Advanced Threat predictions for 2021
Trying to make predictions about the future is a tricky business. However, while we don’t have a crystal ball that...
Security
Doctrack – Tool To Manipulate And Insert Tracking Pixels Into Office Open XML Documents (Word, Excel)
Tool to manipulate and insert tracking pixels into Office Open XML documents. FeaturesInsert tracking pixels into Office Open XML documents...
Kali Linux 2020.4 – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2020.4. This release has various impressive updates:ZSH is the new default...
Announcing the 2020 December Metasploit community CTF
It’s time for another Metasploit community CTF! We're back on our usual end-of-year schedule this time around, and we’re doing...
This One Time on a Pen Test: CSRF to Password Reset Phishing
Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part...
Chris Krebs, director of Cybersecurity and Infrastructure Security Agency, fired by President
On Tuesday evening, President Donald Trump fired Chris Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA), just days...
ESET has revealed a new series of Lazarus attacks
Experts of the antivirus company ESET have discovered a series of attacks, behind which is one of the most famous...
Teler – Real-time HTTP Intrusion Detection
teler is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources...
OpenEDR – Open EDR Public Repository
We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to public, where products and...
TCMalloc viewer/dumper – TCMalloc Inspector Tool
Posted by Marcin Kozlowski on Nov 18Hi List, Maybe you will find this interesting/useful. Below is the TCMalloc tool that...
SOWA.OPAC Reflected Cross Site Scripting
Posted by hacker on Nov 18 # Title: SOWA.OPAC Reflected Cross Site Scripting # Vulnerability Type: Cross Site Scripting (XSS)...
Congress unanimously passes federal IoT security law
The US Senate unanimously passed the IoT Cybersecurity Improvement Act (H.R.1668) yesterday. The US House passed the bill in September,...
Behind the Scenes: Under the Hoodie 2020 Video Series
Longtime fans of our Under the Hoodie video series may have noticed that this year’s videos looked, well, a little...
WebNavigator Chromium browser published by search hijackers
A mystery Chromium browser recently made a sudden appearance, and is certainly proving popular. But what is it, and where...
Phishing Campaigns Evolving Rapidly; Using Innovative Tactics to Avoid Detection
In the past few months, Microsoft Office 365 phishing campaigns have evolved drastically, using innovative tricks like inverted login pages,...
Jupyter Trojan Steals Chrome Firefox Data and Opens Backdoor
Researchers at Morphisec has recently discovered a trojan malware campaign targeted at stealing information from businesses and higher education. Reportedly,...
Cyber Attacks in India At A Steady Rise as Per India’s Cybersecurity Chief
National Cyber Security Coordinator Lt Gen (retd) Rajesh Pant recently discussed cyberattacks in India 'having gone up a multifold' in...
Rehex – Reverse Engineers’ Hex Editor
A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else.FeaturesLarge (1TB+) file support Decoding of integer/floating point...
Gping – Ping, But With A Graph
Ping, but with a graph.InstallFYI: The old Python version can be found under the python tag. Homebrew (MacOS + Linux)brew...
SEC Consult SA-20201117-0 :: Blind Out-Of-Band XML External Entity Injection in Avaya Web License Manager
Posted by SEC Consult Vulnerability Lab on Nov 17SEC Consult Vulnerability Lab Security Advisory < 20201117-0 > ======================================================================= title: Blind...
Fancy Product Designer for WooCommerce – Unrestricted File Upload
Posted by Jonathan Gregson via Fulldisclosure on Nov 17## About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce...
Fancy Product Designer for WooCommerce – Stored XSS via SVG upload
Posted by Jonathan Gregson via Fulldisclosure on Nov 17## About Fancy Product Designer for WooCommerce Fancy Product Designer for WooCommerce...
Don’t Put It on the Internet: Tesla Backup Gateway Edition
Derek Abdine, formerly Director of Rapid7 Labs, now CTO at Censys, contributed this blog post.This blog post aims to increase...
Malsmoke operators abandon exploit kits in favor of social engineering scheme
Exploit kits continue to be used as a malware delivery platform. In 2020, we’ve observed a number of different malvertising...
