Thieves Activating New Cell Phones Despite Credit Freezes
https://ift.tt/2rvZ0HH
Submitted May 09, 2018 at 08:28PM by moonjeff
via reddit https://ift.tt/2I6L9mw
https://ift.tt/2rvZ0HH
Submitted May 09, 2018 at 08:28PM by moonjeff
via reddit https://ift.tt/2I6L9mw
THE DARK SIDE OF THE MOON
Thieves Activating New Cell Phones Despite Credit Freezes
Krebs on Security published an interesting article today regarding ID thieves setting up cell phone accounts in victim’s names without going through the major credit reporting agencies. He l…
Beyond pty.spawn - use pseudoterminals in your reverse shells (DNScat2 example)
https://ift.tt/2Kaap7Y
Submitted May 09, 2018 at 09:01PM by gid0rah
via reddit https://ift.tt/2FYIrcN
https://ift.tt/2Kaap7Y
Submitted May 09, 2018 at 09:01PM by gid0rah
via reddit https://ift.tt/2FYIrcN
x-c3ll.github.io
Beyond pty.spawn - use pseudoterminals in your reverse shells (DNScat2 example) ::
DoomsDay Vault
DoomsDay Vault
Quick article about how to improve well-known tools used in pentests. Forkpty() FTW!!
A number of my accounts have been hacked - what should I do next?
Hi all,As I'm sure many of you can relate to, over the years I've created so many accounts across different platforms that I lost track of them all many years ago. I tend to (stupidly) use the same email-password combination when I create accounts - and inevitably, it has come back to bite me.A few months ago, my Amazon account was hacked. I was able to log back into it, change back the details, set up a new password and toggle two-step verification. Since then, it's been the same sequence of events with my Instagram account, EA account, and my Mojang account - with me realising each time after receiving an email saying my details have just been changed. Obviously, my details have been leaked from somewhere and it will likely be a matter of time before I don't hear about a breach, my account is permanently taken from me, my financial details are discovered, or something equally sinister.So, what steps should I be taking here? I have no idea how many accounts I have dotted around under this email-password combination. Should I just start by securing the most important/sensitive ones or is there someway I could find out what accounts my email address is registered to? Secondly, obviously, I need to start using unique passwords, I've heard people mention things like LastPass before. Would that be my best option? Could it be that someone is logged into my Chrome/Google account somewhere? If there is any other advice you can offer, please do! All help appreciated!
Submitted May 09, 2018 at 09:28PM by deadpigeon29
via reddit https://ift.tt/2FYMBkZ
Hi all,As I'm sure many of you can relate to, over the years I've created so many accounts across different platforms that I lost track of them all many years ago. I tend to (stupidly) use the same email-password combination when I create accounts - and inevitably, it has come back to bite me.A few months ago, my Amazon account was hacked. I was able to log back into it, change back the details, set up a new password and toggle two-step verification. Since then, it's been the same sequence of events with my Instagram account, EA account, and my Mojang account - with me realising each time after receiving an email saying my details have just been changed. Obviously, my details have been leaked from somewhere and it will likely be a matter of time before I don't hear about a breach, my account is permanently taken from me, my financial details are discovered, or something equally sinister.So, what steps should I be taking here? I have no idea how many accounts I have dotted around under this email-password combination. Should I just start by securing the most important/sensitive ones or is there someway I could find out what accounts my email address is registered to? Secondly, obviously, I need to start using unique passwords, I've heard people mention things like LastPass before. Would that be my best option? Could it be that someone is logged into my Chrome/Google account somewhere? If there is any other advice you can offer, please do! All help appreciated!
Submitted May 09, 2018 at 09:28PM by deadpigeon29
via reddit https://ift.tt/2FYMBkZ
reddit
r/security - A number of my accounts have been hacked - what should I do next?
1 votes and 0 so far on reddit
A Georgia Hacking Bill Gets Cybersecurity All Wrong
https://ift.tt/2rlXtoj
Submitted May 09, 2018 at 09:05PM by speckz
via reddit https://ift.tt/2FYMDt7
https://ift.tt/2rlXtoj
Submitted May 09, 2018 at 09:05PM by speckz
via reddit https://ift.tt/2FYMDt7
WIRED
A Georgia Hacking Bill Gets Cybersecurity All Wrong
Georgia's SB315 discourages security research and encourages hacking back—meaning it's exactly backwards.
