Pwndoc – Pentest Report Generator
PwnDoc is a pentest reporting application making it simple and easy to write your findings and generate a customizable Docx...
This One Time on a Pen Test: Thanks for Sharing Your Wi-Fi
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
[RT-SA-2020-005] Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton
Posted by RedTeam Pentesting GmbH on Oct 21Advisory: Arbitrary File Disclosure and Server-Side Request Forgery in BigBlueButton RedTeam Pentesting discovered...
Brute force attacks increase due to more open RDP ports
While leaving your back door open while you are working from home may be something you do without giving it...
The Russian Embassy denies the US charge of six Russians in hacking
The Russian Embassy in Washington denies US accusations against Russian citizens of hacking and destabilizing activities around the worldRussia has...
Russian military companies were reportedly attacked by hackers from North Korea
North Korean hacker group Kimsuky has reportedly conducted several attacks on the Russian military-industrial complex in order to obtain military...
UK National Cyber Security Centre Reveals Russia’s Plan to Disrupt Tokyo Olympics
The UK National Cyber Security Centre recently revealed that in an attempt to completely disrupt the 'world's premier sporting event'...
Zap-Hud – The OWASP ZAP Heads Up Display (HUD)
The HUD is new interface that provides the functionality of ZAP directly in the browser. Learn more: Blog: Hacking with...
PatchChecker – Web-based Check For Windows Privesc Vulnerabilities
This is the code base for the service running on: https://patchchecker.com. In short, PatchChecker is a web application (running on...
Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities
Today, we're announcing a coordinated vulnerability disclosure publication with our longtime mobile hacker friend, Rafay Baloch. If you'd like to...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Pedro Cunha on Oct 20I don't see how this is an "on-purpose backdoor". As far as I know,...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Michael Lazin on Oct 20I do see the point and even though it is not a deliberate back...
LISTSERV Maestro Remote Code Execution Vulnerability
Posted by Ryan Wincey on Oct 20Document Title: =============== LISTSERV Maestro Remote Code Execution Vulnerability References (Source): ====================https://www.securifera.com/advisories/sec-2020-0001/https://www.lsoft.com/products/maestro.asp Release Date:...
Re: Google’s Android: remote install backdoor in Google Play Services
Posted by Adrian Sanabria on Oct 20If I recall correctly, iOS and MacOS work in much the same way. They...
A week in security (September 12 – September 18)
Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips...
Emotet Returns: Here’s a Quick Look into new ‘Windows Update’ attachment
Emotet Malware was first discovered by security researchers in the year 2014, but, the threats by Emotet have constantly evolved...
IBM discovers a new banking malware attached to Video Conferencing apps like Zoom
Researchers at IBM have discovered a new malware campaign VIZOME that hijacks bank accounts by the overlay. Researchers Chen...
GravityRAT: The spy returns
In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces....
Apk-Medit – Memory Search And Patch Tool On Debuggable Apk Without Root & Ndk
Apk-medit is a memory search and patch tool for debuggable apk without root & ndk. It was created for mobile...
SSJ – Your Everyday Linux Distribution Gone Super Saiyan
SSJ is s silly little script that relies on docker installed on your everyday Linux distribution (Ubuntu, Debian, etc.) and...
Are You Still Running End-of-Life Windows Servers?
Windows Server 2008 and 2008 R2 reached their end of life (EOL) on Jan. 14, 2020. What does that mean...
NICER Protocol Deep Dive: Internet Exposure of IMAP and POP
Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet...
[RT-SA-2020-003] FRITZ!Box DNS Rebinding Protection Bypass
Posted by RedTeam Pentesting GmbH on Oct 19Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box...
Iran Suffers Largescale Cyberattacks, Two Government Organizations Affected
In a recent cybersecurity incident, Iran has confirmed that it suffered two significant cyberattacks. One such attack even targeted Iran's...
