Ultimately, the American Radio Relay League (ARRL) acknowledged that a ransomware attack in May had taken some of its employees’ data, which had been initially referred to as a “… Read More
Blog Directory > Technology Blogs > 10 Free Sources To Learn Ethical Hacking technology Blog >
10 Free Sources To Learn Ethical Hacking Blog
1
Tags:
running malicious powershell
targets microsoft accounts
microsoft management console
jenkins script console
remote code execution
malicious powershell scripts
chrome errors trick
east asian firm
infiltrate east asian
hackers infiltrate east
multiple router models
authentication bypass flaw
critical authentication bypass
smishing scams surge
trojan hits brazil
banking trojan hits
south korean users
targets south korean
malware targets south
badspace windows backdoor
deliver badspace windows
exploit legitimate websites
bank confirms breach
truist bank confirms
pakistanlinked malware campaign
malware campaign evolves
targeting chinese organizations
malware targeting chinese
squidloader malware targeting
rustbased fickle malware
diplomatic entities targeted
french diplomatic entities
multiple intel cpus
uncover uefi vulnerability
researchers uncover uefi
cyberattack impacts thousands
targets chinese users
malicious vpn installers
fortinet vmware days
exploiting zeroday flaw
theft exploiting zeroday
crypto exchange hit
exposed docker apis
targets exposed docker
malware targets exposed
medusa malware variants
javascript supply chain
polyfillio javascript supply
deploying bmanager trojan
management console files
exploits microsoft management
fin hackers indicted
critical rce vulnerability
rce vulnerability discovered
rogue admin accounts
plugins compromised hackers
wordpress plugins compromised
targets russian sectors
gang targets russian
cyber gang targets
steal credit cards
prestashop module exploited
facebook prestashop module
huione guarantee exposed
backup software vulnerability
veeam backup software
exploiting veeam backup
unauthorized pipeline jobs
allowing unauthorized pipeline
flaw allowing unauthorized
launch ddos attacks
php vulnerability exploited
pushing russian propaganda
farm pushing russian
bot farm pushing
cryptocurrency mining attacks
exploiting jenkins script
vulnerability exposes networks
protocol vulnerability exposes
radius protocol vulnerability
code execution risk
potential remote code
maker zotac exposed
computer maker zotac
latin american countries
targeting latin american
trojan targeting latin
confirms ransomware gang
ransomware gang stole
rat targets spanishspeaking
poco rat targets
targets spanishspeaking victims
upgrades malware arsenal
apt upgrades malware
chinese apt upgrades
nuget supply chain
malicious packages uncovered
car dealerships
risk management books
family educational rights
protection rule coppa
privacy protection rule
spideracirc leader arrested
scattered spider
scattered spider cybercrime
impacts google chromelinux
google chromelinux systems
malware campaign
russianlinked cyber attacks
arachneacirc targets chinese
targets microsoft
microsoft accounts
medusa banking trojan
supply chain
huione guarantee
customersacirc rma info
supply chain
vulnerability
vulnerability
impacts google
bank
uac bypass
fickle malware
dealerships
fortinet vmware
vmware
medusa malware
deploying bmanager
sqli attacks
fin hackers
hackers indicted
google introduces
guarantee exposed
arrl
google
naptime
ethical hacking
risk management
management books
family educational
educational rights
security management
accountants aicpa
american institute
technologies cobit
privacy protection
accountants aicpa
american institute
ethical
hacking
federal
security
grammleachbliley
glba
american
objective
technologies
american
If you're interested in studying ethical hacking and seeking the best resources like tutorials and online training courses, you've landed in the right spot. We've previously shared our list of the best cybersecurity courses, and now we have an excellent recommendation for the top resource to help you learn about ethical hacking.
From at least February 2024, victims speaking Spanish are the focus of an email phishing operation that distributes a brand-new remote access trojan (RAT) known as Poco RAT.
According to… Read More
An “advanced and upgraded version” of a known malware called StealthVector is suspected of being used by the China-linked advanced persistent threat (APT) organization codenamed… Read More
As part of a campaign that started in August 2023, threat actors have been seen implementing a new layer of stealth to avoid detection and distributing a fresh wave of malicious packages to… Read More
According to researchers, the ostensibly genuine online marketplace Huione Guarantee is being exploited as a vehicle for money laundering from online fraud, including “pig butchering&r… Read More
The recently discovered ransomware group known as EstateRansomware is taking use of a security hole in the Veeam Backup & Replication software that has been patched.
