The Newest IoT Threat: Child Predators
http://ift.tt/2u1LpfF
Submitted March 19, 2018 at 07:48PM by Iot_Security
via reddit http://ift.tt/2FKP3jM
http://ift.tt/2u1LpfF
Submitted March 19, 2018 at 07:48PM by Iot_Security
via reddit http://ift.tt/2FKP3jM
Security Today
The Newest IoT Threat: Child Predators -- Security Today
Connected devices at home can record the voices, movements, weight and eating habits of those who live there. They are, in effect, very sophisticated sensors installed in the home environment. As such, they can be utilized by all sorts of people with various…
Fast tools to protect businesses
I'm putting together a data-protection package for companies to comply with GDPR (doesn't matter if you don't know it). It seems easy and natural to place some basic security with the package.This isn't a security package, so I'm only looking to cover bare-bones basics - jobs which can be done quickly - and not turn WeLikeShoes.com into Cyber-Fort Knox. I have some tools and I'd love to hear about others which are also quick and simple to implement.So far I have:nmap can scan for vulnerabilities within minutes.sqlmap can do the same.Basic password checks by comparing people's passwords to the rockyou wordlist or guestimating if a dictionary attack would penetrate a field.Possibly setting up Phishing awareness and tests - but that's getting into the realms of too much time.Any other quick and easy, but potentially useful security checks one might add to protect a business?Also, how much should I worry about permissions? Obviously I will obtain permission from the company, but will I also need permission from the people hosting their data on their webpage? Or is the company
Submitted March 19, 2018 at 07:48PM by intrepidraspberry
via reddit http://ift.tt/2IBTU4j
I'm putting together a data-protection package for companies to comply with GDPR (doesn't matter if you don't know it). It seems easy and natural to place some basic security with the package.This isn't a security package, so I'm only looking to cover bare-bones basics - jobs which can be done quickly - and not turn WeLikeShoes.com into Cyber-Fort Knox. I have some tools and I'd love to hear about others which are also quick and simple to implement.So far I have:nmap can scan for vulnerabilities within minutes.sqlmap can do the same.Basic password checks by comparing people's passwords to the rockyou wordlist or guestimating if a dictionary attack would penetrate a field.Possibly setting up Phishing awareness and tests - but that's getting into the realms of too much time.Any other quick and easy, but potentially useful security checks one might add to protect a business?Also, how much should I worry about permissions? Obviously I will obtain permission from the company, but will I also need permission from the people hosting their data on their webpage? Or is the company
Submitted March 19, 2018 at 07:48PM by intrepidraspberry
via reddit http://ift.tt/2IBTU4j
reddit
Fast tools to protect businesses • r/security
I'm putting together a data-protection package for companies to comply with GDPR (doesn't matter if you don't know it). It seems easy and natural...
Zenis Ransomware – Deletes Your Backup and Encrypts Files
http://ift.tt/2ppYQ3L
Submitted March 19, 2018 at 07:35PM by vaxfms
via reddit http://ift.tt/2IxDMkx
http://ift.tt/2ppYQ3L
Submitted March 19, 2018 at 07:35PM by vaxfms
via reddit http://ift.tt/2IxDMkx
OSRadar
Zenis Ransomware – Deletes Your Backup and Encrypts Files - OSRadar
Ransomware has been the hot topic of security world for quite a few months. This is a type of attack that encrypts a system’s file and asks for a ransom to the victim for the unlocking password. A new ransomware is in the wild. Learn more about Zenis - the…
