Uncommon virus behaviour(?)
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for. I thought it could just be a file-hosting website, and it probably is but I'm not at all familiar with it (Virustotall says it's clean). So this file it got from there was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had a RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere 'Source: torrentz' and something like a long URL. And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the shortcuts were "replaced" by other shortcuts named exactly the same as the original ones but had an outdated version of the Chrome logo as an icon. My antivirus later found the threat and the shortcuts disappeared, I later checked on Avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position. Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:29PM by Mighty-Pirate
via reddit http://ift.tt/2yJ3Enw
So I was looking to download an application called "iso2eboot" but every link I found did not work. So when I went to google it, the first suggestion was "iso2eboot v3 download" and so I clicked it and the first result was "http://ift.tt/2gbFRGl". I entered the website and at first I thought it's one of those websites that have downloads named after the program you're looking for but actually end up giving you a suspicious looking installer with a very generic icon on it. Anyway, the website itself wasn't at all related to the program I was looking for. I thought it could just be a file-hosting website, and it probably is but I'm not at all familiar with it (Virustotall says it's clean). So this file it got from there was a .zip named after the program I'm looking for. I opened it and inside it there was another .zip file (with the same name). So I thought it was probably archived twice so that Antiviruses can't detect it. Anyways I extracted the .zip as a folder and the application had a RAR Installer icon. I opened the app and it was some sort of installer and I noticed it said somewhere 'Source: torrentz' and something like a long URL. And I know that what I'm looking for doesn't have ANYTHING to do with torrenting. So I just closed the application, and then shortcuts from my desktop started disappearing. I noticed it was all the Google Chrome shortcuts (Chrome itself and two other website shortcuts with the icons of the websites) and soon after the shortcuts were "replaced" by other shortcuts named exactly the same as the original ones but had an outdated version of the Chrome logo as an icon. My antivirus later found the threat and the shortcuts disappeared, I later checked on Avast and the virus it found was a "component.exe" in my user Temp folder. The taskbar shortcut for Google Chrome was also missing it's icon. I tried creating the desktop icon for Chrome again and it said the shortcut already existed. I later chose the option on Windows Explorer to view hidden items and guess what? All my original shortcuts were hidden on my desktop with the appropriate icons, so I moved them to their original position. Was it some sort of hijacker that tried to make me click on the fake browser shortcuts? If so then why would it "hide" the original Icon's instead of just erase them entirely? I have past experience with web-browser hijackers and none of them worked like that, they all just somehow added a toolbar on your browser. What type of virus this one is, I don't know.
Submitted October 04, 2017 at 10:29PM by Mighty-Pirate
via reddit http://ift.tt/2yJ3Enw
tradownload.biz
Download Iso2eboot v3 files - TraDownload
Here you can download iso2eboot v3 shared files: iso2eboot v2.exe mediafire.com W8T.kms.v3.3.2.exe mega.co.nz 12.39 MB bergi commando 3 frozen hoskow v1 0 3 motorola v3 j2me retail onepda 4Shared free from TraDownload.
6 Fresh Horrors From the Equifax CEO's Congressional Hearing
http://ift.tt/2yHAOEg
Submitted October 04, 2017 at 11:23PM by SecurityTrust
via reddit http://ift.tt/2xZxve3
http://ift.tt/2yHAOEg
Submitted October 04, 2017 at 11:23PM by SecurityTrust
via reddit http://ift.tt/2xZxve3
WIRED
6 Fresh Horrors From the Equifax CEO's Congressional Hearing
With each new revelation about the devastating Equifax breach, the company's defenses and response appear increasingly inadequate.
Lay of the Land with BloodHound
http://ift.tt/2kkuMHa
Submitted October 04, 2017 at 11:56PM by tevora-threat
via reddit http://ift.tt/2fRlMYH
http://ift.tt/2kkuMHa
Submitted October 04, 2017 at 11:56PM by tevora-threat
via reddit http://ift.tt/2fRlMYH
Tevora Threat
Lay of the Land with BloodHound
In this blog post, I’ll take you through how to get started with BloodHound and how to use it to map and own Active Directory environments.
