Clop Ransomware Upgraded, Now can Terminate 663 Windows Processes
In February 2019, Michael Gillespie from MalwareHunter Team founded Clop ransomware that has been evolving to reach its full potential...
Department Of Homeland Security Monitoring the Apparent Hack of a Government Website
The Federal Depository Library Program website, run by the Government Publishing Office recently fell victim to a hacking operation being...
XposedOrNot – Tool To Search An Aggregated Repository Of Xposed Passwords Comprising Of ~850 Million Real Time Passwords
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage...
Dsync – IDAPython Plugin That Synchronizes Disassembler And Decompiler Views
IDAPython plugin that synchronizes decompiled and disassembled code views.Please refer to comments in the source code for more details.Requires 7.2Download...
RFCpwn – An Enumeration And Exploitation Toolkit Using RFC Calls To SAP
An SAP enumeration and exploitation toolkit using SAP RFC callsThis is a toolkit for demonstrating the impact of compromised service...
InsightIDR: 2019 Year in Review
As we turn the corner into the new year, our team has been looking back at 2019 and reflecting on...
Google app vulnerability being exploited in the wild: Trend Micro
The Sidewinder APT group has been actively abusing a Binder vulnerability in at least three apps found in the Google...
Billion-dollar search engine industry attracts vultures, shady advertisers, and cybercriminals
Search engines make money by showing users sponsored advertisements—a lot of money. This attracts attention, competition, and plenty who want...
A week in security (December 30 – January 5)
Last week on Malwarebytes Labs, we took a dive into edge computing, looked at new web skimmer techniques, and rolled...
DeathRansom, started as a mere joke is now encrypting files!
A ransomware strain named DeathRansom, which was considered a joke earlier, evolved and is now capable of encrypting files, cyber-security...
Privacy Alert! Xiaomi’s Security Cameras Not All That Secure?
If you think that if you have a security camera at your home then you are safe, you are absolutely...
LKWA – Lesser Known Web Attack Lab
Lesser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as...
Multiscanner – Modular File Scanning/Analysis Framework
MultiScanner is a file analysis framework that assists the user in evaluating a set of files by automatically running a...
Election Security: What You Need to Know
Usually, when we write a "What you need to know" post on the Rapid7 blog, it's generally a rapid response...
First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
by Ecular Xu and Joseph C Chen We found three malicious apps in the Google Play Store that work together to...
The Russian Embassy in Sweden responded to the Swedish Minister’s statement about “Russian trolls”
The Russian Embassy in Sweden reacted to an interview with Swedish Minister of Energy and Information Technology Anders Igeman to...
Military Personnel and Veterans – faced the worst hit by scammers loosing 405 Million dollars since 2012
It's easy to trick anyone in a financial scam but hackers and scammers found their favorite victims in militants and...
Tishna – Complete Automated Pentest Framework For Servers, Application Layer To Web Security
Complete Automated pentest framework for Servers, Application Layer to Web SecurityInterfaceSoftware have 62 Options with full automation and can be...
AWS Report – Tool For Analyzing Amazon Resources
AWS Report is a tool for analyzing amazon resources.FeaturesSearch iam users based on creation dateSearch buckets publicSearch security group with...
The Internet isolation law will save the Russian Federation from isolation from the World Wide Web
In 2019, Russia took a number of measures to ensure the security of the information sphere, which in recent years...
Google Chrome Extension, Shitcoin Wallet found stealing passwords and crypto-wallet keys
MyCrypto platform, reported that Shitcoin Wallet, a Google Chrome extension was injecting JavaScript code on web pages , in order...
Warning! Ireland’s National Cyber Security Strategy; Fight Against Cyber-Crime
Ireland is all set to fight cyber-crime with its recently updated “National Cyber Security Strategy” which is way ahead of...
Email Server of Special Olympics of New York Hacked; Later Used To Launch a Phishing Campaign
A nonprofit organization committed towards competitive athletes with intellectual inabilities, The Special Olympics of New York as of late at...
WindowsFirewallRuleset – Windows Firewall Ruleset Powershell Scripts
About WindowsFirewallRulesetWindows firewall rulles organized into individual powershell scripts according to:Rule groupTraffic directionIP version (IPv4 / IPv6)Further sorted according to...