Why Scarlett Johansson’s Picture Got My Postgre Database to Start Mining Monero
http://ift.tt/2tGXfvH
Submitted March 19, 2018 at 08:33PM by whitehattracker
via reddit http://ift.tt/2HO2D2h
http://ift.tt/2tGXfvH
Submitted March 19, 2018 at 08:33PM by whitehattracker
via reddit http://ift.tt/2HO2D2h
Blog | Imperva
A Deep Dive into Database Attacks [Part III]: Why Scarlett Johansson’s Picture Got My Postgre Database to Start Mining Monero
DNS Poisoning and How To Prevent It
http://ift.tt/2G999n1
Submitted March 19, 2018 at 08:19PM by volci
via reddit http://ift.tt/2HIAolB
http://ift.tt/2G999n1
Submitted March 19, 2018 at 08:19PM by volci
via reddit http://ift.tt/2HIAolB
AlienVault
DNS Poisoning and How To Prevent It
DNS poisoning. Simply the name conjures up the kind of thoughts that keep network admins up at night. What if my RNDC key gets leaked? Could there be a rogue DHCP server within my perimeter? Are the Lizard Squad planning an attack on for Christmas?Much of…
The Machine Learning and Artificial Intelligence (AI) wiki
http://ift.tt/2FLeqC2
Submitted March 19, 2018 at 10:02PM by Chouma
via reddit http://ift.tt/2u5zq0W
http://ift.tt/2FLeqC2
Submitted March 19, 2018 at 10:02PM by Chouma
via reddit http://ift.tt/2u5zq0W
Peerlyst
The Machine Learning and Artificial Intelligence (AI) wiki
A wiki for posts about machine learning and artificial intelligence.Basics of Machine Learning:Infosec Basics: Definition of and understanding Machine Learning by Gina Robertson Whats AI and Machine Learning? And How Can We Take Advantage Of It. (
Reversing iBank Trojan [Injection Phase]
http://ift.tt/2FNBkZz
Submitted March 19, 2018 at 10:43PM by khasaia
via reddit http://ift.tt/2IAQ9fB
http://ift.tt/2FNBkZz
Submitted March 19, 2018 at 10:43PM by khasaia
via reddit http://ift.tt/2IAQ9fB
secrary[dot]com
Reversing iBank Trojan [Injection Phase]
This blog is about malware analysis and reverse engineering. I’m Lasha Khasaia
Recovering plaintext passwords from Azure VMs like it's the 1990s
http://ift.tt/2IDB7pl
Submitted March 19, 2018 at 09:17PM by yoniyoniyoni
via reddit http://ift.tt/2G3a8VV
http://ift.tt/2IDB7pl
Submitted March 19, 2018 at 09:17PM by yoniyoniyoni
via reddit http://ift.tt/2G3a8VV
GuardiCore - Data Center and Cloud Security
Recovering Plaintext Passwords from Azure Virtual Machines | GuardiCore
Security design flaw in the VM Access plugin that may enable a cross platform attack impacting every machine type provided by Azure. Read More...
Reversing iBank Trojan [Injection Phase]
http://ift.tt/2FNBkZz
Submitted March 19, 2018 at 10:43PM by khasaia
via reddit http://ift.tt/2IAQ9fB
http://ift.tt/2FNBkZz
Submitted March 19, 2018 at 10:43PM by khasaia
via reddit http://ift.tt/2IAQ9fB
secrary[dot]com
Reversing iBank Trojan [Injection Phase]
This blog is about malware analysis and reverse engineering. I’m Lasha Khasaia
Analysis of a Kubernetes hack — Backdooring through kubelet
http://ift.tt/2GoAmzO
Submitted March 19, 2018 at 11:15PM by speckz
via reddit http://ift.tt/2G6wUMk
http://ift.tt/2GoAmzO
Submitted March 19, 2018 at 11:15PM by speckz
via reddit http://ift.tt/2G6wUMk
Medium
Analysis of a Kubernetes hack — Backdooring through kubelet
Unless you’ve been living under a rock for the past three years, you’ve probably heard about Kubernetes. At Handy, our infrastructure is…
Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
http://ift.tt/2IyvVDf
Submitted March 19, 2018 at 10:48PM by dabshitty
via reddit http://ift.tt/2HNcaXx
http://ift.tt/2IyvVDf
Submitted March 19, 2018 at 10:48PM by dabshitty
via reddit http://ift.tt/2HNcaXx
BleepingComputer
Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature.
