Ransomeware
After building computers for over 10 years, and seeing a huge number of fraud, and identity theft, and recent events that are not related to this subreddit it got me thinking and me asking questions about both Cyber Security, and Physical security of many "Facility" in America which contain a lot of personal information.Anyways about the Computer Security, I am rather concerned because many "Hospital" and "Doctors Offices" even "Police Departments" have been hit with Ransomware attacks, but my question is how secure are their networks really.Most Facility I have been in only have a few security guards, and all use (Dell Computers) which often have (USB Ports) on them, often they use "Intranet" for their secure network, and run at 5.0 GHZ, while letting everyone else use free public WI-FI, the concern I have is the physical access to these systems is easy enough for anyone to slip a (USB Computer), or Flash Drive into any of these computer systems because unused ports are not powered down, often no one is watching either.. So in theory how easy is it for a facility no names given to have "Ransomware" installed on their system by someone plugging in a USB Drive.. Or having private information of many stolen by someone who uses I think its called a USB Computer with malicious code.Often these computers are basic dell's without any type of real "Anti Virus" or security software installed or properly configured. Another true fact is I have seen at least (3 Routers) which are owned by different facility using (Default User Passwords) in the past was able to login to the entire network configuration page, although this is public internet and couldn't be used to steal information itself, it got me thinking about what if someone had a mini computer plugged in behind one of these computer systems and connected on the network just sending out information for months which could grant it access to the (Intranet) which is supposed to be the secure network no longer secure.Let alone the emploee who work there and could easily compromise persons information by accident, or on purpose.Am I right about this, or am I just too paranoid?https://www.youtube.com/watch?v=pL9q2lOZ1Fw&t=77s^ Like in this video...This doesn't include when people leave your personal information on a computer and anyone can just go look at it who enters the room next like at a "Dentist" for example, but it makes me feel so unsafe.This also brings up the subject on "RF ID" Cards being used for security on most facility, how many Hospital, even Police departments use these in America, as well as many other places, yet cloning a persons ID Card like shown in this video seems to be a serious secuirty issue, so why not have more secure authentication?
Submitted May 24, 2018 at 11:03AM by LilithDragonFlower
via reddit https://ift.tt/2J8FVpI
After building computers for over 10 years, and seeing a huge number of fraud, and identity theft, and recent events that are not related to this subreddit it got me thinking and me asking questions about both Cyber Security, and Physical security of many "Facility" in America which contain a lot of personal information.Anyways about the Computer Security, I am rather concerned because many "Hospital" and "Doctors Offices" even "Police Departments" have been hit with Ransomware attacks, but my question is how secure are their networks really.Most Facility I have been in only have a few security guards, and all use (Dell Computers) which often have (USB Ports) on them, often they use "Intranet" for their secure network, and run at 5.0 GHZ, while letting everyone else use free public WI-FI, the concern I have is the physical access to these systems is easy enough for anyone to slip a (USB Computer), or Flash Drive into any of these computer systems because unused ports are not powered down, often no one is watching either.. So in theory how easy is it for a facility no names given to have "Ransomware" installed on their system by someone plugging in a USB Drive.. Or having private information of many stolen by someone who uses I think its called a USB Computer with malicious code.Often these computers are basic dell's without any type of real "Anti Virus" or security software installed or properly configured. Another true fact is I have seen at least (3 Routers) which are owned by different facility using (Default User Passwords) in the past was able to login to the entire network configuration page, although this is public internet and couldn't be used to steal information itself, it got me thinking about what if someone had a mini computer plugged in behind one of these computer systems and connected on the network just sending out information for months which could grant it access to the (Intranet) which is supposed to be the secure network no longer secure.Let alone the emploee who work there and could easily compromise persons information by accident, or on purpose.Am I right about this, or am I just too paranoid?https://www.youtube.com/watch?v=pL9q2lOZ1Fw&t=77s^ Like in this video...This doesn't include when people leave your personal information on a computer and anyone can just go look at it who enters the room next like at a "Dentist" for example, but it makes me feel so unsafe.This also brings up the subject on "RF ID" Cards being used for security on most facility, how many Hospital, even Police departments use these in America, as well as many other places, yet cloning a persons ID Card like shown in this video seems to be a serious secuirty issue, so why not have more secure authentication?
