Malspam pushing ransomware using two layers of password protection to avoid detection
https://ift.tt/2HETfl3
Submitted April 21, 2018 at 09:17AM by TechLord2
via reddit https://ift.tt/2qO2o1f
https://ift.tt/2HETfl3
Submitted April 21, 2018 at 09:17AM by TechLord2
via reddit https://ift.tt/2qO2o1f
Reddit
reddit: the front page of the internet
r/netsec: A community for technical news and discussion of information security and closely related topics.
Anyone seen this? (IE with green border and "Encrypting" keyboard symbol bottom right). Not sure if malware or some keystroke masking software.
https://ift.tt/2Jg05uj
Submitted April 21, 2018 at 09:34AM by comedybill
via reddit https://ift.tt/2qN3lGT
https://ift.tt/2Jg05uj
Submitted April 21, 2018 at 09:34AM by comedybill
via reddit https://ift.tt/2qN3lGT
Secured and unsecured home environments
Hi all,I am leaning toward buying or building a windows machine dedicated strictly to processing sensitive personal transactions. Does anyone else do this?How I would protect:-Dedicated network interface and network -wired connection -Security suite (Bit Defender or Norton, leaning toward Norton) -dedicated printer/scanner -strict firewall rules to lock down egress in addition to the default implicit deny. -Geo IP range blocking -Dedicated e-mail address used only for services to be used on the secured networkAnything obvious I am missing?If you do this, what sort of activity do you classify as sensitive or to be processed on the secured network/device?I am thinking anything that involves obvious PII/HIPPA type Information.Banking, brokerage, health insurance/medical issues. I would consider possibly shopping but part of me is a little hesitant to include it there. There must be a point at which there is a cut off otherwise one could argue everything is important including social media, YouTube searching and general googling. At that point there would be no difference between the unsecured and secured networks since I would generally set them up in almost the same way anyway, aside from strict egress lockdown.
Submitted April 21, 2018 at 12:03PM by NewUsername258
via reddit https://ift.tt/2vxwTgG
Hi all,I am leaning toward buying or building a windows machine dedicated strictly to processing sensitive personal transactions. Does anyone else do this?How I would protect:-Dedicated network interface and network -wired connection -Security suite (Bit Defender or Norton, leaning toward Norton) -dedicated printer/scanner -strict firewall rules to lock down egress in addition to the default implicit deny. -Geo IP range blocking -Dedicated e-mail address used only for services to be used on the secured networkAnything obvious I am missing?If you do this, what sort of activity do you classify as sensitive or to be processed on the secured network/device?I am thinking anything that involves obvious PII/HIPPA type Information.Banking, brokerage, health insurance/medical issues. I would consider possibly shopping but part of me is a little hesitant to include it there. There must be a point at which there is a cut off otherwise one could argue everything is important including social media, YouTube searching and general googling. At that point there would be no difference between the unsecured and secured networks since I would generally set them up in almost the same way anyway, aside from strict egress lockdown.
Submitted April 21, 2018 at 12:03PM by NewUsername258
via reddit https://ift.tt/2vxwTgG
Reddit
reddit: the front page of the internet
r/security: A friendly and professional place for discussing computer security.
Virtual Machine for Adversary Emulation and Threat Hunting
https://ift.tt/2HkMVM6
Submitted April 21, 2018 at 01:37PM by chauh-s
via reddit https://ift.tt/2HgzfSw
https://ift.tt/2HkMVM6
Submitted April 21, 2018 at 01:37PM by chauh-s
via reddit https://ift.tt/2HgzfSw
GitHub
redhuntlabs/RedHunt-OS
RedHunt-OS - Virtual Machine for Adversary Emulation and Threat Hunting
Best open source software to crypt folders ?
Thanks !
Submitted April 21, 2018 at 02:07PM by aymanbt
via reddit https://ift.tt/2vxtb6D
Thanks !
Submitted April 21, 2018 at 02:07PM by aymanbt
via reddit https://ift.tt/2vxtb6D
reddit
Best open source software to crypt folders ? • r/security
Thanks !
Why Do We Need Security Network Audit
https://www.youtube.com/watch?v=eMqv2N72wfo
Submitted April 21, 2018 at 02:30PM by primeinfoserv
via reddit https://ift.tt/2HgIwxT
https://www.youtube.com/watch?v=eMqv2N72wfo
Submitted April 21, 2018 at 02:30PM by primeinfoserv
via reddit https://ift.tt/2HgIwxT
YouTube
Why Do We Need Network Audit
Our CEO Mr. Sushobhan Mukherjee discussed that Why do we need Network Audit. If any help needed on this types of issue, our experts can guide you the right r...
