Waterbear is Back, Uses API Hooking to Evade Security Product Detection
By Vickie Su, Anita Hsieh, and Dove Chiu Waterbear, which has been around for several years, is a campaign that...
By Vickie Su, Anita Hsieh, and Dove Chiu Waterbear, which has been around for several years, is a campaign that...
Microsoft released a total of 36 patches for December’s Patch Tuesday. Decembers tend to have a relatively low number of...
by William Gamazo Sanchez and Joseph C. Chen In November 2019, we published a blog analyzing an exploit kit we...
We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which...
It’s no secret that as the security landscape becomes increasingly complex, resources are becoming harder and harder to find. Team...
Executive summary As part of a recent IoT hacking training exercise, a number of Rapid7 penetration testers set out to...
Today we come to the end of 2019's monthly Microsoft Patch Tuesday (also known as Update Tuesday). This Christmas, Microsoft...
What is a vulnerability risk management program? A vulnerability risk management program is imperative at any organization to secure assets,...
At Rapid7 Labs we are always on the look for new research topics and fields to stick our fingers in...
A fast web fuzzer written in Go.Heavily inspired by the great projects gobuster and wfuzz.FeaturesFast!Allows fuzzing of HTTP header values,...
This is a tool used to collect various intelligence sources for a given file. Fileintel is written in a modular...
Pretend to be busy or waiting for your computer when you should actually be doing real work! Impress people with...
An antivirus maker discovered a bug in the decrypter application of the Ryuk Ransomware, the application "the Ryuk gang" basically...
A player of popular gaming title Elder Scrolls Online recently took to Reddit to warn users of a phish via...
Last week on Malwarebytes Labs, we took a look at a new version of the IcedID Trojan, described web skimmers...
Though Black Friday and Cyber Monday are over, the two shopping holidays were just precursors to the larger Christmas season—a...
There’s a well-worn saying in security: “If it’s too good to be true, then it probably isn’t.” This can easily...
SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a...