Submitted May 24, 2018 at 11:03AM by LilithDragonFlower
via reddit https://ift.tt/2J8FVpI
YouTube
Watch hackers break into the US power grid
A power company in the Midwest hired a group of white hat hackers known as RedTeam Security to test its defenses. We followed them around for 3 days, as they...
CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox
https://ift.tt/2Lr8nS1
Submitted May 24, 2018 at 03:05PM by albinowax
via reddit https://ift.tt/2IJsJZ6
https://ift.tt/2Lr8nS1
Submitted May 24, 2018 at 03:05PM by albinowax
via reddit https://ift.tt/2IJsJZ6
mksben.l0.cm
CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox
In this blogpost, I'd like to write about a CSP strict-dynamic bypass vulnerability which is fixed in Firefox 60. https://www.mozilla.org/...
HTTPS Weaknesses
https://ift.tt/2kjkgNE
Submitted May 24, 2018 at 03:14PM by DhoundSecurity
via reddit https://ift.tt/2s8NLFA
https://ift.tt/2kjkgNE
Submitted May 24, 2018 at 03:14PM by DhoundSecurity
via reddit https://ift.tt/2s8NLFA
Medium
HTTPS Weaknesses
Sometimes not technical people selling IT services or products answer the question “How about the reliability of your system?” as follows…
Compromising Thousands of Websites Through a CDN
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 02:54PM by albinowax
via reddit https://ift.tt/2IM3fGB
https://ift.tt/2s2nuJw
Submitted May 24, 2018 at 02:54PM by albinowax
via reddit https://ift.tt/2IM3fGB
justi.cz
Compromising Thousands of Websites Through a CDN
tl;dr unpkg.com is a pretty popular CDN for serving up assets from npm packages. I found a vulnerability in a tar implementation that allowed me to write arb...
Video voyeurism bill advances, would expand crime's definition beyond sexual intent
https://ift.tt/2JFLx7O
Submitted May 24, 2018 at 04:34PM by Iot_Security
via reddit https://ift.tt/2IHq1DD
https://ift.tt/2JFLx7O
Submitted May 24, 2018 at 04:34PM by Iot_Security
via reddit https://ift.tt/2IHq1DD
The Advocate
Video voyeurism bill advances, would expand crime's definition beyond sexual intent
A year after a New Orleans plastic surgeon was acquitted on video voyeurism charges for filming patients while nude, lawmakers are advancing a bill to expand the state’s video voyeurism
Keeping your powder coated security screens looking good
https://ift.tt/2sdhBJ8
Submitted May 24, 2018 at 05:23PM by northcoastblinds
via reddit https://ift.tt/2IHFjbu
https://ift.tt/2sdhBJ8
Submitted May 24, 2018 at 05:23PM by northcoastblinds
via reddit https://ift.tt/2IHFjbu
North
Keeping your powdercoated security screens looking good - North
Like many products that are found outdoors, security doors and screens are powdercoated to protect them from the elements and keep them looking good. Other familiar items that have powdercoating include window joinery, entrance or garage doors, letter boxes…
Security In 5: Episode 245 - Improve Your Organization Security Behaviors
https://ift.tt/2GMdeJX
Submitted May 24, 2018 at 06:41PM by BinaryBlog
via reddit https://ift.tt/2sdxxLs
https://ift.tt/2GMdeJX
Submitted May 24, 2018 at 06:41PM by BinaryBlog
via reddit https://ift.tt/2sdxxLs
Libsyn
Security In Five Podcast: Episode 245 - Improve Your Organization Security Behaviors
Security is about people. Your program's effectiveness comes down to the ability of the people following the policies to behave in a secure way. This episode goes into a few tips on how to help an organization improve the security behaviors of the employees. …
Why is TCPcrypt not widely used?
