Cisco Talos has detected and published a series of malicious campaigns recently along with many other security researchers that are continuously targeting the aviation industry. This campaign is continuously targeting the aerospace and travel sectors along with spear-phishing emails that spread an actively exploited loader, and later it also delivers RevengeRAT or AsyncRAT. The threat […]
Fortinet VPN users are urged to reset their passwords as the company has acknowledged the data to be legitimate. Popular network security solutions provider, Fortinet, has confirmed that a cybercriminal gang managed to gain unauthorized access to VPN login IDs and passwords linked with 87,000 FortiGate SSL-VPN devices. Hackread.com can confirm the gang has dumped […]
The total amount of data collected by the malware includes nearly 26 million login credentials holding 1.1 million unique email addresses, 2 billion+ cookies and 6.6 million files. In recent news, a malware study performed by NordLocker, a subsidiary of NordVPN, along with a third-party company that specialises in data breach analysis, revealed that a […]
A hacking group exposed around 500,000 Fortinet VPN service usernames and passwords allegedly obtained from vulnerable devices via exploiting a dangerous vulnerability. Although the hackers mention that the flaw has already been addressed, they assure that many of the compromised credentials are still active. If you have Fortinet VPN, please go force reset all your […]
The cybersecurity researchers of the Qihoo 360 NETLAB team have recently uncovered a new Linux backdoor, that has been dubbed as, “Facefish.” Experts have claimed that this new backdoor has the ability to steal user device information, login credentials, and even it can also execute arbitrary commands on the infected Linux systems. By abusing this […]
A new banking trojan has been discovered recently by the security experts at Kaspersky, and it has been dubbed as “Bizarro,” and this new trojan steals credentials from customers of 70 banks in Europe and South America. Bizarro is a family of Trojans that is originating in Brazil, and it has already attacked banking entities […]
Security incidents sometimes transcend affected organizations, reaching levels of impact that IT security teams cannot foresee. This is the case with the data breach in BigBasket, which resulted in the leaking of sensitive information belonging to Flipkart users nearly seven months after the initial incident. As some users will remember, BigBasket suffered a data breach […]
Cybersecurity researchers on Monday disclosed a new Android trojan that hijacks users’ credentials and SMS messages to facilitate fraudulent activities against banks in Spain, Germany, Italy, Belgium, and the Netherlands. Called “TeaBot” (or Anatsa), the malware is said to be in its early stages of development, with malicious attacks targeting financial apps commencing in late […]
A tool to hunt for credentials in the GitHub wild AKA git*hunt Getting started Install the tool Configure your GitHub token Search for credentials See results cat results.json | jq Installation requirements: virtualenv, python3 git clone https://github.com/d1vious/git-wild-hunt && cd git-wild-hunt clone project and cd into the project dir pip install virtualenv && virtualenv -p […]
A recent security report mentions that a dark web leak containing access keys has been published to more than 1.3 million Windows Remote Desktop servers. This is a clear indication of the scope of cybercrime and could even be binding on other incidents of which cybersecurity community knows little. It’s not all bad news, as […]
VMware security teams announced the release of some security patches to fix a severe flaw in vRealize Operations whose exploit would allow threat actors to steal administrator credentials on vulnerable servers. It should be remembered that vRealize Operations is an IT operations management platform, powered by artificial intelligence for private, hybrid, and cloud environments. The […]
Tel Aviv-based threat intelligence firm Kela has warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials and a million compromised internal accounts on the dark web. With the rise of gamers and purchases, the online gaming industry is estimated to reach $196 billion in revenue by 2022. On the other hand, the […]
It’s hardly fun and games for top gaming companies and their customers as half a million employee credentials turn up for sale on the dark web
Researchers discovered a new wave of FTCODE ransomware campaign that steal browsers login credentials and Encrypt files in Windows systems. FTCODE ransomware was first observed in 2013, it uses the Windows PowerShell program to perform file encryption. The ransomware resurfaced again starting from last year September, according to Certego analysis of the FTCODE ransomware, it […]
EyeWitness is designed to take screenshots of websites provide some server header info, and identify default credentials if known.EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or […]
Many studies and investigations have been conducted into the number of stolen credentials on the dark web. Nonetheless, a new report recently issued is a little different: it relies on credentials from international Fortune 500 companies and uses machine learning (ML) approaches to clean and validate the information gathered. The findings are more alarming than […]
The top 5 passwords used by the Technology industry among Fortune 500 Companies were “passw0rd,” and “abc123.” The dark web is one of those places that is either underestimated or highly exaggerated by many but when it comes to hackers and cybercriminals dark web marketplaces are a safe haven. Recently, ImmuniWeb, an IT security company […]
Leading Anti-Virus software maker Avast hacked by unknown cyber-espionage groups using compromised credentials and gained the internal network access over their own VPN in earlier March 2019. Avast is one of the well-known cybersecurity company that making various internet security software including Anti-virus, VPN, Endpoint Security, content filtering software for Microsoft Windows, macOS, Android, and iOS. Experts from Avast […]
Security researchers disclosed a new unauthenticated command injection vulnerability in some of the D-link routers. The vulnerability can be tracked as CVE-2019-16920 and rated as critical. Successful exploitation of the vulnerability results in Remote Code Execution, an attacker can trigger the vulnerability remotely to access the router login page without authentication. D-link Routers Affected The […]
A severe incident has been confirmed by IT system audit specialists. Scotiabank has mistakenly leaked some of its internal source code as well as confidential login credentials for its back-end systems. The bank’s security teams have spent the last twelve hours deleting repositories on GitHub that stored sensitive information, which were available to any user […]
Researchers discovered an open-source spyware AhMyth associated with Google play store app called RB Music to intrude the Android users device to steal various sensitive information. RB Music also know as Radio Balouch, a malicious streaming radio based Android app appeared in Google play store borrowed malicious features and functionality from AhMyth to infect the Android users […]