Posts tagged Hacking

1 min Authentication

Can 800,000 individuals compromised at the French Orange breach put you at risk?

We just read about an attack on Orange France [], where 800,000 people have potentially had their information compromised. The data that was accessed included names, mailing addresses, phone numbers, email addresses, customer accounts, and IDs. This could potentially trigger a domino effect of other companies being breached due to the personal data that the attackers acquired. There is a huge marketplace for selling p

1 min Hacking

40% of the COUNTRY hacked!

With the US retail market reeling from a tough end to the holiday season due to security breaches a little news from overseas [] shows this problem has no borders and is continuing to grow.  Headlines are designed to be the hook to the article and occasionally get trumped up, but in this case the numbers tell the story without need to exaggerate, 40% of the population of South Korea, ~20 million people, had their personal data stolen or

1 min Nexpose

Hacking as One Moose

Twelve hours into Rapid7's Annual Global Domination Hackathon and we are still going strong. Pulling together all the members of our global team for a multi-day kickoff in Boston gave us a fantastic opportunity to collect the wealth of talent and share in an epic hackathon event. Our cross-functional teams are getting their creative juices flowing, chugging Red Bulls and 5-hour energies, building robotic versions of our CTOs, destroying watermelons, driving million dollar virtual cars... and of

1 min Hacking

Rapid7: Coming to a city near you

We're taking this show on the road. Literally. This week our multi-city Rapid7 roadshow event, “Security at the Crossroads,” kicked off in New York and Minneapolis. Industry experts and fellow practitioners – including speakers from Forrester, Cardinal Innovations Healthcare Solutions, Vertex Pharmaceuticals, Porter Airlines, and TriNet – gathered to share security stories, strategies, and best practices. There isn't enough room to share all the takeaways from these two events, but here are

1 min Metasploit

Putting the Fax Straight: and Website Defacement

We want to share a short update regarding the defacement of and last week. A malicious 3rd party, claiming to be KDMS, changed the DNS settings with our domain registrar, We have heard from that the attacker did NOT use a spoofed change request fax as originally and unintentionally communicated by It's more likely the attackers used other social engineering techniques, resulting in compromised credentials of a emplo

1 min Metasploit

HackMiami Web Application PwnOff - Nexpose w/Metasploit Dominated

During the HackMiami 2013 Hacker Conference []held in Miami Beach, a live Web Application Scanner PwnOff contest pitted common web scanning suites against each other. Participates included Acunetix, IBM Rational AppScan, NT OBJECTives NTOSpider, Portswigger Burp, and Rapid7 Nexpose [] with Metasploit []. In a head-to-head battle each of the automated web application scanning suites went up agai

4 min Exploits

Ray Sharp CCTV DVR Password Retrieval & Remote Root

On January 22, 2013, a researcher going by the name someLuser [] detailed a number of security flaws in the Ray Sharp DVR platform []. These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras. In addition to Ray Sharp, the exposures seem to affect rebranded DVR products by Swann [], Lorex, URMET, KGuard, Def

1 min Exploits

White House Spear Phished

Yesterday news broke that an unclassified system at the White House Military Office was breached via a spear phish attack. The news of this attack is not surprising at all. Our government networks are under non-stop targeted attacks and some of these attacks will eventually compromise the intended victim. The reports that we've seen indicate that it was an unclassified network that was compromised. These types of systems are connected directly to the Internet, and wouldn't be considered mission

4 min Networking

SOC Monkey - Week in Review - 8.6.12

Monkeynauts, It's good to have you back. If this is your first time here, feel free to check out where I'm getting all my stories by downloading my App [] from the Apple App Store []. Let's take a quick trip back to some of the big news from earlier this summer, and discuss LinkedIn again: LinkedIn: Breach Cost Up to $1M, Says $2-3 Million in Security Upgrades Coming. [http://w

3 min Networking

SOC Monkey's Week in Review - 3.23.12

Hello all, Every Friday I'm going to round up the week with a few of my favorite stories that we've seen during the week on my app (SOC Monkey, available now, free in the Apple App Store). Let's dive right in, shall we? One of the biggest items of the week was the latest word from Facebook on employers asking job applicants to reveal their passwords. Ars Technica's article saw a lot of interest: Facebook says it may sue employers who demand job applicants' passwords [

2 min Hacking

We're pledging to save Hackers for Charity. Who will join us?

You may have seen Johnny Long's candid plea for support for Hackers for Charity [] this week.  For those that don't know, Hackers for Charity is based in Uganda and aims “to feed and educate the world's most vulnerable citizens”, which is a very laudable mission. HFC does this through a number of activities; they offer the following list to give us a taste: * We've fed thousands of families through our "food