] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

How far have we come? The evolution of securing identities

(Tuesday April 13, 2021)
What are today’s biggest identity challenges? Have I Been Pwned Founder Troy Hunt talks with Microsoft about the current state of identity. The post How far have we come? The evolution of securing identities [https://www.microsoft.com/security/blog/2021/04/13/how-far-have-we-come-the-evolution-of-securing-identities/] appeared first on Microsoft Security.

Announcing Malwatch, A new *nix web hosting malware scanning system created at Pagely.

(Tuesday April 13, 2021)
Malware is the bane of most site owners' online journey. New threats emerge daily and a successful attack can bring your operation down by defacement, tanking your SEO, or harvesting your private data. Pagely has created a new malware file scanning tool under our PressARMOR™ security framework that is not…

A helpful reminder about just how much Facebook stalks you on the internet

(Tuesday April 13, 2021)
Many Facebook users think they only have to worry about the data that they personally share about themselves on Facebook, by posting messages on the site, connecting with their friends, and liking posts. But the truth is that Facebook knows much more about you than that, by collecting data from your activities off-site as well.

Detecting the "Next" SolarWinds-Style Cyber Attack

(Tuesday April 13, 2021)
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because of the far-reaching SolarWinds deployments, the perpetrators were also able to infiltrate many other organizations, looking for intellectual

April 2021 Update Tuesday packages now available

(Tuesday April 13, 2021)
Today is Update Tuesday – our commitment to provide a predictable monthly schedule to release updates and provide the latest protection to our customers. Update Tuesday is a monthly cycle when Microsoft releases patches for vulnerabilities that we have found proactively or that have been disclosed to us through our security partnerships under a coordinated … April 2021 Update Tuesday packages now available Read More » [https://msrc-blog.microsoft.com/2021/04/13/april-2021-update-tuesday-packages-now-available/]

Synopsys Study reveals increase in Vulnerable, Outdated, and Abandoned Open Source Components in Commercial Software

(Tuesday April 13, 2021)
Synopsys, Inc. has released its 2021 Open Source Security and Risk Analysis (OSSRA) report, which examines the result of more than 1,500 audits of commercial codebases. Produced by  the Synopsys Cybersecurity Research Center (CyRC) and performed by the Black Duck® Audit Services team, the report highlights trends in open source usage within commercial applications, while simultaneously providing insights to help commercial and open source developers better understand the interconnected software ecosystem they are part of. It...

5 Objectives for Establishing an API-First Security Strategy

(Tuesday April 13, 2021)
With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.

Promising news: users are becoming more savvy to COVID-19 based phishing attacks finds KnowBe4

(Tuesday April 13, 2021)
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has revealed the results of its latest 2021 top-clicked phishing report. It found that, despite still seeing a few phishing email attacks related to COVID-19, users are becoming more savvy and alert to these types of scams. Real phishing emails that […] The post Promising news: users are becoming more savvy to COVID-19 based phishing attacks finds KnowBe4 [https://www.itsecurityguru.org/2021/04/13/promising-news-users-are-becoming-more-savvy-to-covid-19-based-phishing-attacks-finds-kn

IoT bug report claims “at least 100M devices” may be impacted

(Tuesday April 13, 2021)
The programmers among us are learning... but not always quickly enough, it seems. Here's some food for coding thought...

Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop

(Tuesday April 13, 2021)
The security bugs could open the door for arbitrary code-execution and full takeover of targeted machines.

Tim Mackie takes lead channel role for Armis

(Tuesday April 13, 2021)
Armis®, the agentless device security platform, today announced the appointment of Tim Mackie as the new Worldwide Vice President of Channel. As part of Armis’ commitment to its global channel partner programme and the accelerating demand for businesses to collaborate with it, Mackie has been appointed to lead this high growth function.  Mackie is a […] The post Tim Mackie takes lead channel role for Armis [https://www.itsecurityguru.org/2021/04/13/tim-mackie-takes-lead-channel-role-for-armis/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Secure unmanaged devices with Microsoft Defender for Endpoint now

(Tuesday April 13, 2021)
New Microsoft Defender for Endpoint capabilities let organizations discover and secure unmanaged workstations, mobile devices, servers, and network devices. The post Secure unmanaged devices with Microsoft Defender for Endpoint now [https://www.microsoft.com/security/blog/2021/04/13/secure-unmanaged-devices-with-microsoft-defender-for-endpoint-now/] appeared first on Microsoft Security.

