Windows servers running IIS 6.0 targeted by crypto-mining hackers
https://ift.tt/2qCYBmf
Submitted April 17, 2018 at 05:12AM by chull2058
via reddit https://ift.tt/2qCgX6W
https://ift.tt/2qCYBmf
Submitted April 17, 2018 at 05:12AM by chull2058
via reddit https://ift.tt/2qCgX6W
http://www.theinquirer.net
Windows servers running IIS 6.0 targeted by crypto-mining hackers
Attackers are using unpatched servers to mine Electroneum
Centrify: Secure the 2018 Vote with Zero Trust Security
https://ift.tt/2H5yCz8
Submitted April 17, 2018 at 04:55AM by ApprehensiveActuator
via reddit https://ift.tt/2qBOi1S
https://ift.tt/2H5yCz8
Submitted April 17, 2018 at 04:55AM by ApprehensiveActuator
via reddit https://ift.tt/2qBOi1S
Morningstar
Centrify: Secure the 2018 Vote with Zero Trust Security
Centrify: Secure the 2018 Vote with Zero Trust Security, Read most current stock market news, Get stock, fund, etf analyst reports from an independent source you can trust – Morningstar
Your business-critical data could get exposed. Are you prepared?
https://ift.tt/2J0pHv9
Submitted April 17, 2018 at 11:05AM by wadetomtesting
via reddit https://ift.tt/2HFc4SP
https://ift.tt/2J0pHv9
Submitted April 17, 2018 at 11:05AM by wadetomtesting
via reddit https://ift.tt/2HFc4SP
Software Testing Blog by Cigniti Technologies
Your business-critical data could get exposed. Are you prepared?
Is adoption of present-day #SecurityTestingsolutions the answer to rising #datasecurity threats? Check out our latest post.
Roaming Mantis uses DNS hijacking to infect Android smartphones
https://ift.tt/2vgRohx
Submitted April 17, 2018 at 01:34AM by Goovscoov
via reddit https://ift.tt/2qCSX4p
https://ift.tt/2vgRohx
Submitted April 17, 2018 at 01:34AM by Goovscoov
via reddit https://ift.tt/2qCSX4p
Securelist - Kaspersky Lab’s cyberthreat research and reports
Roaming Mantis uses DNS hijacking to infect Android smartphones
In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained…
Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
https://ift.tt/2HDhKg5
Submitted April 17, 2018 at 03:19AM by Eplox
via reddit https://ift.tt/2vjADC6
https://ift.tt/2HDhKg5
Submitted April 17, 2018 at 03:19AM by Eplox
via reddit https://ift.tt/2vjADC6
www.us-cert.gov
Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices | US-CERT
Since 2015, the U.S. Government received information from multiple sources—including private and public sector cybersecurity research organizations and allies—that cyber actors are exploiting large numbers of enterprise-class and SOHO/residential routers…
Backups Question
Is it good practice to backup things like master passwords. If so, how/where can multiple copies be stored without storing them near the thing they unlock.For example, if I have a GPG key at home, I wouldn't want the symmetric key password at home too. (Is this even reasonable?)I can comfortably store a master password in my head but if I was to be really paranoid, I would worry about things like head injuries that give me memory loss.My issue is then; if I have forgotten my password, I may have also forgotten where it's backed up. This leads me to think that I would need to store the backup somewhere obvious and potentially insecure.For arguments sake, say that my threat model is being secure from the NSA, is it just best to have one master password remembered, without backups?
Submitted April 17, 2018 at 12:25PM by Joshua-Cooper
via reddit https://ift.tt/2qErZsf
Is it good practice to backup things like master passwords. If so, how/where can multiple copies be stored without storing them near the thing they unlock.For example, if I have a GPG key at home, I wouldn't want the symmetric key password at home too. (Is this even reasonable?)I can comfortably store a master password in my head but if I was to be really paranoid, I would worry about things like head injuries that give me memory loss.My issue is then; if I have forgotten my password, I may have also forgotten where it's backed up. This leads me to think that I would need to store the backup somewhere obvious and potentially insecure.For arguments sake, say that my threat model is being secure from the NSA, is it just best to have one master password remembered, without backups?
Submitted April 17, 2018 at 12:25PM by Joshua-Cooper
via reddit https://ift.tt/2qErZsf
reddit
Backups Question • r/security
Is it good practice to backup things like master passwords. If so, how/where can multiple copies be stored without storing them near the thing...