The basic operand… Read More
In an effort to fix security holes in its software development platform, GitLab has released an additional set of fixes. One of the most important bugs allows an attacker to perform pipeline… Read More
A recently discovered PHP security vulnerability has been reported to be used by a number of threat actors to propagate distributed denial-of-service (DDoS) botnets, bitcoin miners, and remo… Read More
A collaborative international law enforcement operation headed by the U.S. Justice Department took down 1,000 Twitter accounts that were part of a huge bot farm that was propagating Russian… Read More
Researchers studying cybersecurity have discovered that attackers may be able to use Jenkins Script Console instances that aren’t configured correctly as weapons to carry out illegal a… Read More
Researchers in cybersecurity have found a security flaw in the RADIUS network authentication protocol known as BlastRADIUS. In some situations, this flaw might be used by an attacker to laun… Read More
A recent vulnerability in the OpenSSH secure networking suite can lead to remote code execution (RCE) in specific versions of the program.
The vulnerability, listed as CVE-2024-6409 (CVSS… Read More
Sensitive customer information was made public for an undisclosed amount of time by computer hardware manufacturer Zotac when return merchandise authorization (RMA) requests and related docu… Read More
A banking trojan known as Mekotio (also known as Melcoz) is posing a threat to financial institutions in Latin America.
This is in line with research from Trend Micro, which claimed to ha… Read More
After nearly a year of being less visible in efforts targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey, the Medusa banking trojan for Android has retu… Read More
Following the acquisition of the domain name by a Chinese corporation, the Polyfill.io service launched a supply chain attack that affected over 100,000 sites by redirecting users to malicio… Read More
Websites are being infiltrated by an as-yet-undocumented threat actor known as Boolka, who uses malicious scripts to distribute a modular trojan known as BMANAGER.
In a paper released thi… Read More
Threat actors are taking use of a brand-new attack method that uses carefully constructed management saved console (MSC) files in the wild to bypass security measures and obtain full code ex… Read More
Four Vietnamese nationals who were connected to the global cybercrime organization FIN9 have been charged for their roles in a string of hacks that cost American businesses more than $71 mil… Read More
Researchers studying cybersecurity have identified a vulnerability that can be leveraged to accomplish remote code execution on the Ollama open-source artificial intelligence (AI) infrastruc… Read More
A number of WordPress plugins have been compromised to introduce malicious code through backdoors, enabling the creation of rogue administrator accounts that may be used to carry out arbitra… Read More
In an effort to enhance automated discovery techniques, Google has created a new framework known as Project Naptime that, according to the company, enables a large language model (LLM) to co… Read More
A cybercrime group known as ExCobalt has been targeting Russian organizations with a backdoor known as GoRed that is built on Golang and was previously undiscovered.
According to a techni… Read More
Hackers are using a weakness in the pkfacebook premium Facebook module for PrestaShop to install a card skimmer on susceptible e-commerce sites and take credit card information from users… Read More
Researchers studying cybersecurity have discovered SquidLoader, a novel evasive malware loader that propagates through phishing schemes directed at Chinese enterprises.
The malware has fe… Read More
Fickle Stealer, a new Rust-based information theft virus, has been seen spreading via several attack chains in an attempt to obtain private data from affected computers.
The VBA dropper… Read More
The information security agency of France, ANSSI, released an advice stating that targeted cyberattacks against diplomatic entities have been connected to state-sponsored actors with ties to… Read More
Details of a security vulnerability in Phoenix SecureCore UEFI firmware that has been fixed and impacts several versions of Intel Core desktop and mobile CPUs have been made public by cybers… Read More
Massive hack forces CDK Global, a provider of software-as-a-service for car dealerships, to shut down its servers, leaving customers unable to run their businesses as usual.
A SaaS platfo… Read More
A never-before-seen threat activity cluster nicknamed Void Arachne is targeting Chinese-speaking users. It uses malicious Windows Installer (MSI) files for virtual private networks (VPNs) to… Read More
Multiple persistence strategies have been seen to be used by the China-nexus cyber espionage actor connected to the zero-day exploitation of security weaknesses in Fortinet, Ivanti, and VMwa… Read More
The cryptocurrency exchange Kraken disclosed that an anonymous security researcher had taken advantage of a “very critical” zero-day vulnerability in its system to pilfer $3 mill… Read More
Using QR codes in PDF attachments, a new phishing-as-a-service (PhaaS) platform called ONNX Store targets Microsoft 365 accounts for staff members of financial institutions.
The software… Read More
Researchers studying cybersecurity have discovered a new malware campaign that aims to send bitcoin miners and other payloads via publicly accessible Docket API endpoints.
In a report rel… Read More
A recent malware distribution operation tricks users into running malicious PowerShell “fixes” that install malware by pretending to be problems with Word, OneDrive, and Google C… Read More
A 22-year-old British male was recently taken into custody in Spain on suspicion of being the group’s commander in the infamous Scattered Spider cybercrime organization.
