Fantastic Malware and Where to Find Them
https://ift.tt/2e8pdUi
Submitted May 19, 2018 at 08:12PM by dengorilla1
via reddit https://ift.tt/2KG1RWH
https://ift.tt/2e8pdUi
Submitted May 19, 2018 at 08:12PM by dengorilla1
via reddit https://ift.tt/2KG1RWH
Megabeets
Fantastic Malware and Where to Find Them – Megabeets
Megabeets collection of repositories, databases and lists that are containing malicious samples, domains and more.
Google Quietly Drops Privacy Policy that Kept Users’ Names Out of Massive Web-Tracking Database
https://ift.tt/2rWibeP
Submitted May 19, 2018 at 09:31PM by dengorilla1
via reddit https://ift.tt/2wUpNU3
https://ift.tt/2rWibeP
Submitted May 19, 2018 at 09:31PM by dengorilla1
via reddit https://ift.tt/2wUpNU3
AllGov
Google Quietly Drops Privacy Policy that Kept Users’ Names Out of Massive Web-Tracking Database
It means that Google can now build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct. The move is a sea change for Google and a further blow to the online ad industry’s longstanding…
IBM warns of instant breaking of encryption by quantum computers: 'Move your data today'
https://ift.tt/2GyMe0M
Submitted May 19, 2018 at 09:55PM by speckz
via reddit https://ift.tt/2kaUzyQ
https://ift.tt/2GyMe0M
Submitted May 19, 2018 at 09:55PM by speckz
via reddit https://ift.tt/2kaUzyQ
ZDNet
IBM warns of instant breaking of encryption by quantum computers: 'Move your data today'
Welcome to the future transparency of today as quantum computers reveal all currently encrypted secrets -- a viable scenario within just a few years.
[Tool / Introduction ] IPFuscation - Using alternate IP representation in your attack workflows!
https://ift.tt/2KEg1Hw
Submitted May 20, 2018 at 12:45AM by vysec
via reddit https://ift.tt/2IwGoP1
https://ift.tt/2KEg1Hw
Submitted May 20, 2018 at 12:45AM by vysec
via reddit https://ift.tt/2IwGoP1
Vincent Yiu
IPFuscation
What the... IPFuscation was a technique that we just named on Twitter after @LucaBongiorni demanded a name! It's a technique that allows for IP addresses to be represented in hexadecimal, octal, or a combination, instead of the decimal encoding that we are…
Digi-ID: The future of secure login?
https://www.youtube.com/watch?v=mYqgf-9zb5c
Submitted May 20, 2018 at 01:17AM by iguessitsokaythen
via reddit https://ift.tt/2wVsaGl
https://www.youtube.com/watch?v=mYqgf-9zb5c
Submitted May 20, 2018 at 01:17AM by iguessitsokaythen
via reddit https://ift.tt/2wVsaGl
YouTube
Digi-ID short pre-release demo with WHMCS login
Here's a quick demonstration video showing off the Digi-ID login for WHMCS that one of our community members has been working hard on. This will allow you to...
Scam number checker? Also Potential PayPal scam?