JavaScript that detect hosts in my local net
I am fallen in a web page (https://www.cleancss.com/router-default/ZyXEL/P-660H-D1) that "scan" (or try to) my local network looking for devices. Just for curiosity, i take a look to the source code and I found a javanoscript that seems to be able to scan my localnet:https://pastebin.com/7bvHaRwnThat's safe ? Is possibile to write down a JS that scan my localnet and send results to outside server ?A bit afraid.
Submitted April 21, 2018 at 05:25PM by o-zone1978
via reddit https://ift.tt/2vx0Z3L
I am fallen in a web page (https://www.cleancss.com/router-default/ZyXEL/P-660H-D1) that "scan" (or try to) my local network looking for devices. Just for curiosity, i take a look to the source code and I found a javanoscript that seems to be able to scan my localnet:https://pastebin.com/7bvHaRwnThat's safe ? Is possibile to write down a JS that scan my localnet and send results to outside server ?A bit afraid.
Submitted April 21, 2018 at 05:25PM by o-zone1978
via reddit https://ift.tt/2vx0Z3L
Cleancss
ZyXEL P-660H-D1 Default Router Login and Password
Find the default login, username, password, and ip address for your ZyXEL P-660H-D1 router. You will need to know then when you get a new router, or when you reset your router.
Penetration Testing and Vulnerability Assessments Are NOT Going Anywhere Anytime Soon. We Still Suck at Basics
https://ift.tt/2HgJeHh
Submitted April 21, 2018 at 09:14PM by dbalut
via reddit https://ift.tt/2HOf8fn
https://ift.tt/2HgJeHh
Submitted April 21, 2018 at 09:14PM by dbalut
via reddit https://ift.tt/2HOf8fn
Dawid Bałut
Penetration Testing and Vulnerability Assessments Are NOT Going Anywhere Anytime Soon. We Still Suck at Basics
I’ve seen following questions pop up very often, so decided to write some brief blogpost about it from my POV. For how long will the security testers’ work be required? What is the future of …
Provider storing passwords unencrypted/hashed
I was wondering, why my provider would verify my identity by asking for the 3 first signs of my password. So i asked them by email and they told me it would'nt be necessary. Only the first 3 signs are known to them. Is this plausible, or is my password stored in an unencrypted database which could potentially be hacked? How would i go on on convincing them to change this?
Submitted April 21, 2018 at 10:55PM by sffilk0908
via reddit https://ift.tt/2vxDhEC
I was wondering, why my provider would verify my identity by asking for the 3 first signs of my password. So i asked them by email and they told me it would'nt be necessary. Only the first 3 signs are known to them. Is this plausible, or is my password stored in an unencrypted database which could potentially be hacked? How would i go on on convincing them to change this?
Submitted April 21, 2018 at 10:55PM by sffilk0908
via reddit https://ift.tt/2vxDhEC
reddit
Provider storing passwords unencrypted/hashed • r/security
I was wondering, why my provider would verify my identity by asking for the 3 first signs of my password. So i asked them by email and they told...
Overall Security Strategy
I'm looking to begin a new security strategy for my colo'd server. I'm very interested in cyber security overall and would like to explore some of the different areas within. I enjoy hands on experience and learn best from it as well.I have a colo'd server which publicly hosts stuff and also has my "lab" on it. I'm looking to develop a security plan to better protect the VMs and overall network. VMs range from linux variants to windows ~20-30VMs total.I want to be able to emulate an enterprise as close as possible to learn more about the different aspects. Of course this starts with AD and tieing in SSO for apps and stuff. I would like to know what type of software I should look into and what log aggregation stuff I should use (I've worked with Splunk a little). I also like the idea of Security Onion which uses ELK so that's an option too since I'm sure it'd easily ship the logs to a centralized server. That covers network IDS and packet logging etc. On the hosts for linux and windows, what should I use for HIDS or other malware scanners that can communicate to a "centralized" server. I saw something about OSSIM but would like community input.Aside from network and host based stuff talked about above, is there anything else I should look into? If you have a diagram that talks about the different security areas of a network (such as network and host based (and more) that I can use as a "checklist" that'd be great.
