Anubis banking malware re-emerges again and the threat actors distributing the malware on Google Play store apps to stealing login credentials to banking apps, e-wallets, and payment cards. Hackers always finding new ways to bypass the Google play store security and distributing malware via Android apps that will act as the first step in an infection […]
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. These tools are designed to help pentesters/redteamers doing OSINT, credentials gathering and credentials stuffing attacks. Installation First things first : have a working mongodb server. Then : git clone -b mongodb https://github.com/Acceis/leakScraper cd leakScraper sudo ./leakScraper/install.sh It will install […]
Recently we saw an attempt to hide a back door in a code library, and today there is a new case. This time, information security experts found the backdoor in a Python module. In the SSH Decorator module (ssh-decorate), created by the Israeli developer Uri Goren, which is a library for handling SSH connections from the Python […]
Security firm Trend Micro’s researchers have identified a malicious Chrome extension that can hijack Bitcoin transactions before getting detected. The extension utilizes an already discovered malware called FacexWorm. The malware was firstly identified in August 2017 and it re-emerged earlier in April 2018. The attack involves propagation of infected Facebook Messenger messages while the attack […]
Earlier this month, the security researchers at the firm TrendMicro spotted a new campaign related to FacexWorm that first surfaced last year. It targets Facebook users by sending them spam links in Facebook Messenger and leads them into installing a codec Chrome extension (hiding FacexWorm) through a YouTube-themed webpage. The extension comes with a host of capabilities. […]
Information security researchers have spotted a new information stealer that collects Chrome login data from infected victims, along with session cookies, and appears to be looking for Facebook details in particular, according to a Radware threat alert the company shared with this reporter. The new trojan, named Stresspaint, has been found hidden inside a free […]
There’s hardly a day that goes by that you don’t hear about an organization who has suffered a security breach, compromised credentials, and an attacker has accessed their sensitive information. Targeted attacks are becoming more frequent, and more successful, and this poses a serious challenge for security administrators everywhere. With 81% of breaches leveraging either […]
The bug would allow attackers to steal Windows credentials literally without any difficulty. A critical Outlook bug that was identified over a year back has been fixed by Microsoft now. It was found to be capable of leaking password hashes when a user previews an RTF (rich text format) email containing remotely hosted OLE objects. […]
Attackers distributing FlawedAmmyy remote control rat trojan payloads through threat actor TA505 which is well known for distributing massive spam campaigns like Dridex banking Trojan, Locky ransomware, and Jaff ransomware. The massive email campaign is on March 5 and 6, 2018 that contains zipped Url attachments that downloads and executes the javascript from attackers server. […]
A New Android Malware GhostTeam found in Google PlayStore that is capable of stealing Facebook credentials and also it used some social engineering technique to trick victims to download the malicious applications. Around 53 Malicious apps are discovered and most of the apps are Displaying malicious ads that contain a link to download aditional malicious apps […]
Millions of people have become victims of a FakeApp that is using new tricks to cheat Uber users around the world. Security researchers from Symantec corporation have found parts of a new Android malware that is trying to steal passwords, credit card details and phone password of uber users before covering up its own tracks. […]
Security researchers from Rhino Labs (a US-based cyber-security firm) have found that cyber criminals can use a Microsoft Word feature dubbed subDoc to fool Windows machines into handing over their NTLM hashes, which is the usual format in which user account credentials are saved. subDoc feature was created to load a document into the body of a […]
In a Dark Web marketplace, one can buy anything from illegal drugs to weapons, fake documents to malicious software and even stolen databases, etc. Although after the shut down of Hansa and AlphaBay marketplace, buying and selling have slowed down. It does not, however, mean it has been fully curbed. Recently, a dark web monitoring firm 4iQ discovered a […]
Netflix is home to more than 100 million users from around the world and since it is a paid service the chances of online threats against the service are higher than usual. Recently, HackRead detected a phishing scam that targets personal and financial data of Netflix users in the name of updating their payment method. Although there […]
DroidSniff is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts. DroidSniff was developed as a tool for testing the security of your accounts. This software is neither made for using it in public networks, nor for hijacking any other persons account. It should only demonstrate the […]
Attackers scanned for the entire IPv4 range and look for Ethereum miners with open SSH connections. Hackers target Ethereum-mining farms in the attempt to hijack the funds by replacing the user’s wallet with their one. The attacks were first spotted on Monday, threat actors attempted to change the default configuration of Ethereum miners. “Illicit digital currency mining, either directly […]
The trend of spreading adware, banking Trojans and malicious malware through compromised or fake browser extensions seems to be increasing. Lately, there have been quite a few incidents where malicious extensions were used to spread malware. Cybercriminals are not leaving any stone unturned into hijacking add-ons from popular browsers such as Google Chrome to fulfill […]
Microsoft fixed a vulnerability that could allow hackers to steal Windows login credentials without any user interaction. Microsoft fixed a serious vulnerability that could allow attackers to steal Windows NTLM password hashes without any user interaction. The tech giant patched the issues only for recent versions Windows (Windows 10 and Server 2016), to trigger the flaw […]
The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software. Usage Launch […]
Researchers at RIPS Technologies discovered a login page vulnerability affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. Experts at RIPS Technologies discovered a login page flaw affecting Joomla versions between 1.5 and 3.7.5 that exposes admin credentials. The flaw affects Joomla installs when using Lightweight Directory Access Protocol (LDAP) authentication. Joomla implements LDAP access via TCP/IP […]
Nowadays Linkedin is suffering by many Social Engineering attack that is used to harvesting the user Credentials and Linkedin is widely used Professional Network which is always Big Fish For hackers to Target and Stealing the users account and other information. A New Phishing Attack Targeting Linkedin users that spreading via Compromised Linkedin Accounts to […]