Articles about metasploit

New click-to-hack tool: One script to exploit them all and in the darkness TCP bind them

Python code has emerged that automatically searches for vulnerable devices online using Shodan.io – and then uses Metasploit's database of exploits to potentially hijack the computers and gadgets. You set this script running, it crawls the internet looking for machines that are possibly vulnerable to attack – typically due to …
Thomas Claburn, 31 Jan 2018
Dog and fence, mage via Shutterstock

Metasploit upgraded to sniff out IoT weakspots in corporate networks

Rapid7 has upgraded its popular Metasploit pen-testing tool to help IT security teams and consultants probe for IoT-related weaknesses in corporate environments. Metasploit's hardware bridge for radio frequency testing – the RFTransceiver – will grant teams greater visibility of foreign IoT devices. "The importance of RF …
John Leyden, 22 Mar 2017
Image by robodread http://www.shutterstock.com/gallery-529180p1.html

Popular hacker warkit Metasploit now hacks hardware and cars

Popular offensive hacking toolkit Metasploit now works on hardware, including cars, after a major update to the 13-year old platform. The free-or-paid modular hacking machine now sports plenty of CVE-specific exploitation components that security professionals have long-used for penetration tests and research. An update to …
Darren Pauli, 3 Feb 2017

HD Moore exiting Rapid7 for VC-land

HD Moore, the security researcher and hacker whose accomplishments include the Metasploit Framework, the Critical.IO scanning project and a bunch of critical vulnerability discoveries as chief technology officer of Rapid7, has succumbed to the siren song of venture capital. In this post at Rapid7, he's announced that he's …

Rapid7 inhales cloudy machine data search firm Logentries

Rapid7 has bought cloud-based machine data search and log company Logentries for $68m in cash and equity, allowing Rapid7 to add that functionality to its widely used penetration testing tool Metasploit. Adding disruptive log management and efficient, fast search will give corporate security teams the ability to deeply …
John Leyden, 14 Oct 2015

FBI: We unmasked and collared child porn creep on Tor with spy tool

Dark-web deadbeats may not be as anonymous as they think. A bloke in the US was charged on Friday after FBI spyware caught him downloading child sex abuse material. Luis Escobosa, of Staten Island, admitted to Feds he broke federal child pornography laws by viewing depraved photos on a hidden Tor service. Unknown to Escobosa, …
Iain Thomson, 1 Oct 2015

ID yourself or get NOTHING (except Framework), snarls Metasploit

Metasploit Pro and Community users outside North America now need to prove who they are, thanks to changes introduced this week and a tightening of encryption export rules. The open source Metasploit Framework (a computer security project) is not affected by the new rules. "[This] is yet another reminder that governments have …
John Leyden, 21 Apr 2015

Zero-day hacking group resorts to UNICORN SMUT-SLINGING

Sysadmins who have not yet patched their Windows boxes against the 18-year-old "unicorn-like" OLE bug disclosed last month could expect a deluge of spear phishing smut from a group once confined to lofty targeted zero-day attacks. The talented APT3 group was behind widespread zero-day attacks code-named Clandestine Fox earlier …
Darren Pauli, 26 Nov 2014

THREE QUARTERS of Android mobes open to web page spy bug

A Metasploit module has been developed to easily exploit a dangerous flaw in 75 percent of Android devices that allows attackers to hijack a users' open websites. The exploit targets vulnerability (CVE-2014-6041) in Android versions 4.2.1 and below and was disclosed without fanfare on 1 September, but had since gathered dust, …
Darren Pauli, 16 Sep 2014

Users told: Get rid of Internet Explorer (again)

Internet Explorer users have been told to ditch the application and switch to another browser, pronto. The warning comes from Rapid7, which describes a hole that’s exploitable by visiting a malicious Website (and, of course, in the world of Twitter and shortened URLs, it’s so much easier to get users to visit such sites). …
The Register breaking news

Password hints easily snaffled from Windows PCs

Punters' password hints are easily extracted from the latest Microsoft Windows machines, security researchers have discovered. TrustWave SpiderLabs uncovered a key called "UserPasswordHint" during wider research into how the Redmond operating system stores password hashes. Subsequent studies showed it was easy to extract and …
John Leyden, 23 Aug 2012

Exploit posted for vulnerable F5 kit

A vulnerability in F5 kit first announced in February may be in the wild, with code posted to Github purporting to be an exploit. The original advisory stated that vulnerable installations of F5’s BigIP and other systems allowed an attacker to log in as root, because the vulnerability exposed the device’s SSH private key. F5 …
The Register breaking news

McAfee inadvertently speeds creation of Metaploit IE exploit pack

A security researcher has credited McAfee for helping him to develop exploit code that cracks open an unpatched flaw in older versions of Internet Explorer. Moshe Ben Abu (AKA Trancer00t) used the flaw in IE 6 and 7 in knocking-up a module for the open-source Metasploit exploit database. "I didn't find the vuln', just found …
John Leyden, 12 Mar 2010
channel

Rapid7 penetrates Metaspolit

Vulnerability management firm Rapid7 has acquired Metasploit, the popular open source dual-use penetration testing and hacking tool. Commercial terms of the deal were not disclosed. The deal means that the Metasploit project will receive commercial backing, so furthering its development. A non-commercial version of the tool …
John Leyden, 23 Oct 2009
The Register breaking news

White hats release exploit for critical Windows vuln

White-hat hackers have released reliable code that remotely exploits a critical vulnerability in the Vista and Server 2008 versions of Microsoft's Windows operating system. The exploit code, released Wednesday by security firm Immunity, came as separate researchers with the Metasploit penetration testing project said they were …
Dan Goodin, 16 Sep 2009
fingers pointing at man

Microsoft security tools give devs the warm fuzzies

Microsoft has released a general-purpose software tool for assessing the security of applications, part of a growing suite of free offerings designed to help third-party developers design safer programs. Microsoft Minifuzz is a lightweight file fuzzer, a type of tool that detects software bugs by throwing random data at an …
Dan Goodin, 16 Sep 2009
The Register breaking news

Microsoft, Cisco issue patches for newfangled DoS exploit

Updated Microsoft and Cisco have issued updates that protect against a new class of attack that requires very little bandwidth and can leave servers and routers paralyzed even after a flood of malicious data has stopped. The bug in the TCP, or transmission control protocol, was disclosed in October by security researchers Jack Louis …
Dan Goodin, 9 Sep 2009
The Register breaking news

Apple security lags (again) with critical Java patches

Comment Apple is once again playing security catch-up to the rest of the computing world, this time with an update for the Leopard version of its Mac operating system that patches critical holes in Java that were fixed on competing systems 29 days ago. The patch updates Leopard to Java versions 1.6.0_15, 1.5.0_20, and 1.4.2_22, which …
Dan Goodin, 4 Sep 2009

Create a news alert about metasploit, or find more stories about metasploit.

Biting the hand that feeds IT © 1998–2018