Submitted April 22, 2018 at 12:08AM by Gamerfanatic
via reddit https://ift.tt/2HgY1G2
I'm looking to begin a new security strategy for my colo'd server. I'm very interested in cyber security overall and would like to explore some of the different areas within. I enjoy hands on experience and learn best from it as well.I have a colo'd server which publicly hosts stuff and also has my "lab" on it. I'm looking to develop a security plan to better protect the VMs and overall network. VMs range from linux variants to windows ~20-30VMs total.I want to be able to emulate an enterprise as close as possible to learn more about the different aspects. Of course this starts with AD and tieing in SSO for apps and stuff. I would like to know what type of software I should look into and what log aggregation stuff I should use (I've worked with Splunk a little). I also like the idea of Security Onion which uses ELK so that's an option too since I'm sure it'd easily ship the logs to a centralized server. That covers network IDS and packet logging etc. On the hosts for linux and windows, what should I use for HIDS or other malware scanners that can communicate to a "centralized" server. I saw something about OSSIM but would like community input.Aside from network and host based stuff talked about above, is there anything else I should look into? If you have a diagram that talks about the different security areas of a network (such as network and host based (and more) that I can use as a "checklist" that'd be great.
Submitted April 22, 2018 at 12:08AM by Gamerfanatic
via reddit https://ift.tt/2HgY1G2
reddit
Overall Security Strategy • r/security
I'm looking to begin a new security strategy for my colo'd server. I'm very interested in cyber security overall and would like to explore some of...
Slow loris noscript not working properly
Hello everybody!So recently I learned about the Slow Loris attack and thought about testing it against my rpi server. So now matter how high I set the number of connections to be, the server still worked, it only worked slower, but for short intervals of time. Here is the code I used! Does anyone have an idea why it doesn't work properly?
Submitted April 22, 2018 at 12:16AM by daviddvd267
via reddit https://ift.tt/2vA3ja7
Hello everybody!So recently I learned about the Slow Loris attack and thought about testing it against my rpi server. So now matter how high I set the number of connections to be, the server still worked, it only worked slower, but for short intervals of time. Here is the code I used! Does anyone have an idea why it doesn't work properly?
Submitted April 22, 2018 at 12:16AM by daviddvd267
via reddit https://ift.tt/2vA3ja7
Pastebin
[Python] import socket, random, time, sys headers = [ "User-agent: Mozilla/5.0 (M - Pastebin.com
The CIA Wants To Compromise Your Router
https://ift.tt/2EFbSjv
Submitted April 22, 2018 at 12:55AM by Iot_Security
via reddit https://ift.tt/2HhH1eQ
https://ift.tt/2EFbSjv
Submitted April 22, 2018 at 12:55AM by Iot_Security
via reddit https://ift.tt/2HhH1eQ
KitGuru
The CIA Wants To Compromise Your Router - KitGuru
While WikiLeaks isn’t everyone’s cup of tea, if you’re in the IT field and haven’t investigated the
Millions of Chrome Users Have Installed Malware Posing as Ad Blockers
https://ift.tt/2Hcdnvu
Submitted April 22, 2018 at 05:55AM by OneSob
via reddit https://ift.tt/2qNuf1c
https://ift.tt/2Hcdnvu
Submitted April 22, 2018 at 05:55AM by OneSob
via reddit https://ift.tt/2qNuf1c
Motherboard
Millions of Chrome Users Have Installed Malware Posing as Ad Blockers
Andrey Meshkov, the cofounder of ad-blocker AdGuard, took a look at the noscript in some popular ad-blocking knockoffs and found some shady business.
Debugging Windows Services For Malware Analysis / Reverse Engineering
https://ift.tt/2vAXVna
Submitted April 22, 2018 at 11:57AM by khasaia
via reddit https://ift.tt/2HW9dVT
https://ift.tt/2vAXVna
Submitted April 22, 2018 at 11:57AM by khasaia
via reddit https://ift.tt/2HW9dVT
secrary[dot]com
Debugging Windows Services For Malware Analysis / Reverse Engineering
This blog is about malware analysis and reverse engineering. I’m Lasha Khasaia
New Version of Satan Ransomware Uses EternalBlue Exploit to Spread Via the Network and then Encrypt Files
https://ift.tt/2vHzBjR
Submitted April 22, 2018 at 02:06PM by TechLord2
via reddit https://ift.tt/2HiguSO
https://ift.tt/2vHzBjR
Submitted April 22, 2018 at 02:06PM by TechLord2
via reddit https://ift.tt/2HiguSO
bartblaze.blogspot.co.uk
Satan ransomware adds EternalBlue exploit
A blog about malware and information security.
