In 30 seconds, this attack can learn which networks a MacOS computer has connected to before, and plant a script that tracks the current IP address and Wi-Fi network every 60 seconds. Now includes: Hardtracker – Digispark VPN buster to send the IP address and BSSID/SSID of nearby Wi-Fi networks […]
News
912 posts
Wow, this past week has been a pretty long year for Zoom. As the COVID-19 global pandemic moved the whole knowledge-working world abruptly to work-from-home, virtual meetings are rapidly becoming de rigueur for pretty much everyone I know. As a result, Zoom’s stock price hit an all-time high in mid-March […]
At Rapid7, we have the opportunity to talk to security professionals from all types of organizations. Whether we’re conversing with our largest customers or a Security Operations Center (SOC) team of one, there are a few challenges we hear about again and again. We believe that the best solution to […]
A little more than one month after the European Union enacted the General Data Protection Regulation (GDPR) to extend new data privacy rights to its people, the governor of California signed a separate, sweeping data protection law that borrowed several ideas from GDPR, sparking a torch in a legislative data […]
The coronavirus pandemic is forcing many people around the world to work remotely. This has significantly increased the popularity of video conferencing services such as Zoom. Attackers took advantage of this and began to use fake Zoom domains to spread malware and gain access to other people’s video conferencing. This […]
In this particular scam, the recipients receive phishing emails asking them to donate money by filling forms for coronavirus or COVID-19 relief fund. The scam works because people are constrained to stay at home as they can’t work in the office because of the quarantine. Zeus Sphinx Banking Trojan is […]
Recently, tens of YouTube accounts were hacked to broadcast a Ponzi cryptocurrency scheme by renaming the hacked YouTube accounts as Microsoft accounts bearing the message from the company’s former CEO Bill Gates to invest in crypto. This is not the only attack of it’s kind, various other attacks like this […]
FProbe – Fast HTTP Probe Installation GO111MODULE=on go get -u github.com/theblackturtle/fprobe Features Take a list of domains/subdomains and probe for working http/https server. Optimize RAM and CPU in runtime. Support special ports for each domain Verbose in JSON format with some additional headers, such as Status Code, Content Type, Location. […]
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various forms of WAF bypass techniques through the implementation of SQLmap tamper functions. Additional tamper functions can be incorporated by the user depending on the situation and environment.Comes in two flavors: […]
If you’ve been in the security industry for any amount of time, you’re no stranger to false positives. They show up in nearly every security monitoring tool and can waste an incredible amount of time and resources that your team should be spending on issues that actually matter. The good […]
With additional insights/analysis from Augusto Remillano II and Don Ovid Ladores Raccoon emerged as Malware as a Service (MaaS) last April 2019. Despite its simplicity, Raccoon became popular among cybercriminals and was mentioned as a notable emerging malware in underground forums in a malware popularity report. The malware is capable […]
As more and more countries order their citizens inside in response to COVID-19, online shopping—already a widespread practice—has surged in popularity, especially for practical items like hand sanitizer, groceries, and cleaning products. When people don’t feel safe outside, it’s only natural they’d prefer to shop as much as possible from […]
According to the report by Rostelecom Solar JSOC, hackers changed the focus of attacks, switching from direct theft of money to gaining control over the infrastructure of companies. Experts explain this trend by the fact that the average level of security of banks has increased significantly, which forces hackers to […]
A surge in new cyberspying by a speculated Chinese group that dates as far back as to late January was recently being observed by a U.S. cybersecurity firm. Happening around the time when the worldwide pandemic COVID-19 began to spread outside the borders of the Chinese, a publicly-traded cybersecurity company, […]
The first step anyone took after hearing the first of the Coronavirus was ‘Googling’ it. Google has been a solution, for as long as we can remember, to most of our queries. Yet again it upholds its reputation. Amid all the mass confusion and chaos this virus has caused for […]