RDP Brute force attacks using real name?
Hello,I'm not entirely sure this subreddit is the right one, but if you can suggest another one that's more appropriate, let me know.Here goes...sorry for the book.As some quick background, I'm in IT, web development background, infrastructure experience over the past 15 years, fairly experienced with AD security policies, basic intrusion detection (via Splunk), and I have a fairly basic home network. Anyway, I'm sure this is a bad practice, but I've had port forwarding setup for several years now so that I can RDP to my PC and my wife's. We use non-default RDP ports (I know that's not security, and I really do it so that we can have the same external IP with diff ports go to diff internal IPs on 3389). I keep strong passwords on my admin accounts, and change them pretty infrequently.In our PCs, I do have failure auditing enabled, and I occasionally review security event logs. I've seen the brute force attempts to login, and usually ignore it because it was always using default users names (Administrator, Backup, Copier, Warehouse, User1)...stuff like that.Anyway, I recently rebuilt my PC and had forgotten to enable failure auditing for a few weeks. When I did, I took a look at the event logs and was shocked when I saw my family members' real names being used to try and login. I see these attempts using all of my family members real names, from multiple foreign IP addresses. Interestingly, in one case, they even misspelled my daughter's name (instead of Jane Smith, for example, it was Jane Smlth). These real names are in no way actual accounts on my PC. Amazingly, they have all of our real names -- I'm probably the outlier in our family and I rarely if ever go on social media -- so I've no idea how they did this.So, now my question...has anyone seen anything like this before? I'm really surprised that someone would be able to track down our real names and correlate them with our public IP address from our cable internet provider (which changes infrequently admittedly, but has changed). Any ideas or have you seen this as well?In the meantime, I did setup a scheduled task that blackholes failed login attempts from the same IP, so there's that...Thanks in advance...
Submitted May 26, 2018 at 05:15AM by kevlav84
via reddit https://ift.tt/2KTnItC
Hello,I'm not entirely sure this subreddit is the right one, but if you can suggest another one that's more appropriate, let me know.Here goes...sorry for the book.As some quick background, I'm in IT, web development background, infrastructure experience over the past 15 years, fairly experienced with AD security policies, basic intrusion detection (via Splunk), and I have a fairly basic home network. Anyway, I'm sure this is a bad practice, but I've had port forwarding setup for several years now so that I can RDP to my PC and my wife's. We use non-default RDP ports (I know that's not security, and I really do it so that we can have the same external IP with diff ports go to diff internal IPs on 3389). I keep strong passwords on my admin accounts, and change them pretty infrequently.In our PCs, I do have failure auditing enabled, and I occasionally review security event logs. I've seen the brute force attempts to login, and usually ignore it because it was always using default users names (Administrator, Backup, Copier, Warehouse, User1)...stuff like that.Anyway, I recently rebuilt my PC and had forgotten to enable failure auditing for a few weeks. When I did, I took a look at the event logs and was shocked when I saw my family members' real names being used to try and login. I see these attempts using all of my family members real names, from multiple foreign IP addresses. Interestingly, in one case, they even misspelled my daughter's name (instead of Jane Smith, for example, it was Jane Smlth). These real names are in no way actual accounts on my PC. Amazingly, they have all of our real names -- I'm probably the outlier in our family and I rarely if ever go on social media -- so I've no idea how they did this.So, now my question...has anyone seen anything like this before? I'm really surprised that someone would be able to track down our real names and correlate them with our public IP address from our cable internet provider (which changes infrequently admittedly, but has changed). Any ideas or have you seen this as well?In the meantime, I did setup a scheduled task that blackholes failed login attempts from the same IP, so there's that...Thanks in advance...
Submitted May 26, 2018 at 05:15AM by kevlav84
via reddit https://ift.tt/2KTnItC
reddit
r/security - RDP Brute force attacks using real name?
1 votes and 0 so far on reddit
mquery: Blazingly fast Yara queries for malware analysts
https://ift.tt/2ILJGSD
Submitted May 26, 2018 at 12:08PM by digicat
via reddit https://ift.tt/2s72KRe
https://ift.tt/2ILJGSD
Submitted May 26, 2018 at 12:08PM by digicat
via reddit https://ift.tt/2s72KRe
GitHub
CERT-Polska/mquery
mquery - YARA malware query accelerator (web frontend)
Apple ID is being used to sign in to a new device in China. I live in Hawaii. I have 2-Factor Identification on all accounts and devices. Should I be concerned/change anything?
https://ift.tt/2KWu63q
Submitted May 26, 2018 at 03:11PM by jakes_tornado
via reddit https://ift.tt/2Lw4rzB
https://ift.tt/2KWu63q
Submitted May 26, 2018 at 03:11PM by jakes_tornado
via reddit https://ift.tt/2Lw4rzB
FBI to America: Reboot Your Routers, Right Now
https://ift.tt/2IP0F2o
Submitted May 26, 2018 at 01:48PM by absolufreak
via reddit https://ift.tt/2ksAx33
https://ift.tt/2IP0F2o
Submitted May 26, 2018 at 01:48PM by absolufreak
via reddit https://ift.tt/2ksAx33
Popular Mechanics
FBI to America: Reboot Your Routers, Right Now
There's a sneaky bit of malware going around.
