SWFPFinder – SWF Potential Parameters Finder
SWFPFinder is a simple and open source bash script designed to discovery the potential swf (file) parameters on the webapp...
Security
Patch Tuesday – January 2020
The first Patch Tuesday of 2020 has been hotly anticipated due to a rumour that Microsoft would be fixing a...
How to Define and Communicate Vulnerability Risk Across Your Company
This is a guest post by Rapid7 customer Steven Maske, the Information Security Manager of a manufacturing, retail, and distribution...
A week in security (January 6 – 12)
Last week on Malwarebytes Labs, we told readers how to check the safety of websites and their related files, explored...
Hackers Blackmail Patients of Surgical Company in a Cyber attack
The patients of a facial surgical company in Florida, who were hacked recently, are now being threatened by hackers. The...
TrickBot Added New Stealthy Backdoor for High-Value Targets
The authors behind the infamous TrickBot malware – a modular banking trojan that targets sensitive financial information and also acts...
laravelN00b – Automated Scan .env Files And Checking Debug Mode In Victim Host
Incorrect configuration allows you to access .env files or reading env variables. LaravelN00b automated scan .env files and checking debug...
Andriller – Software Utility With A Collection Of Forensic Tools For Smartphones
Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition...
Simplify Your Data Search with Query Builder in InsightVM
Security professionals responsible for vulnerability risk management are required to perform data querying and analysis on a regular basis to...
Sodinokibi Ransomware threats Travelex to release data, if ransom not paid.
The Sodinokibi Ransomware attackers are pressuring Travelex, a foreign exchange company to pay a 6 million dollar ransom amount or...
LAVA – Large-scale Automated Vulnerability Addition
Evaluating and improving bug-finding tools is currently difficult due to a shortage of ground truth corpora (i.e., software that has...
Heapinspect – Inspect Heap In Python
HeapInspect is designed to make heap much more prettier.Now this tool is a plugin of nadbg. Try it!FeaturesFree of gdb...
Kaspersky Lab reports North Korean Hacker group Lazarus stealing cryptocurrencies using the Telegram messenger
A group of hackers calling themselves Lazarus modified their previous scheme to steal cryptocurrency which was used in 2018. Hackers...
CHAPS – Configuration Hardening Assessment PowerShell Script
CHAPS is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy...
Karonte – A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware
Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware.Research paperWe present our approach and the findings...
Bahraini oil company reportedly attacked by new ‘Dustman’ disk wiper
Bapco, the national oil company of the Persian Gulf island nation of Bahrain, was reportedly targeted in a Dec. 29...
Threat spotlight: Phobos ransomware lives up to its name
Ransomware has struck dead on organizations since it became a mainstream tool in cybercriminals’ belts years ago. From massive WannaCry...
Malware Against Crypto-Currency Businesses; Microsoft and Apple are Targets Alike
“AppleJeus” operation was the first time “macOS” users were made victims by Lazarus. Herein, a manipulated application was used to...
SNAKE Ransomware Targets Entire Corporate Systems?
The new Snake Ransomware family sets out to target the organizations’' corporate networks in all their entirety, written in Golang...
PayPal Fixes ‘High-Severity’ Password Security Vulnerability
Researcher Alex Birsan, while examining PayPal's main authentication flow– discovered a critical security flaw that hackers could have exploited to...
IotShark – Monitoring And Analyzing IoT Traffic
IoTShark is a IOT monitoring service that allows users to monitor their IOT devices for trends in data sent/received. Ordinarily,...
LNAV – Log File Navigator
The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can...
Challenges and Best Practices with Vulnerability Risk Management Collaboration
Even in the most high-tech environments, remediation and risk reduction don’t just happen. In order for vulnerability risk management to...
United States government-funded phones come pre-installed with unremovable malware
A United States–funded mobile carrier that offers phones via the Lifeline Assistance program is selling a mobile device pre-installed with...