On June 14… Read More
An extended assault against an unidentified East Asian organization over a period of approximately three years has been linked to a suspected China-nexus cyber espionage actor. The adversary… Read More
Software patches have been released by ASUS to fix a serious security vulnerability that was affecting its routers and could be used by hostile actors to get beyond authentication.
The vu… Read More
With almost a 95% likelihood of success, a novel speculative execution attack called “TIKTAG” targets ARM’s Memory Tagging Extension (MTE) to leak data, enabling hackers to… Read More
The Smishing Triad is a threat actor that has expanded its reach outside the United States, the United Arab Emirates, Saudi Arabia, and the European Union. Its current target is Pakistan… Read More
It has been discovered that malicious actors use a piece of malware known as NiceRAT to trick compromised devices into joining a botnet.
Targeting users in South Korea, the attacks are ma… Read More
Under the pretense of false browser upgrades, a Windows backdoor known as BadSpace is being distributed via reputable but corrupted websites.
To install a backdoor into the victim’s… Read More
Prominent American commercial bank Truist disclosed that a threat actor had sold some of the company’s data on a hacker forum, indicating that the hacking incident had compromised its… Read More
Since at least 2018, threat actors with connections to Pakistan have been associated with a protracted malware campaign known as Operation Celestial Force.
According to Cisco Talos, the a… Read More
The post 10 Free Sources To Learn Ethical Hacking appeared first on Recon Bee Read More
The post Top 10 Security and Risk Management Books appeared first on Recon Bee Read More
The post Control Objectives for Information and Related Technologies (COBIT) appeared first on Recon Bee Read More
The post Children’s Online Privacy Protection Rule (COPPA) appeared first on Recon Bee Read More
The post American Institute of Certified Public Accountants (AICPA) appeared first on Recon Bee Read More
The post The Family Educational Rights and Privacy Act of 1974 (FERPA) appeared first on Recon Bee Read More
The post Federal Information Security Management Act (FISMA) appeared first on Recon Bee Read More
The post Gramm-Leach-Bliley Act (GLBA) appeared first on Recon Bee Read More
The post American Institute of Certified Public Accountants (AICPA) appeared first on Recon Bee Read More
LunarWeb and LunarMail, two previously undiscovered backdoors that were used to hack a European government’s diplomatic institutions abroad, were found by security experts.
The malw… Read More
As part of a mission to target South Korean organizations, the Kimsuky (also known as Springtail) advanced persistent threat (APT) group, associated with North Korea’s Reconnaissance G… Read More
As part of a cyber espionage campaign aimed at the Asia-Pacific area this year, the China-linked BlackTech hacking gang deployed a remote access trojan (RAT) called Deuterbear, about which c… Read More
The Kimsuky hacker gang, associated with North Korea, has been tied to a novel social engineering attack that uses Messenger to trick targets into believing they are from Facebook and then d… Read More
The U.S. Department of Justice has filed an indictment against two brothers for allegedly engaging in a “first-of-its-kind” plan that involved altering the Ethereum network to st… Read More
To stop fraudulent apps from collecting private information on the device, Google is releasing a number of new features with Android 15.
This is essentially a Play Integrity API update th… Read More
A number of privacy and security enhancements, including a set of sophisticated protection tools to assist safeguard users’ devices and data in the case of theft, have been revealed by… Read More
For the second time in less than a year, law enforcement agencies have taken official control of the notorious BreachForums website, an online marketplace known for selling stolen data.
T… Read More
In response to a fresh zero-day vulnerability in the Chrome web browser that is being actively exploited in the wild, Google released emergency remedies on Monday.
This high-severity vuln… Read More
A zero-day vulnerability that was used in campaigns to install QakBot and other malware payloads on susceptible Windows systems has been patched by Microsoft.
This privilege escalation fl… Read More
In an attempt to make it easier for law enforcement and foreign partners to track down the people and organizations responsible for recurrent robocall operations, the Federal Communications… Read More
The Phorpiex botnet has been used to send millions of phishing emails in an effort to spread the LockBit Black ransomware since April.
According to a warning issued on Friday by New Jerse… Read More
A new threat-modeling framework dubbed EMB3D has been formally made available by the MITRE Corporation to manufacturers of embedded devices utilized in critical infrastructure contexts.
T… Read More
On Monday, Apple and Google formally announced the release of a new feature that alerts users on iOS and Android devices when a Bluetooth tracking device is being used to surreptitiously mon… Read More
CISA and the FBI said today that between April 2022 and May 2024, associates of the Black Basta ransomware compromised over 500 businesses.
The gang also encrypted and stole data from at… Read More
A previously unreported Golang-based malware known as Durian has been seen being used by the North Korean threat actor known as Kimsuky in highly focused cyberattacks against two South Korea… Read More
The financially motivated threat actor known as FIN7 has been seen distributing MSIX installers that ultimately lead to the deployment of NetSupport RAT by using malicious Google advertising… Read More
A malicious Python package that appears to be a spin-off of the popular requests library has been discovered by cybersecurity experts to be hiding a Golang version of the Sliver command-and… Read More
Monday.com, a project management software, has eliminated its “Share Update” feature due to misuse by malicious actors during phishing campaigns.
