Security News

Offensive Security has released Kali Linux 2023.3, the latest version of its penetration testing and digital forensics platform.Besides updates to current tools, new versions of Kali typically introduce fresh tools.

Kali Linux 2023.3, the third version of 2023, is now available for download, with nine new tools and internal optimizations. Kali Linux is a Linux distribution created for ethical hackers and cybersecurity professionals to perform penetration testing, security audits, and research against networks.

Open-Source Intelligence refers to gathering, assessing, and interpreting public information to address specific intelligence queries. The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using open-source information gathering and active reconnaissance techniques.

To counteract new and emerging threat methods enhanced by artificial intelligence, specialized email security vendors are leveraging a synergy of AI and human insights to enhance email security, according to IRONSCALES and Osterman Research. Over 74% of respondents have experienced an increase in the use of AI by cybercriminals in the past six months, and over 85% believe that AI will be used to circumvent their existing email security technologies.

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's threat intelligence team said in a series of posts on X. "This BlackCat version also has the RemCom hacktool embedded in the executable for remote code execution. The file also contains hardcoded compromised target credentials that actors use for lateral movement and further ransomware deployment."

A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks. Dubbed Nitrogen, the "Opportunistic" activity is designed to deploy second-stage attack tools such as Cobalt Strike, Sophos said in a Wednesday analysis.

In light of these events, I'd like to discuss how OSINT can assist with dark web investigations. Transactions on the dark web often involve cryptocurrency in exchange for illegal goods and services.

Red Siege has developed and made available many open-source tools to help with your penetration testing work. The company plans to continue to support the tools listed below, whether in the form of bug fixes or new features.

The U.S. Cybersecurity and Infrastructure Security Agency has shared a factsheet providing details on free tools and guidance for securing digital assets after switching to the cloud from on-premises environments. The highlighted tools complement the built-in tools provided by cloud service providers and help reinforce the resilience of network infrastructures, strengthen security measures, promptly identify malicious compromises, meticulously map potential threat vectors, and effectively pinpoint malicious activity in the aftermath of a breach.

When companies utilize public generative AI tools, the models are refined on input data provided by the company. While publicly available generative AI tools permit natural language querying, world wide web data is not always applicable to the use case.