A threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks. The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News. “Its […]
Cybersecurity specialists report the detection of at least eight critical vulnerabilities in 16 URL parsing libraries that would allow threat actors to deploy denial of service (DoS), remote code execution (RCE) and sensitive information leaking attacks in various web applications. As these flaws reside in web packages written for all kinds of deployments, the problem […]
The RubyGems package repository maintenance team recently announced the removal of at least 18 malicious versions of 11 Ruby libraries due to the presence of a backdoor. Web application security experts claim that even cases were detected in which Ruby’s programming projects were infected with cryptocurrency mining malware. This malicious development was discovered just a […]
Ruby users who updated with strong_password gem version 0.0.7 are urged to roll back to the previous versions after a developer discovered the malicious code in the gem. The developer named Tute Costa who noticed the inclusion of backdoor while performing regular security audits. He spotted the changes with strong_password on gem hosting service, but […]
dawnscanner is a source code scanner designed to review your ruby code for security issues. dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code. dawnscanner is able to scan major MVC (Model View Controller) frameworks, out of the box: […]
Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns. The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible. Installing Phishing Frenzy on Kali Linux Clone Repo Clone the Phishing Frenzy […]
A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby >= 2.4.2 installed on your system and then install all required dependencies by opening a command prompt / terminal in the WPXF folder and running bundle install. If […]
Short Bytes: The Ruby Project has released of Ruby 2.4 programming language. Version 2.4 brings many new features like unified integers, faster hashes, better rounding, OpenSSL 1.1.0 support, etc. The interested users can read the complete changelog and find download links on Ruby’s website. Continuing the tradition of releasing a new version of their programming language, […]
The VM comes with various open source tools that have been glued together. The two main components are: PhishingFrenzy (https://github.com/pentestgeek/phishing-frenzy) BeEF (https://github.com/beefproject/beef) Requirements: Amazon AWS account (see main config.yaml) Non-Winzozz OS (path separators are hardcoded on purpose to don’t make it compatible with Winzozz) ssh, scp, openssl in PATH Sane Ruby environment (RVM suggested). Install […]
Short Bytes: There are few programming languages that are hated by many. But, a crazy person took his hate to the next level and submitted a petition in the “We the People” section of the White House website to kill JavaScript, Java, and Ruby programming languages. According to a petition that sought your signatures, there are some […]
Image: fossBytes Short Bytes: Ruby development team has released Ruby 2.3.0 – the first stable release of Ruby 2.3 series. It comes with improvements like Frozen String Literal Pragma, Safe navigation operator, the did_you_mean gem, and more. Read more to know about these changes in detail. Designed and developed by Yukihiro “Matz” Matsumoto of Japan, […]
Short Bytes: IBM is taking the parts from its JVM project by separating it from Java and making them usable for any other language runtime. This is being done under a new open source OMR project that will soon boost Python and Ruby languages. The OMR project, a new soon-to-be open source project from IBM, […]