Iranian Hacker Group Using New Tools to Target Government Agencies of Broader Middle East Region
In the part of their attacks on companies and government agencies in the broader Middle East region, an Iranian cyberattack...
On the trail of the XMRig miner
As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions....
Oregami – IDA Plugins And Scripts For Analyzing Register Usage Frame
""" What is this register used for? Hmm.. I'll just rename it to veryuniquename, do a textual search, and find...
NTLMRawUnHide – A Python3 Script Designed To Parse Network Packet Capture Files And Extract NTLMv2 Hashes In A Crackable Format
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format....
What’s New in InsightAppSec and tCell: Q3 2020 in Review
Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers...
VL 2020-10-22 – German Bundeswehr starts own Responsible Disclosure Program (VDPBw)
Posted by Vulnerability Lab on Oct 22Title: German Bundeswehr starts own Responsible Disclosure Program (VDPBw) Link:https://www.vulnerability-db.com/?q=articles/2020/10/22/german-bundeswehr-starts-own-responsible-disclosure-program-vdpbw If you like the...
XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability
Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem...
United States rejected Putin’s offer to cooperate on cybersecurity
The US authorities for the first time publicly responded to the proposal of Russian President Vladimir Putin to resume cooperation...
Mobile Versions of Several Browsers Found Vulnerable to Address Bar Spoofing Flaws
Several mobile browsers including Firefox, Chrome, and Safari were found vulnerable to an ‘address bar spoofing’ flaw which when exploited...
Life of Maze ransomware
In the past year, Maze ransomware has become one of the most notorious malware families threatening businesses and large organizations....
MalwareSourceCode – Collection Of Malware Source Code For A Variety Of Platforms In An Array Of Different Programming Languages
Malware Source Code Collection!!! DISCLAIMER !!! We do not take any responsibility for any damage done by the code in...
Pwndoc – Pentest Report Generator
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx...
This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
Posted by RedTeam Pentesting GmbH on Oct 21Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered...
Brute force attacks increase due to more open RDP ports
While leaving your back door open while you are working from home may be something you do without giving it...
The Russian Embassy denies the US charge of six Russians in hacking
The Russian Embassy in Washington denies US accusations against Russian citizens of hacking and destabilizing activities around the worldRussia has...
Russian military companies were reportedly attacked by hackers from North Korea
North Korean hacker group Kimsuky has reportedly conducted several attacks on the Russian military-industrial complex in order to obtain military...
UK National Cyber Security Centre Reveals Russia’s Plan to Disrupt Tokyo Olympics
The UK National Cyber Security Centre recently revealed that in an attempt to completely disrupt the 'world's premier sporting event'...
Zap-Hud – The OWASP ZAP Heads Up Display (HUD)
The HUD is new interface that provides the functionality of ZAP directly in the browser. Learn more: Blog: Hacking with...
PatchChecker – Web-based Check For Windows Privesc Vulnerabilities
This is the code base for the service running on: https://patchchecker.com. In short, PatchChecker is a web application (running on...
Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities
Today, we're announcing a coordinated vulnerability disclosure publication with our longtime mobile hacker friend, Rafay Baloch. If you'd like to...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Pedro Cunha on Oct 20I don't see how this is an "on-purpose backdoor". As far as I know,...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Michael Lazin on Oct 20I do see the point and even though it is not a deliberate back...
LISTSERV Maestro Remote Code Execution Vulnerability
Posted by Ryan Wincey on Oct 20Document Title: =============== LISTSERV Maestro Remote Code Execution Vulnerability References (Source): ====================https://www.securifera.com/advisories/sec-2020-0001/https://www.lsoft.com/products/maestro.asp Release Date:...
