SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.
PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language. In many attacks office binaries may execute powershell.exe to perform malicious activities. With this free Sigma rule you can detect these behaviors. title: Detect powershell executed by office binaries description: office binaries may execute powershell.exe…
“lsm.exe” is the Local Session Manager Service in the Windows OS. This process handles all the connections related to the terminal server on the hosted machine. “lsm.exe” is a core Windows process. In this new series, we analyze Windows processes and provide threat hunting tips. Image Path: %SystemRoot%\System32\lsm.exe Parent Process: wininit.exe Number of Instances: One User…
Canonical has released the latest version of its Ubuntu Linux, one of the most popular Linux distributions; which offers several exciting new features designed to improve performance and security; including a built-in VPN, support for ExFat and ZFS, and more. Ubuntu 20.04 “Focal Fossa” is now available for download. Ubuntu 20.04 LTS is a long-term…
101 malicious apps, for a combined 69 million installs, are reportedly committing fraudulent activities. The apps are developed by a total of 27 developers which are believed to be connected. According to the report published by the Cybernews, these apps are asking for an immense amount of unnecessary, dangerous permissions that could put users’ safety in danger.…
Researchers discovered a new phishing campaign targeting Skype users and stealing their passwords. With the COVID-19 pandemic going on, people are now urged to keep their communications via online applications resulting in a surge in popularity of video chatting apps such as Zoom, Skype and Webex. Skype users are being the target of a Skype…
A week after the April 2020 Patch Tuesday, Microsoft released an out-of-band security update that fixes remote code execution vulnerabilities in Office, Office 365 ProPlus, and Paint 3D. The applications are affected by multiple Autodesk vulnerabilities that, if exploited, could enable remote code execution. The newly disclosed bugs stem from the Autodesk’s library for the FBX…
According to cybersecurity researchers at ZecOps, the mailing app on iPod and iPhone is vulnerable to two critical Apple iOS zero-days security vulnerabilities. The two zero-day vulnerabilities have been exploited in a series of attacks that targeted iOS users since at least January 2018. Remote attackers could secretly take over iOS devices just by sending…
PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language. Adversaries may use PowerShell to perform malicious activities. There are a lot of detection strategies to find malicious PowerShell activities. PowerShell’s capabilities allow you to simplify and automate tedious and repetitive tasks by creating scripts…
A cybersecurity researcher disclosed four zero-day vulnerabilities in IBM’s enterprise security software after the company refused to fix the issues and acknowledge the private disclosure report. The vulnerabilities affect the IBM Data Risk Manager software ― a tool that provides companies with “a business-consumable data risk control center that helps to uncover, analyze, and visualize data-related business…
The APT34 MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including targets in India and the USA. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor we call “POWERSTATS”. Despite broad scrutiny and reports on MuddyWater attacks, the…