Re2Pcap – Create PCAP file from raw HTTP request or response in seconds
Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against...
threatintel
Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)
Note: There are five different CVEs associated with the CDPwn vulnerability group. Each of them targets a different class of...
Adposhel adware takes over browser push notifications administration
Since late last year, our researchers have been monitoring new methods being deployed by cybercriminals to potentially abuse browser push...
Group of 10 hackers was convicted for stealing gasoline and selling
The court issued a verdict on February 3 in the case of theft of fuel at Rosneft gas stations.The court...
120 Million Medical Records Leaked! Global Medical Report Sheds More Light.
Along with cyber-security within your phones and other devices, you must make sure the hospital you go to has enough...
Takeover v0.2 – Sub-Domain TakeOver Vulnerability Scanner
Sub-domain takeover vulnerability occur when a sub-domain (subdomain.example.com) is pointing to a service (e.g: GitHub, AWS/S3,..) that has been removed...
Misp-Dashboard – A Dashboard For A Real-Time Overview Of Threat Intelligence From MISP Instances
A dashboard showing live data and statistics from the ZMQ feeds of one or more MISP instances. The dashboard can...
3 Questions to Ask Yourself When Justifying Your Infosec Program
On the Rapid7 Labs team, we’re constantly looking for ways to give defenders a boost in the work they need...
Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud
By Lorin Wu (Mobile Threats Analyst) We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro...
Cybercriminals abuse Bitbucket to infect users with potpourri of malware
A newly discovered attack campaign has been abusing the online storage platform Bitbucket to maintain and update a wide assortment...
Fintech security: the challenges and fails of a new era
“I have no idea how this app from my bank works, and I don’t trust what I don’t understand.” Josh...
Teenager Arrested for DDoS Attack in Ukraine
Ukranian Police arrested a 16 yrs old teenager last month on charges of attacking a local Internet Service Provider (ISP)...
Apple Engineers unveils a proposal to standardize the two factor authentication process and Google backs it up!
Apple known for it's off the charts security features was recently troubled with hacks, malware and phishing attacks staining its...
Jaeles v0.4 – The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner.InstallationDownload precompiled...
Dufflebag – Search Exposed EBS Volumes For Secrets
Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally...
How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud
In part one of our four-part series on security in the cloud, we discussed the AWS shared responsibility model and...
Washington Privacy Act welcomed by corporate and nonprofit actors
The steady parade of US data privacy legislation continued last month in Washington with the introduction of an improved bill...
The Prosecutor General’s Office of the Russian Federation proposes to create a single resource to combat cyber fraud
Specialized service for collecting data on cybercrime in the financial sector, which will help counteract fraud in cyberspace, may appear...
Google Cuts Down Chrome’s Patch-Gap in Half, from 33 to 15 Days now
Last week, Google has announced the cutting down of 'patch gap' in half for Chrome and the future plans of...
Chinese Origin Threat Group Targets Hong Kong Universities with New Backdoor Variant
The Winnti, a China-linked threat group that has been active in the cyberspace since 2009 was found to be employing...
Qiling – Advanced Binary Emulation Framework
Qiling is an advanced binary emulation framework, with the following features:Cross platform: Windows, MacOS, Linux, BSDCross architecture: X86, X86_64, Arm,...
Nfstream – A Flexible Network Data Analysis Framework
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline...
DOUBLEPULSAR over RDP: Baselining Badness on the Internet
That’s good news, right? Well, I’d say that’s a qualified “yes.” As I mentioned, it’s easy to change the implant...
DOUBLEPULSAR RCE 2: An RDP Story
In this sequel, wvu recounts the R&D (in all its imperfect glory) behind creating a Metasploit module for the DOUBLEPULSAR...
