Cyber Criminals broke into the database of patients of the Russian cancer center and demanded a ransom
The Sverdlovsk Regional Clinical Center was hacked. Svetlana Lavrova, a neurophysiologist, told about this on her Facebook page.“The data of...
News
Anubis Malware that Attacks Windows Users
In a recent cybersecurity incident, Microsoft reports of a new malware called 'Anubis.' Anubis is not related to any banking...
Operation PowerFall: CVE-2020-0986 and variants
In August 2020, we published a blog post about Operation PowerFall. This targeted attack consisted of two zero-day exploits: a...
SpaceSiren – A Honey Token Manager And Alert System For AWS
SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and...
LOLBITS v2.0.0 – C2 Framework That Uses Background Intelligent Transfer Service (BITS) As Communication Protocol And Direct Syscalls + Dinvoke For EDR User-Mode Hooking Evasion
LOLBITS is a C2 framework that uses Microsoft's Background Intelligent Transfer Service (BITS) to establish the communication channel between the...
This One Time on a Pen Test: Playing Social Security Slots
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Apple notarization process, meant to protect, approved Shlayer malware
Apple appears to have inadvertently approved OSX.Shlayer malware as part of the security notarization process it has touted would boost...
New web skimmer steals credit card data, sends to crooks via Telegram
The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid...
Russian engineer raised $5 million for Tamagotchi for hackers
Russian techno enthusiast Pavel Zhovner raised almost $5 million for the production of Tamagotchi for hackers Flipper Zero. The project...
Amazons gets FAA’s approval for Drone Delivery Trails
Retail giant Amazon got the approval to deliver their products from the sky (like your package dropped straight from the...
Killchain – A Unified Console To Perform The “Kill Chain” Stages Of Attacks
What is “Kill Chain”?From Wikipedia: The term kill chain was originally used as a military concept related to the structure...
CrossC2 – Generate CobaltStrike’s Cross-Platform Payload
A security framework for enterprises and Red Team personnel, supports CobaltStrike's penetration testing of other platforms (Linux / MacOS /...
Ask a Pen Tester, Part 2: A Q&A With Rapid7 Pen Testers Gisela Hinojosa and Carlota Bindner
This blog post is part two of a two-part series. For more insights from Gisela and Carlota, check out part...
Apple’s notarization process fails to protect
In macOS Mojave, Apple introduced the concept of notarization, a process that developers can go through to ensure that their...
Lock and Code S1Ep14: Uncovering security hubris with Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
A Brief Summary of The Potential Threats Revealed in Black Hat 2020 Conference
Cybersecurity experts had a lot to say about possible cybersecurity threats in the USA Black Hat Conference.Main HighlightsUS Presidential ElectionsAs...
Paytm Mall Suffers Data Breach, Hackers Demanded Ransom
Paytm has allegedly suffered a huge data breach after a hacker group targeted the company's PayTM Mall database and demanded...
DVS – D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife
Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs?Let's...
Mihari – A Helper To Run OSINT Queries & Manage Results Continuously
Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and...
Why I Joined Rapid7
“I think the best way to tell a story is by starting at the end, briefly, then going back to...
United States Issues Alert on North Korean Threat Actors Finding Better Ways to Rob Banks
The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command issued a joint...
SourceWolf – Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!
Tested environments: Windows, MAC, linux, and windows subsystem for linux (WSL) What can SourceWolf do? Crawl through responses to find...
Iblessing – An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis
iblessingiblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis.iblessing is based...
The Ministry of Internal Affairs of Bashkortostan intends to cooperate with white hackers to reduce cyber crime
The Ministry of Internal Affairs of Bashkortostan is ready to cooperate with white hackers and programmers to solve Internet crimes...