VulnScan – Automated triage and root cause analysis of memory corruption issues
http://ift.tt/2g8YpHc
Submitted October 04, 2017 at 10:45PM by hr34vo
via reddit http://ift.tt/2wxYYjQ
http://ift.tt/2g8YpHc
Submitted October 04, 2017 at 10:45PM by hr34vo
via reddit http://ift.tt/2wxYYjQ
Security Research & Defense
VulnScan – Automated Triage and Root Cause Analysis of Memory Corruption Issues
The Microsoft Security Response Center (MSRC) receives reports about potential vulnerabilities in our products and it’s the job of our engineering team to assess the severity, impact, and root cause of these issues. In practice, a significant proportion of…
Automated Opaque Predicate Removal
http://ift.tt/2xT0Dnf
Submitted October 05, 2017 at 01:11AM by plaforce
via reddit http://ift.tt/2fLYtfq
http://ift.tt/2xT0Dnf
Submitted October 05, 2017 at 01:11AM by plaforce
via reddit http://ift.tt/2fLYtfq
binary.ninja
Binary Ninja > Automated Opaque Predicate Removal
Binary Ninja : A Reverse Engineering Platform
HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon. True or False?
http://ift.tt/2fKvsUK
Submitted October 05, 2017 at 01:41AM by Qstarnik
via reddit http://ift.tt/2xSm7S5
http://ift.tt/2fKvsUK
Submitted October 05, 2017 at 01:41AM by Qstarnik
via reddit http://ift.tt/2xSm7S5
U.S.
Special Report: HP Enterprise let Russia scrutinize cyberdefense system used by Pentagon
Hewlett Packard Enterprise allowed a Russian defense agency to review the inner workings of cyber defense software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge…
If you have a Yahoo account, just change your password.
http://ift.tt/2xiekbQ
Submitted October 05, 2017 at 02:30AM by securitynewsIO
via reddit http://ift.tt/2ypuuFf
http://ift.tt/2xiekbQ
Submitted October 05, 2017 at 02:30AM by securitynewsIO
via reddit http://ift.tt/2ypuuFf
Security News iO
2013 Yahoo breach: All 3 billion accounts hacked | Security News iO
The 2013 Yahoo breach affected all three billion Yahoo’s users accounts, not just one billion accounts. Users are encouraged to change passwords.
RE: Attivo
I ran a full assessment with them against 4 other competitors and found them to be the best of breed and most innovative. The others I had seen all used the same Cloud-Hosted model (READ: does not work on isolated systems ie SCADA) the platform worked very well and was able to be used on Enterprise Networks as well as isolated networks.Some things that were unexpected: - traffic flow and isolation, A LOT OF IT that we had not previously seen (its almost like a lightweight Solarwinds tool) - identity use, we were able to identify which accounts were over used in the environment. - lateral movement (east/west), this was interesting because when combined with the behavior analytics and NAC appliance we detected insider threats. -native SCADA integrationCons:
- the interface was not as flashy as Illusives or Darktrace but then again, unlike those platforms - it actually worked. - does not track exfil from mobile devicesThe final selling points to us was the ease of adoption in the enterprise, the total cost of ownership and the availability of support.
Submitted October 05, 2017 at 02:04AM by rainmaker206
via reddit http://ift.tt/2xiDiI8
I ran a full assessment with them against 4 other competitors and found them to be the best of breed and most innovative. The others I had seen all used the same Cloud-Hosted model (READ: does not work on isolated systems ie SCADA) the platform worked very well and was able to be used on Enterprise Networks as well as isolated networks.Some things that were unexpected: - traffic flow and isolation, A LOT OF IT that we had not previously seen (its almost like a lightweight Solarwinds tool) - identity use, we were able to identify which accounts were over used in the environment. - lateral movement (east/west), this was interesting because when combined with the behavior analytics and NAC appliance we detected insider threats. -native SCADA integrationCons:
- the interface was not as flashy as Illusives or Darktrace but then again, unlike those platforms - it actually worked. - does not track exfil from mobile devicesThe final selling points to us was the ease of adoption in the enterprise, the total cost of ownership and the availability of support.
Submitted October 05, 2017 at 02:04AM by rainmaker206
via reddit http://ift.tt/2xiDiI8
reddit
RE: Attivo • r/security
I ran a full assessment with them against 4 other competitors and found them to be the best of breed and most innovative. The others I had seen...
Can metal detectors detect Only large metal objects like guns?
I understand that having someone wand every person in a large crowd would be impossible. But how about a large crowd walking through a large gate that has a sensor that only set off if there was a substantial metal object... in which case maybe someonne monitoring it could pick out the person and... well you know
Submitted October 05, 2017 at 04:05AM by bolognawindup
via reddit http://ift.tt/2hQecOz
I understand that having someone wand every person in a large crowd would be impossible. But how about a large crowd walking through a large gate that has a sensor that only set off if there was a substantial metal object... in which case maybe someonne monitoring it could pick out the person and... well you know
Submitted October 05, 2017 at 04:05AM by bolognawindup
via reddit http://ift.tt/2hQecOz
reddit
Can metal detectors detect Only large metal objects... • r/security
I understand that having someone wand every person in a large crowd would be impossible. But how about a large crowd walking through a large gate...
