119 matches found
Reasons Why Every Business is a Target of DDoS Attacks
DDoS Distributed Denial of Service attacks are making headlines almost every day. 2021 saw a 434% upsurge in DDoS attacks, 5.5 times higher than 2020. Q3 2021 saw a 24% increase in the number of DDoS attacks in comparison to Q3 2020. Advanced DDoS attacks that are typically targeted, known as sma...
The Internet’s Most Tempting Targets
The number of exposed assets keeps climbing, but existing security strategies aren’t keeping up. Attack surfaces are getting more complex, and the excruciatingly hard part is figuring out where to focus. For every 1,000 assets on an attack surface, there is often only one that’s truly interesting...
Time to Ditch Big-Brother Accounts for Network Scanning
In almost every network, there is a highly privileged service account remotely connecting to all computers. These accounts are usually used by backup, security or monitoring solutions. But using such accounts to remotely login to systems on the network introduces unnecessary risk — it’s a bad...
New Malware Targets Windows Subsystem for Linux to Evade Detection
A number of malicious samples have been created for the Windows Subsystem for Linux WSL with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-malware engines. The "distinct tradecraft"...
Popular Attack Surfaces, August 2021: What You Need to Know
See the Updates section at the end of this post for new information as it comes to light. Whether you attended virtually, IRL, or not at all, Black Hat and DEF CON have officially wrapped, and security folks’ brains are replete with fresh information on new and some not-so-new vulnerabilities and...
[Security Nation] Jonathan Cran on demystifying startup funding for security companies
!\Security Nation\ Jonathan Cran on demystifying startup funding for security companieshttps://blog.rapid7.com/content/images/2021/07/securitynationlogo.jpg In this episode of Security Nation, we’re joined by Jonathan Cran. We wade into uncharted territory with Jonathan, as he claims the title of...
The Future of Machine Learning and Cybersecurity
The Center for Security and Emerging Technology has a new report: "Machine Learning and Cybersecurity: Hype and Reality." Heres the bottom line: The report offers four conclusions: Machine learning can help defenders more accurately detect and triage potential attacks. However, in many cases thes...
Privilege Escalation
AppArmor is vulnerable to privilege escalation attacks. An unauthenticated attacker could have increased attack surfaces which would allow privilege escalation due to the use of common logic to handle 'restart' operations...
4 Free Online Cyber Security Testing Tools For 2021
Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a list of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of...
CVE-2020-15675
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 81...
CVE-2020-15675
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 81...
Memory corruption
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 81...
CVE-2020-15675
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 81...
How COVID-19 Has Changed Business Cybersecurity Priorities Forever
For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus COVID-19 pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called in...
How COVID-19 Has Changed Business Cybersecurity Priorities Forever
For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus COVID-19 pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called in...
ASSURE Aviation Cyber Security Testing
We've long been supporters and champions of a formalised approach to Aviation Cyber Security Testing. Our research and blogging has taken us on an interesting journey regarding airside and landside security, mapping attack surfaces and explaining how systems work and interact. Speaking and...
SDL: not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950
A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application tha...
Attacking the VM Worker Process
In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. W...
Attacking the VM Worker Process
In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. W...
Free Cynet Threat Assessment for Mid-sized and Large Organizations
If you cannot see what’s happening in your network, your ability to make smart security decisions will suffer. Many vendors offer threat assessment options, but they usually require an investment of time and resources. One vendor out there – Cynet – is offering a no-cost threat assessment to...