Small Business in a Big World (Wide Web): What You Should Know to Stay Secure
While the COVID-19 pandemic has made online stores increasingly valuable, some small businesses may not have had the experience around...
Month: July 2020
Hidden purpose of Mac ‘ransomware’ EvilQuest is data exfiltration, say researchers
Researchers have developed a decryption tool for the recently discovered EvilQuest ransomware program designed to target Mac machines. But several...
We found yet another phone with pre-installed malware via the Lifeline Assistance program
We have discovered, yet again, another phone model with pre-installed malware provided from the Lifeline Assistance program via Assurance Wireless...
Hackers Attack Online Stores Stealing Credit Card Data, Experts Allege North Korea
According to the recent findings, there has been an incident of web skimming attacks on the European and American online...
Redirect auction
We’ve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and...
Harbian-Audit – Hardened Debian GNU/Linux Distro Auditing
Hardened Debian GNU/Linux and CentOS 8 distro auditing.The main test environment is in debian GNU/Linux 9/10 and CentOS 8, and...
Shhgit – Find GitHub Secrets In Real Time
Shhgit finds secrets and sensitive files across GitHub code and Gists committed in near real time by listening to the...
Seeing Value From Day One: What You Need to Know About Cloud SIEM Deployment and Configuration
In our modern threat landscape, many organizations face challenges that remain difficult to decipher, let alone resolve. In a fast-paced...
Mac ThiefQuest malware may not be ransomware after all
Editor’s note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same...
Lock and Code S1Ep10: Pulling apart the Internet of Things with JP Taggart
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
Ozon launched a bug bounty on HackerOne
The reward for each bug found will depend on the degree of its impact on the service, the potential damage...
Hackers “showed ethics” and did not attack medical services in Russia during the pandemic
During the pandemic, there were no hacker attacks on medical institutions in Russia, unlike in many countries of the world,...
A New and Amazingly Simple Device in an Era of Pandemics to Protect Your Privacy
A period of pandemics and social distancing sent more people than ever into the work-from-home world. These new realities mean...
Scant3R – Web Security Scanner
ScanT3r - Web Security Scanner _____ ___________ / ___/_________ _____/_ __/__ /_____ __ / ___/ __ `/ __ / /...
Airshare – Cross-platform Content Sharing In A Local Network
Airshare is a Python-based CLI tool and module that lets you transfer data between two machines in a local network,...
Application Security Takes Center Stage in this Year’s Verizon Data Breach Investigations Report
The latest Verizon Data Breach Investigations Report (DBIR) was released in May, and we’re still unpacking all the golden nuggets...
Credit card skimmer targets ASP.NET sites
Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is...
Android Malware, FakeSpy Spying on Users’ Banking Information Acting as Postal Services
A new Android malware, FakeSpy that can potentially steal an individual's banking details, read contact lists, application, and account information...
Pig in a poke: smartphone adware
Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from...
Git All The Payloads! A Collection Of Web Attack Payloads
Git All the Payloads! A collection of web attack payloads. Pull requests are welcome!Usagerun ./get.sh to download external payloads and...
Faxhell – A Bind Shell Using The Fax Service And A DLL Hijack
A Proof-of-Concept bind shell using the Fax service and a DLL hijack based on Ualapi.dll.See our writeup at: https://windows-internals.com/faxing-your-way-to-system/How to...
Rapid7 Named a 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management
The mission of InsightIDR, Rapid7’s natively cloud SIEM, is a simple one: eliminate the complexity that stands between talented security...
12 Most Exploited Vulnerabilities: How to Navigate Vulnerabilities in a Security Program
In a recent alert published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the organization laid out the 12...
Gain a More Dynamic View: How to Connect Cloud Configuration Assessment in InsightVM to CloudTrail in AWS
Cloud Configuration Assessment is an InsightVM feature that provides a security-focused view into your cloud environment. Capabilities are centered around...
