■■□□□ Clientless / web based alternative to 3389/RDP, 5901/VNC, 22/SSH by Apache Guacamole.
https://guacamole.apache.org/
https://guacamole.apache.org/
■■□□□ #Disinformation war, categorised as 5th generation war.
🇮🇳 🇵🇰
https://www.aljazeera.com/amp/opinions/2021/1/4/are-india-and-pakistan-in-a-fifth-generation-war
🇮🇳 🇵🇰
https://www.aljazeera.com/amp/opinions/2021/1/4/are-india-and-pakistan-in-a-fifth-generation-war
Al Jazeera
Has a ‘fifth generation war’ started between India and Pakistan?
What do recent revelations about an Indian disinformation campaign against Pakistan tell us about regional dynamics?
■□□□□ Vulnerable app for testing: https://github.com/bridgecrewio/terragoat
GitHub
GitHub - bridgecrewio/terragoat: TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning…
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can f...
■□□□□#DataLeak #Privacy: Indian 🇮🇳 government sites leaking patient COVID-19 test results.
https://www.bleepingcomputer.com/news/security/indian-government-sites-leaking-patient-covid-19-test-results/ | #India
https://www.bleepingcomputer.com/news/security/indian-government-sites-leaking-patient-covid-19-test-results/ | #India
BleepingComputer
Indian government sites leaking patient COVID-19 test results
Multiple Indian government department websites are leaking COVID-19 lab test results for patients online. These reports uploaded by testing labs across the country as part of the national 'test, trace, isolate' efforts, expose patient's details, test site…
■■■■□ Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA.
https://thehackernews.com/2021/01/google-speech-to-text-api-can-help.html
https://thehackernews.com/2021/01/google-speech-to-text-api-can-help.html
■□□□□ ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devices.
https://www.hackread.com/electrorat-crypto-stealing-malware-hits-macos-windows-linux-devices/
https://www.hackread.com/electrorat-crypto-stealing-malware-hits-macos-windows-linux-devices/
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devices
Like us on Facebook @ /HackRead
■■□□□ Bogus CSS Injection Leads to Stolen Credit Card Details.
https://securityboulevard.com/2021/01/bogus-css-injection-leads-to-stolen-credit-card-details/
https://securityboulevard.com/2021/01/bogus-css-injection-leads-to-stolen-credit-card-details/
cKure
■□□□□ Microsoft downplays threat after admitting SolarWinds attackers accessed source code. https://portswigger.net/daily-swig/microsoft-downplays-threat-after-admitting-solarwinds-attackers-accessed-source-code
■□□□□ Hacker-slammed SolarWinds sued by angry shareholders.
https://go.theregister.com/feed/www.theregister.com/2021/01/05/solarwinds_sued/
https://go.theregister.com/feed/www.theregister.com/2021/01/05/solarwinds_sued/
The Register
Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders
Plus: US intelligence names and shames Russia as probable culprit
■■□□□ #DataLeak: Vodafone Group's low-cost operator ho. Mobile announced that hackers stole part of its customer database thus obtaining personal user information and SIM technical data, 2.5m users impacted.
https://www.bleepingcomputer.com/news/security/vodafones-ho-mobile-admits-data-breach-25m-users-impacted/
https://www.bleepingcomputer.com/news/security/vodafones-ho-mobile-admits-data-breach-25m-users-impacted/
BleepingComputer
Vodafone's ho. Mobile admits data breach, 2.5m users impacted
Vodafone Group's low-cost operator ho. Mobile announced that hackers stole part of its customer database thus obtaining personal user information and SIM technical data.
■■■□□ CVE-2021-3007: RCE ‘Bug’ in Popular PHP Scripting Framework Zend.
https://threatpost.com/rce-bug-php-scripting-framework/162773/
https://threatpost.com/rce-bug-php-scripting-framework/162773/
Threat Post
RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.
■■□□□ 😄 MaskPhish - Give A Mask To Phishing URL.
MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com).
https://www.kitploit.com/2021/01/maskphish-give-mask-to-phishing-url.html
MaskPhish is a simple script to hide phishing URL under a normal looking URL(google.com or facebook.com).
https://www.kitploit.com/2021/01/maskphish-give-mask-to-phishing-url.html
KitPloit - PenTest & Hacking Tools
MaskPhish - Give A Mask To Phishing URL
■■□□□ RCE by exploiting variable check feature.
https://www.shawarkhan.com/2021/01/achieve-remote-code-execution-by.html
https://www.shawarkhan.com/2021/01/achieve-remote-code-execution-by.html
■■■□□ #DataLeak: 🇮🇳 Juspay, the Payment Platform of Leading Online Merchants Amazon and Swiggy Suffers Data Breach.
https://www.ehackingnews.com/2021/01/juspay-payment-platform-of-leading.html
https://www.ehackingnews.com/2021/01/juspay-payment-platform-of-leading.html
■□□□□ 🇺🇸 #Disinformation through cyber mechanisms took life of a woman. Not an isolated event.
https://edition.cnn.com/2021/01/06/politics/us-capitol-lockdown/index.html
https://edition.cnn.com/2021/01/06/politics/us-capitol-lockdown/index.html
CNN
US Capitol secured, 4 dead after rioters stormed the halls of Congress to block Biden’s win | CNN Politics
The US Capitol is once again secured but four people are dead – including one woman who was shot – after supporters of President Donald Trump breached one of the most iconic American buildings, engulfing the nation’s capital in chaos after Trump urged his…
■■□□□ #DataLeak: Nissan Source Code Leaked via Misconfigured Git Server.
https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/
https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/
ZDNET
Nissan source code leaked online after Git repo misconfiguration
Nissan was allegedly running a Bitbucket Git server with the default credentials of admin/admin.
■□□□□ #CyberCrime: Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a nude video of the outgoing POTUS, researchers report.
https://threatpost.com/trump-sex-tape-rat/162810/
https://threatpost.com/trump-sex-tape-rat/162810/
Threat Post
It’s Not the Trump Sex Tape, It’s a RAT
Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.
■■■■□ Hack-Tools 🔧 v0.3.0 - The All-In-One Red Team Extension For Web Pentester.
https://github.com/LasCC/Hack-Tools
https://www.kitploit.com/2021/01/hack-tools-v030-all-in-one-red-team.html
https://github.com/LasCC/Hack-Tools
https://www.kitploit.com/2021/01/hack-tools-v030-all-in-one-red-team.html
GitHub
GitHub - LasCC/HackTools: The all-in-one browser extension for offensive security professionals 🛠
The all-in-one browser extension for offensive security professionals 🛠 - LasCC/HackTools
cKure
■□□□□ Hacker-slammed SolarWinds sued by angry shareholders. https://go.theregister.com/feed/www.theregister.com/2021/01/05/solarwinds_sued/
■■■□□ #DataLeak: #UnitedStates 🇺🇸 DoJ reports of breach in email 📧 systems amid SolarWinds scandal.
https://amp.theguardian.com/technology/2021/jan/06/doj-email-systems-solarwinds-hackers
https://amp.theguardian.com/technology/2021/jan/06/doj-email-systems-solarwinds-hackers
the Guardian
DoJ confirms email accounts breached by SolarWinds hackers
Department declines to say how many mailboxes targeted but says hackers ‘likely Russian in origin’