Search results for metasploit 2 | Breaking Cybersecurity News | The Hacker News

Metasploit Framework 3.7.2 Released - Download  Metasploit Framework 3.7.2 includes 698 exploit modules, 358 auxiliary modules, and 54 post modules, 11 new exploits, 1 new auxiliary module, and 15 new post modules.This release addresses several issues with updating the framework, adds 11 exploit / auxiliary modules and brings a plethora of new features. Modules included are listed below. Notable modules include the Cisco Anyconnect ActiveX bug (which works against recent versions of the Cisco AnyConnect Windows Client), and the SCADA modules by sinn3r and MC. The multi-platform post-exploitation work continues with new modules for Linux and Solaris included in this release thanks to Carlos Perez. A number of password-stealing post modules are also included, courtesy of David Maloney. The updates to the signed_java_applet module are documented on the Metasploit Blog. Additionally, the cachedump module has been improved and merged thanks to great work by Mubix. New features ...

Seagate , a popular vendor of hardware solutions, has a critical zero-day vulnerability in its Network Attached Storage (NAS) device software that possibly left thousands of its users vulnerable to hackers. Seagate's Business Storage 2-Bay NAS product , found in home and business networks, is vulnerable to a zero-day Remote Code Execution vulnerability, currently affecting more than 2,500 publicly exposed devices on the Internet. Seagate is one of the world's largest vendor of hardware solutions, with products available worldwide. After Western Digital, Seagate ranked second and holds 41% of the market worldwide in supplying storage hardware products. A security researcher, named OJ Reeves , discovered the zero-day remote code execution vulnerability on 7th October last year and, reported to the company totally in the white hat style. But even after 130 days of responsible disclosure, the zero-day bug remains unpatched till now. In order to exploit the vulnerability, an atta...

Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit Framework version 3.5.2! "The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task." This is the detailed release log: Statistics: * Metasploit now ships with 644 exploit modules and 330 auxiliary modules. * 39 new modules and payloads have been added since the last point release. * 58 tickets were resolved and 331 commits were made since the last point release. New Modules: New Exploits and Auxiliaries: * Apache Tomcat Transfer-Encoding Information Disclosure and DoS * Microsoft IIS FTP Server Encoded Response Overflow Trigger * Apache HTTPD mod_negotiation Filename Bruter * Apache HTTPD mod_negotiatio...

In coordination with Metasploit Express and Metasploit Pro, version 3.6 of the Metasploit Framework is now available. Hot on the heels of 3.5.2, this release comes with 8 new exploits and 12 new auxiliaries. A whopping 10 of those new auxiliary modules are Chris John Riley's foray into SAP, giving you the ability to extract a range of information from servers' management consoles via the SOAP interface. This release fixes an annoying installer bug on Linux where Postgres would not automatically start on reboot. The feature I am most excited about is the new Post Exploitation support. I hinted at this new module type in the 3.5.2 release announcement and with 3.6, more than 20 new modules are available. Post modules are a new, more powerful, replacement for meterpreter scripts. Scripts were clearly tied to a single platform: meterpreter for Windows. With modules it is much easier to abstract common tasks into libraries for any platform that can expose a session. For example, f...

Metasploit Framework 3.7.1 Released ! Statistics Metasploit now ships with 687 exploit modules, 357 auxiliary modules, and 39 post modules. 2 new exploits and 2 new auxiliary modules have been added since the last release. Highlights & New Features This release address a performance issue with HTTP Services and adds a few modules. In addition, a bug in the Windows auto-update task has been corrected, along with minor changes to the Windows installer. New Modules VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow ICONICS WebHMI ActiveX Buffer Overflow SPlayer 3.7 Content-Type Buffer Overflow OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit ARP Spoof Download Metasploit Framework 3.7.1

It should come as no surprise that cybersecurity is one of the most important and lucrative fields in the world right now, and it's becoming more important every day—thanks to a growing number of cyber attacks that are targeting everything from individuals and startups to Fortune 500 companies and entire government agencies. So it should also come as no surprise that demand for talented and trained cybersecurity professionals who know how to thwart and retaliate against these attacks is skyrocketing. The 2018 Supercharged Cybersecurity Bundle offers a massive trove of resources that will give you the skills you need to join the fight against cybercriminals of all backgrounds, and the entire bundle is available for 95% off at just $29.99. With 10 most popular cyber security books (listed below), spanning 12 hours of in-depth instruction, this bundle walks you through everything from the more theoretical and abstract elements of cybersecurity to its most essential tools and platfo...

[Community Edition] Metasploit Framework Expert Certification DVD SecurityTube today launched a FREE community edition of the courseware it uses for the SecurityTube Metasploit Framework Expert (SMFE) course and certification. They already have students from over 40+ countries taking their courses and online labs. This DVD goes to show their long lasting commitment to FREE Infosec Education for one and all. Course Details and DVD Download Direct DVD Downlaod (2 GB) The DVD contains over 10+ solid hours of how to get started using Metasploit, Vulnerability assessment and hacking, and finally basics of Exploit Research with it! The course and online labs in the cloud are still running at the promotional pricing and we highly recommend you have a look.

Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital's My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device. Western Digital's My Cloud (WDMyCloud) is one of the most popular network-attached storage devices which is being used by individuals and businesses to host their files, and automatically backup and sync them with various cloud and web-based services. The device lets users not only share files in a home network, but the private cloud feature also allows them to access their data from anywhere at any time. Since these devices have been designed to be connected over the Internet, the hardcoded backdoor would leave user data open to hackers. GulfTech research and development team has recently published an advisory detailing a hardcoded backdoor and several vulnerabilities it found in WD My Cloud storage devices that could allow remote attackers to ...

