The Hacker News
Hackers Targeting Human Rights Activists in Morocco and Western Sahara
April 9^th 2024 at 13:45

Hackers Targeting Human Rights Activists in Morocco and Western Sahara

By: Newsroom

Human rights activists in Morocco and the Western Sahara region are the targets of a new threat actor that leverages phishing attacks to trick victims into installing bogus Android apps and serve credential harvesting pages for Windows users. Cisco Talos is tracking the activity cluster under the name Starry Addax, describing it as primarily singling out activists associated with

KitPloit - PenTest Tools!
FirebaseExploiter - Vulnerability Discovery Tool That Discovers Firebase Database Which Are Open And Can Be Exploitable
April 29^th 2023 at 12:30

FirebaseExploiter - Vulnerability Discovery Tool That Discovers Firebase Database Which Are Open And Can Be Exploitable

By: noreply@blogger.com (Unknown)

FirebaseExploiter is a vulnerability discovery tool that discovers Firebase Database which are open and can be exploitable. Primarily built for mass hunting bug bounties and for penetration testing.

Features

Mass vulnerability scanning from list of hosts
Custom JSON data in exploit.json to upload during exploit
Custom URI path for exploit

Usage

This will display help for the CLI tool. Here are all the required arguments it supports.

Installation

FirebaseExploiter was built using go1.19. Make sure you use latest version of Go to install successfully. Run the following command to install the latest version:

go install -v github.com/securebinary/firebaseExploiter@latest

Running FirebaseExploiter

To scan a specific domain to check for Insecure Firebase DB.

To exploit a Firebase DB to write your own JSON document in it.

Create your own exploit.json file in proper JSON format to exploit vulnerable Firebase DBs.

Checking the exploited URL to verify the vulnerability.

Adding custom path for exploiting Firebase DBs.

Mass scanning for Insecure Firebase Databases from list of target hosts.

Exploiting vulnerable Firebase DBs from the list of target hosts.

License

FirebaseExploiter is made with love by the SecureBinary team. Any tweaks / community contribution are welcome.

Download firebaseExploiter

The Hacker News
Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware
July 29^th 2022 at 13:25

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware

By: Ravie Lakshmanan

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been

FreshRSS