Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey
http://ift.tt/2G7PdhW
Submitted March 12, 2018 at 07:23PM by Chumstick
via reddit http://ift.tt/2Gisq35
http://ift.tt/2G7PdhW
Submitted March 12, 2018 at 07:23PM by Chumstick
via reddit http://ift.tt/2Gisq35
The Citizen Lab
BAD TRAFFIC: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate…
This report describes our investigation into the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency…
APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware
http://ift.tt/2Fu8KIc
Submitted March 12, 2018 at 07:23PM by Chumstick
via reddit http://ift.tt/2IlIEZZ
http://ift.tt/2Fu8KIc
Submitted March 12, 2018 at 07:23PM by Chumstick
via reddit http://ift.tt/2IlIEZZ
The Hacker News
APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware
Researchers Uncovers a Previously Undetected Highly-Skilled APT Hacking Group Operating Covertly Since 2012, Infecting Mikrotik Routers to Implant Advance ‘Slingshot’ Spying Malware
New traces of Hacking Team in the wild
http://ift.tt/2p0PlHS
Submitted March 12, 2018 at 07:22PM by Chumstick
via reddit http://ift.tt/2p8QpcG
http://ift.tt/2p0PlHS
Submitted March 12, 2018 at 07:22PM by Chumstick
via reddit http://ift.tt/2p8QpcG
WeLiveSecurity
Hacking Team's infamous surveillance tool detected by ESET systems
New research from ESET has found samples of infamous surveillance tool – the Remote Control System (RCS) – from Hacking Team are in the wild once more.
The 15,000 Memcached DDoS Attacks Hit 7,100 Sites in Last 10 Days
http://ift.tt/2FuVqn4
Submitted March 12, 2018 at 07:22PM by Chumstick
via reddit http://ift.tt/2pcg8Bk
http://ift.tt/2FuVqn4
Submitted March 12, 2018 at 07:22PM by Chumstick
via reddit http://ift.tt/2pcg8Bk
The Hacker News
Over 15,000 Memcached DDoS Attacks Hit 7,100 Sites in Last 10 Days
Researchers recorded over 15,000 memcached amplification DDoS attack events in past 10 days against 7,131 unique targets.
Cryptocurrency Mining Malware Landscape
http://ift.tt/2D85n7Y
Submitted March 12, 2018 at 07:21PM by Chumstick
via reddit http://ift.tt/2FywYkx
http://ift.tt/2D85n7Y
Submitted March 12, 2018 at 07:21PM by Chumstick
via reddit http://ift.tt/2FywYkx
Secureworks
Cryptocurrency Mining Malware Landscape
Large-scale unauthorized cryptocurrency mining in an enterprise environment can consume computational resources and force business-critical assets to slow down or stop functioning effectively
Modern tactical exploitation toolkit written in Python and PowerShell
http://ift.tt/2hRkz1d
Submitted March 12, 2018 at 07:28PM by 0xdea
via reddit http://ift.tt/2p6SWnZ
http://ift.tt/2hRkz1d
Submitted March 12, 2018 at 07:28PM by 0xdea
via reddit http://ift.tt/2p6SWnZ
GitHub
0xdea/tactical-exploitation
tactical-exploitation - Modern tactical exploitation toolkit.
Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
http://ift.tt/2FKbW5K
Submitted March 12, 2018 at 08:16PM by EvanConover
via reddit http://ift.tt/2Gkeeqk
http://ift.tt/2FKbW5K
Submitted March 12, 2018 at 08:16PM by EvanConover
via reddit http://ift.tt/2Gkeeqk
Trendmicro
Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia - TrendLabs Security Intelligence Blog
We discovered a new campaign targeting organizations in Turkey, Pakistan and Tajikistan that has some similarities with an earlier campaign named MuddyWater, which hit various industries in several countries, primarily in the Middle East and Central Asia.
China Altered Public Vulnerability Data to Conceal MSS Influence
http://ift.tt/2oUY92O
Submitted March 12, 2018 at 08:45PM by volci
via reddit http://ift.tt/2FMPJUK
http://ift.tt/2oUY92O
Submitted March 12, 2018 at 08:45PM by volci
via reddit http://ift.tt/2FMPJUK
Recorded Future
China Altered Public Vulnerability Data to Conceal MSS Influence
CNNVD altered the original publication dates in its public database for at least 267 vulnerabilities we identified as statistical outliers in our research published in November 2017.
