SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.
The System process manages the system memory and compressed memory in the NT kernel. The original file name is C:\Windows\System32\ntoskrnl.exe. The System process is a single thread running on each processor. It is also the host of all kinds of device drivers such as USB, Touchpad, Ports, Audio, Network, etc. In this new series, we…
Experts found a new strain of Android malware in the wild that steals users’ authentication cookies from Facebook accounts. Security experts from Kaspersky discovered the Android Trojan. They revealed that the Cookiethief malware uses a combination of exploits to gain root access on infected devices and hijack Facebook accounts and dubbed it as Cookiethief. “We…
The Turla Group developed and used the PNG Dropper malware. It was first discovered back in August 2017 by Carbon Black researchers. Back in 2017 it was being used to distribute Snake, but recently NCC Group researchers have uncovered samples with a new payload that they have internally named RegRunnerSvc. This method detects malicious services…
WordPress security plugin, Wordfence, released security patches for the vulnerable ThemeREX Addons plugin; they previously released a firewall rule for the Wordfence Premium users. Wordfence published a list of all affected ThemeREX themes and their patched versions, along with the vulnerable versions of the ThemeREX Addons plugin and the corresponding newly patched versions. ThemeREX Creates…
Shortly after releasing its monthly security update, Microsoft separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Microsoft Server Message Block (SMB) protocol. The issue, tracked as CVE-2020-0796, is pre- remote code execution vulnerability that resides in the Server Message Block 3.0 (SMBv3) network communication protocol. Microsoft did…
After spammers targeted users with phishing emails abusing the Coronavirus pandemic, cybercriminals are now using other methods to exploit every chance to prey on internet users and infect users with malware. Several organizations have made dashboards (coronavirus maps) to keep track of COVID-19. But now, hackers have found a way to use these dashboards to…
Microsoft has released today its monthly roll-up of security updates known as Patch Tuesday. This month, the update fixes a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software, marking March 2020 edition as the biggest ever in the company’s history. Of these vulnerabilities, 24 are classified…
The latest discoveries reveal that there is a major issue with the Google Authenticator app that could cause serious security problems. Nightwatch Cybersecurity discovered that any rogue app can screen capture the Google Authenticator’s OTP codes as they are shown on the device screen. If you have the app on your phone you can open it right…
Multiple state-sponsored hacking groups are exploiting a vulnerability in Microsoft Exchange email Servers that the company patched in February. The exploitation attempts were first spotted by UK cyber-security firm Volexity on Friday. Volexity confirmed that exploitation of this security flaw began in late February, with several organizations already having their networks compromised after state-backed advanced persistent…
A zero-day vulnerability is discovered in Zoho ManageEngine Desktop Central endpoint which could cause serious damage to customers if exploited. web-based office suite and SaaS provider, Zoho, was revealed to contain a zero-day vulnerability in the ManageEngine Desktop Central endpoint. ManageEngine Desktop Central endpoint is an endpoint management tool that helps managed service providers (MSPs)…