Google Launches GUAC Open Source Project to Secure Software Supply Chain

Google on Thursday announced that it's seeking contributors to a new open-source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain. read more

19-Year-Old Hacker Arrested for Using Leaked Optus Breach Data in SMS Scam

 The Australian Federal Police (AFP) has arrested a 19-year-old teen from Sydney for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. read more

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. read more

Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control (C2) framework in their intrusion campaigns as a replacement for Cobalt Strike. read more

DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities

The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. read more

Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default

With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their tactics, techniques, and procedures (TTPs). read more

Cybercriminals Developing BugDrop Malware to Bypass Android Security Features

 In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development.

"This new malware tries to abuse devices using a novel technique, not seen before in Android malware, to spread the extremely dangerous Xenomorph banking trojan, allowing criminals to perform On-Device Fraud on victim's devices," ThreatFabric's Han Sahin said in a statement. Dubbed BugDrop by the Dutch security firm, the dropper app is explicitly designed to defeat new features introduced in the upcoming version of Android that aim to make it difficult for malware to request Accessibility Services privileges from victims. read more

Findmyhash

 Written in Python, findmyhash is a free open-source tool that helps to crack passwords using free online services.

It works with the following algorithms: read more

THC Hydra

THC Hydra is a free hacking tool licensed under AGPL v3.0, widely used by those who need to brute force crack remote authentication services. read more

Kismet Wireless

Kismet Wireless is a multi-platform free Wireless LAN analyzer, sniffer, and IDS (intrusion detection system). read more

Sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting to data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections.read more

Wireshark

What Is Wireshark?

Wireshark is a network protocol analyzer, or an application that captures packets from a network connection, such as from your computer to your home office or the internet. Packet is the name given to a discrete unit of data in a typical Ethernet network.read more

Lynis

Lynis is an open-source security auditing tool for UNIX derivatives like Linux, Mac OS, BSD, other Unix-based operating systems, etc. Performing extensive health scans of systems that support System Hardening and Compliance Testing. An open-source software with GPL License. This tool scans for general system information, vulnerable software packages, and configuration issues. It is helpful for System Administrators, Auditors, and Security Professionals. read more

Nmap

What is Nmap

Nmap, short for Network Mapper, is a free and open source tool used for vulnerability checking, port scanning, and network mapping. Despite being created in 1997, Nmap remains the gold standard against which all other similar tools, either commercial or open source, is judged. read more

Hacktivism

 What is hacktivism?

Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. Individuals who perform hacktivism are known as hacktivists. Hacktivism is meant to call the public's attention to something the hacktivist believes is an important issue or cause, such as freedom of information, human rights, or a religious point of view. read more

Phreaker

Phreaking is a slang term for hacking into secure telecommunication networks. The term phreaking originally referred to exploring and exploiting the phone networks by mimicking dialing tones to trigger the automatic switches using whistles or custom blue boxes designed for that purpose.read more

Gray Hat Hacker

 A grey hat programmer (additionally spelled grey hat programmer) is somebody who might abuse moral norms or standards, however without the malignant purpose attributed to dark cap programmers.

Grey hat programmers might participate in rehearses that appear to be not exactly totally above board, yet are frequently working for the benefit of everyone. Grey hat programmers address the center ground between white cap programmers, who work for the benefit of those keeping up with secure frameworks, and dark cap programmers who act vindictively to abuse weaknesses in frameworks. more read

Cracker vs Hacker

Computer cracker A computer cracker is an outdated term to describe someone who broke into computer systems, bypassed passwords or licenses in computer programs, or intentionally breached computer security. Computer crackers were motivated by malicious intent, for-profit, or just because the challenge was there.

read more

Script Kiddie

 What is a Script Kiddie?

A script kiddie, or skid, is a term that describes a young hacker who has much to learn yet acts as if he or she knows everything. Most of them are teenagers who are in it for fun and treat hacking as a game. Mostly they hack for bragging rights. They also don’t make a real effort to improve their hacking skills. Most don’t even know how to write a hacking program or ‘script’ and are content to pirate those made by others. This lack of skills often leads to their arrest because they leave a trail that’s easy for investigators to track down.read more

Security Analyst

What is a security analyst?

Security analysts can work across the spectrum of computer and information networks. From corporate databases to banking networks and from office networks to military intelligence, security analysts can be found anywhere that large amounts of information are being stored, shared, or used by a computer. A well-trained security analyst will probably have an advanced understanding of both hardware and software, and how data is stored and managed.read more