Intel patches SPI Flash Flaw that lets attackers alter or delete BIOS/UEFI firmware
https://ift.tt/2GEe3VZ
Submitted April 17, 2018 at 02:08PM by ttelephone
via reddit https://ift.tt/2qDLPVA
https://ift.tt/2GEe3VZ
Submitted April 17, 2018 at 02:08PM by ttelephone
via reddit https://ift.tt/2qDLPVA
Would you pay 1$/year to get an XMPP account in a full featured XMPP server?
https://ift.tt/2ENKRdF
Submitted April 17, 2018 at 02:55PM by xzsun
via reddit https://ift.tt/2JT7VLV
https://ift.tt/2ENKRdF
Submitted April 17, 2018 at 02:55PM by xzsun
via reddit https://ift.tt/2JT7VLV
reddit
## Would you pay 1$/year to get an XMPP account in... • u/0_0_o_o_0_0
## Would you pay 1$/year to get an XMPP account in a full featured XMPP server? Hey Reddit I'm a Linux Sysadmin, and I'm interested in...
Security is failing - 2.6 billion records were exposed in 2017
https://ift.tt/2J17MEI
Submitted April 17, 2018 at 04:15PM by htbridgedigital
via reddit https://ift.tt/2ETJQR9
https://ift.tt/2J17MEI
Submitted April 17, 2018 at 04:15PM by htbridgedigital
via reddit https://ift.tt/2ETJQR9
Htbridge
Security is failing - 2.6 billion records were exposed in 2017
An average of five million records are compromised every day, according to an updated Breach Level Index.
Podcast: Benefits and Challenges of Cyber Risk Quantification
https://ift.tt/2J1dBly
Submitted April 17, 2018 at 05:04PM by Uminekoshi
via reddit https://ift.tt/2HGI1Kn
https://ift.tt/2J1dBly
Submitted April 17, 2018 at 05:04PM by Uminekoshi
via reddit https://ift.tt/2HGI1Kn
SoundCloud
Episode 8 - Benefits and Challenges of Cyber Risk Quantification with Jason Syversen
In this CyberTangent episode, we are joined by Jason Syversen, CEO at Siege Technologies. Our podcast host is Landon Johnson.
Today's topic is "Benefits and Challenges of Cyber Risk Quantification."
Today's topic is "Benefits and Challenges of Cyber Risk Quantification."
Gryffin Solutions – Detention
https://ift.tt/2JTVrUg
Submitted April 17, 2018 at 05:36PM by gryffinau
via reddit https://ift.tt/2ETAqFi
https://ift.tt/2JTVrUg
Submitted April 17, 2018 at 05:36PM by gryffinau
via reddit https://ift.tt/2ETAqFi
Unnoscriptd
Gryffin Solutions – Detention
For over 30 years, Gryffin has understood that it doesn’t get any more critical than detaining society’s offenders, illegal immigrants or patients in mental health facilities. Not just for society’s...
Best way to protect copyrighted work
Good morning all,I am an author of a training book or guide that I currently sell on Amazon. The training guide is a question and answer form guide to help students pass a particular exam. I was presented with an opportunity by a National training center. They proposed that I give them permission to use my training material, the questions that is, and in return they would have a link to where the students can purchase the full guide on Amazon. They would need access to my material in some format (MSWord) where they can copy and paste my questions. What would be the best way of sharing this material to prevent unauthorized access from copying? Please share some options. I was thinking of uploading to a secure server, creating a login and sharing that with the person.
Submitted April 17, 2018 at 06:12PM by gsurface
via reddit https://ift.tt/2qDaUjr
Good morning all,I am an author of a training book or guide that I currently sell on Amazon. The training guide is a question and answer form guide to help students pass a particular exam. I was presented with an opportunity by a National training center. They proposed that I give them permission to use my training material, the questions that is, and in return they would have a link to where the students can purchase the full guide on Amazon. They would need access to my material in some format (MSWord) where they can copy and paste my questions. What would be the best way of sharing this material to prevent unauthorized access from copying? Please share some options. I was thinking of uploading to a secure server, creating a login and sharing that with the person.
Submitted April 17, 2018 at 06:12PM by gsurface
via reddit https://ift.tt/2qDaUjr
reddit
Best way to protect copyrighted work • r/security
Good morning all, I am an author of a training book or guide that I currently sell on Amazon. The training guide is a question and answer form...
Does banning IP-ranges with millions of IPs cause lots of extra CPU load?
