Heartbeat tool - what kind of abuse should I expect?
I'm considering to provide a tool to my users where they can set up a heartbeat to a URL of their choosing. What kind of abuses should I expect and account for?For example if user John Doe would like to use this tool to be notified if his blog website at www. My John Doe blog.com goes down or comes back with a response other than 200. This tool would be like a Cron job that runs a HTTP request every one minute and sends out an alert if the response doesn't match.

Submitted April 21, 2018 at 04:38AM by daw1cked
via reddit https://ift.tt/2K2rrFF

Can someone identify this USB device?
https://ift.tt/2HN6rlv

Submitted April 21, 2018 at 05:32AM by jlongx83
via reddit https://ift.tt/2vwD8kH

Invoke-ATTACKAPI: Invoke-ATTACKAPI A PowerShell noscript to interact with the MITRE ATT&CK Framework via its own API in order to gather information about techniques, tactics, groups, software and references provided by the MITRE ATT&CK Team.
https://ift.tt/2wG5WT0

Submitted April 21, 2018 at 05:51AM by 0xCory
via reddit https://ift.tt/2F4TFfd

McAfee purchased TunnelBear VPN last month, with plans to integrate it in to McAfee’s Safe Connect software. This now makes TunnelBear a US-based entity which could change the log policies as it must comply with US laws (it was Canadian prior to the acquisition).
https://ift.tt/2Gcmg4E

Submitted April 21, 2018 at 08:02AM by Erik_Stcroix
via reddit https://ift.tt/2vC9qeg

Any way to keep "ALL" contents backup?
Hey all, hope you all are having an awesome day :DNow, I want to keep daily works as backup into the cloud and that includes my business and personal things on daily basis. But I want a good trustable cloud service who won't look into my personal as well as business files because face it no one would like anyone to look at their personal and business stuff. I think there was an article where one drive's stuff accessed some contents or it was Evernote? I don't remember exactly.The thing is I want to keep the daily backup of all my business files as well as personal things into the cloud. The reason is I fear that my lappy may stop working one morning and I lose all data and I already have 2 external HDDs but we don't know when external HDDs can stop working. Electronics these days...haha! Another major reason is that my friend's laptop was stolen from a public place and there was no one to blame. Actually, it was his foolishness to keep his lappy like that on the table without staying alert. So, I fear that same can happen to me and I lose my crucial data and files. Robberies are so pathetic. Hard earned money and things go away in an instant. :(So, which is a good trustable cloud service that will securely keep my biz as well as personal data?What will you recommend and what do you use yourself to back up your important work files and personal things?Thanks in advance!

Submitted April 21, 2018 at 08:54AM by TheRealistDude
via reddit https://ift.tt/2qPf3jH

Is an anti-virus tool for Linux (ex. Sophos) necessary?
Many Linux users claim they have nothing to fear as hackers primarily create viruses for Windows machines, but is that a good enough reason to not install an anti-virus tool?Sophos came out a few years ago making the claim that no machine was safe. They claimed that Linux was susceptible to viruses/attacks and has been attacked in the past. Many people thought they were BSing and asked Sophos to "put up or shut up" with proof of their claims and I'm unsure if they ever came around to providing that proof.What do you guys think? Is it worth the download?

Submitted April 21, 2018 at 08:10AM by JFKfanboi
via reddit https://ift.tt/2qR7k4r

Malspam pushing ransomware using two layers of password protection to avoid detection
https://ift.tt/2HETfl3

Submitted April 21, 2018 at 09:17AM by TechLord2
via reddit https://ift.tt/2qO2o1f

Anyone seen this? (IE with green border and "Encrypting" keyboard symbol bottom right). Not sure if malware or some keystroke masking software.
https://ift.tt/2Jg05uj

Submitted April 21, 2018 at 09:34AM by comedybill
via reddit https://ift.tt/2qN3lGT

Secured and unsecured home environments
Hi all,I am leaning toward buying or building a windows machine dedicated strictly to processing sensitive personal transactions. Does anyone else do this?How I would protect:-Dedicated network interface and network -wired connection -Security suite (Bit Defender or Norton, leaning toward Norton) -dedicated printer/scanner -strict firewall rules to lock down egress in addition to the default implicit deny. -Geo IP range blocking -Dedicated e-mail address used only for services to be used on the secured networkAnything obvious I am missing?If you do this, what sort of activity do you classify as sensitive or to be processed on the secured network/device?I am thinking anything that involves obvious PII/HIPPA type Information.Banking, brokerage, health insurance/medical issues. I would consider possibly shopping but part of me is a little hesitant to include it there. There must be a point at which there is a cut off otherwise one could argue everything is important including social media, YouTube searching and general googling. At that point there would be no difference between the unsecured and secured networks since I would generally set them up in almost the same way anyway, aside from strict egress lockdown.

