SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.
An ongoing ransomware campaign is using malicious emails camouflaged as secret love letters to deliver the Nemty ransomware. In this campaign, the threat actors use various subject lines to make it look like it is sent from someone the targeted victim knows. They also use a love letter template and statements such as “Letter for…
A new report by RiskIQ published numbers for the most prolific app stores of Dangerous Mobile App in 2019. With Apple App Store’s strict vulnerability assessments and Google Play’s improvement in security control, threat actors are shifting to other mobile stores to market their malicious apps; they can also make their apps available across the…
Following a series of incidents in which diverse forms of online backup were encrypted in ransomware attacks, The National Cyber Security Centre (NCSC) has instructed businesses to make sure that they keep backups offline. The NCSC stated in its updated guidance that it has seen numerous incidents where ransomware not only encrypted the original data on-disk but…
Dynamic-link libraries (DLLs) that are specified in the AppInit_DLLs value in the Registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Windows or HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows are loaded by user32.dll into every process that loads user32.dll With this sigma rule you can detect these behaviors: title: Abusing Applint DLLs Registry Path description: DLLs values in Applint registry values will be loaded by user32.dll…
Clearview claims to have scraped more than three billion images from websites and social media platforms into a database that police can use to match with photos of suspects. “Clearview’s app is NOT available to the public,” Clearview says on its website. “While many people have advised us that a public version would be more profitable, we…
A new vulnerability dubbed Ghostcat is affecting Apache Tomcat AJP Protocol. The vulnerability can read configuration and source code files. The vulnerability dubbed as Ghostcat was discovered by the Chinese cybersecurity company, Chaitin Tech. Ghostcat is capable of reading configuration and source code files to a Tomcat server; it is also capable of installing backdoors…
Cisco has issued security patches for vulnerabilities in its products, eight of which considered having a potentially high impact and the remainder rated medium. The vulnerabilities exist in Cisco products, including the Unified Computing System (UCS) software, Firepower firewall (FXOS), and the Nexus switch operating system (NX-OS) software. “All six vulnerabilities have a Security Impact Rating (SIR)…
“Cerberus” Android banking Trojan is now able to steal and exploit Google Authenticator’s one-time passcodes (OTP); these codes are generated for two-factor authentication (2FA) of many accounts. Google Authenticator app was launched in 2010 as the more secure alternative for SMS Authentication codes. The app works by providing six to eight-digits unique codes that users…
The number of stalkerware attacks increased by half, rising from 40,386 in 2018, to 67,500 in December 2019, according to Kaspersky “Mobile malware evolution 2019” report. Stalkerware apps, mostly free, could be downloaded from Google play but Google decided to remove apps with stalking features at the end of 2018, however, the numbers still increased…
DoppelPaymer-operatörerna har lanserat webbplatsen “Dopple” för att läcka stulen information om offren som vägrar att betala en lösesumma. Operatörerna säger att de har skapat den här webbplatsen för att hota offren. Om de vägrar att betala kommer information såsom namn och viktiga företagsdata att läcka ut på webbplatsen. Operatörerna hävdar att webbplatsen för närvarande är…