Security Now 631 Private Contact Discovery | TWiT.TV
http://ift.tt/2yoBjXG
Submitted October 05, 2017 at 03:44AM by dmp1ce
via reddit http://ift.tt/2xV3gmW
http://ift.tt/2yoBjXG
Submitted October 05, 2017 at 03:44AM by dmp1ce
via reddit http://ift.tt/2xV3gmW
TWiT.tv
Security Now 631 Private Contact Discovery | TWiT.TV
This week we discuss some aspects of iOS v11, the emergence of browser hijack cryptocurrency mining, new information about the Equifax hack, Google security research and Gmail impr…
Week 39 in Information Security, 2017
http://ift.tt/2xhcEEm
Submitted October 05, 2017 at 02:46AM by undercomm
via reddit http://ift.tt/2fLc4n8
http://ift.tt/2xhcEEm
Submitted October 05, 2017 at 02:46AM by undercomm
via reddit http://ift.tt/2fLc4n8
Malgregator
InfoSec Week 39, 2017
Security researcher Gal Beniamini from Google has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other...
Larry Ellison On Cyber Attacks: 'It's A War -- And We're Losing This Cyberwar'
http://ift.tt/2yISejR
Submitted October 05, 2017 at 05:07AM by SecurityTrust
via reddit http://ift.tt/2yYU2Gk
http://ift.tt/2yISejR
Submitted October 05, 2017 at 05:07AM by SecurityTrust
via reddit http://ift.tt/2yYU2Gk
Forbes
Larry Ellison On Cyber Attacks: 'It's A War -- And We're Losing This Cyberwar'
"We are losing this cyberwar," Oracle chairman Larry Ellison said last night in a keynote at his company's annual OpenWorld customer conference. "And make no mistake--this is a war." Ellison outlined the huge shift in priorities that business executives must…
Are Google Cloud Instances completely backdoored from their initial launch?
I am testing out GCP at the moment and am impressed with their slick interface.I was initially amazed and then terrified to learn that with the click of a single button from within my GCP console... without ever uploading a private key of the public key that I supposedly secured my instance with then I launched... that I could login to an SSH session in my browser and get root within seconds!I know it's because I'm using a google-created debian operating system... but that seems really fucked up imho.I come from Amazon EC2 originally where they were always very strong to remind you that "if you lose your private key, we can't get into the server for you".So it's a little off putting to see that with the click of a button pretty much any google employee could just go looking around my instance?Am I crazy and is this just a really popular feature of their platform which is completely secure?I have to admit, it seems awesome to securely login to an ssh session with the click of a button in a browser... it's just a big too much magic for my liking.I like things simple, that's why I like debian.
Submitted October 05, 2017 at 07:35AM by archlinuxQuestions
via reddit http://ift.tt/2fRYhiu
I am testing out GCP at the moment and am impressed with their slick interface.I was initially amazed and then terrified to learn that with the click of a single button from within my GCP console... without ever uploading a private key of the public key that I supposedly secured my instance with then I launched... that I could login to an SSH session in my browser and get root within seconds!I know it's because I'm using a google-created debian operating system... but that seems really fucked up imho.I come from Amazon EC2 originally where they were always very strong to remind you that "if you lose your private key, we can't get into the server for you".So it's a little off putting to see that with the click of a button pretty much any google employee could just go looking around my instance?Am I crazy and is this just a really popular feature of their platform which is completely secure?I have to admit, it seems awesome to securely login to an ssh session with the click of a button in a browser... it's just a big too much magic for my liking.I like things simple, that's why I like debian.
Submitted October 05, 2017 at 07:35AM by archlinuxQuestions
via reddit http://ift.tt/2fRYhiu
reddit
Are Google Cloud Instances completely backdoored from... • r/security
I am testing out GCP at the moment and am impressed with their slick interface. I was initially amazed and then terrified to learn that with the...
