This One Time on a Pen Test: Outwitting the Vexing VPN
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Fintech industry developments, differences between Europe and the US
“Put your money in the bank and you can watch it grow.” If there is a statement that shows us...
The Central Bank of Russia spotted a fraud scheme using the voice menu of one of the banks
The Central Bank of Russia informed banks that fraudsters use the voice menu to get information about the status of...
Android 11 is here: check out the new features and your phone’s compatibility with the new Android
Google has been teasing the Android 11 release for quite some time now and it's finally here. The new...
NZX Underwent Power Outage Caused Due to Multiple Cyberattacks, Trading Halted
New Zealand’s stock market exchange came to an abrupt halt after being hit by cyberattacks multiple times over a week,...
ActiveDirectoryEnumeration – Enumerate AD Through LDAP With A Collection Of Helpfull Scripts Being Bundled
ADE - ActiveDirectoryEnumusage: activeDirectoryEnum dc ___ __ _ ____ _ __ ______ / | _____/ /_(_) _____ / __ (_)_______...
Rbcd-Attack – Kerberos Resource-Based Constrained Delegation Attack From Outside Using Impacket
Abusing Kerberos Resource-Based Constrained DelegationTL;DRThis repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active...
Rapid7 and Snyk Are on the Run(time) with Expanded SCA Capabilities
Earlier this year, Rapid7 and Snyk partnered together with the goal of securing cloud-native apps across the software development lifecycle...
[CVE-2020-16171] Acronis Cyber Backup <= v12.5 Build 16341 Full Unauthenticated SSRF
Posted by Julien Ahrens (RCE Security) on Sep 15RCE Security Advisoryhttps://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Acronis Cyber Backup Vendor...
ModSecurity v3 affected by DoS (CVE-2020-15598)
Posted by Christian Folini on Sep 15ModSecurity v3.0.x is affected by a Denial of Service vulnerability due to the global...
ARA-2020-005: Insecure Direct Object Reference in 1CRM (CVE-2020-15958)
Posted by Andreas Sperber on Sep 15# Security Advisory ARA-2020-005: Insecure Direct Object Reference (CVE-2020-15958) ## Affected Product(s) and Environment(s)...
Lock and Code S1Ep15: Safely using Google Chrome Extensions with Pieter Arntz
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
Hackers threaten to bring down the tax, energy and banking system of Belarus
A group of hackers threatens to bring down the tax, energy and banking systems of Belarus if the head of...
TikTok owner Chinese company clarifies to Microsoft that it would not be its new owner
Following President Donald Trump's executive order that labeled the video-sharing application TikTok as a "national emergency", its owner has a...
WMIHACKER – A Bypass Anti-virus Software Lateral Movement Command Execution Tool
中文版(Chinese version)Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited!Bypass...
Chimera – PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious...
CVE-2020-1472 “Zerologon” Critical Privilege Escalation: What You Need To Know
Earlier today, security firm Secura published a technical paper on CVE-2020-1472, a CVSS-10 privilege escalation vulnerability in Microsoft’s Netlogon authentication...
Vulnerability Remediation vs. Mitigation: What’s the Difference?
Vulnerability management programs look different depending on the available resources and specific risks your organization faces. While both identifying and...
NICER Protocol Deep Dive: Internet Exposure of FTP/S (TCP/990)
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
Microsoft Office 365 users will now be able to view their quarantined phishing messages
Microsoft Office 365 will now let users view their phishing messages that are automatically screened by Exchange Online Protection (EOP)...
DockerENT – The Only Open-Source Tool To Analyze Vulnerabilities And Configuration Issues With Running Docker Container(S) And Docker Networks
DockerENT is activE ruNtime application security scanning Tool (RAST tool) and framework which is pluggable and written in python. It...
HTTP-revshell – Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware
HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol....
Security Affairs newsletter Round 281
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Gaming hardware manufacturer Razer suffered a data leak
Gaming hardware manufacturer Razer suffered a data leak, an unsecured database managed by the company containing gamers’ info was exposed...
