Rapid7 Labs’ 2020 Naughty List Summary Report to Santa
As requested, your dutiful elves here at Rapid7 Labs have compiled a list of the naughty country networks being used...
hacking
The Russian cryptocurrency exchange Livecoin hacked on Christmas Eve
Russian cryptocurrency exchange Livecoin was compromised on Christmas Eve, hackers breached its network and gained control of some of its...
DDoS amplify attack targets Citrix Application Delivery Controllers (ADC)
Citrix confirmed that a DDoS attack is targeting Citrix Application Delivery Controller (ADC) networking equipment. The threat actors are using...
Millions of devices could be hacked exploiting flaws targeted by tools stolen from FireEye
Millions of devices are potential exposed to attacks targeting the vulnerabilities exploited by the tools stolen from the arsenal of...
Censys-Python – An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine
An easy-to-use and lightweight API wrapper for the Censys Search Engine (censys.io). Python 3.6+ is currently supported.Getting StartedThe library can...
Swego – Swiss Army Knife Webserver In Golang
Swiss army knife Webserver in Golang. Keep simple like the python SimpleHTTPServer but with many features.UsageHelp$ ./webserver -helpweb subcommand -bind...
Top Security Recommendations for 2021
Happy HaXmas! We hope everyone is having a wonderful holiday season so far. This year has been wild and unpredictable,...
Google reported that Microsoft failed to fix a Windows zero-day flaw
Google’s Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers...
GRecon – Your Google Recon Is Now Automated
GRecon (Greei-Conn) is a simple python tool that automates the process of Google Based Recon AKA Google Dorking The current...
Metasploit Tips and Tricks for HaXmas 2020
For this year's HaXmas, we're giving the gift of Metasploit knowledge! We'll cover a mix of old, new, or recently...
Kenzer – Automated Web Assets Enumeration And Scanning
Automated Web Assets Enumeration & Scanning Instructions for running Create an account on Zulip Navigate to Settings > Your Bots...
Cellebrite claims to be able to access Signal messages
Israeli cyber security firm Cellebrite claims that it can decrypt messages from the popular Signal’s messaging app. Israeli security firm...
Research: nearly all of your messaging apps are secure
CyberNews Investigation team analyzed the 13 most popular messaging apps to see if the apps are really safe. Source: https://cybernews.com/security/research-nearly-all-of-your-messaging-apps-are-secure/...
Researchers shared the lists of victims of SolarWinds hack
Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security...
Grawler – Tool Which Comes With A Web Interface That Automates The Task Of Using Google Dorks, Scrapes The Results, And Stores Them In A File
Grawler is a tool written in PHP which comes with a web interface that automates the task of using google...
0D1N v3.4 – Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)
0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool...
UPnP With a Holiday Cheer
T'was the night before HaXmas,when all through the house,Not a creature was stirring, not even a mouse.The stockings were hung...
Set New InsightVM Goals and Share with Your Team for Increased Visibility and More Efficient Execution
Since 2018, thousands of enterprises have utilized InsightVM’s Goals and SLAs feature to build their organization-specific security goals. Through Goals...
Bulletproof VPN services took down in a global police operation
A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN...
VMware and Cisco also impacted by the SolarWinds hack
The IT giants VMware and Cisco revealed they were impacted by the recently disclosed SolarWinds supply chain attack. VMware and...
Dell Wyse ThinOS flaws allow hacking think clients
Multiple Dell Wyse thin client models are affected by critical vulnerabilities that could be exploited by a remote attacker to...
SUPERNOVA, a backdoor found while investigating SolarWinds hack
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds...
SharpMapExec – A Sharpen Version Of CrackMapExec
A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss...
Watcher – Open Source Cybersecurity Threat Hunting Platform
Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. It should...