BrandPost: Healthcare Organizations: Moving to High Alert for Ransomware

(Tuesday April 13, 2021)
  Healthcare facilities are currently a favorite target of criminals who use ransomware (aka malicious software) to launch attacks. These disruptive attacks – which lock up systems and demand the victim pay a ransom in cryptocurrency in exchange for regaining access – can disable endpoints and encrypt critical files that include essential information for patient care. Ransomware attacks on healthcare organizations also tie up hundreds of IT staff hours responding and recovering, impact multiple branches and clinics, and damage hard-earned business reputations. Numerous healthcare...

Red Hat Security Advisory 2021-1171-01

(Tuesday April 13, 2021)
Red Hat Security Advisory 2021-1171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

Blitar Tourism 1.0 SQL Injection

(Tuesday April 13, 2021)
Blitar Tourism version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Chrome V8 JavaScript Engine Remote Code Execution

(Tuesday April 13, 2021)
Chrome V8 Javascript Engine remote code execution zero day exploit. Google is expected to release an update to their browser on tuesday 04/14/2021 that will address this vulnerability.

Red Hat Security Advisory 2021-1173-01

(Tuesday April 13, 2021)
Red Hat Security Advisory 2021-1173-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

ExpressVPN VPN Router 1.0 Integer Overflow

(Tuesday April 13, 2021)
ExpressVPN VPN Router version 1.0 suffers from an integer overflow vulnerability.

Red Hat Security Advisory 2021-1168-01

(Tuesday April 13, 2021)
Red Hat Security Advisory 2021-1168-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console-with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues....

Hiding malicious processes in containers exploiting ld.so.preload - How does it works - How to prevent - How to detect with Falco

(Tuesday April 13, 2021)
By Kaizhe Huang on April 13, 2021 Table of contents Table of contents Hiding processes in containers Hiding processes in Pods Unveiling with Falco Other mitigation strategies Conclusion Detecting malicious processes is already complicated in cloud-native environments, as without the proper tools they are black boxes. It becomes even more complicated if those malicious processes are hidden. A malware using open source tools to evade detection has been reported The open source project...

Simple Student Information System 1.0 SQL Injection

(Tuesday April 13, 2021)
Simple Student Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Native Church Website 1.0 Shell Upload

(Tuesday April 13, 2021)
Native Church Website version 1.0 suffers from a remote shell upload vulnerability.

BrandPost: Why Choose Open XDR? It's the Integration

(Tuesday April 13, 2021)
There are almost as many flavors of detection and response tools as there are flavors at the local ice cream shop – OK, perhaps that’s a slight exaggeration, but there are definitely a confusing number of options these days. NDR (network detection and response), EDR (endpoint detection and response), XDR (eXtended detection and response), and even Open XDR – they’re all variations on a theme of protecting endpoints, since they’re the first line of network defense. Which option to pick? As a ReliaQuest customer recently related to us with a smile on his face, cybersecurity vendors...

Cisco + The NFL = The Connected League

(Tuesday April 13, 2021)
Cisco has been named an Official Technology Partner of the NFL. Together, Cisco and the NFL are committed to creating a new chapter in the sports and entertainment industry by developing the first ever Connected League – where a unified, intent-based networking architecture will connect all 30 venues. This network will allow the league to support all facets of gameday operations, but also deliver new experiences to teams and fans alike.

Clear & Present Danger: Data Hoarding Undermines Better Security

(Tuesday April 13, 2021)
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.

Chrome Zero-Day Exploit Posted on Twitter

(Tuesday April 13, 2021)
An update to Google’s browser that fixes the flaw is expected to be released on Tuesday.

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

(Tuesday April 13, 2021)
Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by Forescout and JSOF, the flaws are the latest in series of studies undertaken as part of an initiative called Project Memoria to study the security

Bad Bot Report 2021: The Pandemic of the Internet

(Tuesday April 13, 2021)
The 8th Annual Bad Bot Report is now available from Imperva. Created using data from Imperva’s Threat Research Lab, it provides a comprehensive look at the bad bot landscape and the impact that this malicious traffic has across multiple industries. Bad bot traffic amounted to 25.6 percent of all website traffic in 2020. This means […] The post Bad Bot Report 2021: The Pandemic of the Internet [https://www.imperva.com/blog/bad-bot-report-2021-the-pandemic-of-the-internet/] appeared first on Blog [https://www.imperva.com/blog].

