DNC “lone hacker” Guccifer 2.0 pegged as Russian spy after opsec fail – Ars Technica
http://ift.tt/2pzRI5z
Submitted March 24, 2018 at 12:05AM by nmgreddit
via reddit https://ift.tt/2G6aUOx
http://ift.tt/2pzRI5z
Submitted March 24, 2018 at 12:05AM by nmgreddit
via reddit https://ift.tt/2G6aUOx
Ars Technica
DNC “lone hacker” Guccifer 2.0 pegged as Russian spy after opsec fail
"Hacktivist" logged into a social media account from an IP address at GRU HQ in Moscow.
Use our suite of Ethereum security tools
http://ift.tt/2pAq4Vl
Submitted March 24, 2018 at 12:19AM by AwesomeJosh
via reddit https://ift.tt/2pzRXNV
http://ift.tt/2pAq4Vl
Submitted March 24, 2018 at 12:19AM by AwesomeJosh
via reddit https://ift.tt/2pzRXNV
Trail of Bits Blog
Use our suite of Ethereum security tools
Two years ago, when we began taking on blockchain security engagements, there were no tools engineered for the work. No static analyzers, fuzzers, or reverse engineering tools for Ethereum. So, we …
Public-Private Cybersecurity Center Opens for Business in Sydney
http://ift.tt/2DMA0Af
Submitted March 24, 2018 at 12:47AM by techie_programmer
via reddit https://ift.tt/2pzWzUf
http://ift.tt/2DMA0Af
Submitted March 24, 2018 at 12:47AM by techie_programmer
via reddit https://ift.tt/2pzWzUf
Latest Hacking News
Public-Private Cybersecurity Center Opens for Business in Sydney
The 4th Joint Cyber-Security Center is now officially opened in Sydney, almost a year after the 1st was launched in Brisbane. The government of Australia has now officially opened the Sydney Joint Cyber Security Centre (JCSC). Angus Taylor, the Minister for…
Ransomware Attack Cripples Several Atlanta City Systems
http://ift.tt/2G4PYYp
Submitted March 24, 2018 at 01:20AM by volci
via reddit https://ift.tt/2G75OSf
http://ift.tt/2G4PYYp
Submitted March 24, 2018 at 01:20AM by volci
via reddit https://ift.tt/2G75OSf
Threatpost | The first stop for security news
Ransomware Attack Cripples Several Atlanta City Systems
The city of Atlanta is being extorted for $51,000 in a ransomware attack that occurred early Thursday that impacted several local government departments.
The bug that made free money
http://ift.tt/2udiYLQ
Submitted March 24, 2018 at 01:19AM by volci
via reddit https://ift.tt/2GlZCcg
http://ift.tt/2udiYLQ
Submitted March 24, 2018 at 01:19AM by volci
via reddit https://ift.tt/2GlZCcg
Naked Security
The bug that made free money
What would you do if you found a bug that could create money out of thin air?
A new data leak hits Aadhaar, India's national ID database with 1.1 billion enrolled
https://ift.tt/2INDWV8
Submitted March 24, 2018 at 02:55AM by almostfamous
via reddit https://ift.tt/2INqpNl
https://ift.tt/2INDWV8
Submitted March 24, 2018 at 02:55AM by almostfamous
via reddit https://ift.tt/2INqpNl
ZDNet
A new data leak hits Aadhaar, India's national ID database
Exclusive: The data leak affects potentially every Indian citizen subscribed to the database.
Public record of usernames linked to state-sponsored disinformation campaigns
http://ift.tt/2ufTNsc
Submitted March 24, 2018 at 03:14AM by EvanConover
via reddit https://ift.tt/2I1Zj3N
http://ift.tt/2ufTNsc
Submitted March 24, 2018 at 03:14AM by EvanConover
via reddit https://ift.tt/2I1Zj3N
Help Center
Public record of usernames linked to state-sponsored disinformation campaigns
Democracy requires transparency and an informed electorate, and we take our responsibilities very seriously. We aggressively monitor Tumblr for signs of state-sponsored disinformation campaigns, an...
DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques [Whitepaper]
http://ift.tt/2HXEvtY
Submitted March 23, 2018 at 10:46PM by TechLord2
via reddit https://ift.tt/2pBWMWj
http://ift.tt/2HXEvtY
Submitted March 23, 2018 at 10:46PM by TechLord2
via reddit https://ift.tt/2pBWMWj
Revoke Obfuscation: PowerShell Obfuscation Detection Using Science [Whitepaper]
https://ift.tt/2vPmvwW
Submitted March 23, 2018 at 11:02PM by TechLord2
via reddit https://ift.tt/2pAi4Er
https://ift.tt/2vPmvwW
Submitted March 23, 2018 at 11:02PM by TechLord2
via reddit https://ift.tt/2pAi4Er
APT Attacks Targetting Financial Institutions [Blackhat Asia 2018 Study Presentation]
https://ift.tt/2Gg3ThD
Submitted March 23, 2018 at 11:37PM by TechLord2
via reddit https://ift.tt/2pCzpvE
https://ift.tt/2Gg3ThD
Submitted March 23, 2018 at 11:37PM by TechLord2
via reddit https://ift.tt/2pCzpvE
What to do if you can't delete Facebook because of work?
If your job requires you to use Facebook, what options do you have to help limit the social behemoth's intrusion into your personal details?I'm not an expert but here's what I've come up with so far:Use a separate browser (or at least a separate profile) for anything Facebook-related.For your primary, non-Facebook browser, log out of Facebook, delete all cookies, and use an extension that allows you to customize hosts entries. Here's one for Chrome. I've also heard about people setting up Ublock Origin for this purpose, although I haven't tried it.From within Facebook, delete absolutely everything that's not directly related to work.Unfriend everybody.Mark your profile as private.Go through your privacy settings and make sure only friends of friends can send you friend requests. Since you don't have any friends that takes care of that.What do you think? Am I missing anything?
Submitted March 24, 2018 at 05:54AM by njbair
via reddit https://ift.tt/2pFAHX4
If your job requires you to use Facebook, what options do you have to help limit the social behemoth's intrusion into your personal details?I'm not an expert but here's what I've come up with so far:Use a separate browser (or at least a separate profile) for anything Facebook-related.For your primary, non-Facebook browser, log out of Facebook, delete all cookies, and use an extension that allows you to customize hosts entries. Here's one for Chrome. I've also heard about people setting up Ublock Origin for this purpose, although I haven't tried it.From within Facebook, delete absolutely everything that's not directly related to work.Unfriend everybody.Mark your profile as private.Go through your privacy settings and make sure only friends of friends can send you friend requests. Since you don't have any friends that takes care of that.What do you think? Am I missing anything?
Submitted March 24, 2018 at 05:54AM by njbair
via reddit https://ift.tt/2pFAHX4
Atlanta ransomware attack locks down city computers
https://ift.tt/2GfStua
Submitted March 24, 2018 at 07:43AM by chull2058
via reddit https://ift.tt/2IJnF3f
https://ift.tt/2GfStua
Submitted March 24, 2018 at 07:43AM by chull2058
via reddit https://ift.tt/2IJnF3f
USA TODAY
Atlanta hit by ransomware attack, city employees told not to turn on computers
A ransomware attack on the city of Atlanta means city works at city hall can't turn on their computers and WiFi at the airport is off.
Hackers leave ransom note after wiping out MongoDB in 13 seconds
https://ift.tt/2IJEw67
Submitted March 24, 2018 at 07:42AM by chull2058
via reddit https://ift.tt/2ILyKAS
https://ift.tt/2IJEw67
Submitted March 24, 2018 at 07:42AM by chull2058
via reddit https://ift.tt/2ILyKAS
HackRead
Hackers leave ransom note after wiping out MongoDB in 13 seconds
Hackers have been exploiting unprotected MongoDB based servers but in this incident, hackers left a ransom note after wiping out MongoDB in just 13 seconds.
Who Am I Mail Bot
https://ift.tt/2INYE7l
Submitted March 24, 2018 at 08:22AM by mthbernardes
via reddit https://ift.tt/2pB0tMC
https://ift.tt/2INYE7l
Submitted March 24, 2018 at 08:22AM by mthbernardes
via reddit https://ift.tt/2pB0tMC
GitHub
mthbernardes/WhoAmIMailBot
Contribute to WhoAmIMailBot development by creating an account on GitHub.
Web Application Penetration Testing Cheat Sheet
https://ift.tt/2Gizuzg
Submitted March 24, 2018 at 09:07AM by 0xJDow
via reddit https://ift.tt/2udSjif
https://ift.tt/2Gizuzg
Submitted March 24, 2018 at 09:07AM by 0xJDow
via reddit https://ift.tt/2udSjif
JDow.io
Web Application Penetration Testing Cheat Sheet
This cheatsheet is intended to run down the typical steps performed when conducting a web application penetration test. I will break these steps down into sub-tasks and describe the tools I recommend using at each level.
