5 min
Exploits
macOS Keychain Security : What You Need To Know
If you follow the infosec twitterverse or have been keeping an eye on macOS news
sites, you’ve likely seen a tweet
[https://twitter.com/patrickwardle/status/912254053849079808] (with accompanying
video) from Patrick Wardle (@patrickwardle [https://twitter.com/patrickwardle])
that purports to demonstrate dumping and exfiltration of something called the
“keychain” without an associated privilege escalation prompt. Patrick also has a
more in-depth Q&A blog post [https://www.patreon.com/posts/14556
3 min
SMBLoris: What You Need To Know
What's Up?
Astute readers may have been following the recent news around "SMBLoris" — a
proof-of-concept exploit that takes advantage of a vulnerability in the
implementation of SMB services on both Windows and Linux, enabling attackers to
"kill you softly" with a clever, low-profile application-level denial of
service
(DoS) [https://www.rapid7.com/fundamentals/denial-of-service-attacks/]. This
vulnerability impacts all versions of Windows and Samba (the Linux software that
provides SMB services
4 min
Ransomware
Wanna Decryptor (WNCRY) Ransomware Explained
Mark the date: May 12, 2017.
This is the day the “ransomworm” dubbed “WannaCry” / “Wannacrypt” burst —
literally — onto the scene with one of the initial targets being the British
National Health Service [http://www.bbc.com/news/health-39899646]. According to
The Guardian: the “unprecedented attack… affected 12 countries and at least 16
NHS trusts in the UK, compromising IT systems that underpin patient safety.
Staff across the NHS were locked out of their computers and trusts had to divert
em
7 min
Verizon DBIR
2017 Verizon Data Breach Report (DBIR): Key Takeaways
The much-anticipated, tenth-anniversary edition of the Verizon DBIR has been
released (Updated here: https://www.verizon.com/business/resources/reports/dbir/
), once again providing a data-driven snapshot into what topped the cybercrime
charts in 2016. There are just under seventy-five information-rich pages to go
through, with topics ranging from distributed denial-of-service (DDoS)
[https://www.rapid7.com/fundamentals/denial-of-service-attacks/] to ransomware,
prompting us to spin a reprise ed
6 min
Ransomware
The Ransomware Chronicles: A DevOps Survival Guide
NOTE: Tom Sellers [https://www.rapid7.com/blog/author/tom-sellers/], Jon Hart
[https://www.rapid7.com/blog/author/jon-hart/], Derek Abdine and (really) the
entire Rapid7 Labs team made this post possible.
On the internet, no one may know if you're of the canine persuasion, but with a
little time and just a few resources they can easily determine whether you're
running an open “devops-ish” server or not. We're loosely defining devops-ish
as:
* MongoDB
* CouchDB
* Elasticsearch
for this post
8 min
Haxmas
12 Days of HaXmas: A HaxMas Carol
(A Story by Rapid7 Labs)
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
Happy Holi-data from Rapid7 Labs!
It's been a big year for the Rapid7 elves Labs team. Our nigh 200-node strong
Heisenberg Cloud
3 min
Project Lorelei
Election Day: Tracking the Mirai Botnet
by Bob Rudis [/author/bob-rudis/], Tod Beardsley [/author/tod-beardsley], Derek
Abdine & Rapid7 Labs Team
What do I need to know?
Over the last several days, the traffic generated by the Mirai family of botnets
[/2016/10/25/mirai-faq-when-iot-attacks] has changed. We've been tracking the
ramp-up and draw-down patterns of Mirai botnet members and have seen the peaks
associated with each reported large scale and micro attack since the DDoS attack
against Dyn, Inc. We've tracked over 360,000 uniqu
6 min
Project Sonar
Digging for Clam[AV]s with Project Sonar
A little over a week ago some keen-eyed folks discovered a
feature/configuration
weakness [http://seclists.org/nmap-dev/2016/q2/198] in the popular ClamAV
malware scanner that makes it possible to issue administrative commands such as
SCAN or SHUTDOWN remotely—and without authentication—if the daemon happens to be
running on an accessible TCP port. Shortly thereafter, Robert Graham unholstered
his masscan [https://github.com/robertdavidgraham/masscan] tool and did a s
ummary blog post
[http://bl
7 min
Verizon DBIR
The 2016 Verizon Data Breach Investigations Report (DBIR) Summary - The Defender's Perspective
Verizon has released the report
[https://www.verizon.com/business/resources/reports/dbir/] of their annual Data
Breach Investigations Report (DBIR). Their crack team of researchers have, once
again, produced one of the most respected, data-driven reports in cyber
security, sifting through submissions from 67 contributors and taking a deep
dive into 64,000 incidents—and nearly 2,300 breaches—to help provide insight on
what our adversaries are up to and how successful they've been.
The DBIR is a