SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.
Mozilla has removed four extensions made by Avast and AVG from the Firefox addon site. This happened on December 3rd after receiving credible reports that the extensions were harvesting user data and browsing histories. The four extensions are: Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice The first two are extensions that alert…
Millions of SMS messages have been leaked by a database run by TrueDialog Based in Austin, Texas, TrueDialog provides bulk SMS services for small businesses, colleges and universities, which means that the majority of the messages were business-related, researchers said. Researchers at vpnMentor found the database on Microsoft’s Azure cloud platform on 26 November 2019.…
Installation phase in cyber kill chain The fifth chain of the cyber kill chain is Installation that is introduced by Lockheed Martin. During the installation step, attackers attempt to achieve persistence on the target machine and try to make a C&C channel for the exfiltration and controlling of the data from the target. Persistence is…
Kali Linux is an operating system popular among hackers, penetration testers, and cybersecurity researchers. It’s more of a hacking tool than just an OS. The older versions had certain performance issues resulting in fractured user experience. On the 26th of November, however, Offensive Security released a new and final version of Kali Linux for 2019.…
Malicious SDK could be created to scrape and share profile information, email addresses and more. Twitter and Facebook have warned of some software development kits (SDKs) that allowed app makers to access and collect user data without authorization. On Monday, November 25th, Twitter announced that they had received a report about an SDK made by…
Chinese Smartphone maker OnePlus has suffered a second security breach since January 2018. A third-party has gained access to some of oneplus’s customers’ order information without authorization. The exposed information included details like customer names, contact numbers, emails, and shipping addresses. According to the company, the breach did not affect all customers and the exposure…
Enterprise Objectives for Threat Intelligence Programs Many organizations use threat intelligence to improve, implement, and manage various vital areas. Corporations use threat intelligence to enhance their network security, incident response, and risk management and to prevent their IT assets from emerging threats. Whenever cyber security programs consist of threat intelligence, It can better improve and…
The characteristics of CTI: Collects data from multiple sources such as open-source and industrial data feeds, and internal and external sources. Creates customized and prioritized alerts based on the IT infrastructure of the organization. Helps in identifying initial Indicators of Compromise (loCs) and bit by bit pivots on to spot connected indicators and artifacts to assess the likelihood of an attack. provides an ability to…
The Apple Mail app on macOS stores encrypted emails in plaintext inside a database called snippets.db. The emails are supposed to be protected with encryption as readable files. Bob Gendler, an Apple IT specialist, discovered the issue while he was investigating how macOS and Siri suggest contacts and information to the user earlier this year.…
The new MegaCortex ransomware not only encrypts files but now changes the logged-in user’s password and threatens to publish the victim’s files if they do not pay the ransom. MegaCortex is a targeted ransomware installed through network access provided by Trojans. Once the MegaCortex actors gain access, they then push the ransomware out to machines…