Hello Redditor Security Pro's :-) I made a website that links to a lot of IT security documentation in one place. We also have a ton of original content. Is it helpful for you? I'd love to know your thoughts before I sink more time and money into it.
http://ift.tt/2xNeUTK
Submitted October 05, 2017 at 09:53AM by paperboy-
via reddit http://ift.tt/2y1BhUD
http://ift.tt/2xNeUTK
Submitted October 05, 2017 at 09:53AM by paperboy-
via reddit http://ift.tt/2y1BhUD
Securitydocs
SecurityDocs
A collection of IT security articles and white papers
OpenSSH 7.6 (2017-10-03): SSH protocol version 1 support has been completely removed, after being compile-time disabled by default since OpenSSH 7.0 (2015-08-11)
http://ift.tt/2fOLmxA
Submitted October 05, 2017 at 12:26PM by Mcnst
via reddit http://ift.tt/2fTODvw
http://ift.tt/2fOLmxA
Submitted October 05, 2017 at 12:26PM by Mcnst
via reddit http://ift.tt/2fTODvw
reddit
OpenSSH 7.6 (2017-10-03): SSH protocol version 1... • r/netsec
5 points and 1 comments so far on reddit
Handpicked Books for Security Professionals
http://ift.tt/2hO7hFE
Submitted October 05, 2017 at 11:36AM by ajinabraham
via reddit http://ift.tt/2yr6dPi
http://ift.tt/2hO7hFE
Submitted October 05, 2017 at 11:36AM by ajinabraham
via reddit http://ift.tt/2yr6dPi
OpSecX
Security Books
At OpSecX, we understand the importance of security education. We believe that books are great resources that provide detailed and in-depth knowledge on a topic and serves as a great reference material. If you are into books, then we recommend the following…
Mattel Aristotle canceled over privacy concerns
http://ift.tt/2gbf1Oq
Submitted October 05, 2017 at 01:39PM by winflare
via reddit http://ift.tt/2xUw01m
http://ift.tt/2gbf1Oq
Submitted October 05, 2017 at 01:39PM by winflare
via reddit http://ift.tt/2xUw01m
Winflare
Mattel Aristotle canceled over privacy concerns - Winflare
Mattel said Wednesday that it will not move forward with plans to sell a kid-focused smart hub after new executives decided it did not “fully align with Mattel’s new technology strategy,” according to a company statement. Children’s health and privacy advocates…
Equifax data breach was due to one person's error says former CEO
http://ift.tt/2xTpLJ4
Submitted October 05, 2017 at 01:31PM by imr2017
via reddit http://ift.tt/2gbf4d4
http://ift.tt/2xTpLJ4
Submitted October 05, 2017 at 01:31PM by imr2017
via reddit http://ift.tt/2gbf4d4
International Business Times UK
Equifax data breach was due to one person's error says former CEO
Former CEO of Equifax blames a security team employee for failing to plug security vulnerability.
[LIVE] ISACA/CERT.LV Conference "Cyberchess 2017" (EU cybersec month)
http://ift.tt/2y1nZaC
Submitted October 05, 2017 at 01:14PM by _Ki_
via reddit http://ift.tt/2fMgf1T
http://ift.tt/2y1nZaC
Submitted October 05, 2017 at 01:14PM by _Ki_
via reddit http://ift.tt/2fMgf1T
CERT.LV - Informācijas Tehnoloģiju drošības incidentu novēršanas institūcija
Cybersecurity conference "Cyberchess 2017"
Cybersecurity conference "Cyberchess 2017" will be held on October 5, 2017 in Riga, Latvia. Topics will cover IoT security, NIS directive, General Data Protection Regulation (GDPR), cybersecurity research and more.
How I could have mass uploaded from every Flickr account
http://ift.tt/2yJeNop
Submitted October 05, 2017 at 01:46PM by albinowax
via reddit http://ift.tt/2wzoV2E
http://ift.tt/2yJeNop
Submitted October 05, 2017 at 01:46PM by albinowax
via reddit http://ift.tt/2wzoV2E
Just Another Hacking blog
How I could have mass uploaded from every Flickr account!
This was one of my first valid security issue on the Yahoo Bug bounty program. I wanted to write about this very specific bug because I haven’t really seen anyone reporting this kind of issue…
NotRuler: Turning Offence into Defence
http://ift.tt/2ylQ1Pn
Submitted October 05, 2017 at 01:41PM by 0xdea
via reddit http://ift.tt/2wzoYLS
http://ift.tt/2ylQ1Pn
Submitted October 05, 2017 at 01:41PM by 0xdea
via reddit http://ift.tt/2wzoYLS
Sensepost
SensePost | Notruler – turning offence into defence
Leaders in Information Security