Ending DNS Hijacking with DNSCrypt
http://ift.tt/2ICfvtI
Submitted March 19, 2018 at 11:05PM by nykzhang
via reddit http://ift.tt/2Gb2Ijc
http://ift.tt/2ICfvtI
Submitted March 19, 2018 at 11:05PM by nykzhang
via reddit http://ift.tt/2Gb2Ijc
Medium
Ending DNS Hijacking with DNSCrypt
I was at a Marriot hotel last week with my family and I noticed that they were doing DNS hijacking and redirecting all my DNS requests to…
The Complete Beginner Guide to Learn Ethical Hacking
http://ift.tt/2HMRtuq
Submitted March 20, 2018 at 12:13AM by basikthngs
via reddit http://ift.tt/2FUX1CO
http://ift.tt/2HMRtuq
Submitted March 20, 2018 at 12:13AM by basikthngs
via reddit http://ift.tt/2FUX1CO
Medium
The Complete Beginner Guide to Learn Ethical Hacking
If you want to learn ethical hacking so that you can hack computer systems like black hat hackers and secure them like security experts…
Writing an Exploit in Golang - From A to Z
https://www.youtube.com/watch?v=U2mpUQTWRhI
Submitted March 19, 2018 at 10:58PM by secdevops
via reddit http://ift.tt/2FPihxS
https://www.youtube.com/watch?v=U2mpUQTWRhI
Submitted March 19, 2018 at 10:58PM by secdevops
via reddit http://ift.tt/2FPihxS
So I got hacked, any advice?
Hey everyone,Got a text message saying my account might have been compromised on hotmail. Turns out someone from Vietnam got in, but had attempts from Japan and others as it showed in recent activity. Also some syncing happened within the past 3 days. I'm from England btw, they tried to log in using my Skype username which I haven't used in years but it's linked to my Microsoft, and they finally got in. Uhm, changed my password, enabled 2FA. Got an email saying my epic games account was locked because of attempts, haven't used that since roughly June 2017 when I was finishing off my games design course at college, just activated 2FA on that too. I ran malwarebytes Adaware and MBAM, turned up nothing on my computer or laptop. Anything else I can do? Could it be my iPhone that's hacked? IOS 11.2.5 I believe. Seems to be all linked to my main account. I have way too many things signed up on that account, as I've had it for like 13 years. Scared that someone may access or create accounts on like twitch or Instagram and so on, they can literally ruin me so badly of course. I have accounts like eBay, Amazon, Wish, PayPal, Playstation, and so much more with my main account.Thanks everyone :)
Submitted March 20, 2018 at 01:27AM by Jianni12
via reddit http://ift.tt/2poLIN2
Hey everyone,Got a text message saying my account might have been compromised on hotmail. Turns out someone from Vietnam got in, but had attempts from Japan and others as it showed in recent activity. Also some syncing happened within the past 3 days. I'm from England btw, they tried to log in using my Skype username which I haven't used in years but it's linked to my Microsoft, and they finally got in. Uhm, changed my password, enabled 2FA. Got an email saying my epic games account was locked because of attempts, haven't used that since roughly June 2017 when I was finishing off my games design course at college, just activated 2FA on that too. I ran malwarebytes Adaware and MBAM, turned up nothing on my computer or laptop. Anything else I can do? Could it be my iPhone that's hacked? IOS 11.2.5 I believe. Seems to be all linked to my main account. I have way too many things signed up on that account, as I've had it for like 13 years. Scared that someone may access or create accounts on like twitch or Instagram and so on, they can literally ruin me so badly of course. I have accounts like eBay, Amazon, Wish, PayPal, Playstation, and so much more with my main account.Thanks everyone :)
Submitted March 20, 2018 at 01:27AM by Jianni12
via reddit http://ift.tt/2poLIN2
reddit
So I got hacked, any advice? • r/security
Hey everyone, Got a text message saying my account might have been compromised on hotmail. Turns out someone from Vietnam got in, but had...
