Transparent Tribe: Evolution analysis,part 1
Background and key findings Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities...
Year: 2020
Wonitor – Fast, Zero Config Web Endpoint Change Monitor
fast, zero config web endpoint change monitor. for comparing responses, a selected list of http headers and the full response...
DropEngine – Malleable Payloads!
By @s0lst1c3DisclaimerDropEngine (the "Software") and associated documentation is provided “AS IS”. The Developer makes no other warranties, express or implied,...
Automated External Sonar Scanning Workflow with InsightVM
Have you ever come into the office on a Monday and were completely surprised by your boss asking about some...
How Unsecure gRPC Implementations Can Compromise APIs, Applications
By David Fiser (Security Researcher) Enterprises are turning to microservice architecture to build future-facing applications. Microservices allow enterprises to efficiently...
Unico Campania – 166,031 breached accounts
In August 2020, the Neapolitan public transport website Unico Campania was hacked and the data extensively circulated. The breach contained...
20 percent of organizations experienced breach due to remote worker, Labs report reveals
It is no surprise that moving to a fully remote work environment due to COVID-19 would cause a number of...
ReconSpider – Most Advanced Open Source Intelligence (OSINT) Framework For Scanning IP Address, Emails, Websites, Organizations
ReconSpider is most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations and find out information...
US Army Says North Korea Has Hackers and Electronic Warfare Specialists Working and Operating Abroad
In a report published a month ago by the US Army said North Korea has at least 6,000 hackers and...
Pagodo – Automate Google Hacking Database Scraping And Searching
The goal of this project was to develop a passive Google dork script to collect potentially vulnerable web pages and...
Bangaluru based startup Pixxel raises $5 Million to be India’s first Earth-Imaging Satellite to launch
A Bengaluru based startup, Pixxel is soaring towards the moon as they recently raised a sweeping fund of 5 million...
Kali Linux 2020.3 Release – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! Quarter #3 – Kali Linux 20202.3. This release has various impressive updates.A quick overview...
Ask a Pen Tester, Part 1: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner
Recently, we tasked some of our Rapid7 customers to ask their most burning questions related to the mysterious art of...
U.S. urges Linux users to secure kernels from new Russian malware threat
The FBI and NSA jointly issued an advisory on Drovorub – a newly disclosed malware program targeting Linux systems. (Jan...
Utah Gun Exchange – 235,233 breached accounts
In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total,...
Catho – 1,173,012 breached accounts
In approximately March 2020, the Brazilian recruitment website Catho was compromised and subsequently appeared alongside 20 other breached websites listed...
Sonicbids – 751,700 breached accounts
In December 2019, the booking website Sonicbids suffered a data breach which they attributed to "a data privacy event involving...
Hackers hijack design platform to go phishing
Australian design platform Canva unwittingly provided phishing campaigns with graphics, making threat actors’ schemes appear more legitimate as they pilfer...
The impact of COVID-19 on healthcare cybersecurity
As if stress levels in the healthcare industry weren’t high enough due to the COVID-19 pandemic, risks to its already...
Russians were warned about phishing emails on behalf of the tax service
Experts of the company Group-IB, specializing in the prevention of cyberattacks, together with the Federal Tax Service (FTS), identified the...
PurpleSharp – C# Adversary Simulation Tool That Executes Adversary Techniques With The Purpose Of Generating Attack Telemetry In Monitored Windows Environments
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection...
Sinter – A User-Mode Application Authorization System For MacOS Written In Swift
Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift.Sinter uses the user-mode EndpointSecurity...
Join Team Moose: Become a Rapid7 BDR
The Business Development Representative (BDR) program at Rapid7 is an entry-level program that develops our next generation of successful sales...
Lock and Code S1Ep13: Monitoring the safety of parental monitoring apps with Emory Roane
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
