A Large-Scale Empirical Study on the Generalizability of Disclosed Java Library Vulnerability Exploits

Open-source software supply chain security relies heavily on assessing affected versions of library vulnerabilities. While prior studies have leveraged exploits for verifying vulnerability affected versions, they point out a key limitation that exploits are version-specific and cannot be directly...

cve-pocs

CVE Proof of Concepts cve-pocs A collection of Proof of C...

My_CVES

My...

EUVD-2017-8472

Malware in sbrugna...

EUVD-2002-0452

Malware in sbrugna...

data-cve-poc

data-cve-poc 这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 安装 go install github.com/XiaomingX/data-cve-poc@latest 从源码编译 git clone --depth 1 github.com/XiaomingX/data-cve-poc.git cd cvemapping; go install 使用方法 cvemapping 的使用说明： -github-token string GitHub 的访问令牌，用于身份验证 -page string 要获取的页面号，或者输入 'all' 获取所有 默认...

Fuji Electric Smart Editor

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize network exposure for all...

Metasploit Wrap-Up

Making Metasploit faster This week's wrap-up includes many new modules, but notably, we've upgraded Metasploit loading. Thanks to bcoles, the bootup performance when searching for a module has been increased in 20166. Also, we've reduced Metasploit startup time - in 20155. New module content 6...

2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends

Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering “hot takes” on the 2024 threat landscape and predictions about what’s coming next. At Rapid7, we don’t truck in hot takes, but rather, cold hard facts. Stayin...

2024 Threat Landscape Statistics: Ransomware Activity, Vulnerability Exploits, and Attack Trends

Now that we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering “hot takes” on the 2024 threat landscape and predictions about what’s coming next. At Rapid7, we don’t truck in hot takes, but rather, cold hard facts. Stayin...

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which...

The state of cryptojacking in the first three quarters of 2022

Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are...

Software Patch Management Policy Best Practices

Explore the top risk-based patch management policy best practices to mitigate the growing threat of vulnerability exploits in your organization...

Endpoint security for Mac: 3 best practices

If you’re one of the 50% of small and medium-sized businesses SMBs that use Mac .devices today, chances are your IT and security teams have a ton of Mac endpoints to monitor. Securing that many endpoints can get really complex, really fast, especially when you consider that the common wisdom that...

Ransomware Insights from the FBI’s 2021 Internet Crime Report

The FBI has published its annual report on Internet crime. Qualys has analyzed its trends and statistics. In this post, we review our findings, especially with regards to the prevalence of Ransomware, and our recommendations for actions that enterprises should take to mitigate their risk. Every...

Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center

Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit HLK compatibility tests, malware scanning, and prove their identity through extended validation EV certificates. This has significantl...

Millions of Routers, IoT Devices at Risk from BotenaGo Malware

Newly surfaced malware that is difficult to detect and written in Google’s open-source programming language has the potential to exploit millions of routers and IoT devices, researchers have found. Discovered by researchers at AT&T AlienLabs, BotenaGo can exploit more than 30 different...

Top 3 APIs Vulnerabilities: Why Apps are Pwned by Cyberattackers

Application programming interfaces APIs have become the glue that holds today’s apps together. There’s an API to turn on the kitchen lights while still in bed. There’s an API to change the song playing on your house speakers. Whether the app is on your mobile device, entertainment system or garag...

jwtXploiter - A Tool To Test Security Of Json Web Token

A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token payload: changes claims and subclaims values. Exploit known vulnerable header claims kid, jku, x5u Verify a token Retrieve the public key of your target's ssl connection and try to use it in a key...

What is Ping of Death Assault?

Ping of death is a strategy for DoS Denial of Service assault. It’s an attack-type that objectifies the ICMP Internet Control Message Protocol and the TCP Transmission Control Protocol, and is quite possibly the most undermining of all ICMP attacks. The ping of death attack is otherwise called a...