This is for a Linux (no specific distro) server with Apache, MySQL, PHP. Some standard stuff. :) We're talking about low budgetservers. Lets say a VPS, with Dual CPU @ 1.6 GHZ, 2 GB RAM.IPTables, is that what most people use for banning ranges? I don't really know what most people use for this since it's normally nothing I work with. Please, tell me if there's a better way. I need to block the full server from these ranges. Not just 1 domains.If I for example want to ban: 101.16.0.0/12 Which is 1,048,576 IPs. Does this cause the server to spike up the CPU a lot more or is it a quick check for the server and just compare some numbers?What if I have ~20 more IP-ranges like it and it comes up to a couple of million, should any server handle this with ease?Another last question: Is it easier for the server to check the banlist if I only specify for example: "123...*"? I guess it doesn't have to calculate the IPs the same way then and only have to check the first 3 digits?I'm thankful for all the help I can get. :)
Submitted April 17, 2018 at 06:07PM by KlLLED
via reddit https://ift.tt/2EWHr8A
This is for a Linux (no specific distro) server with Apache, MySQL, PHP. Some standard stuff. :) We're talking about low budgetservers. Lets say a VPS, with Dual CPU @ 1.6 GHZ, 2 GB RAM.IPTables, is that what most people use for banning ranges? I don't really know what most people use for this since it's normally nothing I work with. Please, tell me if there's a better way. I need to block the full server from these ranges. Not just 1 domains.If I for example want to ban: 101.16.0.0/12 Which is 1,048,576 IPs. Does this cause the server to spike up the CPU a lot more or is it a quick check for the server and just compare some numbers?What if I have ~20 more IP-ranges like it and it comes up to a couple of million, should any server handle this with ease?Another last question: Is it easier for the server to check the banlist if I only specify for example: "123...*"? I guess it doesn't have to calculate the IPs the same way then and only have to check the first 3 digits?I'm thankful for all the help I can get. :)
Submitted April 17, 2018 at 06:07PM by KlLLED
via reddit https://ift.tt/2EWHr8A
reddit
Does banning IP-ranges with millions of IPs cause... • r/security
This is for a Linux (no specific distro) server with Apache, MySQL, PHP. Some standard stuff. :) We're talking about low budgetservers. Lets say a...
From XML External Entity to NTLM Domain Hashes
https://ift.tt/2vlbO8Z
Submitted April 17, 2018 at 06:00PM by 0xdea
via reddit https://ift.tt/2JUB9Ki
https://ift.tt/2vlbO8Z
Submitted April 17, 2018 at 06:00PM by 0xdea
via reddit https://ift.tt/2JUB9Ki
Security In 5: Episode 218 - Mini Series Top 10 Reasons To Pen Test - 4 - Test Your Controls
https://ift.tt/2qyZlK7
Submitted April 17, 2018 at 06:43PM by BinaryBlog
via reddit https://ift.tt/2ERxEk0
https://ift.tt/2qyZlK7
Submitted April 17, 2018 at 06:43PM by BinaryBlog
via reddit https://ift.tt/2ERxEk0
Libsyn
Security In Five Podcast: Episode 218 - Mini Series Top 10 Reasons To Pen Test - 4 - Test Your Controls
Continuing with the mini series Top 10 Reasons To Run Penetration Tests. Number four talks about using the tests to not just check for the target apps failures but test the controls you have in place. This episode goes into the details. Be aware, be safe.…
stay secure
https://ift.tt/2vmDSbV
Submitted April 17, 2018 at 07:00PM by Hazelwood6a
via reddit https://ift.tt/2qFNABB
https://ift.tt/2vmDSbV
Submitted April 17, 2018 at 07:00PM by Hazelwood6a
via reddit https://ift.tt/2qFNABB
T-Shirts, Hoodies, Mugs - online store
Mug Anonymous
Buy Mug with unique design Anonymous
Stay secure
https://ift.tt/2vmDSbV
Submitted April 17, 2018 at 07:15PM by Hazelwood6a
via reddit https://ift.tt/2HHAE5k
https://ift.tt/2vmDSbV
Submitted April 17, 2018 at 07:15PM by Hazelwood6a
via reddit https://ift.tt/2HHAE5k
T-Shirts, Hoodies, Mugs - online store
Mug Anonymous
Buy Mug with unique design Anonymous
Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
https://ift.tt/2J2wDb7
Submitted April 17, 2018 at 07:46PM by EvanConover
via reddit https://ift.tt/2ET259x
https://ift.tt/2J2wDb7
Submitted April 17, 2018 at 07:46PM by EvanConover
via reddit https://ift.tt/2ET259x
Trendmicro
Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner - TrendLabs Security Intelligence Blog
Currently, cryptocurrency miners are heavily used by malware—we’ve seen miners injected onto ad platforms, on popular mobile devices, and servers. Malware creators change payloads to maximize their chances to make a profit, and in this volatile cryptocurrency…
Black Carbon users
Has anyone been running Carbon Black as an AV solution? Can you share your experience with me?Many thanks !
