Cybereason/siofra - Automated DLL hijacking vulnerability scanner and PE infector tool
http://ift.tt/2xZWVZv
Submitted October 04, 2017 at 06:40PM by petermal67
via reddit http://ift.tt/2yI4Rvq
http://ift.tt/2xZWVZv
Submitted October 04, 2017 at 06:40PM by petermal67
via reddit http://ift.tt/2yI4Rvq
GitHub
Cybereason/siofra
Contribute to siofra development by creating an account on GitHub.
Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
http://ift.tt/2x9SLdB
Submitted October 04, 2017 at 07:19PM by TromPete_pete
via reddit http://ift.tt/2fRx67c
http://ift.tt/2x9SLdB
Submitted October 04, 2017 at 07:19PM by TromPete_pete
via reddit http://ift.tt/2fRx67c
Google Online Security Blog
Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
Posted by Fermin J. Serna, Staff Software Engineer, Matt Linton, Senior Security Engineer and Kevin Stadmeyer, Technical Program Manager O...
Security In 5: Episode 82 - CIS 19 Incident Response
http://ift.tt/2xSXu59
Submitted October 04, 2017 at 06:41PM by BinaryBlog
via reddit http://ift.tt/2xYpki4
http://ift.tt/2xSXu59
Submitted October 04, 2017 at 06:41PM by BinaryBlog
via reddit http://ift.tt/2xYpki4
Libsyn
Security In Five Podcast: Episode 82 - CIS 19 Incident Response
Continuing in the Critical Security Controls we are at number nineteen. Incident Response. Now that you have all the tools, policies and procedures in place what do you do with the alerts? How you respond to an incident is vital and makes your investments…
The Stuxnet of Mobile Malware (for Android)
http://ift.tt/2xV3XwJ
Submitted October 04, 2017 at 08:00PM by Mi3Security
via reddit http://ift.tt/2yq7w0E
http://ift.tt/2xV3XwJ
Submitted October 04, 2017 at 08:00PM by Mi3Security
via reddit http://ift.tt/2yq7w0E
VMware Escapology - Researchers from ZDI release Metasploit modules for VMware Escapes
http://ift.tt/2gbnqRQ
Submitted October 04, 2017 at 09:08PM by RedmondSecGnome
via reddit http://ift.tt/2xYOhtD
http://ift.tt/2gbnqRQ
Submitted October 04, 2017 at 09:08PM by RedmondSecGnome
via reddit http://ift.tt/2xYOhtD
Zero Day Initiative
VMware Escapology – How to Houdini the Hypervisor
Recently at the DerbyCon conference in Louisville, KY, Jasiel and I
presented “VMware Escapology: How to Houdini The Hypervisor.” My colleague
Abdul-Aziz Hariri has blogged about VMware escapes in the past.
Unfortunately, circumstances prevented Abdul…
presented “VMware Escapology: How to Houdini The Hypervisor.” My colleague
Abdul-Aziz Hariri has blogged about VMware escapes in the past.
Unfortunately, circumstances prevented Abdul…
Privacy implications of email tracking
http://ift.tt/2fTcYym
Submitted October 04, 2017 at 08:05PM by tamir777
via reddit http://ift.tt/2koeIV2
http://ift.tt/2fTcYym
Submitted October 04, 2017 at 08:05PM by tamir777
via reddit http://ift.tt/2koeIV2
Micropatching a Hypervisor With Running Virtual Machines (CVE-2017-4924)
http://ift.tt/2xYI15b
Submitted October 04, 2017 at 07:17PM by 0patch
via reddit http://ift.tt/2hN34SP
http://ift.tt/2xYI15b
Submitted October 04, 2017 at 07:17PM by 0patch
via reddit http://ift.tt/2hN34SP
0patch.blogspot.co.uk
Micropatching a Hypervisor With Running Virtual Machines (CVE-2017-4924)
The Now and the Future of Hypervisor Patching by Luka Treiber and Mitja Kolsek of 0patch Team Introduction Those of you following ou...
Never before seen virus behaviour(?)
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for, and I thought it could just be a website that you can upload stuff but it looked like whatever I searched for in that website I would just find a fake upload that is just a virus(Virustotall says it's clean). So this file I found was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name) instead of another folder (which is most common with archived folders). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere "Source:" and some long name like "torrentz-something". And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the two website shortcuts where "replaced" by two other shortcuts named exactly the same as the original ones but had and outdated version of the Chrome logo. I can't recall the Chrome browser shortcut being replaced another one other than the website shortcuts. My antivirus later found the threat and the shortcuts disappeared, I later checked on avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position.Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:10PM by Mighty-Pirate
via reddit http://ift.tt/2xZ0zlS
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for, and I thought it could just be a website that you can upload stuff but it looked like whatever I searched for in that website I would just find a fake upload that is just a virus(Virustotall says it's clean). So this file I found was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name) instead of another folder (which is most common with archived folders). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere "Source:" and some long name like "torrentz-something". And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the two website shortcuts where "replaced" by two other shortcuts named exactly the same as the original ones but had and outdated version of the Chrome logo. I can't recall the Chrome browser shortcut being replaced another one other than the website shortcuts. My antivirus later found the threat and the shortcuts disappeared, I later checked on avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position.Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:10PM by Mighty-Pirate
via reddit http://ift.tt/2xZ0zlS
tradownload.biz
Download Iso2eboot v3 files - TraDownload
Here you can download iso2eboot v3 shared files: iso2eboot v2.exe mediafire.com W8T.kms.v3.3.2.exe mega.co.nz 12.39 MB bergi commando 3 frozen hoskow v1 0 3 motorola v3 j2me retail onepda 4Shared free from TraDownload.