No text found
Submitted May 24, 2018 at 05:56PM by MrEU1
via reddit https://ift.tt/2IE3nMa
No text found
Submitted May 24, 2018 at 05:56PM by MrEU1
via reddit https://ift.tt/2IE3nMa
reddit
Why is TCPcrypt not widely used? • r/security
1 points and 0 comments so far on reddit
Z-Shave - a downgrade attack against the latest Z-Wave security standard
https://ift.tt/2GGI3Qx
Submitted May 24, 2018 at 07:28PM by cybergibbons
via reddit https://ift.tt/2LqQC5t
https://ift.tt/2GGI3Qx
Submitted May 24, 2018 at 07:28PM by cybergibbons
via reddit https://ift.tt/2LqQC5t
Pentestpartners
Z-Shave. Exploiting Z-Wave downgrade attacks | Pen Test Partners
TL;DR: Stronger S2 Z-Wave pairing security process can be downgraded to weak S0, exposing smart devices to compromise. Z-Wave uses a shared network key to secure traffic. This key is exchanged between the controller and the client devices ('nodes') when the…
TR-069: IoT before it was cool! Analysis of TR-069 (TCP 7547) exposure and attacks over time
https://ift.tt/2sbTWIZ
Submitted May 24, 2018 at 09:27PM by kafbas
via reddit https://ift.tt/2knIYfG
https://ift.tt/2sbTWIZ
Submitted May 24, 2018 at 09:27PM by kafbas
via reddit https://ift.tt/2knIYfG
Sec-Consult
TR-069: IoT before it was cool! | SEC Consult
TR-069 is the most widespread IoT management protocol. Most likely, you have a few devices in your home that use it on a daily basis. SEC Consult found some interesting vulnerabilities.
Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)
https://ift.tt/2s5v9H9
Submitted May 24, 2018 at 09:23PM by nibblesec
via reddit https://ift.tt/2sbP5Yh
https://ift.tt/2s5v9H9
Submitted May 24, 2018 at 09:23PM by nibblesec
via reddit https://ift.tt/2sbP5Yh
Doyensec
Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix) · Doyensec's Blog
Doyensec's Blog :: Doyensec is an independent security research and development company focused on vulnerability discovery and remediation.
Scammer demands bitcoin in exchange for safe return of lost Granville County dog
https://ift.tt/2IICczS
Submitted May 24, 2018 at 09:55PM by EvanConover
via reddit https://ift.tt/2KRua4e
https://ift.tt/2IICczS
Submitted May 24, 2018 at 09:55PM by EvanConover
via reddit https://ift.tt/2KRua4e
CBS 17
Scammer demands bitcoin in exchange for safe return of lost Granville County dog
Patricia Howell posted her phone number on the internet, asking for help finding her family's lost dog, but never imagined someone would use it to demand a ransom.
Need help choosing a p/w manager for windows+android
I was using DashLane. I want to like it, but it offers no biometrics functionality for windows like it's android app does.Are there any out there that do? Target functionality is: AES-256 bit, built in password generator, biometrics functionality for both windows and android (desktop has fingerprint scanner, tablet has racial recognition). Browser compatibility should include Chrome and Firefox, and it needs to have some sort of export functionality for backups.Target price point is <75/year for 4 devices
Submitted May 24, 2018 at 10:53PM by SnowDrifter_
via reddit https://ift.tt/2GKAvfn
I was using DashLane. I want to like it, but it offers no biometrics functionality for windows like it's android app does.Are there any out there that do? Target functionality is: AES-256 bit, built in password generator, biometrics functionality for both windows and android (desktop has fingerprint scanner, tablet has racial recognition). Browser compatibility should include Chrome and Firefox, and it needs to have some sort of export functionality for backups.Target price point is <75/year for 4 devices
Submitted May 24, 2018 at 10:53PM by SnowDrifter_
via reddit https://ift.tt/2GKAvfn
reddit
r/security - Need help choosing a p/w manager for windows+android
1 votes and 0 so far on reddit
Automate certificate monitoring with free API – KeyChest
https://ift.tt/2IJw5eP
Submitted May 24, 2018 at 10:55PM by TheUglyStranger
via reddit https://ift.tt/2IGnrxD
https://ift.tt/2IJw5eP
Submitted May 24, 2018 at 10:55PM by TheUglyStranger
via reddit https://ift.tt/2IGnrxD
Magic of Security
Automate certificate monitoring with free API – KeyChest
Our certificate monitoring KeyChest has an initial RESTful API for remote enrolment of new certificates and for checking certificate expiry. Its design supports automation without any initial secur…
Exploiting an Unsecured Dell Foglight Server
https://ift.tt/2KP4XHI
Submitted May 24, 2018 at 11:45PM by coalfirelabs
via reddit https://ift.tt/2sbUPSL
https://ift.tt/2KP4XHI
Submitted May 24, 2018 at 11:45PM by coalfirelabs
via reddit https://ift.tt/2sbUPSL
Coalfire.com
Post
Coalfire Labs blog posts with opinions, findings and research from the technical testing of IT perspective.
