Azure passwords are still at risk; Infection Monkey can help
https://ift.tt/2EpybJM
Submitted April 06, 2018 at 07:11PM by ofriziv
via reddit https://ift.tt/2GIDGF9
https://ift.tt/2EpybJM
Submitted April 06, 2018 at 07:11PM by ofriziv
via reddit https://ift.tt/2GIDGF9
GuardiCore - Data Center and Cloud Security
Azure passwords are still at risk; Infection Monkey can help | GuardiCore
The Infection Monkey can notify about any machine that stores recoverable plaintext credentials on its Azure VM disk and expose bad credentials hygiene.
Domain Recon : A tool to get the details about all the subdomains and screenshots of them.
https://ift.tt/2Hd8U8r
Submitted April 06, 2018 at 07:04PM by Oxf0xtr0t
via reddit https://ift.tt/2qb52Nc
https://ift.tt/2Hd8U8r
Submitted April 06, 2018 at 07:04PM by Oxf0xtr0t
via reddit https://ift.tt/2qb52Nc
GitHub
x73x61x6ex6ax61x79/DomainRecon
Contribute to DomainRecon development by creating an account on GitHub.
How safe is voice-recognition authentication used in telephone customer service?
I may be late on this topic, but I've noticed the trend of call-center customer service departments now offering the new security measure where your voice will be used to authenticate you. Some questions:Should one accept to be authenticated with this technology?How easily can this technology be defeated?If someone gains access to a high-quality recording of your voice, can they use it to defeat the system? Scammers could call people and record the phone-conversation to gain access to such a recording. Couldn't they then use software to identify the voice signature and then use some other clever way to "translate" their own voice into the voice signature?
Submitted April 06, 2018 at 08:28PM by dlebauche
via reddit https://ift.tt/2JmrKuu
I may be late on this topic, but I've noticed the trend of call-center customer service departments now offering the new security measure where your voice will be used to authenticate you. Some questions:Should one accept to be authenticated with this technology?How easily can this technology be defeated?If someone gains access to a high-quality recording of your voice, can they use it to defeat the system? Scammers could call people and record the phone-conversation to gain access to such a recording. Couldn't they then use software to identify the voice signature and then use some other clever way to "translate" their own voice into the voice signature?
Submitted April 06, 2018 at 08:28PM by dlebauche
via reddit https://ift.tt/2JmrKuu
reddit
How safe is voice-recognition authentication used in... • r/security
I may be late on this topic, but I've noticed the trend of call-center customer service departments now offering the new security measure where...
Seriously, I love this new tool - Do you know what types of files your mail servers are blocking?
https://ift.tt/2JokYEC
Submitted April 06, 2018 at 09:15PM by MadSecuritySquirrel
via reddit https://ift.tt/2Eqh3Du
https://ift.tt/2JokYEC
Submitted April 06, 2018 at 09:15PM by MadSecuritySquirrel
via reddit https://ift.tt/2Eqh3Du
The Mad Squ1rrel
Do you know what types of files your mail servers are blocking? Here's a free tool to help | | The Mad Squ1rrel
I'll start by saying that I don't think I have ever written a blog post about one of our free tools here at KnowBe4. It's not that I don't like the other tools or think that they lack usefulness (quite the opposite actually), it's just that this new one really…
Because when you get hit with ransomware, you really do want to read poetry o_O
https://ift.tt/2EsUzC8
Submitted April 06, 2018 at 09:12PM by MadSecuritySquirrel
via reddit https://ift.tt/2Jp5Wyk
https://ift.tt/2EsUzC8
Submitted April 06, 2018 at 09:12PM by MadSecuritySquirrel
via reddit https://ift.tt/2Jp5Wyk
TechRepublic
WhiteRose ransomware attack sends bizarre poetry in ransom note to victims
The attack is similar to the Black Ruby, Zenis, and HiddenTear / InfiniteTear ransomware variants and seems to utilize unsecured Remote Desktop services.
Shout out to Malwarebytes for this: LockCrypt Ransomware Cracked Due to Bad Crypto
https://ift.tt/2GAKZCN
Submitted April 06, 2018 at 09:11PM by MadSecuritySquirrel
via reddit https://ift.tt/2Eqh4Y4
https://ift.tt/2GAKZCN
Submitted April 06, 2018 at 09:11PM by MadSecuritySquirrel
via reddit https://ift.tt/2Eqh4Y4
BleepingComputer
LockCrypt Ransomware Cracked Due to Bad Crypto
The team at Malwarebytes has identified a weakness in the encryption scheme utilized by the LockCrypt ransomware that they can exploit to recover a victim's data.