With the use of automated pro… Read More
The notorious Mirai botnet is being used to take control of Ivanti Connect Secure (ICS) devices due to two recently discovered security vulnerabilities.
Juniper Threat Labs’ finding… Read More
APT28, a nation-state actor with ties to Russia, is behind a widespread malware campaign that has attacked Polish government institutions.
The computer emergency response team, CERT Polsk… Read More
Researchers have described how to circumvent virtual private networks (VPNs) using a method called TunnelVision that enables threat actors to eavesdrop on victim network traffic simply by sh… Read More
The FBI alerted American retail organizations to the fact that, since at least January 2024, a financially motivated hacking group has been using phishing attempts to target personnel in the… Read More
Researchers have uncovered two brand-new attack techniques that target high-performance Intel CPUs that might be used to launch an Advanced Encryption Standard (AES) algorithm key recovery a… Read More
A more recent iteration of the malware loader known as Hijack Loader has been seen to use a revised set of anti-analysis strategies to evade detection.
In a technical study, Zscaler Threa… Read More
Threat actors are actively using a high-severity vulnerability in the WordPress plugin LiteSpeed Cache to create rogue administrator accounts on vulnerable websites.
The information was o… Read More
DocGo, a mobile health company, acknowledged that it had been the victim of a cyberattack after malicious actors broke into its servers and took patient health information.
DocGo is a hea… Read More
Further information about the previously publicized cyberattack has been provided by the MITRE Corporation, which claims that the first indication of the infiltration now dates back to Decem… Read More
Together with other international allies, NATO and the European Union officially denounced the Russian threat organization APT28’s protracted cyber espionage campaign against European… Read More
Google revealed on Thursday that over 400 million Google accounts are using passkeys, and over the previous two years, users have authenticated over 1 billion times.
According to Heather… Read More
On Thursday, the U.S. government released a fresh cybersecurity advise alerting readers to North Korean threat actors’ attempts to send emails that appear to be from reliable and authe… Read More
To avoid detection, threat actors have begun using Microsoft Graph API more and more as a weapon.
This is done to “enable communications with command-and-control (C&C) infrastru… Read More
The cloud storage company DropBox claims that customer data, hashed passwords, MFA keys, and authentication tokens were obtained by hackers who broke into the production servers for its Drop… Read More
The fact that the creators of the resurrected ZLoader malware included a function that was initially found in the banking trojan Zeus suggests that the malware is still under active developm… Read More
Researchers studying cybersecurity have uncovered a yet unreported malware that targets Android smartphones and evades detection by using hacked WordPress websites as relays for its real com… Read More
Clusters linked to illegal activity and money laundering have been found through forensic examination of a graph dataset containing transactions on the Bitcoin blockchain. This includes the… Read More
The Latrodectus malware is currently being disseminated through phishing efforts that use Cloudflare and Microsoft Azure lures to look authentic, making it more difficult for email security… Read More
Since early 2021, three extensive attacks have targeted users of Docker Hub, infecting millions of repositories with malware and phishing websites.
About 20% of the 15 million repositorie… Read More
The United States government has released new security rules designed to protect vital infrastructure from risks related to artificial intelligence (AI).
The Department of Homeland Securi… Read More
A former National Security Agency (NSA) employee in the United States was given a sentence of nearly 22 years (262 months) in jail for trying to send confidential documents to Russia.
FBI… Read More
It’s critical to keep up with the most recent dangers in the constantly changing field of cybersecurity. A often updated document that lists the top ten web application security vulner… Read More
The FBI is alerting users to fraudulent verification schemes that are being pushed by con artists on dating apps and result in expensive monthly membership fees.
In contrast to romance sc… Read More
Since October 2019, a previously unreported cyber threat known as Muddling Meerkat has been seen engaging in complex domain name system (DNS) operations in an apparent attempt to get around… Read More
On Monday, Google disclosed that during the previous year, nearly 200,000 app submissions to its Play Store for Android were either remediated or rejected due to concerns about access to sen… Read More
Manufacturers of smart devices are being urged by the National Cyber Security Centre (NCSC) of the United Kingdom to adhere to new laws that forbid them from using default passwords as of Ap… Read More
To safeguard senior citizens who may be the subject of tech support scams or unpaid money fraud, Japanese police planted fictitious payment cards in convenience stores.
The Echizen Police… Read More
Following a recent phishing attack that affected over two dozen employees, the Los Angeles County Department of Health Services revealed a data breach involving patient personal and health i… Read More