Email-based cyber attacks have become common these days. I am not the only one receiving emails saying that the file in the attachment contains data that I might be interested in knowing. Social engineering has become one of the major tools attackers use to lure targets into opening links or attachments. A report by Proofpoint […]
A Vulnerability resides in the Exim mail server allows both local and remote attacker to execute the arbitrary code and exploit the system to gain root access. Exim is a mail transfer agent (MTA) developed by the University of Cambridge as an open-source project and is responsible for receiving, routing and delivering e-mail messages used on Unix-like operating systems. […]
A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches […]
Researchers discovered an advanced SMS phishing attack on some of the targeted Android phone’s that allows a remote attacker to trick victims in accepting the new settings and control the browser home page, Email server over the air. There are certain Android smartphone model vulnerable for this SMS phishing attack that including Samsung, Huawei, LG, […]
Imperva, one of the leading cyber-security firm disclosed a data breach that impacts the customers’ data of Cloud Web Application Firewall (WAF). According to the blog post published by Imperva CEO Chris Hylen, “elements of our Incapsula customer database through September 15, 2017, were exposed”. The company learned the data exposure on August 20, 2019, […]
email2phonenumber is an OSINT tool that allows you to obtain a target’s phone number just by having his email address. This tool helps automate discovering someone’s phone number by abusing password reset design weaknesses and publicly available data. It supports 3 main functions: “scrape” – scrapes websites for phone number digits by initiating password reset […]
Buster is an advanced OSINT tool used to: Get social accounts from various sources(gravatar,about.me,myspace,skype,github,linkedin,previous breaches) Get links to where the email was found using google,twitter,darksearch and paste sites Get breaches of an email Get domains registered with an email (reverse whois) Generate possible emails and usernames of a person Find the email of a social […]
Millions of messages get sent over the internet daily. Many of these messages are casual conversations between friends. But some contain sensitive information that is then sent through unsecured, not encrypted email. When cyber attackers intercept an unsecured email that contains sensitive information about a person or a company, this can be used for blackmail […]
Last Valentines day, we made a fearless declaration here in Hackercombat.com, that Trickbot is shaping itself of becoming the “malware of the year”, due to its massive campaigns of infecting computers worldwide. That will remain as our forecast; Trickbot was recently named by the DeepInstinct security researchers as responsible for the compromise of at least […]
Web application security experts claim that a group of government-sponsored hackers broke into the computer systems of ICS-Forth, the organization responsible for managing domain codes in Greece. The Institute of Computer Science from the Foundation for Research and Technology (ICS-Forth) acknowledged the security incident, notifying .gr and .el web domain owners via email. The hacker […]
Threat actors from TA5O5 APT groups distribute malicious spam email campaigns with a new set of malware tools via attached malicious word and excel documents. TA505 hacking group believed to reside in Russia and the threat actors from this group involved in various high profile cyber attacks including infamous Dridex, Locky ransomware, ServHelper malware, FlawedAmmyy, […]
Specialists in ethical hacking from the cybersecurity firm Kaspersky reported the discovery of a new ransomware variant much more dangerous than encryption malware conventionally used by threat actors. This new malware, known as Sodin, exploits a zero-day flaw in the Windows operating system tracked as CVE-2018-8453; in other words, the targeted user doesn’t even have […]
Ever since email came into existence in the 1990s and the high level of awareness of the risks involved, 94% of the organizations surveyed said that it was still a major vulnerability. At the same time, email threats are expected to increase in the coming year, according to 87% of the 280 decision-makers in Europe, […]
Experts in system audits mention that two major PGP project contributors have been victims of multiple attacks by unidentified hackers that have managed to infect the certificates used by the SKS key server network. PGP is a variant of encryption software used to ensure email communication between intelligence agencies. Robert Hansen and Saniel Kahn, two […]
Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Video Demo Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget http://download.redis.io/redis-stable.tar.gz tar xvzf redis-stable.tar.gz cd redis-stable make sudo make install And turn on the server in a terminal redis-server Python […]
Infamous Chinese APT 10 hackers compromised over 10 Telecom networks around the world under the campaign called Operation Soft Cell and stealing various sensitive data including call records, PII, and attempting to steal all data stored in the active directory. APT 10 Threat actors known as one of the sophisticated hacking group in the world and […]
Give an email address or username, socialscan returns whether it is available, taken or invalid on online platforms. Its speed also makes it suitable for bulk queries involving hundreds of usernames and email addresses. The following platforms are currently supported: Username Email Instagram ✔️ ✔️ Twitter ✔️ ✔️ GitHub ✔️ ✔️ Tumblr ✔️ ✔️ Lastfm […]
Facebook’s fate now involves controversies that have ignited after the Cambridge Analytica fiasco. Following all the data-breach issues, Facebook could now land up in a new one — courtesy — Mark Zuckerberg’s old emails. According to a report by The Wall Street Journal, Facebook’s employees (close to the matter) have found old emails that suggest […]
Microsoft warns users about an ongoing email spam campaign that abuses an Office vulnerability and seems to target European users. The malware, it is reported, is spread through infected RTF documents attached to emails. ZDNet reports, “Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails […]
Research company Qualys has discovered a new RCE vulnerability, which is said to affect half of the email servers on the Internet. Although RCE vulnerability is usually understood as “Remote code execution”, there is an expression “Execution by the remote command”, and, as its nature implies, a new vulnerability allows a local or remote attacker to […]
An investigation of the web application security specialists from the firm Qualys has revealed that more than half of the email servers are affected by a critical remote command execution (RCE) vulnerability. Experts report that this flaw affects the Mail Transfer Agent (MTA) known as Exim, software that runs the email servers to relay emails […]