Six Considerations Impacting Strategic Regulatory Change Management

Regulatory change management (RCM) is one of the most important risk and compliance related domains in 2021, thanks to two

Read more

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and

Read more

HackerOne Policies Update

Introduction: During November of this year, you may have noticed a new page on HackerOne: hackerone.com/policies. This page contains the

Read more

Wireshark for Pentester: Password Sniffing

Many people wonder if Wireshark can capture passwords. The answer is undoubtedly yes! Wireshark can capture not only passwords, but

Read more

A Security Engineer and Hacker Share Their Experiences with Security Assessments

App Security is More Vital than Ever The number of apps that organizations and individuals interact with has exploded over

Read more

Active Directory Enumeration: PowerView

Active Directory Enumeration is a challenge for even some of the seasoned attackers and it is easy to miss some

Read more

5 Learnings From A Conversation With OP Financial Group’s CISO And @mrtuxracer

On 20 January, HackerOne’s CEO, Marten Mickos, sat down for a chat with European hacker, Julien Ahrens a.k.a @mrtuxracer, and

Read more

Encrypted Reverse Shell for Pentester

Reverse shell that is generally used in the wild are prone to sniffing attacks as the communication that happens between

Read more

Emotet Malware Destroys Itself From All Infected Computers

Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers

Read more

2020 Hacker Community Year in Review

Hackers are no stranger to finding creative ways to overcome obstacles, and 2020 presented numerous challenges for them to conquer.

Read more

120 Compromised Ad Servers Target Millions of Internet Users

An ongoing malvertising campaign tracked as “Tag Barnakle” has been behind the breach of more than 120 ad servers over

Read more

Metasploit for Pentester: Mimikatz

This article will showcase various attacks and tasks that can be performed on a compromised Windows Machine which is a

Read more

[eBook] Why Autonomous XDR Is Going to Replace NGAV/EDR

For most organizations today, endpoint protection is the primary security concern. This is not unreasonable – endpoints tend to be

Read more

The Rise of Misconfiguration and Supply Chain Vulnerabilities

Singapore-based telecom firm, Singtel, revealed last week it had suffered a security breach as a result of relying on an

Read more

Over 750,000 Users Downloaded New Billing Fraud Apps From Google Play Store

Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack

Read more

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered

Read more

Discovering Three Personas within the Hacker Community

With over one million hackers making up the HackerOne community, there’s more diversity of skill, approach, and personality than any

Read more

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively

Read more

Update Your Chrome Browser ASAP to Patch a Week Old Public Exploit

Google on Tuesday released an update for Chrome web browser for Windows, Mac, and Linux, with a total of seven

Read more

PayPal is our Virtual Pal

In June, sixty-one hackers from thirteen countries gathered (virtually) to hack digital payments platform PayPal as part of HackerOne’s latest

Read more

Improve Your Cyber Security Posture by Combining State of the Art Security Tools

Today there are plenty of cybersecurity tools on the market. It is now more important than ever that the tools

Read more

Hacker Spotlight: Interview with manoelt

Avid Capture the Flag (CTF) player, part-time bug bounty hunter, pentester, and master in software engineering, @manoelt is a jack

Read more

Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux

A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute

Read more

Cybercriminals Using Telegram Messenger to Control ToxicEye Malware

Adversaries are increasingly abusing Telegram as a “command-and-control” system to distribute malware into organizations that could then be used to

Read more

Security@ 2021 Call for Speakers is Open

HackerOne’s global Security@ conference is back for its fifth year on September 20, 2021. Today, we’ve opened our call for

Read more

Cost of Account Unlocks, and Password Resets Add Up

There are many labor-intensive tasks that the IT service desk carries out on a daily basis. None as tedious and

Read more

Researchers Find Additional Infrastructure Used By SolarWinds Hackers

The sprawling SolarWinds cyberattack which came to light last December was known for its sophistication in the breadth of tactics

Read more

Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed details of a new advanced persistent threat (APT) that’s leveraging

Read more

Prometei Botnet Exploiting Unpatched Microsoft Exchange Servers

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according

Read more

Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following

Read more

Wireshark For Pentester: A Beginner’s Guide

Wireshark is an open-source application and it is the world’s foremost and widely-used network protocol analyzer that lets you see what’s happening on

Read more

Domain Persistence: DSRM

In this post, we are going to discuss one more Mitre Attack Technique for Tactic ID TA0003 which is used

Read more
error: Content is protected by Article Resort !!!