Why do so many websites allow poor authentication? (and how it drives me to light social hacking for spam avoidance)
It seems like a lot of websites are at the mercy of users who type in an incorrect email address.tldr; I feel justified resetting users passwords if they give my email address by mistake. Is there a better way to deal with this? What security best practices are these websites failing at?My email address is like this: flast at gmail.comf is the first character of my first namelast is my last name.It seems that I become the unintended the target of lazy / absentminded / forgetful people about once a month that write or type their email address for some login or membership form.So I get an email saying please click here to confirm your email address.Whereupon, I click to confirm, go to a login page, click on forgot password, get emailed a reset link, then set the password to something like abcd123, login and change the name to first name:invalid login, last name: invalid login, username: invalidlogin, email invalidlogin@example.com. Basically hacking my way in the most low tech way possible to get my email address removed from the website.The funny recent example was xfinity comcast, which asked me an extra security question: "what's your favorite beverage?" It took me six tries to guess. This has to be one of the weakest security questions in the world, assuming the average person isn't paranoid enough to intentionally obfuscate their answer.Another example, someone must have bought a new jeep or at least shown interest and wrote my email on the form, by mistake or by lack of thought and consideration; giving a "dummy" email address.So, in part I guess I understand the problem. If someone's buying a new jeep and have to write their email on a form, they don't bother to give their real email address, the website doesn't feel any obligation to verify the email address correctly.Or in the previous above example, I think it was some trial free web usage, so they also don't feel obliged to check the email address thoroughly.But can someone comment on the best way these things should be done?, from the website's perspective. Perhaps the website should require you to remember your email address for the first login before any reset password requests or otherwise time out the verification links after a few hours and make the user recreate their login?I guess there's the time-old balance between ease of use for customers and (businesses that have a top priority of making it easy for customers to spend money) versus security.I feel somewhat justified logging in to reset the email address, so that my email address is no longer in a big database somewhere and I'm not going to get endless marketing spam in the future.Of course, I'm referring to big companies that have no-reply email address don't have a one-two click way of dealing with these mistakes. If I think it's going to take me more than a couple of minutes to deal with this issue, I'll do it the grey-hat hacker instead of jumping through hoops.To summarize, I thought I'd share my story because I'm sure some of you will find it funny (and I'm sure some of you will chide me too). And I wondered what people think. Any stories to tell? Better ways to do this?
Submitted March 24, 2018 at 10:59AM by johnnyjohnsmith
via reddit https://ift.tt/2G1bQIb
It seems like a lot of websites are at the mercy of users who type in an incorrect email address.tldr; I feel justified resetting users passwords if they give my email address by mistake. Is there a better way to deal with this? What security best practices are these websites failing at?My email address is like this: flast at gmail.comf is the first character of my first namelast is my last name.It seems that I become the unintended the target of lazy / absentminded / forgetful people about once a month that write or type their email address for some login or membership form.So I get an email saying please click here to confirm your email address.Whereupon, I click to confirm, go to a login page, click on forgot password, get emailed a reset link, then set the password to something like abcd123, login and change the name to first name:invalid login, last name: invalid login, username: invalidlogin, email invalidlogin@example.com. Basically hacking my way in the most low tech way possible to get my email address removed from the website.The funny recent example was xfinity comcast, which asked me an extra security question: "what's your favorite beverage?" It took me six tries to guess. This has to be one of the weakest security questions in the world, assuming the average person isn't paranoid enough to intentionally obfuscate their answer.Another example, someone must have bought a new jeep or at least shown interest and wrote my email on the form, by mistake or by lack of thought and consideration; giving a "dummy" email address.So, in part I guess I understand the problem. If someone's buying a new jeep and have to write their email on a form, they don't bother to give their real email address, the website doesn't feel any obligation to verify the email address correctly.Or in the previous above example, I think it was some trial free web usage, so they also don't feel obliged to check the email address thoroughly.But can someone comment on the best way these things should be done?, from the website's perspective. Perhaps the website should require you to remember your email address for the first login before any reset password requests or otherwise time out the verification links after a few hours and make the user recreate their login?I guess there's the time-old balance between ease of use for customers and (businesses that have a top priority of making it easy for customers to spend money) versus security.I feel somewhat justified logging in to reset the email address, so that my email address is no longer in a big database somewhere and I'm not going to get endless marketing spam in the future.Of course, I'm referring to big companies that have no-reply email address don't have a one-two click way of dealing with these mistakes. If I think it's going to take me more than a couple of minutes to deal with this issue, I'll do it the grey-hat hacker instead of jumping through hoops.To summarize, I thought I'd share my story because I'm sure some of you will find it funny (and I'm sure some of you will chide me too). And I wondered what people think. Any stories to tell? Better ways to do this?
