IoT Vuln Disclosure: Children’s GPS Smart Watches (R7-2019-57)
Executive summary As part of a recent IoT hacking training exercise, a number of Rapid7 penetration testers set out to identify vulnerabilities in a number of children's GPS-enabled smart watches…
Patch Tuesday – December 2019
Today we come to the end of 2019's monthly Microsoft Patch Tuesday (also known as Update Tuesday). This Christmas, Microsoft presents us with 36 vulnerabilities (that's two less than this…
How to Actually Reduce Risk in Your Environment
What is a vulnerability risk management program? A vulnerability risk management program is imperative at any organization to secure assets, but how do you actually reduce risk in your technology…
How I Shut Down a (Test) Factory with a Single Layer 2 Packet
At Rapid7 Labs we are always on the look for new research topics and fields to stick our fingers in and play around with. Over the last few months I…
Ffuf – Fast Web Fuzzer Written In Go
A fast web fuzzer written in Go.Heavily inspired by the great projects gobuster and wfuzz.FeaturesFast!Allows fuzzing of HTTP header values, POST data, and different parts of URL, including GET parameter…
Fileintel – A Modular Python Application To Pull Intelligence About Malicious Files
This is a tool used to collect various intelligence sources for a given file. Fileintel is written in a modular fashion so new intelligence sources can be easily added.Files are…
Genact – A Nonsense Activity Generator
Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with your insane multitasking skills. Just open a few instances of…
Anti-Virus Maker Discovers A Bug within Ryuk Ransomware
An antivirus maker discovered a bug in the decrypter application of the Ryuk Ransomware, the application "the Ryuk gang" basically provides to victims to recoup their files, after they paid…
Fake Elder Scrolls Online developers go phishing on PlayStation
A player of popular gaming title Elder Scrolls Online recently took to Reddit to warn users of a phish via Playstation messaging. This particular phishing attempt is notable for ramping…
A week in security (December 2 – December 8)
Last week on Malwarebytes Labs, we took a look at a new version of the IcedID Trojan, described web skimmers up to no good, and took a deep dive into…
Please don’t buy this: smart doorbells
Though Black Friday and Cyber Monday are over, the two shopping holidays were just precursors to the larger Christmas season—a time of year when online packages pile high on doorsteps…
Hundreds of counterfeit online shoe stores injected with credit card skimmer
There’s a well-worn saying in security: “If it’s too good to be true, then it probably isn’t.” This can easily be applied to the myriad of online stores that sell…
Attacks on IoT devices and WebApps on an extreme rise for the Q3
Ransomware threats and Malware numbers have fallen but are presently more active and dangerous. More than 7.2 Billion virus attacks originated from January to September in the year 2019. Also,…
Pensacola City Hit by a Cyberattack After Deadly Shooting at Naval Air Station
The city of Pensacola, Florida was hit by a cyberattack that came in the wake of a deadly shooting at the naval air station wherein a Saudi flight student killed…
State of the Art Cyber-Security and Network Security a Top Priority for The Business Market
Reportedly, accepting the growing need for better cyber-security tactics and embracing a further developed regime for securing the businesses on the cyber front, European organizations are up for upgrading their…
The Ministry of Communications of Russia has developed a new service for the sale of cars
According to Deputy head of the Ministry of Communications Maxim Parshin, the Ministry of Communications and the Ministry of Internal Affairs are preparing a new free service that will allow…
Hackers steal money from cards through the Uber and VTB applications
A resident of Russia Anna Kozlova, resting in Spain, lost 14 thousand rubles ($220). The money was stolen from her VTB Bank card through the Bank's mobile app and Uber.At…
Julian Assange arrested: WikiLeaks founder arrested in London
WikiLeaks founder Julian Assange has been arrested at the Ecuadorian embassy in London, Scotland Yard said. Home Secretary Sajid Javid tweeted: Nearly 7yrs after entering the Ecuadorean Embassy, I can…
CVE-2019-1663 | Cisco Routers – Critical 9.8 CVSS Score
Cisco is warning businesses that use its wireless VPN and firewall routers to install updates immediately due to a critical flaw that remote attackers can exploit to break into a…
CVE-2019-1674 | New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges.…
Chrome Zero-Day Exploited to Harvest User Data via PDF Files
Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web…
Government-funded researchers investigate vulnerabilities in EV charging stations
Charging stations for electric cars have sprung up across the country in recent years as hybrid vehicles continue to gain popularity. As those stations carry more wattage, their potential effect…
IBM’s X-Force says who needs malware, PowerShell FTW!
If anyone reading this works in InfoSec, as I do then you will know that a company's internal network, once compromised, is now more likely to be ransacked by automated…
New Golang brute-forcer discovered amid rise in e-commerce attacks
E-commerce websites continue to be targeted by online criminals looking to steal personal and payment information directly from unaware shoppers. Recently, attacks have been conducted via skimmer, which is a piece…