Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902
Update as of 10:00 A.M. PST, July 30, 2020: Our continued analysis of the malware sample showed adjustments to the...
Month: July 2020
Malspam campaign caught using GuLoader after service relaunch
They say any publicity is good publicity. But perhaps this isn’t true for CloudEye, an Italian firm that claims to...
Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack
The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. The...
uDork – Tool That Uses Advanced Google Search Techniques To Obtain Sensitive Information In Files Or Directories, Find IoT Devices, Detect Versions Of Web Applications, And So On
uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files...
Open Source Security Meetup (OSSM): Virtual Edition
The Rapid7 Metasploit team is taking a page from DEF CON’s “SAFE MODE” operations this year, hosting our annual Open...
Cloud Best Practices Every Security Professional Should Know
In part one of this two-part series on the cloud and cloud security for security professionals, we dove into everything...
Oralyzer – Tool To Identify Open Redirection
Oralyzer, a simple python script, capable of identifying the open redirection vulnerability in a website. It does that by fuzzing...
Botnet abuses Docker servers and crypto blockchain to deliver Doki backdoor
As user organizations move more of their business infrastructure off premises, cybercriminals become increasingly motivated to target Linux-based cloud environments,...
Cloud workload security: Should you worry about it?
Due to the increasing use of the cloud, organizations find themselves dealing with hybrid environments and nebulous workloads to secure....
COVID-19 used as a lure for Cyber Attacks: Report suggest massive increase in Phishing Trends
Since the starting of the year, 2020 has been a bearer of bad news and Covid seems like a bad...
Google Banned 29 Android Apps Containing Adware
A research discovered that almost all the malware are designed to target android users and in order to prevent users...
APT trends report Q2 2020
For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of...
Kubebox – Terminal And Web Console For Kubernetes
Terminal and Web console for KubernetesFeatures Configuration from kubeconfig files (KUBECONFIG environment variable or $HOME/.kube) Switch contexts interactively Authentication support...
Commit Stream – OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API
commit-stream drinks commit logs from the Github event firehose exposing the author details (name and email address) associated with Github...
Remote Code Execution Risks in Secomea, Moxa, and HMS eWon ICS VPN Vulnerabilities: What You Need to Know
On Wednesday, July 28, 2020, researchers at Claroty released information on a number of critical remote code execution vulnerabilities across...
Rapid7 statement on privacy and status of EU-US data transfers post-Schrems II
SummaryContext: The Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield (Privacy Shield) as a...
Joe FitzPatrick on the Future of Hardware Security Training Sessions
This week Rapid7 welcomes Joe FitzPatrick, a lead researcher at securinghardware.com, as he discusses what it takes to run a...
TikTok is being discouraged and the app may be banned
In recent news retail giant Amazon sent a memo to employees telling them to delete the popular social media app...
The data of clients of the Russian bank Alfa-Bank leaked to the Network
On June 22, a message appeared on the Darknet about the sale of a database of clients of the largest...
The National Security and Defense Council of Ukraine reported a leak of IP addresses of government websites
The leaked list of hidden government IP addresses of government websites occurred in Ukraine. This is stated in the statement...
New Network Protocols Abused To Launch Large-Scale Distributed Denial of Service (DDoS) Attacks
The Federal Bureau of Investigation issued an alert just the previous week cautioning about the discovery of new network protocols...
Prometei: A Cryptomining Botnet that Attacks Microsoft’s Vulnerabilities
An unknown Botnet called "Prometei" is attacking windows and Microsoft devices (vulnerable) using brute force SMb exploits. According to Cisco...
Lazarus on the hunt for big game
We may only be six months in, but there’s little doubt that 2020 will go down in history as a...
SNOWCRASH – A Polyglot Payload Generator
A polyglot payload generator IntroductionSNOWCRASH creates a script that can be launched on both Linux and Windows machines. Payload selected...