Exposing Server IPs Behind CloudFlare
http://ift.tt/2yVTNMg
Submitted October 04, 2017 at 09:41PM by stbernardy
via reddit http://ift.tt/2gbG10p
http://ift.tt/2yVTNMg
Submitted October 04, 2017 at 09:41PM by stbernardy
via reddit http://ift.tt/2gbG10p
www.chokepoint.net
Exposing Server IPs Behind CloudFlare
Introduction CloudFlare is a complete solution offering Content Deliver Network (CDN) style capabilities along with Web Application Firewa...
How New Relic Does Security
http://ift.tt/2xRsLbl
Submitted October 04, 2017 at 11:07PM by misterkwon
via reddit http://ift.tt/2fKJ9Qh
http://ift.tt/2xRsLbl
Submitted October 04, 2017 at 11:07PM by misterkwon
via reddit http://ift.tt/2fKJ9Qh
Heavybit
The Secure Developer | Ep. #13, How New Relic Does Security | Heavybit
In the latest episode of The Secure Developer, Guy is joined by Shaun Gordon, Chief Security Officer at New Relic. Shaun tells us how he got into a career in security and explains how the role of security has evolved at New Relic.
Uncommon virus behaviour(?)
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for. I thought it could just be a file-hosting website, and it probably is but I'm not at all familiar with it (Virustotall says it's clean). So this file it got from there was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had a RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere 'Source: torrentz' and something like a long URL. And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the shortcuts were "replaced" by other shortcuts named exactly the same as the original ones but had an outdated version of the Chrome logo as an icon. My antivirus later found the threat and the shortcuts disappeared, I later checked on Avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position. Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:29PM by Mighty-Pirate
via reddit http://ift.tt/2yJ3Enw
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for. I thought it could just be a file-hosting website, and it probably is but I'm not at all familiar with it (Virustotall says it's clean). So this file it got from there was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had a RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere 'Source: torrentz' and something like a long URL. And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the shortcuts were "replaced" by other shortcuts named exactly the same as the original ones but had an outdated version of the Chrome logo as an icon. My antivirus later found the threat and the shortcuts disappeared, I later checked on Avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position. Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:29PM by Mighty-Pirate
via reddit http://ift.tt/2yJ3Enw
tradownload.biz
Download Iso2eboot v3 files - TraDownload
Here you can download iso2eboot v3 shared files: iso2eboot v2.exe mediafire.com W8T.kms.v3.3.2.exe mega.co.nz 12.39 MB bergi commando 3 frozen hoskow v1 0 3 motorola v3 j2me retail onepda 4Shared free from TraDownload.
6 Fresh Horrors From the Equifax CEO's Congressional Hearing
http://ift.tt/2yHAOEg
Submitted October 04, 2017 at 11:23PM by SecurityTrust
via reddit http://ift.tt/2xZxve3
http://ift.tt/2yHAOEg
Submitted October 04, 2017 at 11:23PM by SecurityTrust
via reddit http://ift.tt/2xZxve3
WIRED
6 Fresh Horrors From the Equifax CEO's Congressional Hearing
With each new revelation about the devastating Equifax breach, the company's defenses and response appear increasingly inadequate.
Lay of the Land with BloodHound
http://ift.tt/2kkuMHa
Submitted October 04, 2017 at 11:56PM by tevora-threat
via reddit http://ift.tt/2fRlMYH
http://ift.tt/2kkuMHa
Submitted October 04, 2017 at 11:56PM by tevora-threat
via reddit http://ift.tt/2fRlMYH
Tevora Threat
Lay of the Land with BloodHound
In this blog post, I’ll take you through how to get started with BloodHound and how to use it to map and own Active Directory environments.
VulnScan – Automated triage and root cause analysis of memory corruption issues
http://ift.tt/2g8YpHc
Submitted October 04, 2017 at 10:45PM by hr34vo
via reddit http://ift.tt/2wxYYjQ
http://ift.tt/2g8YpHc
Submitted October 04, 2017 at 10:45PM by hr34vo
via reddit http://ift.tt/2wxYYjQ
Security Research & Defense
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues
The Microsoft Security Response Center (MSRC) receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of…
Automated Opaque Predicate Removal
http://ift.tt/2xT0Dnf
Submitted October 05, 2017 at 01:11AM by plaforce
via reddit http://ift.tt/2fLYtfq
http://ift.tt/2xT0Dnf
Submitted October 05, 2017 at 01:11AM by plaforce
via reddit http://ift.tt/2fLYtfq
binary.ninja
Binary Ninja > Automated Opaque Predicate Removal
Binary Ninja : A Reverse Engineering Platform
HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon. True or False?
http://ift.tt/2fKvsUK
Submitted October 05, 2017 at 01:41AM by Qstarnik
via reddit http://ift.tt/2xSm7S5
http://ift.tt/2fKvsUK
Submitted October 05, 2017 at 01:41AM by Qstarnik
via reddit http://ift.tt/2xSm7S5
U.S.
