FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The financially motivated cybercrime gang behind the Carbanak backdoor malware, FIN7, has hit upon a genius idea for maximizing profit from ransomware: Hire real pen-testers to do some of their dirty work instead of striking partnerships with other criminals. According Read More …

Recycled Cobalt Strike key pairs show many crooks are using same cloned installation

Around 1,500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository. The discovery could make blue teams’ lives easier Read More …

Hacker-made Linux Cobalt Strike beacon used in ongoing attacks

An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide. Cobalt Strike is a legitimate penetration testing tool designed as an attack Read More …

Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners

Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It’s an attack that’s more of a curiosity than anything Read More …

Wormable Apple iCloud Bug Allows Automatic Photo Theft

A group of ethical hackers cracked open Apple’s infrastructure and systems and, over the course of three months, discovered 55 vulnerabilities, a number of which would have given attackers complete control over customer and employee applications. Of note, a critical, Read More …

Bug bounty platform ZDI awarded $25m to researchers over the past 15 years

Bug bounty platform pioneer Zero-Day Initiative (ZDI) said it awarded more than $25 million in bounty rewards to security researchers over the past decade and a half. In an anniversary post celebrating its 15-year-old birthday, ZDI said the bounty rewards Read More …