Entry-level protection: McAfee Antivirus Plus VS Panda Antivirus Pro
http://ift.tt/2Ht8EBj
Submitted March 12, 2018 at 08:30PM by tomasstatkus
via reddit http://ift.tt/2FIWGGl
http://ift.tt/2Ht8EBj
Submitted March 12, 2018 at 08:30PM by tomasstatkus
via reddit http://ift.tt/2FIWGGl
Reviewedbypro
Entry-level protection: McAfee Antivirus Plus VS Panda Antivirus Pro
If you are looking for basic antivirus protection and Internet security check out this article, which will compare two basic level PC Antivirus software McAfee
University of Arizona tracks student ID cards to detect who might drop out
http://ift.tt/2Fz6oIg
Submitted March 12, 2018 at 09:43PM by BengaliKyd
via reddit http://ift.tt/2tBkffs
http://ift.tt/2Fz6oIg
Submitted March 12, 2018 at 09:43PM by BengaliKyd
via reddit http://ift.tt/2tBkffs
The Verge
University of Arizona tracks student ID cards to detect who might drop out
"By getting their digital traces...that tells you a great deal about them."
Data breach victims can sue Yahoo in the United States: judge
http://ift.tt/2IjLoHe
Submitted March 12, 2018 at 10:51PM by ScurfyBun
via reddit http://ift.tt/2p3AxZW
http://ift.tt/2IjLoHe
Submitted March 12, 2018 at 10:51PM by ScurfyBun
via reddit http://ift.tt/2p3AxZW
reddit
Data breach victims can sue Yahoo in the United... • r/security
1 points and 0 comments so far on reddit
Introducing Love Token: FIRST TRULY DECENTRALIZED RAFFLE SYSTEM
http://ift.tt/2HqmKDq
Submitted March 12, 2018 at 10:36PM by parkerjesica
via reddit http://ift.tt/2DlJLos
http://ift.tt/2HqmKDq
Submitted March 12, 2018 at 10:36PM by parkerjesica
via reddit http://ift.tt/2DlJLos
irishtechnews.ie
FUN EXPERIMENT TURNED INTO FIRST TRULY DECENTRALIZED RAFFLE SYSTEM?
14th February as anyone else knows is known to be the day for Love. And on that day, unsurprisingly, LOVE Token was born. LOVE Token is created upon [...]
100k active installs preauth POI due unpatched flaw in Wordpress core
http://ift.tt/2Fxhdi9
Submitted March 12, 2018 at 04:11PM by mslavco
via reddit http://ift.tt/2FuKxFL
http://ift.tt/2Fxhdi9
Submitted March 12, 2018 at 04:11PM by mslavco
via reddit http://ift.tt/2FuKxFL
Medium
wp-job-manager ≤ 1.29.2 preauth POI / unserialize of user supplied data
Wordpress has gone trough interesting period of time. They have tried to fix critical vulnerabilities:
Reversing an Aigo (Chinese encrypted HDD) − Part 2: Dumping a Cypress PSoC 1 microcontroller
http://ift.tt/2IkoFuz
Submitted March 12, 2018 at 08:50PM by trou_fr
via reddit http://ift.tt/2FBfOD0
http://ift.tt/2IkoFuz
Submitted March 12, 2018 at 08:50PM by trou_fr
via reddit http://ift.tt/2FBfOD0
Default Stored XSS Laravel framework (fixed, sorta)
http://ift.tt/2Fz6pf3
Submitted March 12, 2018 at 04:58PM by X1M_
via reddit http://ift.tt/2Go2Hq4
http://ift.tt/2Fz6pf3
Submitted March 12, 2018 at 04:58PM by X1M_
via reddit http://ift.tt/2Go2Hq4
x1m.nl
Laravel Stored XSS Vulnerability
I have been using the Laravel framework for quite a while now and discovered something odd.