Submitted March 24, 2018 at 10:59AM by johnnyjohnsmith
via reddit https://ift.tt/2G1bQIb
reddit
Why do so many websites allow poor authentication?... • r/security
It seems like a lot of websites are at the mercy of users who type in an incorrect email address. tldr; I feel justified resetting users...
Responsibility Deflected, the CLOUD Act Passes
https://ift.tt/2FW9ji9
Submitted March 24, 2018 at 05:59PM by _Steamed_Hams
via reddit https://ift.tt/2IR8NQE
https://ift.tt/2FW9ji9
Submitted March 24, 2018 at 05:59PM by _Steamed_Hams
via reddit https://ift.tt/2IR8NQE
Electronic Frontier Foundation
Responsibility Deflected, the CLOUD Act Passes
UPDATE, March 23, 2018: President Donald Trump signed the $1.3 trillion government spending bill—which includes the CLOUD Act—into law Friday morning. “People deserve the right to a better process.”Those are the words of Jim McGovern, representative for Massachusetts…
Coinbase glitch is another case for moving towards a decentralized exchange
https://ift.tt/2I0GZb8
Submitted March 24, 2018 at 06:29PM by bucketsofskill
via reddit https://ift.tt/2HXWtgc
https://ift.tt/2I0GZb8
Submitted March 24, 2018 at 06:29PM by bucketsofskill
via reddit https://ift.tt/2HXWtgc
Rados
Coinbase Free Ether bug? Another Case For Moving To A Decentralized Exchange
A quick look at how the recent bug on the Coinbase trading platform shows that decentralized exchanges are the way forward...
Tumblr finally names the 84 accounts it says were Russian trolls
https://ift.tt/2GiV2LX
Submitted March 24, 2018 at 08:11PM by DerBootsMann
via reddit https://ift.tt/2pAvXTe
https://ift.tt/2GiV2LX
Submitted March 24, 2018 at 08:11PM by DerBootsMann
via reddit https://ift.tt/2pAvXTe
Ars Technica
Tumblr finally names the 84 accounts it says were Russian trolls
Tumblr says it "helped indict 13 people who worked for" Internet Research Agency.
I work security at a bar and last night when I turned someone away because he was so drunk he could badly stand, he said it was because I was racist and he could see it in my face that was the reason he wasn’t allowed in. What is a professional response to this?
I just said ‘you’re wrong, it’s because you can badly stand up’, luckily to which his mates all agreed.This isn’t the first time it’s happened. It seems to be thrown around as the first excuse when someone hears something they disagree with quite a lot recently. I’m an Asian guy of Chinese decent and got quite frustrated when this was fired at me, so wanna learn a good way to deal with it, but like I say it seems to be getting more and more common as some kind of defence. I’ve seen other security guards actually get quite uncomfortable and actually reverse their decision through fear of being called racist in front of other people if the person escalates it.That seems insane to me.Is there a good, professional answer or response to give in this situation?
Submitted March 24, 2018 at 10:26PM by Bloc101
via reddit https://ift.tt/2I22okr
I just said ‘you’re wrong, it’s because you can badly stand up’, luckily to which his mates all agreed.This isn’t the first time it’s happened. It seems to be thrown around as the first excuse when someone hears something they disagree with quite a lot recently. I’m an Asian guy of Chinese decent and got quite frustrated when this was fired at me, so wanna learn a good way to deal with it, but like I say it seems to be getting more and more common as some kind of defence. I’ve seen other security guards actually get quite uncomfortable and actually reverse their decision through fear of being called racist in front of other people if the person escalates it.That seems insane to me.Is there a good, professional answer or response to give in this situation?
Submitted March 24, 2018 at 10:26PM by Bloc101
via reddit https://ift.tt/2I22okr
reddit
I work security at a bar and last night when I turned... • r/security
I just said ‘you’re wrong, it’s because you can badly stand up’, luckily to which his mates all agreed. This isn’t the first time it’s...
The AVCrypt Ransomware Tries To Uninstall Your AV Software
https://ift.tt/2GfGBZf
Submitted March 24, 2018 at 10:38PM by Alan976
via reddit https://ift.tt/2G1oIhw
https://ift.tt/2GfGBZf
Submitted March 24, 2018 at 10:38PM by Alan976
via reddit https://ift.tt/2G1oIhw
BleepingComputer
The AVCrypt Ransomware Tries To Uninstall Your AV Software
A new ransomware named AVCrypt has been discovered that tries to uninstall existing security software before it encrypts a computer. Furthermore, as it removes numerous services, including Windows Update, and provides no contact information, this ransomware may…