Jamming Anybody's Wifi by DDOS Attacj
https://ift.tt/2sf15YS
Submitted May 26, 2018 at 12:41PM by vortex1000
via reddit https://ift.tt/2KVzzaN
https://ift.tt/2sf15YS
Submitted May 26, 2018 at 12:41PM by vortex1000
via reddit https://ift.tt/2KVzzaN
Hack My Device
Jamming Wifi Service: How To Perform DDOS Attack Or Jam A Wireless Network
Activists use Social Engineering to bust a child porn group on Telegram
https://ift.tt/2GyNPU1
Submitted May 26, 2018 at 04:15PM by TelegramParanoidMode
via reddit https://ift.tt/2JaD7sc
https://ift.tt/2GyNPU1
Submitted May 26, 2018 at 04:15PM by TelegramParanoidMode
via reddit https://ift.tt/2JaD7sc
FactorDaily
How the fight against child porn took two ordinary men to the internet's darkest corners | FactorDaily
Neither are programmers or hackers, but through a deep understanding of Telegram’s strengths and weaknesses and a heavy dollop of social engineering, they laid the perfect trap.
Do you think GDPR help improve data privacy and security all around the world?
http://www.eweek.com/security/gdpr-day-1-litigating-the-right-to-data-privacy
Submitted May 26, 2018 at 05:50PM by aracelijerome
via reddit https://ift.tt/2ISasF7
http://www.eweek.com/security/gdpr-day-1-litigating-the-right-to-data-privacy
Submitted May 26, 2018 at 05:50PM by aracelijerome
via reddit https://ift.tt/2ISasF7
eWEEK
GDPR Day 1: Litigating the Right to Data Privacy
The General Data Protection Regulation is the most contested law in the E.U.’s history, and we've only touched the surface of its influence.
Security concern about email services and providers
Is there any free email service that does not delete user account, ever?I'm certain that one of the highest security risk of email accounts is the removing of account after an inactivity period, because of the other services registered with that email address. Usually you won't be able to change anything on you other services, because you can not confirm changes by email ever again. And you can not recover those other accounts (in case of lost password, etc.). And on top of that if someone registers your old address, then he can get your password or reset your password to those services.I know, there are several services with 180 days inactivity periods (gmail perhaps 18 months), and paid services/accounts never will be cancelled, but what if the account owner gets a stroke and hospitalized for a long time (can not pay or login)?
Submitted May 26, 2018 at 07:43PM by Erdoe
via reddit https://ift.tt/2LyRNQq
Is there any free email service that does not delete user account, ever?I'm certain that one of the highest security risk of email accounts is the removing of account after an inactivity period, because of the other services registered with that email address. Usually you won't be able to change anything on you other services, because you can not confirm changes by email ever again. And you can not recover those other accounts (in case of lost password, etc.). And on top of that if someone registers your old address, then he can get your password or reset your password to those services.I know, there are several services with 180 days inactivity periods (gmail perhaps 18 months), and paid services/accounts never will be cancelled, but what if the account owner gets a stroke and hospitalized for a long time (can not pay or login)?
Submitted May 26, 2018 at 07:43PM by Erdoe
via reddit https://ift.tt/2LyRNQq
reddit
r/security - Security concern about email services and providers
1 votes and 2 so far on reddit
An NSA-derived ransomware worm is shutting down computers worldwide
https://ift.tt/2qamUcy
Submitted May 27, 2018 at 12:13AM by dengorilla1
via reddit https://ift.tt/2INXnMN
https://ift.tt/2qamUcy
Submitted May 27, 2018 at 12:13AM by dengorilla1
via reddit https://ift.tt/2INXnMN
Ars Technica
An NSA-derived ransomware worm is shutting down computers worldwide
Wcry uses weapons-grade exploit published by the NSA-leaking Shadow Brokers.
Hey everyone,
I've removed posts from /r/security as it wasn't sharing useful information and /r/netsec covers pretty much everything.
I've removed posts from /r/security as it wasn't sharing useful information and /r/netsec covers pretty much everything.