I recall a service once where I could type in a phone number and see what others are saying of it, can't seem to relocate such a service, just a bunch of similar ones.I just am concerned about the Paypal number 888 221 1161, and not certain if it is legitimate. I was on hold with them for 15 minutes, then got through to what sounded like an off-shore rep. She asked for my first and last name and I said it and based on that alone she said I did have an account. But at one point she asked for the last four of my SSN. Here's the thing. I do have a Paypal account I haven't logged into for YEARS, but I occasionally get emails from "service@paypal.com" about transactions I did not make. Well when I asked this rep what to do about those emails she said send them to "review@paypal.com." Another red flag (pretty sure the correct one is spoof@paypal.com, which is where I did forward their emails). Just constant red flags, seemed like phishing. But even Paypal's site themselves say that is a legitimate number and I don't exactly know the logistics of forwarding an 888 number like that. I know they're easy to spoof, but forwarding it seems impossible.So another question I have other than my noscript question for any who may know, given that I am basically permanently locked out of my paypal account, when I signed up for it, did I have to provide the last 4 of my SSN? Just seems odd she'd ask for that. She also asked me for my bank account number associated with the Paypal account. I was uncomfortable and didn't provide it to her. But the thing is, as a fraud investigator myself, I know it is standard practice to ask people for PII as forms of verification before discussing account information or performing account maintenance, that's like fraud 101.I'm just trying to imagine the angle of this scam if it is one, it's missing the part where they in any way try to appeal to my emotions. The phone number provided is the one that pops up on paypal's official website.And the situation is only further complicated by the fact that I cannot answer my security questions to reset my paypal password, and remembering either the password or answers to those questions isn't going to happen as I abandoned the account without deleting it many years ago before I became an investigator myself and well... realized how stupid that is but that was the main reason I was calling to begin with was to try to get assistance logging back into my account, but the way the rep kept asking for my PII was sketching me out. As part of my job I have listened to hundreds of call center recordings with fraud departments, half and half off-shore, and that rep seemed a little too eager after I provided her my name, last four of SSN, and email address. So I didn't provide any more information. I then went into a line of questioning where I asked when they changed it from spoof to review (for suspicious email forwarding) and she said they updated it. I asked when, she stumbled and said it's new, I said how new because I DuckDuckGo'd it and wasn't seeing anything. She stumbled again saying it was this week. I said I felt uncomfortable forwarding there, she asked to place me on hold, got back a bit later and said it's actually been updated for years but the spoof one is currently down for maintenance. I said okay and disconnected.So thoughts? Seems phishy, right? Or am I just being paranoid being an investigator myself? I literally see this kind of thing 60+ hours a week in my career so sometimes I feel so desensitized to it, but I try to remain vigilant. If it wasn't a scam then she was just a new/horrible rep.
Submitted May 20, 2018 at 01:00AM by PatientVegan
via reddit https://ift.tt/2Iv5Ecx
I recall a service once where I could type in a phone number and see what others are saying of it, can't seem to relocate such a service, just a bunch of similar ones.I just am concerned about the Paypal number 888 221 1161, and not certain if it is legitimate. I was on hold with them for 15 minutes, then got through to what sounded like an off-shore rep. She asked for my first and last name and I said it and based on that alone she said I did have an account. But at one point she asked for the last four of my SSN. Here's the thing. I do have a Paypal account I haven't logged into for YEARS, but I occasionally get emails from "service@paypal.com" about transactions I did not make. Well when I asked this rep what to do about those emails she said send them to "review@paypal.com." Another red flag (pretty sure the correct one is spoof@paypal.com, which is where I did forward their emails). Just constant red flags, seemed like phishing. But even Paypal's site themselves say that is a legitimate number and I don't exactly know the logistics of forwarding an 888 number like that. I know they're easy to spoof, but forwarding it seems impossible.So another question I have other than my noscript question for any who may know, given that I am basically permanently locked out of my paypal account, when I signed up for it, did I have to provide the last 4 of my SSN? Just seems odd she'd ask for that. She also asked me for my bank account number associated with the Paypal account. I was uncomfortable and didn't provide it to her. But the thing is, as a fraud investigator myself, I know it is standard practice to ask people for PII as forms of verification before discussing account information or performing account maintenance, that's like fraud 101.I'm just trying to imagine the angle of this scam if it is one, it's missing the part where they in any way try to appeal to my emotions. The phone number provided is the one that pops up on paypal's official website.And the situation is only further complicated by the fact that I cannot answer my security questions to reset my paypal password, and remembering either the password or answers to those questions isn't going to happen as I abandoned the account without deleting it many years ago before I became an investigator myself and well... realized how stupid that is but that was the main reason I was calling to begin with was to try to get assistance logging back into my account, but the way the rep kept asking for my PII was sketching me out. As part of my job I have listened to hundreds of call center recordings with fraud departments, half and half off-shore, and that rep seemed a little too eager after I provided her my name, last four of SSN, and email address. So I didn't provide any more information. I then went into a line of questioning where I asked when they changed it from spoof to review (for suspicious email forwarding) and she said they updated it. I asked when, she stumbled and said it's new, I said how new because I DuckDuckGo'd it and wasn't seeing anything. She stumbled again saying it was this week. I said I felt uncomfortable forwarding there, she asked to place me on hold, got back a bit later and said it's actually been updated for years but the spoof one is currently down for maintenance. I said okay and disconnected.So thoughts? Seems phishy, right? Or am I just being paranoid being an investigator myself? I literally see this kind of thing 60+ hours a week in my career so sometimes I feel so desensitized to it, but I try to remain vigilant. If it wasn't a scam then she was just a new/horrible rep.