Submitted April 21, 2018 at 12:03PM by NewUsername258
via reddit https://ift.tt/2vxwTgG

Virtual Machine for Adversary Emulation and Threat Hunting
https://ift.tt/2HkMVM6

Submitted April 21, 2018 at 01:37PM by chauh-s
via reddit https://ift.tt/2HgzfSw

Best open source software to crypt folders ?
Thanks !

Submitted April 21, 2018 at 02:07PM by aymanbt
via reddit https://ift.tt/2vxtb6D

Why Do We Need Security Network Audit
https://www.youtube.com/watch?v=eMqv2N72wfo

Submitted April 21, 2018 at 02:30PM by primeinfoserv
via reddit https://ift.tt/2HgIwxT

JavaScript that detect hosts in my local net
I am fallen in a web page (https://www.cleancss.com/router-default/ZyXEL/P-660H-D1) that "scan" (or try to) my local network looking for devices. Just for curiosity, i take a look to the source code and I found a javanoscript that seems to be able to scan my localnet:https://pastebin.com/7bvHaRwnThat's safe ? Is possibile to write down a JS that scan my localnet and send results to outside server ?A bit afraid.

Submitted April 21, 2018 at 05:25PM by o-zone1978
via reddit https://ift.tt/2vx0Z3L

Penetration Testing and Vulnerability Assessments Are NOT Going Anywhere Anytime Soon. We Still Suck at Basics
https://ift.tt/2HgJeHh

Submitted April 21, 2018 at 09:14PM by dbalut
via reddit https://ift.tt/2HOf8fn

Provider storing passwords unencrypted/hashed
I was wondering, why my provider would verify my identity by asking for the 3 first signs of my password. So i asked them by email and they told me it would'nt be necessary. Only the first 3 signs are known to them. Is this plausible, or is my password stored in an unencrypted database which could potentially be hacked? How would i go on on convincing them to change this?

Submitted April 21, 2018 at 10:55PM by sffilk0908
via reddit https://ift.tt/2vxDhEC

Overall Security Strategy
I'm looking to begin a new security strategy for my colo'd server. I'm very interested in cyber security overall and would like to explore some of the different areas within. I enjoy hands on experience and learn best from it as well.I have a colo'd server which publicly hosts stuff and also has my "lab" on it. I'm looking to develop a security plan to better protect the VMs and overall network. VMs range from linux variants to windows ~20-30VMs total.I want to be able to emulate an enterprise as close as possible to learn more about the different aspects. Of course this starts with AD and tieing in SSO for apps and stuff. I would like to know what type of software I should look into and what log aggregation stuff I should use (I've worked with Splunk a little). I also like the idea of Security Onion which uses ELK so that's an option too since I'm sure it'd easily ship the logs to a centralized server. That covers network IDS and packet logging etc. On the hosts for linux and windows, what should I use for HIDS or other malware scanners that can communicate to a "centralized" server. I saw something about OSSIM but would like community input.Aside from network and host based stuff talked about above, is there anything else I should look into? If you have a diagram that talks about the different security areas of a network (such as network and host based (and more) that I can use as a "checklist" that'd be great.

Submitted April 22, 2018 at 12:08AM by Gamerfanatic
via reddit https://ift.tt/2HgY1G2

Slow loris noscript not working properly
Hello everybody!So recently I learned about the Slow Loris attack and thought about testing it against my rpi server. So now matter how high I set the number of connections to be, the server still worked, it only worked slower, but for short intervals of time. Here is the code I used! Does anyone have an idea why it doesn't work properly?

Submitted April 22, 2018 at 12:16AM by daviddvd267
via reddit https://ift.tt/2vA3ja7

The CIA Wants To Compromise Your Router
https://ift.tt/2EFbSjv

Submitted April 22, 2018 at 12:55AM by Iot_Security
via reddit https://ift.tt/2HhH1eQ

Millions of Chrome Users Have Installed Malware Posing as Ad Blockers
https://ift.tt/2Hcdnvu

Submitted April 22, 2018 at 05:55AM by OneSob
via reddit https://ift.tt/2qNuf1c

Debugging Windows Services For Malware Analysis / Reverse Engineering
https://ift.tt/2vAXVna

Submitted April 22, 2018 at 11:57AM by khasaia
via reddit https://ift.tt/2HW9dVT

New Version of Satan Ransomware Uses EternalBlue Exploit to Spread Via the Network and then Encrypt Files
https://ift.tt/2vHzBjR

Submitted April 22, 2018 at 02:06PM by TechLord2
via reddit https://ift.tt/2HiguSO