Why cybersecurity experts are so concerned about the health-care industry
https://ift.tt/2wLbFMF
Submitted May 24, 2018 at 11:31PM by speckz
via reddit https://ift.tt/2GN6CuR
https://ift.tt/2wLbFMF
Submitted May 24, 2018 at 11:31PM by speckz
via reddit https://ift.tt/2GN6CuR
Washington Post
Analysis | The Cybersecurity 202: Why cybersecurity experts are so concerned about the health-care industry
Research released by two security companies paints an unsettling picture.
Best Email Encryption Service?
Hey everyone I'm looking for the easiest, email encryption service. Basically easy for the customer to open up and reply securely.
Submitted May 24, 2018 at 11:23PM by DawnOfMe
via reddit https://ift.tt/2LtSxpN
Hey everyone I'm looking for the easiest, email encryption service. Basically easy for the customer to open up and reply securely.
Submitted May 24, 2018 at 11:23PM by DawnOfMe
via reddit https://ift.tt/2LtSxpN
reddit
r/security - Best Email Encryption Service?
1 votes and 7 so far on reddit
Font Steganography
https://ift.tt/2x5IVi1
Submitted May 25, 2018 at 12:12AM by volci
via reddit https://ift.tt/2IM83eU
https://ift.tt/2x5IVi1
Submitted May 25, 2018 at 12:12AM by volci
via reddit https://ift.tt/2IM83eU
reddit
r/security - Font Steganography
2 votes and 0 so far on reddit
Amazon Comes Under Fire for Facial Recognition Platform
https://ift.tt/2LsmIxV
Submitted May 25, 2018 at 12:09AM by volci
via reddit https://ift.tt/2LsXO19
https://ift.tt/2LsmIxV
Submitted May 25, 2018 at 12:09AM by volci
via reddit https://ift.tt/2LsXO19
Threatpost | The first stop for security news
Amazon Comes Under Fire for Facial Recognition Platform
Facial-recognition technology has long been touted as a useful tool for law enforcement, but the ability of systems like Amazon's Rekognition platform to identify large numbers of people at once in a
What is Digi-ID
https://www.youtube.com/watch?v=pLrQycud5GI
Submitted May 24, 2018 at 11:49PM by iguessitsokaythen
via reddit https://ift.tt/2GM6A6H
https://www.youtube.com/watch?v=pLrQycud5GI
Submitted May 24, 2018 at 11:49PM by iguessitsokaythen
via reddit https://ift.tt/2GM6A6H
YouTube
What is Digi-ID
Digi-ID is a fast and secure way to log in to website, applications, or even building security powered by the DigiByte Blockchain
Find out more at www.digi-id.io
Please feel free to re-share this video anywhere you think people could benefit from knowing…
Find out more at www.digi-id.io
Please feel free to re-share this video anywhere you think people could benefit from knowing…
Phishers are sending fake "Privacy Policy Update" emails
Thanks to the hysteria over GDPR, phishing scammers have spotted an opportunity. They are now sending out phishing E-mails disguised as "Privacy Policy" update notices.Beware anything posing as a "Privacy Policy" update if it's from an organization you've not done business with. Assume it's a fraud.
Submitted May 25, 2018 at 12:25AM by OriginalSimba
via reddit https://ift.tt/2x9G6MX
Thanks to the hysteria over GDPR, phishing scammers have spotted an opportunity. They are now sending out phishing E-mails disguised as "Privacy Policy" update notices.Beware anything posing as a "Privacy Policy" update if it's from an organization you've not done business with. Assume it's a fraud.
Submitted May 25, 2018 at 12:25AM by OriginalSimba
via reddit https://ift.tt/2x9G6MX
reddit
r/security - Phishers are sending fake "Privacy Policy Update" emails
2 votes and 0 so far on reddit