WikiLeaks released documents detailing the Cherry Blossom framework which is being used by the CIA cyber spies to hack into Wi-Fi devices. WikiLeaks released a new batch of documents belonging to the Vault 7 leak, the files provide details related to the Cherry Blossom framework which is being used by the CIA cyber spies to hack into Wi-Fi devices. The frame

Microsoft released the June 2017 Patch Tuesday to address more than 90 security flaws, including two critical RCE that have been exploited in attacks. Microsoft released June Patch Tuesday updates that address more than 90 vulnerabilities, including two critical remote code execution (RCE) vulnerabilities that have been exploited in attacks. The first vulner

Shadow Brokers is going to launch a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month. A couple of weeks ago, while security experts were debating about WannaCry ransomware and the NSA exploits it used, the Shadow Brokers group revealed its plan to sell off new exploits every month starting from June. Shado

The telco giant Bell Canada was the victim of a security breach that exposed roughly two million customer account details. The long string of data breach continues, while I’m writing about the intrusion in the systems of the technology provider DocuSign, another incident made the headlines, this time the victim is Bell Canada. The company admitted on T

Locked Shields is the world’s largest and most advanced international technical live-fire cyber defence exercise organized by the NATO since 2010. Locked Shields is the world’s largest and most sophisticated international cyber defence exercise. It is an annual event since 2010, Locked Shields is organized by the NATO Cooperative Cyber Defence Centre of Exce

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) Following our announcement on N-Days Exploit Acquisition Program for smartphones, we are delighted to share the first couple of submissions. We received many submissions and we’re in the process of sharing them with ZHA followed by a public disclosure

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) Following our announcement on N-Days Exploit Acquisition Program for smartphones, we are delighted to share the first couple of submissions. We received many submissions and we’re in the process of sharing them with ZHA followed by a public disclosur

This Threat Research is about the recently (re)discovered “FalseGuide” threat found in Google Play. FalseGuide is form of malware that has been hidden in more than 40 game guide apps in Google Play since February 2017. According to reports, approximately 600,000 devices may have been infected before the known versions of the malware were removed from Google

A new report published by Kaspersky confirms that Stuxnet exploits targeting a Windows Shell Vulnerability is still widely adopted by threat actors. The case that I’m going to present you demonstrates the importance of patch management and shows the effects of the militarization of the cyberspace. Unpatched software is an easy target for hackers that c

So for a while now I’ve wanted a way to better use Nmap with proxychains and essentially I’ve resulted in a fairly simple one-liner that has worked for me for a while now on basic port scanning. It’s a trivial concept but really does speed up the process with no negative affect from what I can tell. Obviously you have to be careful on how t

Researchers devised a new attack method that can be leveraged to track mobile devices that rely on MAC address randomization mechanism. The MAC address is a unique and an hardcoded identifier assigned to a device’s network interface. This characteristic makes it an excellent tool for the tracking of the devices. A group of researchers from the U.S. Naval Aca

A flaw in Twitter allowed attackers to access locked accounts bypassing the locking mechanism implemented by the company. A flaw in the Twitter application allowed, until a few months ago, to access locked accounts bypassing the locking mechanism implemented by the IT giant. Twitter can lock user accounts every time it believes the users are abusing its serv

Cyber war is a term the U.S. government is intimately familiar with, but woefully unprepared for when it comes to mobile. Government employee mobile devices are a relatively new attack surface, and a particularly valuable one for espionage missions and other criminal intent. Mobile devices access confidential, classified, and other protected data classes. A

Being a volunteer for the SANS Internet Storm Center, I’m a big fan of the DShield service. I think that I’m feeding DShield with logs for eight or nine years now. In 2011, I wrote a Perl script to send my OSSEC firewall logs to DShield. This script has been running and pushing my logs every 30 mins for years. Later, DShield was extended to colle

Ceph is a self-hosted distributed storage system popular among organizations using containers in production. For those looking for a storage solution in their containerized infrastructure, we created this guide to cover: How to Deploy Ceph on AWS (part 1 of 3) Quick Introduction to Ceph and alternatives How to Deploy Ceph on AWS Other Ceph deployme