Reversing an Aigo (Chinese encrypted HDD) − Part 1: taking it apart
http://ift.tt/2IkoTlp
Submitted March 12, 2018 at 08:36PM by trou_fr
via reddit http://ift.tt/2FvGbOJ
http://ift.tt/2IkoTlp
Submitted March 12, 2018 at 08:36PM by trou_fr
via reddit http://ift.tt/2FvGbOJ
Memcached DDoS Attacks Slow Down as Patching Ramps Up
http://ift.tt/2G9JTdU
Submitted March 12, 2018 at 11:27PM by campuscodi
via reddit http://ift.tt/2GiMxOx
http://ift.tt/2G9JTdU
Submitted March 12, 2018 at 11:27PM by campuscodi
via reddit http://ift.tt/2GiMxOx
eWEEK
Memcached DDoS Attacks Slow Down as Patching Ramps Up
Patching efforts appear to be working as the attack bandwidth size of memcached DDoS attacks are now on the decline.
The Secret Life of Your Login Credentials; TLS, Password Hashing, and Rainbow Tables
http://ift.tt/2Hswqxt
Submitted March 12, 2018 at 11:24PM by teb311
via reddit http://ift.tt/2p4uNit
http://ift.tt/2Hswqxt
Submitted March 12, 2018 at 11:24PM by teb311
via reddit http://ift.tt/2p4uNit
Bradfield
The Secret Life Of Your Login Credentials
Have you ever typed your social security number into a form on the Internet and wondered, “should I really click submit?” Most of us place…
yescrypt 1.0.0 KDF and password hashing scheme (algorithm finalized, code released)
http://ift.tt/2Ih3sl5
Submitted March 12, 2018 at 11:29PM by solardiz
via reddit http://ift.tt/2Fx6KmA
http://ift.tt/2Ih3sl5
Submitted March 12, 2018 at 11:29PM by solardiz
via reddit http://ift.tt/2Fx6KmA
reddit
yescrypt 1.0.0 KDF and password hashing scheme... • r/netsec
2 points and 0 comments so far on reddit
Do you know how to hack into servers?
The first step in any strategy is a port scanning. Each open port is a server-side program. Example: on the 21st port there is FTP. If you connect to it and get the appropriate rights, you can safely download or upload any files... on the first 1024 ports you can find many standard services, each of them is a kind of door. And the more there are, the easier it will be to find that one or more of them are not closed…In fact, there are many websites on the Internet that publish information about new weaknesses. And given, that many of servers don't renew its security due to negligence or unqualified administrators, then many of them can be cracked because of "old" problems. But what if the project does not have a server? What to crack then? It is due to the lack of a single server and decentralised storage that a high level of security is achieved!
Submitted March 13, 2018 at 12:16AM by CasperAPI
via reddit http://ift.tt/2DmmhzC
The first step in any strategy is a port scanning. Each open port is a server-side program. Example: on the 21st port there is FTP. If you connect to it and get the appropriate rights, you can safely download or upload any files... on the first 1024 ports you can find many standard services, each of them is a kind of door. And the more there are, the easier it will be to find that one or more of them are not closed…In fact, there are many websites on the Internet that publish information about new weaknesses. And given, that many of servers don't renew its security due to negligence or unqualified administrators, then many of them can be cracked because of "old" problems. But what if the project does not have a server? What to crack then? It is due to the lack of a single server and decentralised storage that a high level of security is achieved!
Submitted March 13, 2018 at 12:16AM by CasperAPI
via reddit http://ift.tt/2DmmhzC
reddit
Do you know how to hack into servers? • r/security
The first step in any strategy is a port scanning. Each open port is a server-side program. Example: on the 21st port there is FTP. If you connect...
Somebody's watching! When cameras are more than just 'smart'
http://ift.tt/2FKtiQ8
Submitted March 13, 2018 at 12:26AM by EvanConover
via reddit http://ift.tt/2FB6oYh
http://ift.tt/2FKtiQ8
Submitted March 13, 2018 at 12:26AM by EvanConover
via reddit http://ift.tt/2FB6oYh
Securelist - Kaspersky Lab’s cyberthreat research and reports
Somebody's watching! When cameras are more than just 'smart'
The researchers at Kaspersky Lab ICS CERT decided to check the popular smart camera to see how well protected it is against cyber abuses. This model has a rich feature list, compares favorably to regular webcams and can be used as a baby monitor, a component…