StreamingPhish - Uses Supervised Machine Learning to Detect Phishing Domains from the Certificate Transparency Log Network (Full Sources)
https://ift.tt/2rsOhhS
Submitted May 09, 2018 at 10:38PM by TechLord2
via reddit https://ift.tt/2K7kxyh
https://ift.tt/2rsOhhS
Submitted May 09, 2018 at 10:38PM by TechLord2
via reddit https://ift.tt/2K7kxyh
GitHub
wesleyraptor/streamingphish
Python-based utility that uses supervised machine learning to detect phishing domains from the Certificate Transparency log network. - wesleyraptor/streamingphish
Ctrl-Inject Technique
https://ift.tt/2K6xJn5
Submitted May 09, 2018 at 10:14PM by campuscodi
via reddit https://ift.tt/2I9AOCf
https://ift.tt/2K6xJn5
Submitted May 09, 2018 at 10:14PM by campuscodi
via reddit https://ift.tt/2I9AOCf
Ensilo
Ctrl-Inject
Researchers discovered a new process injection, “Ctrl-Inject” that leverages the mechanism of handling Ctrl signals in console applications.
Make a clear vulnerability disclosure policy that doesn't scare away researchers
https://ift.tt/2ru9RTk
Submitted May 09, 2018 at 10:25PM by friendlytuna
via reddit https://ift.tt/2wocPO9
https://ift.tt/2ru9RTk
Submitted May 09, 2018 at 10:25PM by friendlytuna
via reddit https://ift.tt/2wocPO9
TechBeacon
How to boost your software security with a clear vulnerability
Vulnerability researchers are understandably shy. Companies looking to improve software security should do outreach have a clear disclosure policy.
Reducing the attack surface on my Windows 7 computer
I currently use Avast Antivirus, and I do a monthly scan with MBAR. I use a VPN for all my surfing and work-related internet activity.I'm honestly putting a shout out because I want to be as secure as possible, but I feel like the more I learn about it, the more I feel like the average joe using a corny antivirus thinking they are secure.Any tips, forums or resources you can suggest that could help me improve my daily security posture?
Submitted May 09, 2018 at 10:21PM by crawlingforinfo
via reddit https://ift.tt/2rttk6M
I currently use Avast Antivirus, and I do a monthly scan with MBAR. I use a VPN for all my surfing and work-related internet activity.I'm honestly putting a shout out because I want to be as secure as possible, but I feel like the more I learn about it, the more I feel like the average joe using a corny antivirus thinking they are secure.Any tips, forums or resources you can suggest that could help me improve my daily security posture?
Submitted May 09, 2018 at 10:21PM by crawlingforinfo
via reddit https://ift.tt/2rttk6M
reddit
r/security - Reducing the attack surface on my Windows 7 computer
1 vote and 6 comments so far on Reddit
Good Bye Privacy, Hello Social Score
https://ift.tt/2IradUo
Submitted May 09, 2018 at 10:19PM by processedpopsicle
via reddit https://ift.tt/2K5xtVg
https://ift.tt/2IradUo
Submitted May 09, 2018 at 10:19PM by processedpopsicle
via reddit https://ift.tt/2K5xtVg
slashdot.org
Big Brother is Watching You
China (as reported 2 years ago) has revealed that the country is operating a system where software is used to determine gestures such as "smoking" which determines your karma or "social score" which ultimately determines how much attention you should receive…
How I used a simple Google query to mine passwords from dozens of public Trello boards
https://ift.tt/2jIMFfG
Submitted May 09, 2018 at 10:56PM by KushagraX
via reddit https://ift.tt/2Iu8NZp
https://ift.tt/2jIMFfG
Submitted May 09, 2018 at 10:56PM by KushagraX
via reddit https://ift.tt/2Iu8NZp
freeCodeCamp.org
How I used a simple Google query to mine passwords from dozens of public Trello boards
A few days ago on 25th April, while researching, I found that a lot of individuals and companies are putting their sensitive information…
Dealing with Limited Resources in Cybersecurity
https://ift.tt/2Ic0Rc1
Submitted May 09, 2018 at 11:15PM by Uminekoshi
via reddit https://ift.tt/2I2L2bz
https://ift.tt/2Ic0Rc1
Submitted May 09, 2018 at 11:15PM by Uminekoshi
via reddit https://ift.tt/2I2L2bz
Nehemiah Security
Dealing with Limited Resources in Cybersecurity - Nehemiah Security
Examining the Problem in Cyber It is clear that limited resources are preventing cybersecurity professionals from doing their job well. Spend 30 seconds at any cybersecurity presentation and you will hear an explosion of words like: smartphones, IoT devices…
Coinhive.xlsx [JavaScript in Excel: Gone Wrong: Not Sexual]
https://ift.tt/2I3qFLr
Submitted May 09, 2018 at 11:12PM by Alan976
via reddit https://ift.tt/2I9pea6
https://ift.tt/2I3qFLr
Submitted May 09, 2018 at 11:12PM by Alan976
via reddit https://ift.tt/2I9pea6
BleepingComputer
PoC Developed for CoinHive Mining In Excel Using Custom JavaScript Functions
Within days of Microsoft announcing that they are introducing custom JavaScript equations in Excel, a security researcher has developed a way to use this method to load the CoinHive in-browser JavaScript miner within Excel.
