Self-Isolation, Home Networking, and Open Source: Recog and Rumble
Hey, gang. You know I'm a big open source fan and occasional contributor, so I just wanted to take a...
Month: April 2020
Shifting Security Conferences to Virtual: The New Face of Events in 2020 and Beyond
On this week’s episode of Security Nation, we had the pleasure of speaking with John Strand, CEO of BlackHills Information...
Copycat criminals abuse Malwarebytes brand in malvertising campaign
While exploit kit activity has been fairly quiet for some time now, we recently discovered a threat actor creating a...
Cybersecurity labeling scheme introduced to help users choose safe IoT devices
The Internet of Things (IoT) is a term used to describe a wide variety of devices that are connected to...
First Deputy Chairman of the Bank of Russia: Blockchain is not a panacea, and cryptocurrency is not money
First Deputy Chairman of the Bank of Russia Olga Skorobogatova said that blockchain is perfect for letters of credit and...
L4NC34 Ransomware Teaches That Ransomware Attacks Ought To Never Be Trifled With
There is no denying the fact that whenever the word ransomware is mentioned computers are an instinctive afterthought to have...
Unkillable xHelper and a Trojan matryoshka
It was the middle of last year that we detected the start of mass attacks by the xHelper Trojan on...
Tails 4.5 – Live System to Preserve Your Privacy and Anonymity
The Tails team is happy to publish Tails 4.5, the first version of Tails to support Secure Boot.This release also fixes...
MSOLSpray – A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA...
Git-Hound v1.1 – GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System
A batch-catching, pattern-matching, patch-attacking secret snatcher.GitHound pinpoints exposed API keys and other sensitive information on GitHub using pattern matching, commit...
8 Steps to Successfully Implement the CIS Top 20 Controls in Your Organization
If you saw the recent Top 10 Malware January 2020 post by the Center for Internet Security (CIS), you may...
A week in security (March 30 – April 5)
Last week on Malwarebytes Labs, we offered readers tips for safe online shopping now that cybercriminals are ramping up Internet-based...
‘Paranoid’ Blocks your Smart Speakers from Spying on you
Smart speakers have proven to be one of the most versatile gadgets of the era, the high-tech AI companions can...
BGP Hijacking Victimizes Google, Amazon and Other Famous Networks’ Traffic!
As per reports, a telecommunication provider that is owned by Russia rerouted traffic which was intended for the most imminent...
Russia responded to the Swedish Minister’s statement about “Russian trolls”
Russian Senator Alexey Pushkov noted that the Minister was actually attacked by ordinary Swedish Internet users who were not satisfied...
DNSteal v2.0 – DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
This is a fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests.Below...
OSSEM – Open Source Security Events Metadata
The Open Source Security Events Metadata (OSSEM) is a community-led project that focuses primarily on the documentation and standardization of...
Financial resources for small businesses grappling with COVID-19
The United States Congress recently passed the “Coronavirus Aid, Relief, and Economic Security Act” (the “CARES Act”). This legislation is...
Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)
On Feb 11, 2020, Microsoft released security updates to address a vulnerability in Microsoft Exchange that would allow an attacker...
4 Common Goals For Vulnerability Risk Management Programs
At Rapid7, we have made it our top priority to uncover unmet customer needs and create value in new product...
Zoombombing: what is it and how you can prevent your conference calls from being zoombombed
Amid this Covid-19 lockdown, the use of video conferencing software has seen a rapid rise- be it work-related, teaching or...
YARA webinar follow up
If you read my previous blogpost, “Hunting APTs with YARA” then you probably know about the webinar we’ve done on...
Angrgdb – Use Angr Inside GDB – Create An Angr State From The Current Debugger State
Use angr inside GDB. Create an angr state from the current debugger state.Installpip install angrgdbecho "python import angrgdb.commands" >> ~/.gdbinitUsageangrgdb...
SSHPry v2.0 – Spy and Control os SSH Connected client’s TTY
This is a second release of SSHPry tool, with multiple features added.Control of target's TTYBuilt-In KeyloggerConsole-Level phishingRecord & Replay previous...
