Customer Spotlight: How Amedisys CISO Proves Security’s Value to the Business
Vulnerability management can often feel like a thankless job, especially when your leadership team has a difficult time understanding the...
Security
Triton v0.8 and ARMv7: A Guideline for Adding New Architectures
As you may have read in our previous blog post, the release of Triton v0.8 came with a lot of...
Coughing in the face of scammers: security tips for the 2020 tax season
In spite of everything happening in the world right now—the 2020 tax season is about to come to an end,...
Twitter Data Breach: Apology Sent to Potentially Affected Business Clients
The cyberspace has reportedly witnessed a fivefold increase in malicious attacks since the spread of the Coronavirus pandemic, it's primarily...
Sifter 7.4 – OSINT, Recon & Vulnerability Scanner
Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order...
Back to Basics: Maintaining Cloud Migration Oversight While Navigating the New Normal
On the fifth and final installment of our Remote Work Readiness Series, Rapid7 taps industry insiders for what the future...
Experts discovered phishing emails in Office 365 accounts
Check Point experts discovered a sophisticated phishing campaign aimed at collecting corporate data and compromising Microsoft Office 365 accounts. To...
Hmmcookies – Grab Cookies From Firefox, Chrome, Opera Using A Shortcut File (Bypass UAC)
Grab cookies from Firefox, Chrome, Opera using a shortcut file (bypass UAC)Legal disclaimer:Usage of HMMCOOKIES for attacking targets without prior...
Business Secure: How AI is Sneaking into our Restaurants
Prior to pandemic days, the restaurant industry talked of computers that might end up taking over their daily responsibilities. They’d...
Malicious doc campaign unleashes Cobalt Strike on gov’t, military orgs in South Asia
A military-themed malware campaign targeting military and government organizations in South Asia unleashes “maldocs” that spread full remote-access trojan (RAT)...
Magnitude exploit kit – evolution
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of...
A zero-day guide for 2020: Recent attacks and advanced preventive techniques
Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day...
Firefox Web Browser Launching Its Own Paid VPN Service
The Firefox Private Network service launched in beta just the previous year as a browser extension for desktop versions of...
Oh, what a boot-iful mornin’
In mid-April, our threat monitoring systems detected malicious files being distributed under the name “on the new initiative of the...
InQL – A Burp Extension For GraphQL Security Testing
To use inql in Burp Suite, import the Python extension:Download the Jython JarStart Burp SuiteExtender Tab > Options > Python...
TokenBreaker – JSON RSA To HMAC And None Algorithm Vulnerability POC
Token Breaker is focused on 2 particular vulnerability related to JWT tokens.None AlgorithmRSAtoHMACRefer to this link about insights of the...
Increasing Visibility in Changing Threat Environments: A Conversation With Anthony Edwards
We recently interviewed Anthony Edwards, Director of Security Operations for Hilltop Holdings, who shared problem-solving insights for our evolving security...
XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
Insights and analysis by Augusto Remillano II With additional analysis by Patrick Noel Collado and Karen Ivy Titiwa We have...
Variant of Mac malware ‘Shlayer’ spreads via poisoned web searches
Researchers have discovered a new variant of Shlayer Mac malware that bypasses Apple’s built-in security protections and is being spread...
Lock and Code S1Ep9: Strengthening and forgetting passwords with Matt Davey and Kyle Swank
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
Expert says Durov the main role in the process that will end the US monopoly
One of the most discussed news in the Internet community was the unblocking of the popular Telegram messenger by Roskomnadzor....
CSIRO’s Data61 Developed Voice Liveness Detection ‘Void’ to Safeguard Users Against Voice Spoofing Attacks
Spoofing attacks that impersonate user's devices to steal data, spread malware, or bypass access controls are becoming increasingly popular as...
Web skimming with Google Analytics
Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code...
SAyHello – Capturing Audio (.Wav) From Target Using A Link
Capturing audio (.wav) from target using a linkHow it works?After the user grants microphone permissions, a website redirect button of...