Special Report: HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon
Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge…
If you have a Yahoo account, just change your password.
http://ift.tt/2xiekbQ
Submitted October 05, 2017 at 02:30AM by securitynewsIO
via reddit http://ift.tt/2ypuuFf
http://ift.tt/2xiekbQ
Submitted October 05, 2017 at 02:30AM by securitynewsIO
via reddit http://ift.tt/2ypuuFf
Security News iO
2013 Yahoo breach: All 3 billion accounts hacked | Security News iO
The 2013 Yahoo breach affected all three billion Yahoo’s users accounts, not just one billion accounts. Users are encouraged to change passwords.
RE: Attivo
I ran a full assessment with them against 4 other competitors and found them to be the best of breed and most innovative. The others I had seen all used the same Cloud-Hosted model (READ: does not work on isolated systems ie SCADA) the platform worked very well and was able to be used on Enterprise Networks as well as isolated networks.Some things that were unexpected: - traffic flow and isolation, A LOT OF IT that we had not previously seen (its almost like a lightweight Solarwinds tool) - identity use, we were able to identify which accounts were over used in the environment. - lateral movement (east/west), this was interesting because when combined with the behavior analytics and NAC appliance we detected insider threats. -native SCADA integrationCons:
- the interface was not as flashy as Illusives or Darktrace but then again, unlike those platforms - it actually worked. - does not track exfil from mobile devicesThe final selling points to us was the ease of adoption in the enterprise, the total cost of ownership and the availability of support.
Submitted October 05, 2017 at 02:04AM by rainmaker206
via reddit http://ift.tt/2xiDiI8
I ran a full assessment with them against 4 other competitors and found them to be the best of breed and most innovative. The others I had seen all used the same Cloud-Hosted model (READ: does not work on isolated systems ie SCADA) the platform worked very well and was able to be used on Enterprise Networks as well as isolated networks.Some things that were unexpected: - traffic flow and isolation, A LOT OF IT that we had not previously seen (its almost like a lightweight Solarwinds tool) - identity use, we were able to identify which accounts were over used in the environment. - lateral movement (east/west), this was interesting because when combined with the behavior analytics and NAC appliance we detected insider threats. -native SCADA integrationCons:
- the interface was not as flashy as Illusives or Darktrace but then again, unlike those platforms - it actually worked. - does not track exfil from mobile devicesThe final selling points to us was the ease of adoption in the enterprise, the total cost of ownership and the availability of support.
Submitted October 05, 2017 at 02:04AM by rainmaker206
via reddit http://ift.tt/2xiDiI8
reddit
RE: Attivo • r/security
I ran a full assessment with them against 4 other competitors and found them to be the best of breed and most innovative. The others I had seen...
Can metal detectors detect Only large metal objects like guns?
I understand that having someone wand every person in a large crowd would be impossible. But how about a large crowd walking through a large gate that has a sensor that only set off if there was a substantial metal object... in which case maybe someonne monitoring it could pick out the person and... well you know
Submitted October 05, 2017 at 04:05AM by bolognawindup
via reddit http://ift.tt/2hQecOz
I understand that having someone wand every person in a large crowd would be impossible. But how about a large crowd walking through a large gate that has a sensor that only set off if there was a substantial metal object... in which case maybe someonne monitoring it could pick out the person and... well you know
Submitted October 05, 2017 at 04:05AM by bolognawindup
via reddit http://ift.tt/2hQecOz
reddit
Can metal detectors detect Only large metal objects... • r/security
I understand that having someone wand every person in a large crowd would be impossible. But how about a large crowd walking through a large gate...
Security Now 631 Private Contact Discovery | TWiT.TV
http://ift.tt/2yoBjXG
Submitted October 05, 2017 at 03:44AM by dmp1ce
via reddit http://ift.tt/2xV3gmW
http://ift.tt/2yoBjXG
Submitted October 05, 2017 at 03:44AM by dmp1ce
via reddit http://ift.tt/2xV3gmW
TWiT.tv
Security Now 631 Private Contact Discovery | TWiT.TV
This week we discuss some aspects of iOS v11, the emergence of browser hijack cryptocurrency mining, new information about the Equifax hack, Google security research and Gmail impr…
Week 39 in Information Security, 2017
http://ift.tt/2xhcEEm
Submitted October 05, 2017 at 02:46AM by undercomm
via reddit http://ift.tt/2fLc4n8
http://ift.tt/2xhcEEm
Submitted October 05, 2017 at 02:46AM by undercomm
via reddit http://ift.tt/2fLc4n8
Malgregator
InfoSec Week 39, 2017
Security researcher Gal Beniamini from Google has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other...