Lucene search
K

6 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/04/10 1:0 p.m.10 views

Password Spray Attacks Taking Advantage of Lax MFA

In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume of credential...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/01 9:48 a.m.22 views

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials...

8.6AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/18 11:57 a.m.19 views

How are attackers trying to bypass MFA?

In the latest Cisco Talos Incident Response Quarterly Trends report, instances related to multi-factor authentication MFA were involved in nearly half of all security incidents that our team responded to in the first quarter of 2024. In 25% of engagements, the underlying cause was users accepting...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/09 4:1 a.m.48 views

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard aka APT29 or Cozy Bear managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that...

7.7AI score
Exploits0
Kitploit
Kitploit
added 2022/12/06 11:30 a.m.61 views

Klyda - Highly Configurable Script For Dictionary/Spray Attacks Against Online Web Applications

The Klyda project has been created to aid in quick credential based attacks against online web applications. Klyda supports the use from simple password sprays, to large multithreaded dictionary attacks. Klyda is a new project, and I am looking for any contributions. Any help is very appreciated...

7.3AI score
Exploits0References2
Kitploit
Kitploit
added 2021/10/11 11:30 a.m.24 views

BruteLoops - Protocol Agnostic Online Password Guessing API

A dead simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces. See various Wiki sections for more information. A "modular" example is included with the library that demonstrates how to use this package. It's fully functional an...

7.3AI score
Exploits0References6
Rows per page
Query Builder