Hackers Using Website's Contact Forms to Deliver IcedID Malware

(Tuesday April 13, 2021)
Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections. "The emails instruct recipients to click a link to review

Cisco RV34X Series - Authentication Bypass and Remote Command Execution

(Tuesday April 13, 2021)
IoT Inspector identified security issues in Cisco's RV34X series of devices. Read the full root analysis on our blog!

DOJ Charges Texas Resident for Allegedly Planning to ‘Kill About 70% of The Internet”

(Tuesday April 13, 2021)
Last Thursday, a Wichita Falls resident was arrested for allegedly attempting to bomb an AWS data center in Virginia. According to the US Department of Justice (DOJ), 28-year Seth Aaron Pendley was detained after a concerned citizen alerted authorities to disturbing statements posted on the MyMilitia.com forum. On March 31, with the help of a […]

6 tips for receiving and responding to third-party security disclosures

(Tuesday April 13, 2021)
Organizations—especially large companies—often don't learn about an intrusion or breach of their systems until an external party like a security researcher, law enforcement agency or business partner alerts them to it. The expanding range of attack methods, the growing use of open-source components, and the adoption of cloud services have significantly expanded the attack surface at many organizations and made it harder for security teams to discover breaches on their own. .(Insider Story)

7 new social engineering tactics threat actors are using now

(Tuesday April 13, 2021)
It’s been a boom time for . Pandemic panic, desperation as income concerns grew, and worry over health and wellness made it easier for criminals to tap into fear. Social engineering, of course, means attacking the user rather than the computing system itself, trying to extract information or incite an action that will lead to compromise. It's as old as lying, with a new name for the computing age—and that's a perfect metaphor for how social engineering tactics evolve. [ Learn . ]

BRATA Malware Poses as Android Security Scanners on Google Play Store

(Tuesday April 13, 2021)
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers

(Tuesday April 13, 2021)
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the working exploit concerns a remote code execution vulnerability in the V8 JavaScript rendering engine that powers the web browsers. It is believed

Hackers Tampered With APKPure Store to Distribute Malware Apps

(Tuesday April 13, 2021)
APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

(Tuesday April 13, 2021)
The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI). Targets with successful attempts included Zoom, Apple

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

(Tuesday April 13, 2021)
Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim. The

Data Breaches, Class Actions and Ambulance Chasing

(Tuesday April 13, 2021)
. Their message began as follows: > I am currently in the process of claiming compensation for a severe > data breach

Pokies shut down by hacker ransomware attack

(Tuesday April 13, 2021)
Tasmania's lone casino operator confirms it is being held to ransom in a cyber attack that has impacted its pokies machines and hotel bookings system for more than a week.

Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.

(Monday April 12, 2021)
[NVD Logo] __CVE-2021-30481 DETAIL UNDERGOING ANALYSIS This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary. DESCRIPTION Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. SEVERITY   CVSS Version 3.x CVSS Version...

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

(Monday April 12, 2021)
Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that's popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses.

Biden Nominates Former NSA Officials for Top Cybersecurity Roles

(Monday April 12, 2021)
President Biden has nominated Jen Easterly as the new director of CISA and is expected to nominate Chris Inglis as the first national cyber director.

1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free

(Monday April 12, 2021)
Clubhouse denies it was ‘breached’ and says the data is out there for anyone to grab.

Microsoft Warns of Malware Delivery via Google URLs

(Monday April 12, 2021)
A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan.

Man Arrested for AWS Bomb Plot

(Monday April 12, 2021)
A man caught in an FBI sting allegedly said he wanted to destroy "70 percent of the internet" by going after the tech giant's data centers.

Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy

(Monday April 12, 2021)
Jerome Powell tells 60 Minutes that cyberattacks have the potential to do major damage to US financial system.

Apple and Google block official UK COVID-19 app update

(Monday April 12, 2021)
UK coronavirus app update apparently included "feature creep" that's explicitly prohibited by Apple's and Google's programming rules.

Zero Trust: The Mobile Dimension

(Monday April 12, 2021)
Hank Schless, senior security solutions manager at Lookout, discusses how to secure remote working via mobile devices.