Compromising ShareFile on-premise via 7 chained vulnerabilities
https://ift.tt/2GUY49J
Submitted April 06, 2018 at 09:44PM by dirkjanm
via reddit https://ift.tt/2EpUsqS
https://ift.tt/2GUY49J
Submitted April 06, 2018 at 09:44PM by dirkjanm
via reddit https://ift.tt/2EpUsqS
Fox-IT International blog
Compromising ShareFile on-premise via 7 chained vulnerabilities
A while ago we investigated a setup of Citrix ShareFile with an on-premise StorageZone controller. ShareFile is a file sync and sharing solution aimed at enterprises. While there are versions of Sh…
Data Breaches News Flash - Hudson's Bay Company, Under Armor MyFitnessPal, and Panera Bread
https://www.youtube.com/watch?v=OY1IUdpeOuc
Submitted April 06, 2018 at 10:48PM by GlassHouseSystems
via reddit https://ift.tt/2EtB3FC
https://www.youtube.com/watch?v=OY1IUdpeOuc
Submitted April 06, 2018 at 10:48PM by GlassHouseSystems
via reddit https://ift.tt/2EtB3FC
YouTube
Data Breaches - Hudson's Bay Company, Under Armor MyFitnessPal, and Panera Bread
Data Breaches - Hudson's Bay Company, Under Armor MyFitnessPal, and Panera Bread, all this and more on this week's GlassHouse Gazette! To learn more about ho...
Black-box vs White-box Testing: It's about what you can see.
https://ift.tt/2HffSKp
Submitted April 06, 2018 at 10:44PM by robert_brooks
via reddit https://ift.tt/2uRirjd
https://ift.tt/2HffSKp
Submitted April 06, 2018 at 10:44PM by robert_brooks
via reddit https://ift.tt/2uRirjd
Technology Conversations
Black-box vs White-box Testing
Testing shows the presence, not the absence of bugs. Edsger W. Dijkstra Two common types of testing are black-box and white-box testing. Both can drive or be driven by development. Black-box testin…
macOS High Sierra Kernel Heap Overflow
https://ift.tt/2Eqj9Dt
Submitted April 06, 2018 at 11:57PM by pocorgtfoftw
via reddit https://ift.tt/2H26ls9
https://ift.tt/2Eqj9Dt
Submitted April 06, 2018 at 11:57PM by pocorgtfoftw
via reddit https://ift.tt/2H26ls9
Use ltrace with pwnlib.tubes.process instances, useful for heap exploitation.
https://ift.tt/2IyKYfq
Submitted April 07, 2018 at 12:43AM by malweisse
via reddit https://ift.tt/2q9b8hY
https://ift.tt/2IyKYfq
Submitted April 07, 2018 at 12:43AM by malweisse
via reddit https://ift.tt/2q9b8hY
GitHub
andreafioraldi/pwntrace
pwntrace - Use ltrace with pwnlib.tubes.process instances, useful for heap exploitation. Pwntools rocks!
Russia Readies Telegram Ban After App Refused to Hand Over Encryption Keys to FSB
https://ift.tt/2IAdPjd
Submitted April 07, 2018 at 01:23AM by alessiodelv
via reddit https://ift.tt/2Jr1uzt
https://ift.tt/2IAdPjd
Submitted April 07, 2018 at 01:23AM by alessiodelv
via reddit https://ift.tt/2Jr1uzt
BleepingComputer
Russia Readies Telegram Ban After App Refused to Hand Over Encryption Keys to FSB
Roskomnadzor, Russia's telecommunications watchdog, has filed today a lawsuit against instant messaging app Telegram, asking a Moscow court to rule in favor of restricting access to the service inside Russia's borders.
Microsoft Adds Anti-Ransomware Features in Office 365
https://ift.tt/2qbn1mz
Submitted April 07, 2018 at 01:22AM by alessiodelv
via reddit https://ift.tt/2EqGh4P
https://ift.tt/2qbn1mz
Submitted April 07, 2018 at 01:22AM by alessiodelv
via reddit https://ift.tt/2EqGh4P
BleepingComputer
Microsoft Adds Anti-Ransomware Features in Office 365
Three months after news first leaked, Microsoft officially announced today the launch of new anti-ransomware features for Office 365, the company's commercial subnoscription-based office tools suite.
