Clik here to view.
Has your threat feed made you lazy
There has been a lot of conversation around threat feeds and how to automate the ingestion of ip’s and domains. A lot of work can go into taking these indicators, wrapping automation around it and...
View ArticleClik here to view.
Technical analysis of the SandWorm Vulnerability (CVE-2014-4114)
iSight Partners recently announced that they had discovered some new malware that was being used in a Russian cyber-espionage campaign. The vulnerability used in the campaign was CVE-2014-4114, which...
View ArticleClik here to view.
OrcaRAT - A whale of a tale
It’s every malware analyst’s dream to be handed a sample which is, so far, unnamed by the AV community - especially when the malware in question may have links to a well-known APT group.In my line of...
View ArticleClik here to view.
Metasploit: Joomla Akeeba Kickstart Unserialize Remote Code Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require 'rex/zip'require 'json'class Metasploit3...
View ArticleClik here to view.
Metasploit: HP Data Protector EXEC_INTEGUTIL Remote Code Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
CVE-2014-0569 (Flash Player) integrating Exploit Kit
My goal was to grab CVE-2014-0556 when i landed yesterday on Fiesta but according to @TimoHirvonen it's CVE-2014-0569 fixed only 1 week ago that has been fired here.I don't know if it appeared...
View ArticleClik here to view.
China collecting Apple iCloud data; attack coincides with launch of new iPhone
After previous attacks on Github, Google, Yahoo and Microsoft, the Chinese authorities are now staging a man-in-the-middle (MITM) attack on Apple’s iCloud.more...
View ArticleClik here to view.
FileBug v1.5.1 iOS - Path Traversal Web Vulnerability
Document Title:===============FileBug v1.5.1 iOS - Path Traversal Web VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1342Release...
View ArticleClik here to view.
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities
Document Title:===============Files Document & PDF 2.0.2 iOS - Multiple VulnerabilitiesReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1341Release...
View ArticleClik here to view.
Malvertising Payload Targets Home Routers
A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario the attackers embedded iFrames to do the heavy lifting, the...
View ArticleClik here to view.
Strengthening 2-Step Verification with Security Key
2-Step Verification offers a strong extra layer of protection for Google Accounts. Once enabled, you’re asked for a verification code from your phone in addition to your password, to prove that it’s...
View ArticleClik here to view.
Reverse Engineering a Web Application For fun, behavior & WAF Detection
Screening HTTP traffic can be something really tricky and attacks to applications are becoming increasingly complex day by day. By analyzing thousands upon thousands of infections, we noticed that...
View ArticleClik here to view.
R7-2014-17: NAT-PMP Implementation and Configuration Vulnerabilities
In the summer of 2014, Rapid7 Labs started scanning the public Internet for NAT-PMP as part of Project Sonar. NAT-PMP is a protocol implemented by many SOHO-class routers and networking devices that...
View ArticleClik here to view.
Update on the Torrentlocker ransomware
Payments for the ransom have to be done in Bitcoins. We have identified 7 Bitcoin addresses that received ransom payments. The total income as of the 21th of October is 862,79539531 BTC which comes...
View ArticleClik here to view.
Hostile Subdomain Takeover using Heroku/Github/Desk + more
Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects at least 17 large service providers and multiple domains are affected. Find out if...
View ArticleClik here to view.
New Exploit of Sandworm Zero-Day Could Bypass Official Patch
During the last few days researchers at McAfee Labs have been actively investigating Sandworm, the Windows packager zero-day attack (CVE-2014-4114). McAfee has already released various updates through...
View ArticleClik here to view.
Crypto- Advanced crypto library for the Go language
This package provides a toolbox of advanced cryptographic primitives for Go, targeting applications like Dissent that need more than straightforward signing and encryption.more...
View ArticleClik here to view.
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a...
View ArticleClik here to view.
Rogue Android Apps Hosting Web Site Exposes Malicious Infrastructure
With cybercriminals continuing to populate the cybercrime ecosystem with automatically generated and monetized mobile malware variants, we continue to observe a logical shift towards convergence of...
View ArticleClik here to view.
ECMAScript 6 for Penetration Testers “Notes on how the new JavaScript changes...
ECMAScript 6 will bring many changes to how JavaScript code works and what languagefeatures developers can benefit from. While the specifiers are still actively discussing somefeatures on their mailing...
View Article