SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.
[vc_row][vc_column][vc_column_text]Erebus ransomware is a Linux ransomware and like any other ransomware, it aims to encrypt as many files as possible and demand ransom in exchange for a decryption key. Initially, Erebus ransomware used hacked websites in South Korea as its Command and Control (C2) servers. The updated versions of the Erebus Linux ransomware were able…
Mozilla patched two critical zero-days in Firefox 74.0.1. The vulnerabilities were exploited in the wild through targeted attacks. Mozilla is now urging users to update their Firefox browsers to fix the two bugs. The two vulnerabilities, tracked as CVE-2020-6819 and CVE-2020-6820, are both use-after-free. Use-after-free flaws are a type of memory corruption that could lead…
“wininit.exe” stands for Windows Initialization. This process is an essential part of the Windows OS and it runs in the background. “wininit.exe” is responsible for launching the Windows Initialization process. In this new series, we analyze Windows processes and provide threat hunting tips. This process’s primary function is launching the majority of the background applications that are…
[vc_row][vc_column][vc_column_text]Watch out for screensavers; they could contain malicious files. Attackers can use malicious screensaver files to save their access on the systems; screensavers are programs that execute after a configurable time of user inactivity and consist of Portable Executable (PE) files with a .scr file extension. With this free sigma rule you can detect executed…
A new Windows malware dubbed “Coronavirus” is exploiting the Covid-19 pandemic to make disks unusable by overwriting the master boot record (MBR). The MBR is a boot sector that holds information on how the hard drive is partitioned and how to load the operating system. According to the malware analysis the SonicWall Capture Labs Threat…
WordPress security plugin, Wordfence, discovered two high severity vulnerabilities in the WordPress SEO Plugin – Rank Math. The vulnerabilities, if exploited, allow unauthorized attackers to grant or revoke administrative privileges or lock admins out. The privilege escalation vulnerability in the WordPress SEO plugin, Rank Math, allows attackers to grant administrative access to any registered user…
Researchers at Guardicore Labs discovered a crypto-mining botnet, dubbed Vollgar, that is targeting MSSQL databases since May 2018. The malware botnet is used to launch brute-force attacks against Microsoft SQL (MSSQL) databases to take over servers and install mining scripts on the underlying operating system. “Dating back to May 2018, the campaign uses password brute…
Zoom is a videoconferencing software that has had an increase in popularity since the COVID-19 outbreak started. It has over 74,000 customers and 13 million monthly active users. The software company provides its customers with a cloud-based communication platform that offers chat, audio and video conferencing, online meetings via mobile, desktop, and telephone systems. Although…
“winlogon.exe” is a critical component of the Windows OS and it runs in the background. In this new series, we analyze Windows processes and provide threat hunting tips. “winlogon.exe” is responsible for a variety of critical tasks. The most important ones include: Loading the user profile when users sign in. Secure Attention Sequence (SAS): SAS is a…
Marriott International disclosed that the personal information of 5.2 million guests was affected by a data breach that started in mid-January 2020. At the end of February 2020, Multinational hotel chain Marriott detected that the personal information of approximately 5.2 million guests may have been leaked through the third-party application they use to provide guest…