IcedID Circulates Via Web Forms, Google URLs

(Monday April 12, 2021)
Attackers are filling out and submitting web-based "contact us" forms, thus evading email spam filters.

Upstox warns of serious data breach, resets passwords

(Monday April 12, 2021)
Indian stock trading firm Upstox has revealed to users that it has suffered a serious security breach that may have seen unauthorised criminal access to millions of customers' personal information.

Security Researchers Find Critical Zero-Day Exploit in Zoom Messenger

(Monday April 12, 2021)
SERT Points Russia as Leader in Exploit Kit Development[SERT Points Russia as Leader in Exploit Kit Development]A couple of security researchers have identified a critical, zero-day vulnerability in Zoom that allowed them to take control of the remote devices without user interaction. Taking over a remote device, via network, with any input from the victim usually means that it’s a critical vulnerability. Since researchers just demonstrated the exploit chain, no information […]

Falco 0.28.0

(Monday April 12, 2021)
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Ubuntu Security Notice USN-4899-2

(Monday April 12, 2021)
Ubuntu Security Notice 4899-2 - USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides the corresponding update for Ubuntu 14.04 ESM. Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.

ZeroNights 2021 Call For Papers

(Monday April 12, 2021)
The ZeroNights 2021 Call For Papers has been announced. It will be held in Saint-Petersburg, Russia on June 30th, 2021.

vsftpd 2.3.4 Backdoor Command Execution

(Monday April 12, 2021)
vsftpd version 2.3.4 backdoor remote command execution exploit.

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users' Data

(Monday April 12, 2021)
Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked information includes names, email addresses, dates of birth, bank account information, and about 56 million know your customer (KYC) documents pulled

Microsoft Uses Machine Learning to Predict Attackers' Next Steps

(Monday April 12, 2021)
Researchers build a model to attribute attacks to specific groups based on tactics, techniques, and procedures, and then figure out their next move.

ELECTRIC CHROME: Exploiting CVE-2020-6418 on Tesla Model 3

(Monday April 12, 2021)
__ 12 Apr 2021 _Disclaimer: All technical explanations are to the best of my knowledge and subject to human fallibility. Concepts may be overly simplified intentionally or otherwise. I did not discover the vulnerability used, nor did I create any of the techniques used to exploit it._ In November of 2019, I attended Ret2 Systems’ Advanced Browser in great detail about the internals of Google Chrome’s V8 and Apple Safari’s JavaScriptCore. At the end of the five day course, we ended by...

Tweet Chat: The Social Dilemma

(Monday April 12, 2021)
Released in 2020, the documentary-drama, ‘The Social Dilemma’, offers a thought-provoking and alarming depiction of our reality today. The film exposes the ruthless nature of tech giants seeking to reinforce marketing algorithms for monetary gain and the consequences that have emerged as a result; from eliciting mental health issues and nurturing addictions to promoting the […] The post Tweet Chat: The Social Dilemma [https://www.itsecurityguru.org/2021/04/12/tweet-chat-the-social-dilemma/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

New Malware Downloader Spotted in Targeted Campaigns

(Monday April 12, 2021)
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.

MIPS-Reverse - Generate automatically MIPS reverse shell shellcodes (custom IP, port and shell)

(Monday April 12, 2021)
Generate MIPS reverse shell shellcodes easily ! Contribute to Rog3rSm1th/MIPS-Reverse development by creating an account on GitHub.

At last – Thinking outside the SCIF

(Monday April 12, 2021)
Q1/21 a symposium was hosted in the US under the title ‘Thinking Outside the SCIF’ (Sensitive Compartmented Information Facility) to put forward the case for the utilisation of OSINT (Open Source) within the US Military and Intelligence Communities. John McLaughlin (CIA) kicked off day one by correctly pointing out that there was nothing new about […] The post At last – Thinking outside the SCIF [https://www.itsecurityguru.org/2021/04/12/at-last-thinking-outside-the-scif/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Wake Up and Smell the JavaScript

(Monday April 12, 2021)
The SolarWinds attack showed the true meaning of a supply chain breach. And it's the canary in the coal mine for sensitive data on the Web.

