8 matches found
A week in security (August 15 - August 21)
Last week on Malwarebytes Labs: Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17 Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories JSSLoader: the shellcode edition CISA and FBI issue alert about Zeppelin ransomware H...
FIN7 ‘Pen Tester’ Headed to Jail Amid $1B in Losses
A so-called “pen-tester” for the financial cybergang known as FIN7 will spend seven years in the slammer after being convicted for payment-card theft. According to the Department of Justice, Andrii Kolpakov, a Ukrainian national, was also ordered to pay a tidy $2.5 million in restitution for his...
ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs
Adobe today released an important security hotfix for several versions of its ColdFusion rapid web application development platform. The company said the update addresses an input validation vulnerability CVE-2017-3008 in the software that could be used in reflected cross-site scripting XSS...
SpiderFoot v2.6.1 - Open Source Intelligence Automation
SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target. Purpose There are three main areas where SpiderFoot can be useful: 1. If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the tes...
Lessons Learned in Building a Vulnerability Coordination Program
CANCUN – Bounty programs are mislabeled creatures, too often pigeonholed as a payoff for finding individual vulnerabilities in software. Wrong. “The name bug bounty is actually a false categorization of what is truly just an incentive program,” said Katie Moussouris, chief policy officer at...
How I Got Here: Katie Moussouris
Dennis Fisher talks with Katie Moussouris of Microsoft about her childhood exploits with Commodore 64 programming, ignoring her Barbies, growing up as a hacker, her days as a pen tester and the challenges of working on security at Microsoft. Download: 12moussouris.mp3 Microsoft image via Robert...
[Sandcat Browser 4.0] The fastest web browser with many useful security and developer oriented tools
Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...
Sandcat Browser 4.0 released, new tools added for Pen-Testers
Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...