Ending DNS Hijacking with DNSCrypt
http://ift.tt/2ICfvtI
Submitted March 20, 2018 at 02:38AM by nykzhang
via reddit http://ift.tt/2GIHyXM
http://ift.tt/2ICfvtI
Submitted March 20, 2018 at 02:38AM by nykzhang
via reddit http://ift.tt/2GIHyXM
Medium
Ending DNS Hijacking with DNSCrypt
I was at a Marriot hotel last week with my family and I noticed that they were doing DNS hijacking and redirecting all my DNS requests to…
Dynamic analysis of iOS apps without Jailbreak
http://ift.tt/2DFtRFN
Submitted March 20, 2018 at 03:12AM by ninjazeroone
via reddit http://ift.tt/2FVr3qa
http://ift.tt/2DFtRFN
Submitted March 20, 2018 at 03:12AM by ninjazeroone
via reddit http://ift.tt/2FVr3qa
Medium
Dynamic analysis of iOS apps without Jailbreak
In the article I will share my experience in solving some of the problems I faced when analyzing the security of iOS applications. All the…
S3scanner v1.0.0 - Scan, list, and dump open S3 buckets
http://ift.tt/2kJdikH
Submitted March 20, 2018 at 02:59AM by GoGoGadgetSalmon
via reddit http://ift.tt/2ptSoZB
http://ift.tt/2kJdikH
Submitted March 20, 2018 at 02:59AM by GoGoGadgetSalmon
via reddit http://ift.tt/2ptSoZB
GitHub
sa7mon/S3Scanner
Scan for open AWS S3 buckets and dump the contents - sa7mon/S3Scanner
Great email from the laziest "hacker" ever
Got the following email today. It's a "ransom" demand from the laziest hacker ever, but it really cracks me up.Subject: this really is a thing which i definitely advise you to read carefullyGood day [my real name]. Perhaps you have read something information about the RAT trojan 41467? Great job, you have at this moment evolved into a happy owner of my own, personal edition of that virus. I have succeeded to locate numerous fascinating stuff on your computer and I've also been able to link to all ur devices, such as a cell phone. But they are all are little things as opposed to the next. I managed to force this virus to capture a mike, a web cam, as well as the image on the screen, you know I've made many exciting movies. I do believe a few video clips will be intriguing for you personally :DThe most interesting part is that my software saved is the moment you pay a visit to one of the pornographic internet sites. I havespent two hours of my time to combine 2 movies, one in which is a picture on the display and another picture of the actual web cam. It had been pretty humorous!So, lets get right to the point. I advise you pay 470 Dollars to this wallet:1M4HwFag6QPaRbX7QgP1jtR1WyZnh8HJseI solely utilize bitcoin. If you will have trouble paying outjust use any internet search engine.After obtaining the funds. We're going both equally ignore this unpleasant moment and remove all the info I have gathered from ur devices.You have two days. If I do not get my money, I will send all the info to the contact information I discovered on your equipment! Possibly I'll do it with ur accounts. It will be very funny if all your loved people get a video footage of this sort.I offer a little time because my wallets often get blocked and you need to deliver just before that. Indeed, you are not only individual getting an email of this sort, I've infected a 5440 individuals and a lot more than 1292 of which were with interesting stuff.You can call up authorities, think its worthless, the worst stuff they are able to perform is block my account. Therefore you should not do silly stuff.If perhaps I will not obtain my money for any reason, which includes the failure to deliver them to a locked wallet, ur status is going to be demolished. So make it fast!I take care of my very own anonymity and use the temporary email to deliver messages, additionally I am on the internet from my working laptopand i only with pirated Wi fi from numerous organizations besides i use TOR. Therefore, getting in touch with me and responding to to this letter doesn't make any sense.