Reaper Group's Updated Mobile Arsenal
https://ift.tt/2IvpaRQ
Submitted April 07, 2018 at 01:49AM by intelot
via reddit https://ift.tt/2JsaBj0
https://ift.tt/2IvpaRQ
Submitted April 07, 2018 at 01:49AM by intelot
via reddit https://ift.tt/2JsaBj0
Palo Alto Networks Blog
Reaper Group’s Updated Mobile Arsenal
Unit 42 examines the Reaper Group’s updated mobile arsenal, including a Bitcoin Ticker Widget and a PyeongChang Winter Games application.
Secret Service Warns of Chip Card Scheme
https://ift.tt/2q77vJd
Submitted April 07, 2018 at 02:57AM by volci
via reddit https://ift.tt/2GJ2JrT
https://ift.tt/2q77vJd
Submitted April 07, 2018 at 02:57AM by volci
via reddit https://ift.tt/2GJ2JrT
reddit
Secret Service Warns of Chip Card Scheme • r/security
1 points and 0 comments so far on reddit
A new Mirai-style botnet is targeting the financial sector
https://ift.tt/2qbbiV4
Submitted April 07, 2018 at 02:41AM by Iot_Security
via reddit https://ift.tt/2GETcC8
https://ift.tt/2qbbiV4
Submitted April 07, 2018 at 02:41AM by Iot_Security
via reddit https://ift.tt/2GETcC8
ZDNet
A new Mirai-style botnet is targeting the financial sector
The researchers say it's the largest attack since the Mirai-powered cyberattack in October 2016 that took down large swathes of the Western internet.
T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security | A T-Mobile Austria customer representative made a shocking admission in a Twitter thread
https://ift.tt/2qc6BdM
Submitted April 07, 2018 at 04:07AM by Ebadd
via reddit https://ift.tt/2qbH04Q
https://ift.tt/2qc6BdM
Submitted April 07, 2018 at 04:07AM by Ebadd
via reddit https://ift.tt/2qbH04Q
Motherboard
T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security
A T-Mobile Austria customer representative made a shocking admission in a Twitter thread.
T-Mobile Austria stores passwords in plaintext and defends this practice on Twitter.
https://twitter.com/tmobileat/status/981418339653300224
Submitted April 07, 2018 at 03:55AM by xatrixx
via reddit https://ift.tt/2GFm1Tb
https://twitter.com/tmobileat/status/981418339653300224
Submitted April 07, 2018 at 03:55AM by xatrixx
via reddit https://ift.tt/2GFm1Tb
Twitter
T-Mobile Austria
@c_pellegrino @PWTooStrong @Telekom_hilft Hello Claudia! The customer service agents see the first four characters of your password. We store the whole password, because you need it for the login for https://t.co/vJapgJ50qc ^andrea
Where to find Security Services In Hammersmith
https://ift.tt/2Jq5S1v
Submitted April 07, 2018 at 04:35AM by alarmpro42
via reddit https://ift.tt/2Iy6XmG
https://ift.tt/2Jq5S1v
Submitted April 07, 2018 at 04:35AM by alarmpro42
via reddit https://ift.tt/2Iy6XmG
Tout
@lessiewasher1971
Next-Generation Video Platform and Content Exchange, Tout powers mobile video publishing and syndication for over 500 leading media brands globally to an audience of over 150MM unique users per month.
Keys for ESET NOD32, Kaspersky, Avast, Dr.Web, Avira
https://ift.tt/2JsKqZS
Submitted April 07, 2018 at 04:31AM by brastagi
via reddit https://ift.tt/2IzA2ya
https://ift.tt/2JsKqZS
Submitted April 07, 2018 at 04:31AM by brastagi
via reddit https://ift.tt/2IzA2ya
DeBrastagi
DeBrastagi : Keys for ESET NOD32, Kaspersky, Avast, Dr.Web, Avira
Exploiting Bluetooth Low Energy using Gattacker for IoT
https://ift.tt/2ErzsQt
Submitted April 07, 2018 at 04:45AM by adi0x90
via reddit https://ift.tt/2uRYgSf
https://ift.tt/2ErzsQt
Submitted April 07, 2018 at 04:45AM by adi0x90
via reddit https://ift.tt/2uRYgSf
Attify Blog - IoT Security, Pentesting and Exploitation
Exploiting Bluetooth Low Energy using Gattacker for IoT - Step-by-Step Guide
Learn how to exploit Bluetooth Low Energy for IoT Devices using a step-by-step guide. In this post, we are using Gattacker to perform sniffing and replay based attacks.