Watcher: Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. - thalesgroup-cert/Watcher
■■□□□ While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.
Some SolarWinds systems were found compromised with malware named Supernova and CosmicGale, unrelated to the recent supply chain attack.
https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/
Some SolarWinds systems were found compromised with malware named Supernova and CosmicGale, unrelated to the recent supply chain attack.
https://www.bleepingcomputer.com/news/security/new-supernova-backdoor-found-in-solarwinds-cyberattack-analysis/
BleepingComputer
New SUPERNOVA backdoor found in SolarWinds cyberattack analysis
While analyzing artifacts from the SolarWinds Orion supply-chain attack, security researchers discovered another backdoor that is likely from a second threat actor.
cKure
■■■■■ Solorigate/SolarWinds: Second hacking team was targeting SolarWinds at time of big breach https://mobile.reuters.com/article/amp/idUSKBN28T0U1
■■■■□ VMware confirms breach in SolarWinds hacking campaign.
https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/
https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/
BleepingComputer
VMware latest to confirm breach in SolarWinds hacking campaign
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks and said that the hackers did not make any attempts of further exploitation after gaining access through the deployed backdoor.
cKure
■■□□□ US 🇺🇸 Indicts Former Zoom China Liaison for Doing PRC’s Bidding A former China liaison at Zoom has been indicted by the US for interfering in meetings, monitoring users and fabricating evidence against them as per Beijing’s 🇨🇳 instructions. https:…
■■■□□ Zoom Exec Charged With Tiananmen Square Massacre Censorship.
https://securityboulevard.com/2020/12/zoom-exec-charged-with-tiananmen-square-massacre-censorship/
https://securityboulevard.com/2020/12/zoom-exec-charged-with-tiananmen-square-massacre-censorship/
Security Boulevard
Zoom Exec Charged With Tiananmen Square Massacre Censorship
The Justice Department accuses a Zoom executive in China of conspiring to harass Americans and to leak their PII.