Submitted May 20, 2018 at 01:00AM by PatientVegan
via reddit https://ift.tt/2Iv5Ecx
Paypal
PayPal Account | Mobile Wallet and More | PayPal UK
Use your PayPal account to spend, send, and manage your money. Or, create a merchant account for your business. And so much more. Discover the details here.
One out of Two American Adults Part of the FBI’s Facial Recognition Database
https://ift.tt/2etuffL
Submitted May 20, 2018 at 04:28AM by dengorilla1
via reddit https://ift.tt/2wW9dTD
https://ift.tt/2etuffL
Submitted May 20, 2018 at 04:28AM by dengorilla1
via reddit https://ift.tt/2wW9dTD
HackRead
One out of Two American Adults Part of the FBI’s Facial Recognition Database
The Federal Bureau of Investigation (FBI) and other security agencies are keeping Facial Recognition records of 117 million Americans in the database. That’s about 50 percent of the population. Continued development of facial recognition databases is currently…
One out of Two American Adults Part of the FBI’s Facial Recognition Database
https://ift.tt/2etuffL
Submitted May 20, 2018 at 04:28AM by dengorilla1
via reddit https://ift.tt/2IvQxQ7
https://ift.tt/2etuffL
Submitted May 20, 2018 at 04:28AM by dengorilla1
via reddit https://ift.tt/2IvQxQ7
HackRead
One out of Two American Adults Part of the FBI’s Facial Recognition Database
The Federal Bureau of Investigation (FBI) and other security agencies are keeping Facial Recognition records of 117 million Americans in the database. That’s about 50 percent of the population. Continued development of facial recognition databases is currently…
President Trump Eliminates Job of National Cybersecurity
https://ift.tt/2LbbFc6
Submitted May 20, 2018 at 04:22AM by ApprehensiveActuator
via reddit https://ift.tt/2KEtpLW
https://ift.tt/2LbbFc6
Submitted May 20, 2018 at 04:22AM by ApprehensiveActuator
via reddit https://ift.tt/2KEtpLW
America Out Loud
President Trump Eliminates Job of National Cybersecurity
This next president is going to inherit the most sophisticated and persistent cyber espionage cultures the world has ever seen, He needs to surround...
SANS DFIR Memory Forensics Analysis Poster (Free)
https://ift.tt/2vbaa7Z
Submitted May 20, 2018 at 10:04AM by PeterG45
via reddit https://ift.tt/2GvyfIZ
https://ift.tt/2vbaa7Z
Submitted May 20, 2018 at 10:04AM by PeterG45
via reddit https://ift.tt/2GvyfIZ
Awesome Mind Maps - Review Posters for a Ton of Infosec Topics (See Comment for List of Content)
https://ift.tt/1cpk6HX
Submitted May 20, 2018 at 10:53AM by TechLord2
via reddit https://ift.tt/2rTyicS
https://ift.tt/1cpk6HX
Submitted May 20, 2018 at 10:53AM by TechLord2
via reddit https://ift.tt/2rTyicS
Is this a big issue ??
https://ift.tt/2rTFYvU
Submitted May 20, 2018 at 04:02PM by gsrevt
via reddit https://ift.tt/2GA0k1L
https://ift.tt/2rTFYvU
Submitted May 20, 2018 at 04:02PM by gsrevt
via reddit https://ift.tt/2GA0k1L
GitHub - threatexpress/domainhunter: Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
https://ift.tt/2GxHDMj
Submitted May 20, 2018 at 05:27PM by tiger6700
via reddit https://ift.tt/2KHnkyp
https://ift.tt/2GxHDMj
Submitted May 20, 2018 at 05:27PM by tiger6700
via reddit https://ift.tt/2KHnkyp
GitHub
threatexpress/domainhunter
domainhunter - Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
Is this a fake? Or is it legit? Scared to click it.
https://ift.tt/2LiHq38
Submitted May 20, 2018 at 07:05PM by Bango-Fett
via reddit https://ift.tt/2IDcY1F
https://ift.tt/2LiHq38
Submitted May 20, 2018 at 07:05PM by Bango-Fett
via reddit https://ift.tt/2IDcY1F
Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps
https://ift.tt/1hwynHJ
Submitted May 20, 2018 at 07:58PM by dengorilla1
via reddit https://ift.tt/2rXJRzg
https://ift.tt/1hwynHJ
Submitted May 20, 2018 at 07:58PM by dengorilla1
via reddit https://ift.tt/2rXJRzg
Ars Technica
Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps
Like a super strain of bacteria, the rootkit plaguing Dragos Ruiu is omnipotent.