Submitted April 17, 2018 at 08:48PM by oliland1
via reddit https://ift.tt/2ESycWX
Has anyone been running Carbon Black as an AV solution? Can you share your experience with me?Many thanks !
Submitted April 17, 2018 at 08:48PM by oliland1
via reddit https://ift.tt/2ESycWX
reddit
Black Carbon users • r/security
Has anyone been running Carbon Black as an AV solution? Can you share your experience with me? Many thanks !
UK NCSC identifies IoT as a main cyber threat to UK business
https://ift.tt/2JU0S5u
Submitted April 17, 2018 at 08:13PM by Iot_Security
via reddit https://ift.tt/2vpqHqU
https://ift.tt/2JU0S5u
Submitted April 17, 2018 at 08:13PM by Iot_Security
via reddit https://ift.tt/2vpqHqU
www.ncsc.gov.uk
The cyber threat to UK business 2017-2018 report
A report examining how nefarious cyber activity over the past 12 months has impacted UK businesses.
Eau Claire InfoSec. Cyber Security Meetup this Monday April 23rd.
It isn't a matter IF your company will be compromised by hackers, it is only a matter of WHEN your company will be compromised! What should you be doing now to prepare your company for a cyber security incident?We are excited to have Crystal Rice present on "Incident Response: Prior Planning Prevents Poor Performance" this coming Monday the 23rd @ the Lazy Monk!RSVP Here: https://www.meetup.com/ecinfosec/events/249061911/Crystal Rice considers herself a corporate information security chiropractor - finding ways to align the needs of the business and the end-user with the responsibility to secure information in an increasingly mobile-centric and data-centric global business environment. She is an Information Security and Assurance professional with complementary skills including: incident response; ethical hacking; public speaking; training; technical writing; leadership; and a firm understanding of the vulnerabilities that exist in systems as a result of the inability to apply security patches to the human members of those systems.Here are the details on our next Meetup. Hope you can make it!Who: Anyone who is interested in any facet of Information Security is welcome to come! What: Lets get together, hang out, learn something new, and chat about Information Security. Where: Lazy Monk Brewery. 97 W Madison St, Eau Claire, WI 54702. When: Monday, April 23rd! Mingling will start at 6 PM. There will be an information security presentation at 6:30 PM. Followed by more mingling. Register: If you would like to attend, you must RSVP using MeetUp link: https://www.meetup.com/ecinfosec/events/249061911/
Submitted April 17, 2018 at 08:04PM by Gui4life
via reddit https://ift.tt/2JU0Tq4
It isn't a matter IF your company will be compromised by hackers, it is only a matter of WHEN your company will be compromised! What should you be doing now to prepare your company for a cyber security incident?We are excited to have Crystal Rice present on "Incident Response: Prior Planning Prevents Poor Performance" this coming Monday the 23rd @ the Lazy Monk!RSVP Here: https://www.meetup.com/ecinfosec/events/249061911/Crystal Rice considers herself a corporate information security chiropractor - finding ways to align the needs of the business and the end-user with the responsibility to secure information in an increasingly mobile-centric and data-centric global business environment. She is an Information Security and Assurance professional with complementary skills including: incident response; ethical hacking; public speaking; training; technical writing; leadership; and a firm understanding of the vulnerabilities that exist in systems as a result of the inability to apply security patches to the human members of those systems.Here are the details on our next Meetup. Hope you can make it!Who: Anyone who is interested in any facet of Information Security is welcome to come! What: Lets get together, hang out, learn something new, and chat about Information Security. Where: Lazy Monk Brewery. 97 W Madison St, Eau Claire, WI 54702. When: Monday, April 23rd! Mingling will start at 6 PM. There will be an information security presentation at 6:30 PM. Followed by more mingling. Register: If you would like to attend, you must RSVP using MeetUp link: https://www.meetup.com/ecinfosec/events/249061911/
Submitted April 17, 2018 at 08:04PM by Gui4life
via reddit https://ift.tt/2JU0Tq4
Meetup
EC InfoSec #5 - Incident Response: Prior Planning Prevents Poor Performance
We are excited to have Crystal Rice present on "Incident Response: Prior Planning Prevents Poor Performance" at 6:30 PM on Monday April 23rd @ The Lazy Monk. Crystal is a Senior Security Analyst at Ne