Securing the MSP: their own worst enemy
We’ve previously discussed threats to managed service providers (MSPs), covering their status as a valuable secondary target to both an...
Month: January 2020
Roskomnadzor blocked the email service Protonmail
The FSB of the Russian Federation reported that it was possible to install another email service that was used by...
Sophisticated Hackers Infiltrate Dozens of U.N. Servers
An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says...
S3Enum – Fast Amazon S3 Bucket Enumeration Tool For Pentesters
s3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP,...
See-SURF – Python Based Scanner To Find Potential SSRF Parameters
A Python based scanner to find potential SSRF parameters in a web application.MotivationSSRF being one of the critical vulnerabilities out...
How the Innocent Lives Foundation Uses OSINT to Uncover Online Predators
On our latest episode of Security Nation, we spoke with a true hero: Chris Hadnagy, founder of the Innocent Lives...
Spear phishing 101: what you need to know
Phishing, a cyberattack method as old as viruses and Nigerian Princes, continues to be one of the most popular means...
Alert! Your Mac maybe under threat – SHLAYER MALWARE attacks every 10th Mac OS
The macOS traditionally was always considered a safe bet compared to Windows but now even Apple is facing a dangerous...
Avast Antivirus Harvested Users’ Data and Sold it Google, Microsoft, IBM and Others
Avast, a popular maker of free anti-virus software being employed by almost 435 million mobiles, Windows and Mac harvested its...
Blinder – A Python Library To Automate Time-Based Blind SQL Injection
Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a...
Obfuscapk – A Black-Box Obfuscation Tool For Android Apps
Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to...
R7-2019-40: Bloomsky SKY2 Weather Camera Station Data Authenticity and Exposure Vulnerabilities
A number of information leak vulnerabilities are present in the Bloomsky SKY2 network, obtainable via JSON queries intended to work...
Explained: the strengths and weaknesses of the Zero Trust model
In a US court of law, the accused are deemed to be innocent until proven guilty. In a Zero Trust...
The website of the Echo of Moscow radio station reported a two-week hacker attack
For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been...
Vulnerability found in Cisco Webex Meeting Suit- Lets unauthorized attackers join private meetings
Cisco Webex Meetings Suite, a platform that offers its customers to organize online meetings and seminars anytime anywhere, has revealed...
Kali Linux 2020.1 Release – Penetration Testing and Ethical Hacking Linux Distribution
We are incredibly excited to announce the first release of 2020, Kali Linux 2020.1.2020.1 includes some exciting new updates:Non-Root by...
PythonAESObfuscate – Obfuscates A Python Script And The Accompanying Shellcode
Pythonic way to load shellcode. Builds an EXE for you too!UsagePlace a payload.bin raw shellcode file in the same directory....
ApplicationInspector – A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question ‘What’S In It’ Using Static Analysis With A Json Based Rules Engine
Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting...
An update on trade
In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China,...
Security Analysis of Devices That Support SCPI and VISA Protocols
By Philippe Lin, Roel Reyes, Shin Li, and Gloria Chen (Trend Micro Research) When a legacy protocol is connected via...
Tampa Bay Times hit by Ryuk, new variant of stealer aimed at gov’t, finance
On the heels of a Ryuk ransomware attack on the Tampa Bay Times, researchers reported a new variant of the...
Three Magecart operatives arrested in Indonesia
Several members of a group allegedly behind hundreds of Magecart-style attacks were arrested last month in Indonesia as the result...
A week in security (January 20 – 26)
Last week on Malwarebytes Labs, we reported on a Ryuk ransomware attack on The Tampa Bay Times, a newspaper in...
Understand how SIM Swapping can easily be used to hack your accounts!
We've all heard about sim swapping, SIM splitting, simjacking or sim hijacking- the recent trend with cybercriminals and now a...