Intel Engine Firmware Analysis Tool (Sources + Discussion)
https://ift.tt/2bHr9nD
Submitted May 27, 2018 at 03:40PM by Scene_News
via reddit https://ift.tt/2INahil
https://ift.tt/2bHr9nD
Submitted May 27, 2018 at 03:40PM by Scene_News
via reddit https://ift.tt/2INahil
GitHub
platomav/MEAnalyzer
MEAnalyzer - Intel Engine Firmware Analysis Tool
SEVered: Subverting AMD’s Virtual Machine Encryption
https://ift.tt/2sb4EQG
Submitted May 27, 2018 at 10:34PM by majorllama
via reddit https://ift.tt/2xi9aSo
https://ift.tt/2sb4EQG
Submitted May 27, 2018 at 10:34PM by majorllama
via reddit https://ift.tt/2xi9aSo
A Quick Analysis of Malicious NSIS installers used to Disperse Malware
https://ift.tt/2se93SV
Submitted May 27, 2018 at 10:05PM by TechLord2
via reddit https://ift.tt/2si8GpO
https://ift.tt/2se93SV
Submitted May 27, 2018 at 10:05PM by TechLord2
via reddit https://ift.tt/2si8GpO
SANS Internet Storm Center
InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-05-27
Internet Storm Center Diary 2018-05-27, Author: Guy Bruneau
Banking malware employs a new technique to bypass dedicated browser protection measures
https://ift.tt/2sdneqq
Submitted May 27, 2018 at 09:43PM by Scene_News
via reddit https://ift.tt/2LA6KBz
https://ift.tt/2sdneqq
Submitted May 27, 2018 at 09:43PM by Scene_News
via reddit https://ift.tt/2LA6KBz
WeLiveSecurity
Banking malware using inventive methods to attack Polish banks
ESET researchers have discovered a piece of banking malware using a new technique to bypass dedicated browser protection measures that was used to empty accounts in Polish banks.
NetBSD network stack audit results
https://ift.tt/2GYa0TM
Submitted May 28, 2018 at 03:30PM by apancetta
via reddit https://ift.tt/2sevw2k
https://ift.tt/2GYa0TM
Submitted May 28, 2018 at 03:30PM by apancetta
via reddit https://ift.tt/2sevw2k
New VPNFilter malware targets at least 500K networking devices worldwide
https://ift.tt/2scqK4H
Submitted May 28, 2018 at 02:07PM by nachoparker
via reddit https://ift.tt/2IORVxf
https://ift.tt/2scqK4H
Submitted May 28, 2018 at 02:07PM by nachoparker
via reddit https://ift.tt/2IORVxf
Talosintelligence
VPNFilter
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Isolated Networks in the Cloud
https://ift.tt/2GXbrSH
Submitted May 28, 2018 at 06:55PM by Occams_Trimmer
via reddit https://ift.tt/2sdPPNo
https://ift.tt/2GXbrSH
Submitted May 28, 2018 at 06:55PM by Occams_Trimmer
via reddit https://ift.tt/2sdPPNo
Medium
Isolated Networks in the Cloud
After a recent roadmapping session, it seemed like a good idea to research network isolation in cloud environments. We chose to test AWS…
IBM QRadar unauthenticated remote code execution (writeup + exploit)
https://ift.tt/2seGW5g
Submitted May 28, 2018 at 06:53PM by jose_boneh
via reddit https://ift.tt/2ITC3pc
https://ift.tt/2seGW5g
Submitted May 28, 2018 at 06:53PM by jose_boneh
via reddit https://ift.tt/2ITC3pc
Open Source Vulnerability Assessment and Management Tool for Developers and Pentesters [Updated 28 May] (See Comment)
https://ift.tt/2ukKY03
Submitted May 28, 2018 at 10:25PM by TechLord2
via reddit https://ift.tt/2kuvGy4
https://ift.tt/2ukKY03
Submitted May 28, 2018 at 10:25PM by TechLord2
via reddit https://ift.tt/2kuvGy4
GitHub
archerysec/archerysec
Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities. - archerysec/archerysec
Archery - Open Source Vulnerability Assessment and Management Tool for Developers and Pentesters [Updated 28 May]
https://ift.tt/2ukKY03
Submitted May 28, 2018 at 11:07PM by PeterG45
via reddit https://ift.tt/2L3J1Zo
https://ift.tt/2ukKY03
Submitted May 28, 2018 at 11:07PM by PeterG45
via reddit https://ift.tt/2L3J1Zo
GitHub
archerysec/archerysec
Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities. - archerysec/archerysec
Using the Linux Audit System to detect badness
https://ift.tt/2KQRSh9
Submitted May 29, 2018 at 12:07AM by digicat
via reddit https://ift.tt/2skzNR0
https://ift.tt/2KQRSh9
Submitted May 29, 2018 at 12:07AM by digicat
via reddit https://ift.tt/2skzNR0
Thinkst
Using the Linux Audit System to detect badness
Security vendors have a mediocre track record in keeping their own applications and infrastructure safe. As a security product company, we...