Microsofts new cyberattack simulator can help test your defences

(Monday April 12, 2021)
Microsoft has recently launched a cyberattack simulator that allows security researchers to study AI-driven attacks in simulated network environments. The simulator is named CyberBattleSim and can be accessed through an open-source license that uses a Python-based Open AI Gym toolkit. The sim can be used to train automated agents through reinforcement learning algorithms. Microsoft’s 365 […] The post Microsofts new cyberattack simulator can help test your defences [https://www.itsecurityguru.org/2021/04/12/microsofts-new-cyberattack-simulator-can-help-test-your-defences/] appeared first...

Nation-state attackers are increasingly targeting businesses

(Monday April 12, 2021)
A new report by criminologists at the University of Surrey and cybersecurity researchers at HP has found that nation-state attacks have risen considerably in the last three years. The report also revealed that both enterprises and businesses are amongst the most targetted organisations by nation-state attackers. The research analyses nation-state attacks taking place between 2017 […] The post Nation-state attackers are increasingly targeting businesses [https://www.itsecurityguru.org/2021/04/12/nation-state-attackers-are-increasingly-targeting-businesses/] appeared first on IT Security...

Israel allegedly takes responsibility for Iran cyberattack

(Monday April 12, 2021)
Iran’s main nuclear facility suffered a cyberattack on Sunday, leading to a large scale blackout at Natanz, which Israel now appears to be taking responsibility for. Tehran’s nuclear energy chief described the attack as an act of terrorism, and demands a response against the perpetrators. The incident occurred shortly after the official restarted spinning advanced […] The post Israel allegedly takes responsibility for Iran cyberattack [https://www.itsecurityguru.org/2021/04/12/israel-allegedly-takes-responsibility-for-iran-cyberattack/] appeared first on IT Security Guru...

Omdia Research Spotlight: XDR

(Monday April 12, 2021)
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.

It’s Never Too Late To Teach Your Kids About Good Digital Practices

(Monday April 12, 2021)
Online habits have changed dramatically over the past year, and adults are not the only ones spending more time online. Since the pandemic hit, limits on screen time for kids were tossed out as they turned to online platforms for school classes, activities, games and entertainment. This increased digital time helped spawn new cyber threats […]

What Does It Take To Be a Cybersecurity Researcher?

(Monday April 12, 2021)
Behind the strategies and solutions needed to counter today's cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys.  But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity analysts from

Apple and Google block NHS Covid-19 App update

(Monday April 12, 2021)
The new update to the NHS COVID-19 track and tracing app has been blocked by both Apple and Google, due to its failure to comply with the terms of a recent agreement. The new update would urge users to upload logs of venue check-ins via a barcode scan if they tested positive for COVID-19. The […] The post Apple and Google block NHS Covid-19 App update [https://www.itsecurityguru.org/2021/04/12/apple-and-google-block-nhs-covid-19-app-update/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Naked Security Live – How to spot “government” scammers

(Monday April 12, 2021)
Latest episode - watch now, and please share with your friends and family!

5 perspectives on modern data analytics

(Monday April 12, 2021)
You can't navigate business challenges without the right instruments. Done right, analytics initiatives deliver the essential insights you need, as these five articles explore.

How data poisoning attacks corrupt machine learning models

(Monday April 12, 2021)
Machine learning adoption exploded over the past decade, driven in part by the rise of cloud computing, which has made high performance computing and storage more accessible to all businesses. As vendors integrate into products across industries, and users rely on the output of its algorithms in their decision making, security experts warn of adversarial attacks designed to abuse the technology. Most social networking platforms, online video platforms, large shopping sites, search engines and other services  have some sort of recommendation system based on machine learning. The movies and...

Zero days explained: How unknown vulnerabilities become gateways for attackers

(Monday April 12, 2021)
ZERO DAY DEFINITION A _zero day _is a security flaw for which the vendor of the flawed system has yet to make a patch available to affected users. The name ultimately derives from the world of digital content piracy: if pirates were able to distribute a bootleg copy of a movie or album on the same day it went on sale legitimately (or maybe even before), it was dubbed a "zero day." Borrowed into the world of cybersecurity, the name evokes a scenario where an attacker has gotten the jump on a software vendor, implementing attacks that exploit the flaw before the good guys of infosec are...