Submitted March 20, 2018 at 04:58AM by marklein
via reddit http://ift.tt/2GJM34p
Got the following email today. It's a "ransom" demand from the laziest hacker ever, but it really cracks me up.Subject: this really is a thing which i definitely advise you to read carefullyGood day [my real name]. Perhaps you have read something information about the RAT trojan 41467? Great job, you have at this moment evolved into a happy owner of my own, personal edition of that virus. I have succeeded to locate numerous fascinating stuff on your computer and I've also been able to link to all ur devices, such as a cell phone. But they are all are little things as opposed to the next. I managed to force this virus to capture a mike, a web cam, as well as the image on the screen, you know I've made many exciting movies. I do believe a few video clips will be intriguing for you personally :DThe most interesting part is that my software saved is the moment you pay a visit to one of the pornographic internet sites. I havespent two hours of my time to combine 2 movies, one in which is a picture on the display and another picture of the actual web cam. It had been pretty humorous!So, lets get right to the point. I advise you pay 470 Dollars to this wallet:1M4HwFag6QPaRbX7QgP1jtR1WyZnh8HJseI solely utilize bitcoin. If you will have trouble paying outjust use any internet search engine.After obtaining the funds. We're going both equally ignore this unpleasant moment and remove all the info I have gathered from ur devices.You have two days. If I do not get my money, I will send all the info to the contact information I discovered on your equipment! Possibly I'll do it with ur accounts. It will be very funny if all your loved people get a video footage of this sort.I offer a little time because my wallets often get blocked and you need to deliver just before that. Indeed, you are not only individual getting an email of this sort, I've infected a 5440 individuals and a lot more than 1292 of which were with interesting stuff.You can call up authorities, think its worthless, the worst stuff they are able to perform is block my account. Therefore you should not do silly stuff.If perhaps I will not obtain my money for any reason, which includes the failure to deliver them to a locked wallet, ur status is going to be demolished. So make it fast!I take care of my very own anonymity and use the temporary email to deliver messages, additionally I am on the internet from my working laptopand i only with pirated Wi fi from numerous organizations besides i use TOR. Therefore, getting in touch with me and responding to to this letter doesn't make any sense.
Submitted March 20, 2018 at 04:58AM by marklein
via reddit http://ift.tt/2GJM34p
reddit
Great email from the laziest "hacker" ever • r/security
Got the following email today. It's a "ransom" demand from the laziest hacker ever, but it really cracks me up. >Subject: this really is a thing...
Cons to using Signal
Was having a discussion with a friend about using Signal and he claimed he stoped using it because he read something somewhere that using it makes you a target.I get the logic kind of, but I can’t find anything backing up that stance. Agree or disagree?
Submitted March 20, 2018 at 08:24AM by procdaddy
via reddit http://ift.tt/2FTlAzT
Was having a discussion with a friend about using Signal and he claimed he stoped using it because he read something somewhere that using it makes you a target.I get the logic kind of, but I can’t find anything backing up that stance. Agree or disagree?
Submitted March 20, 2018 at 08:24AM by procdaddy
via reddit http://ift.tt/2FTlAzT
reddit
Cons to using Signal • r/security
Was having a discussion with a friend about using Signal and he claimed he stoped using it because he read something somewhere that using it makes...
Request for OSWE Alternative or Similar Certification
With regards to how well accepted the OSCP is, how does the OSWE rank? Are there any similiar certifications to this one? Problem being one has to attend Blackhat, to attend an on-premise course to achieve it. This is quite some money you have to throw at this if you are from somewhere else than the US.
Submitted March 20, 2018 at 01:17PM by droptableuserme
via reddit http://ift.tt/2FN3WSn
With regards to how well accepted the OSCP is, how does the OSWE rank? Are there any similiar certifications to this one? Problem being one has to attend Blackhat, to attend an on-premise course to achieve it. This is quite some money you have to throw at this if you are from somewhere else than the US.
Submitted March 20, 2018 at 01:17PM by droptableuserme
via reddit http://ift.tt/2FN3WSn
reddit
Request for OSWE Alternative or Similar Certification • r/security
With regards to how well accepted the OSCP is, how does the OSWE rank? Are there any similiar certifications to this one? Problem being one has to...