■■□□□AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users.

https://thehackernews.com/2020/12/autohotkey-based-password-stealer.html

■■■■■ A Google Docs Bug Could Have Allowed Hackers See Your Private Documents.

https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/

■■■□□ CVE-2020-17530: APACHE STRUCTS VULNERABILITY EXPLOITED IN THE WILD.

https://securitynews.sonicwall.com/xmlpost/cve-2020-17530-apache-structs-vulnerability-exploited-in-the-wild/

■□□□□ #DataLeak: Japanese Aerospace Firm Kawasaki Warns of Data Breach.

https://threatpost.com/japanese-aerospace-firm-kawasaki-warns-of-data-breach/162642/

■■□□□ #IoT: Pranksters are hijacking smart devices to live-stream swatting incidents, says FBI.

https://www.zdnet.com/article/fbi-pranksters-are-hijacking-smart-devices-to-live-stream-swatting-incidents

■■□□□ A few hacking tools.

https://portswigger.net/daily-swig/latest-web-hacking-tools-q4-2020

■■□□□ Nullify AMSI Scanner with PowerShell.

http://binaryhax0r.blogspot.com/2020/12/nullify-amsi-scanner-with-powershell.html

■■■■□ Declaring War Against Cyber Negligence.

https://www.ehackingnews.com/2020/12/declaring-war-against-cyber-negligence.html

■□□□□ The head of Group-IB Mr. Sachkov described the portrait of a typical Russian hacker.

https://www.ehackingnews.com/2020/12/the-head-of-group-ib-mr-sachkov.html

■□□□□ #IoT: Lawsuit Claims Flawed Facial Recognition Led to Man’s Wrongful Arrest.

https://threatpost.com/lawsuit-claims-flawed-facial-recognition-led-to-mans-wrongful-arrest/162663/

■■□□□ SolarWinds / Solorigate attackers wanted to access cloud ☁️ data of the victims.

■□□□□ TLS 1.3 is now supported by about 1 in every 5 HTTPS servers.

■■■■■ #Exclusive

#DataLeak: Hacker group RedRabbit Team have created a website which sends details of AirTel #India 🇮🇳 over the email.

We have tested the data for authenticity. Takes around 10 hours to send details. This will be the most audacious leak as it is available on .com clear-net website.

■■□□□ Apple loses lawsuit against cyber security startup Corellium.

https://www.hackread.com/apple-loses-lawsuit-cyber-security-startup-corellium/

■■■■□ #OSINT: 🕵️‍♂️ Investigate Google Accounts with emails.

github.com/mxrch/GHunt

■■■■■ Responder now supports SMBv2, shows if smb1 is disabled or not, which Os/Build version, if RDP is open, domain joined, last reboot, etc. And.. you get all that information in less than 5 seconds per class C.

https://github.com/lgandx/Responder

● The website was taken down. The attackers created another domain though.

Apparently the domain was posted by the attacker related account in our discussion group (@ckureg). The group is followed by various blue teams and threat intel platforms that can directly take action against such domains.

■■□□□#DataLeak: Emotet campaign hits Lithuania’s National Public Health Center and several state institutions.

https://securityaffairs.co/wordpress/112817/malware/emotet-campaign-hit-lithuania.html