The Risks and Dangers of Amplified Routing Loops by Andree Toonk

(Monday April 12, 2021)
In this article will take a closer look at network loops and how they can be abused as part of DDoS attacks. Andree Toonk [/../author/andree/index.html] 13 Apr 2021 • 7 min read Share: [The Risks and Dangers of Amplified Routing Loops.] _THIS BLOG IS ALSO A CALL TO ACTION FOR ALL NETWORK ENGINEERS TO CLEAN UP THOSE LINGERING NETWORK LOOPS AS THEY AREN’T JUST BAD HYGIENE BUT A SIGNIFICANT OPERATIONAL DDOS RISK._ NETWORK LOOPS All network engineers are familiar with network...

Alert — There's A New Malware Out There Snatching Users' Passwords

(Monday April 12, 2021)
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with indications that it's under active development. "Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was

PoW Shield planned features are now completed(v1.3.2), consisting of PoW spam/DDoS filter, IP & sessioin blacklisting/ratelimiting and WAF integration. The application is dockerized for rapid and lightweight(45MB) deployment.

(Monday April 12, 2021)
Project dedicated to fight DDoS and spam with proof of work, featuring an additional WAF. Docker images available for rapid and lightweight deployment. - RuiSiang/PoW-Shield

How to Exploit Google Photos’ Algorithm for People Tracking and Exploring

(Sunday April 11, 2021)
Това е мястото за всичките ви снимки и видеоклипове, организирани автоматично и лесни за споделяне.

DivideAndScan – Organize your port scanning routine fast and efficiently

(Sunday April 11, 2021)
Divide full port scan results and use it for targeted Nmap runs - snovvcrash/DivideAndScan

Working Around the Inherent Slowness of Debugger Conditional Breakpoints

(Sunday April 11, 2021)
POSTED 12 April 2021 | MODIFIED 12 April 2021 AUTHOR Attila Suszter WHY DO CONDITIONAL BREAKPOINTS SLOW DOWN DEBUGGING? When a breakpoint is hit a context switch between the target process and the debugger takes place. The debugger evaluates the expression of the conditional breakpoint, and based on the result of evaluation, the execution of target either continues or halts. If the debugger keeps evaluating the expression of the conditional breakpoint to continue execution because of too...

Exploiting Windows RPC to bypass CFG mitigation: analysis of CVE-2021-26411 in-the-wild sample

(Sunday April 11, 2021)
The general method of browser render process exploit is: after exploiting the vulnerability to obtain user mode arbitrary memory read/write primitive, the vtable of DOM/js object is tampered to hijack the code execution flow. Then VirtualProtect is called by ROP chain to modify the shellcode memory to PAGE_EXECUTE_READWRITE, and the code execution flow is jumped to shellcode by ROP chain finally. After Windows 8.1, Microsoft introduced CFG (Control Flow Guard)[1] mitigation to verify the indirect function call, which mitigates the exploitation of tampering with vtable to get code execution.

Looney Tunes: Exposing the Lack of DRM Protection in Indian Music Streaming Services

(Sunday April 11, 2021)
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website. Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them. Have an idea for a project that will add value for arXiv's community? Which authors of this paper are...

New CVE: Memory corruption vulnerability in QNAP QTS’s Surveillance Station plugin leads to a pre-auth RCE

(Sunday April 11, 2021)
April 10, 2021 SSD Disclosure / Technical Lead TL;DR Find out how a memory corruption vulnerability can lead to a pre-auth remote code execution on QNAP QTS’s Surveillance Station plugin. VULNERABILITY SUMMARY QNAP NAS with “Surveillance Station Local Display function can perform monitoring and playback by using an HDMI display to deliver live Full HD (1920×1080) video monitoring”. Insecure use of user supplied data sent to the QNAP NAS device can be exploited to run arbitrary code...

GodSpeed - an intuitive manager for multiple reverse shells, written in Golang

(Saturday April 10, 2021)
Fast and intuitive manager for multiple reverse shells - redcode-labs/GodSpeed

Rainbow Tables (probably) aren’t what you think - An explanation of how rainbow tables differ from lookup tables

(Saturday April 10, 2021)
Many people use “rainbow table” to refer to “a lookup table of password hashes”, but in reality a rainbow table is a far more complex, and more interesting technology.

Weekly Update 238

(Saturday April 10, 2021)
"What a shit week". I stand by that statement in the opening couple of minutes of the video and I write this now at midday on Saturday after literally falling asleep on the couch. The Facebook incident just dominated; everything from processing data to writing code to dozens of media

Unofficial Android App Store APKPure Infected With Malware

(Friday April 09, 2021)
The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.