Is my Kingston MicroSD Legit ? Is it safe if not?
https://ift.tt/2qQtGTE
Submitted April 22, 2018 at 02:10PM by aymanbt
via reddit https://ift.tt/2JiDJs7
https://ift.tt/2qQtGTE
Submitted April 22, 2018 at 02:10PM by aymanbt
via reddit https://ift.tt/2JiDJs7
Book review: "OAuth 2 In Action" by Justin Richer and Antonio Sanso
https://ift.tt/2F6BS7A
Submitted April 22, 2018 at 03:36PM by alexandertsvetkov
via reddit https://ift.tt/2K4QRT7
https://ift.tt/2F6BS7A
Submitted April 22, 2018 at 03:36PM by alexandertsvetkov
via reddit https://ift.tt/2K4QRT7
Surfing the code
Book review: OAuth 2 In Action by Justin Richer and Antonio Sanso
“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers
https://ift.tt/2K24G4J
Submitted April 22, 2018 at 06:22PM by NISMO1968
via reddit https://ift.tt/2HiL3HT
https://ift.tt/2K24G4J
Submitted April 22, 2018 at 06:22PM by NISMO1968
via reddit https://ift.tt/2HiL3HT
Ars Technica
“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers
Bug patched in March is still being exploited to take full control of servers.
Is Psono password manager worth it?
https://psono.com/
Submitted April 23, 2018 at 01:39AM by DotJersh
via reddit https://ift.tt/2K8P1Rg
https://psono.com/
Submitted April 23, 2018 at 01:39AM by DotJersh
via reddit https://ift.tt/2K8P1Rg
Psono
Psono - Self Hosted and Open Source Password Manager for Companies
Free open-source password manager for businesses with SAML, LDAP, audit logs, and compliance policy features. Supports Windows, Linux, Mac.
Breaking bad to make good: Firefox CVE-2017–7843
https://ift.tt/2qSwgIN
Submitted April 23, 2018 at 02:27AM by kmodi
via reddit https://ift.tt/2HKbIgk
https://ift.tt/2qSwgIN
Submitted April 23, 2018 at 02:27AM by kmodi
via reddit https://ift.tt/2HKbIgk
Medium
Breaking bad to make good: Firefox CVE-2017–7843
Private Browsing Mode (PBM) is one of the most widely known and used feature in not just Firefox but any major browser. Browsers are…
[Question] Selfies in order to turn off 2FA? Tumblr account retrieval dilemma
So, my desktop went kaputz one day and I had to re-login to my regularly used sites/services after fixing it.Unfortunately, due to some sort of error on Google Authenticator, the codes given were not working when I tried to log into Tumblr. I contacted Tumblr support and these were their directions:We can go ahead and remove your old two factor mobile account so you can gain access again to add your new number. For security reasons though, we just need a little more info from you.Is there a photo of you on the blog? If so, please send us the URL of the specific blog post. We can also use your avatar/portrait photo if it’s a clear picture of you or you don’t have another picture.The other thing we need from you is a photo of yourself for comparison. Please take a picture of yourself holding a piece of paper that says “Tumblr, this is literally me,” then send the photo in a reply to this email. You can send both of these items, the photo and the permalinks, in the same email. We need to be able to clearly see your face in both photos for comparison.In a world where deepfakes exists, is this really the best way identify a user trying to reclaim their account? It just sounds so ridiculous. Is this really secure?Note: Tumblr has 2FA, but it's not very good. Kind of like it was slapped on because everyone else was doing some sort of MFA. There are no backup codes, there are no backup security questions, and there is no backup sending the code to your phone. A poor attempt at a good concept.Thank you so much for reading. Please let me know if there is a better security-oriented sub I can discuss this issue on.
Submitted April 23, 2018 at 03:32AM by throwawayrants
via reddit https://ift.tt/2Hn2Qxq
So, my desktop went kaputz one day and I had to re-login to my regularly used sites/services after fixing it.Unfortunately, due to some sort of error on Google Authenticator, the codes given were not working when I tried to log into Tumblr. I contacted Tumblr support and these were their directions:We can go ahead and remove your old two factor mobile account so you can gain access again to add your new number. For security reasons though, we just need a little more info from you.Is there a photo of you on the blog? If so, please send us the URL of the specific blog post. We can also use your avatar/portrait photo if it’s a clear picture of you or you don’t have another picture.The other thing we need from you is a photo of yourself for comparison. Please take a picture of yourself holding a piece of paper that says “Tumblr, this is literally me,” then send the photo in a reply to this email. You can send both of these items, the photo and the permalinks, in the same email. We need to be able to clearly see your face in both photos for comparison.In a world where deepfakes exists, is this really the best way identify a user trying to reclaim their account? It just sounds so ridiculous. Is this really secure?Note: Tumblr has 2FA, but it's not very good. Kind of like it was slapped on because everyone else was doing some sort of MFA. There are no backup codes, there are no backup security questions, and there is no backup sending the code to your phone. A poor attempt at a good concept.Thank you so much for reading. Please let me know if there is a better security-oriented sub I can discuss this issue on.
Submitted April 23, 2018 at 03:32AM by throwawayrants
via reddit https://ift.tt/2Hn2Qxq