Hacking GOT
https://ift.tt/2IMfE0o
Submitted May 20, 2018 at 09:36PM by r0hi7
via reddit https://ift.tt/2IBWBCO
https://ift.tt/2IMfE0o
Submitted May 20, 2018 at 09:36PM by r0hi7
via reddit https://ift.tt/2IBWBCO
GitHub
r0hi7/BinExp
BinExp - Linux Binary Exploitation
Reuse an untrusted hard drive?
My mom in law let someone remote into her pc to “repair it”. Upon realizing it we shut down the pc.I swapped the hard drive with another one, reinstalled Windows, and plugged in the original hard drive and formatted it.Was this risky? Assume nothing autoran. Is it safe to reuse the old formatted hard drive now, as a system drive or storage drive? Also, I heard of viruses that live in the bios and survive is os reinstallations. Is this something that exists out in the wild?Thanks!
Submitted May 20, 2018 at 10:01PM by theone_2099
via reddit https://ift.tt/2wXwdBO
My mom in law let someone remote into her pc to “repair it”. Upon realizing it we shut down the pc.I swapped the hard drive with another one, reinstalled Windows, and plugged in the original hard drive and formatted it.Was this risky? Assume nothing autoran. Is it safe to reuse the old formatted hard drive now, as a system drive or storage drive? Also, I heard of viruses that live in the bios and survive is os reinstallations. Is this something that exists out in the wild?Thanks!
Submitted May 20, 2018 at 10:01PM by theone_2099
via reddit https://ift.tt/2wXwdBO
reddit
r/security - Reuse an untrusted hard drive?
0 votes and 0 so far on reddit
Here's a friendly reminder to encrypt your drives! It's one of the most overlooked and easy-to-exploit attacks.
https://youtu.be/0NfvKci3WF0
Submitted May 21, 2018 at 12:03AM by myfeetsmellallday
via reddit https://ift.tt/2rZv0Ej
https://youtu.be/0NfvKci3WF0
Submitted May 21, 2018 at 12:03AM by myfeetsmellallday
via reddit https://ift.tt/2rZv0Ej
YouTube
You Need To Encrypt Your Drives! (Seriously...)
Do you need to encrypt your hard drive or solid state drive using an encryption tool like Bitlocker, FileVault, or Veracrypt for your Windows or MacOS laptop/desktop? ABSOLUTELY! In this Techlore video tutorial/guide, I discuss and demonstrate the reasons…
Extracting SSH Private Keys from Windows 10 ssh-agent
https://ift.tt/2wZAg0w
Submitted May 21, 2018 at 01:09AM by tiger6700
via reddit https://ift.tt/2IBqh6T
https://ift.tt/2wZAg0w
Submitted May 21, 2018 at 01:09AM by tiger6700
via reddit https://ift.tt/2IBqh6T
ropnop blog
Extracting SSH Private Keys From Windows 10 ssh-agent
The newest Windows 10 update includes OpenSSH utilities, including ssh-agent. Here’s how to extract unencrypted saved private keys from the registry
IBM bans USB drives – but will it work?
https://ift.tt/2IbCsHl
Submitted May 21, 2018 at 01:47AM by DrinkMoreCodeMore
via reddit https://ift.tt/2IYL04d
https://ift.tt/2IbCsHl
Submitted May 21, 2018 at 01:47AM by DrinkMoreCodeMore
via reddit https://ift.tt/2IYL04d
Naked Security
IBM bans USB drives – but will it work?
Can you blindly ban all USB drives, or will it lead to “shadow IT” where staff use them anyway? Sophos CISO Ross McKerchar has his say…
Exploiting HTTP PUT method To Hack A Server
https://ift.tt/2IxccYe
Submitted May 21, 2018 at 06:10AM by TheOddGod
via reddit https://ift.tt/2wYrwrp
https://ift.tt/2IxccYe
Submitted May 21, 2018 at 06:10AM by TheOddGod
via reddit https://ift.tt/2wYrwrp
Hackmydevice
How To Exploit HTTP PUT Method Using Metasploitable
Learn Hacking The Right Way Learn How To Hack, WiFi Hacking, Kali Linux, Metasploit, Exploits, Ethical Hacking, Information Security And Scanning.