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture," CERT-UA said . "These emails contain attachments in the form of Remote Desktop Protocol ('.rdp') configuration files." Once executed, the RDP files establish a connection with a remote server, enabling the threat actors to gain remote access to the compromised hosts, steal data, and plant additional malware for follow-on attacks. Infrastructure preparation for the activity is believed to have been underway since at least August 2024, with the agency stating that it's likely to spill out of Ukraine to target other countries. CERT-UA has attributed the campaign to a threat actor it tracks as UAC-0215. Amazon Web Services (AWS), in an advisory of its own...

Most of People are curious to become Hackers, but they do not know where to start, If you are in the same situation, then " Hacking S3crets " Book will guide you through the basic and advanced steps of Hacking and will help you develop The Hacker Attitude. Author Sai Satish, and Co-Author K. Srinivasa rao with Aditya Gupta put together Ethical hacking with examples of live websites. Contents of the Book 1. Basic Hacking 2. email-Hacking 3. Google Hacking 4. Websites and databases Hacking 5. Windows Passwords Cracking in seconds 6. Backtrack 7. Metasploit 8. Wireless Cracking 9. Mobile Hacking To get reviews, we distribute book to few readers share the feedback after reading this book , as given below: Review from Nikhil Kulkarni An awesome book to start off with if you are interested in hacking. It unwraps various methods and techniques performed by hackers today. Being into security field from past 4 years, I've...

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure. "RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV)," government agencies said . A ransomware-as-a-service (RaaS) platform that's a descendant of Cyclops and Knight, the e-crime operation has attracted high-profile affiliates from other prominent variants such as LockBit ...

Good news for you is that this week's THN Deals brings Ethical Hacking A to Z Bundle that let you get started regardless of your experience level. The Ethical Hacking A to Z Bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical hacker. The 45 hours of course that includes total 384 in-depth lectures, usually cost $1,273, but you can exclusively get this 8-in-1 online training course for just $39 (after 96% discount) at the THN Deals Store. 8-in-1 Online Hacking Training: Here's What You Will Learn Ethical Hacking A to Z Bundle will provide you access to the following eight courses: 1. Ethical Hacker Boot Camp for 2017 This course will teach you all about passive and active reconnaissance, scanning and enumeration, social engineering basics, network mapping, and with live hacking demonstrations using tools like Maltego, FOCA, Harvester, Recon-ng, Nmap, and masscan. By the end of this course,...

Since the Internet is filled with hackers and cyber criminals keen on hacking networks for valuable information, ethical hackers are in huge demand and being hired by almost every industry to help them keep their networks protected. These ethical hackers, penetration testers, and information security analysts not only gain reputation in the IT industry but are also one of the most well-paid employees in the IT workforce today. But if you lack behind in this field, you required a good computer hacking course to sharpen up your knowledge. This week's THN Deals brings Become an Ethical Hacker Bonus Bundle that let you get started regardless of your tech background. This bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical hacker. This package of 9-lifetime courses that includes total 340 in-depth lectures usually cost $681, but you can exclusively get this 9-in-1 online training course for just $49 (after 92...

Security researchers have discovered a new, massive cyber espionage campaign that mainly targets people working in government, defence and academic organisations in various countries. The campaign is being conducted by an Iran-linked threat group, whose activities, attack methods, and targets have been released in a joint, detailed report published by researchers at Trend Micro and Israeli firm ClearSky. Dubbed by researchers CopyKittens (aka Rocket Kittens) , the cyber espionage group has been active since at least 2013 and has targeted organisations and individuals, including diplomats and researchers, in Israel, Saudi Arabia, Turkey, the United States, Jordan and Germany. The targeted organisations include government institutions like Ministry of Foreign Affairs, defence companies, large IT companies, academic institutions, subcontractors of the Ministry of Defense, and municipal authorities, along with employees of the United Nations. The latest report [ PDF ], dubbe...

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it's knowing which risks matter most right now. That's what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the Salesloft–Drift breach, where attackers stole OAuth tokens and accessed Salesforce data from some of the biggest names in tech. It's a sharp reminder of how fragile integrations can become the weak link in enterprise defenses. Alongside this, we'll also walk through several high-risk CVEs under active exploitation, the latest moves by advanced threat actors, and fresh insights on making security workflows smarter, not noisier. Each section is designed to give you the essentials—enough to stay informed and prepared, without getting lost in the noise. ⚡ Threat of the Week Salesloft to Take Drift Of...

A pair of new security vulnerabilities has been discovered in the framework used by a wide variety of Mac apps leaves them open to Man-in-the-Middle (MitM) attacks. The framework in question is Sparkle that a large number of third-party OS X apps, including Camtasia, uTorrent, Duet Display and Sketch, use to facilitate automatic updates in the background. Sparkle is an open source software available on GitHub under the permissive MIT license by the Sparkle Project with the help of numerous of valuable contributors. The framework supports Mac OS X versions 10.7 through 10.11 and Xcode 5.0 through 7.0. The Sparkle vulnerabilities, discovered by Radek, a security researcher, in late January and reported by Ars reporter, affect Apple Mac apps that use: An outdated and vulnerable version of the Sparkle updater framework. An unencrypted HTTP channel to receive info from update servers. What's the Issue? The first loophole is due to the improper implemen...