Root cause analysis of the latest Internet Explorer zero day – CVE-2018-8174
https://ift.tt/2IscsqD
Submitted May 09, 2018 at 11:21PM by PeterG45
via reddit https://ift.tt/2wAQgGf
https://ift.tt/2IscsqD
Submitted May 09, 2018 at 11:21PM by PeterG45
via reddit https://ift.tt/2wAQgGf
Securelist - Kaspersky Lab’s cyberthreat research and reports
The King is dead. Long live the King!
In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnera
Beers with Talos Ep28 - APT, BGP, RCEs, and an Old RAT
https://ift.tt/2rBHu7z
Submitted May 09, 2018 at 11:24PM by WorksAtCisco
via reddit https://ift.tt/2KahXrf
https://ift.tt/2rBHu7z
Submitted May 09, 2018 at 11:24PM by WorksAtCisco
via reddit https://ift.tt/2KahXrf
reddit
r/security - Beers with Talos Ep28 - APT, BGP, RCEs, and an Old RAT
1 votes and 0 so far on reddit
Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities
https://ift.tt/2FYqjQ0
Submitted May 10, 2018 at 12:44AM by EvanConover
via reddit https://ift.tt/2I3FwFA
https://ift.tt/2FYqjQ0
Submitted May 10, 2018 at 12:44AM by EvanConover
via reddit https://ift.tt/2I3FwFA
Trendmicro
Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities - TrendLabs Security Intelligence Blog
For May 2018, Microsoft’s monthly release of security updates — also known as Patch Tuesday — addressed a number of vulnerabilities, most notably two vulnerabilities that were already actively exploited in attacks.
HTTPS: why the green padlock is not enough
https://ift.tt/2wt2n7V
Submitted May 10, 2018 at 02:28AM by EvanConover
via reddit https://ift.tt/2KOq9i3
https://ift.tt/2wt2n7V
Submitted May 10, 2018 at 02:28AM by EvanConover
via reddit https://ift.tt/2KOq9i3
Malwarebytes Labs
HTTPS: why the green padlock is not enough - Malwarebytes Labs
Cheap hosting deals offering free certificates have made the green padlock a less convincing sign of security. Here's what to look for to ensure a website is safe to visit.
Python exploit for Remote Code Execution on GPON home routers (CVE-2018-10562)
https://ift.tt/2rv6HOj
Submitted May 10, 2018 at 04:46AM by Prav123
via reddit https://ift.tt/2jMJOCK
https://ift.tt/2rv6HOj
Submitted May 10, 2018 at 04:46AM by Prav123
via reddit https://ift.tt/2jMJOCK
GitHub
f3d0x0/GPON
Python exploit for Remote Code Executuion on GPON home routers (CVE-2018-10562). Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for the...
Microsoft Exchange CVE-2018-8154 - Critical
https://ift.tt/2I4U3ko
Submitted May 10, 2018 at 09:39AM by mywarthog
via reddit https://ift.tt/2IcCOJF
https://ift.tt/2I4U3ko
Submitted May 10, 2018 at 09:39AM by mywarthog
via reddit https://ift.tt/2IcCOJF
reddit
Microsoft Exchange CVE-2018-8154 - Critical • r/security
1 points and 0 comments so far on reddit
Modal pop up in the ESPN app by Xfinity. I’ve never seen a modal ad in my life on this app. How did this happen? Xfinity is my ISP and I was on WiFi
https://ift.tt/2K8CFrl
Submitted May 10, 2018 at 07:57AM by PikawaNaNiboo
via reddit https://ift.tt/2IqeW8W
https://ift.tt/2K8CFrl
Submitted May 10, 2018 at 07:57AM by PikawaNaNiboo
via reddit https://ift.tt/2IqeW8W
No Win32_Process Needed – Expanding the WMI Lateral Movement Arsenal (With PoC Sources) - See Comment
https://ift.tt/2I7mmdJ
Submitted May 10, 2018 at 12:54PM by TechLord2
via reddit https://ift.tt/2jOB8M2
https://ift.tt/2I7mmdJ
Submitted May 10, 2018 at 12:54PM by TechLord2
via reddit https://ift.tt/2jOB8M2
Cybereason
No Win32_Process Needed – Expanding the WMI Lateral Movement Arsenal
Cybereason researchers discovered new lateral movement techniques discovered that abuse WMI (Windows Management Infrastructure) and provide a tool that’s a proof of concept for the techniques, showing what an attacker could potentially do with them.
Netflix and phishy
https://ift.tt/2G0TeCZ
Submitted May 10, 2018 at 02:23PM by Majortom80
via reddit https://ift.tt/2K8hntU
https://ift.tt/2G0TeCZ
Submitted May 10, 2018 at 02:23PM by Majortom80
via reddit https://ift.tt/2K8hntU
Security Boulevard
Netflix phish claims your membership is on hold - Security Boulevard
We take a look at a new Netflix phish in circulation, using the time-honored trick of claiming the recipient is about to lose access unless they hand over some personal information. Categories: Social engineering Threat analysis Tags: Appleemailemailsnetflixnetflix…