] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

DEFCON SafeMode #28

(Tuesday August 04, 2020)

How Ransomware Threats Are Evolving & How to Spot Them

(Tuesday August 04, 2020)
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.

NetWalker Ransomware Rakes in $29M Since March

(Tuesday August 04, 2020)
The ransomware has surged since moving to a RaaS model.

New Spin on a Longtime DNS Intel Tool

(Tuesday August 04, 2020)
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.

6 Dangerous Defaults Attackers Love (and You Should Know)

(Tuesday August 04, 2020)
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.

Newsletter WordPress Plugin Opens Door to Site Takeover

(Tuesday August 04, 2020)
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites.

Retooling the SOC for a Post-COVID World

(Tuesday August 04, 2020)
Residual work-from-home policies will require changes to security policies, procedures, and technologies.

Link Lock: Password Protect URLs Using AES in the Browser

(Tuesday August 04, 2020)
Distributed application to password-protect URLs using AES in the browser - jstrieb/link-lock

MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle

(Tuesday August 04, 2020)
News and updates from the Project Zero team at Google TUESDAY, AUGUST 4, 2020 MMS EXPLOIT PART 4: MMS PRIMER, COMPLETING THE ASLR ORACLE Posted by Mateusz Jurczyk, Project Zero This post is the fourth of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices. New posts will be published as they are completed and will be linked here when...

25 Most Dangerous SW Errors

(Tuesday August 04, 2020)

FPGAs Do It Faster Than CPUs

(Tuesday August 04, 2020)

CISO Stressbusters: Post #4: 4 tips for running a highly effective security operation

(Tuesday August 04, 2020)
CISO Stressbusters provides peer to peer guidance and support on how to alleviate stressful situations in the SOC and on the team. The post CISO Stressbusters: Post #4: 4 tips for running a highly effective security operation [https://www.microsoft.com/security/blog/2020/08/04/ciso-stressbusters-post-4-highly-effective-security-operation/] appeared first on Microsoft Security.

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

(Tuesday August 04, 2020)
Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude. The security landscape is constantly changing with emerging technology and new threats. By … Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards Read More » [https://msrc-blog.microsoft.com/2020/08/04/microsoft-bug-bounty-programs-year-in-review/] The post Microsoft Bug Bounty Programs...

Unauthenticated SSRF in Openfire Admin Console

(Tuesday August 04, 2020)
Written by Alexandr Shvetsov 2020 AUTHOR Alexandr Shvetsov Penetration Testing Expert Openfire is a Jabber server supported by Ignite Realtime. It’s a cross-platform Java application, which positions itself as a platform for medium-sized enterprises to control internal communications and make instant messaging easier. I regularly see Openfire on penetration testing engagements, and most of the time all interfaces of this system are exposed to an external attacker, including the...

Writeup of an iCloud OAuth2 vulnerability that allowed account takeover

(Tuesday August 04, 2020)
Security specialist Thijs Alkemade discovered a vulnerability that can be used to gain access to an iCloud account without authorisation by exploiting the new TouchID web signin feature. Read Thijs' blog on the vulnerability and how he discovered it.

Dangerous flaws found in Cisco, Microsoft, Citrix and IBM Among Many Others

(Tuesday August 04, 2020)
RiskIQ, released its Vulnerability Landscape report, a high-level view of critical vulnerabilities in twelve very widely used remote access and perimeter devices. The report shows that the rapidly increasing adoption of these devices throughout the COVID-19 pandemic is increasing digital attack surfaces outside the corporate firewall at incredible speed—and introducing a range of critical, rapidly […] The post Dangerous flaws found in Cisco, Microsoft, Citrix and IBM Among Many Others [https://www.itsecurityguru.org/2020/08/04/dangerous-flaws-found-in-cisco-microsoft-citrix-and-ibm-among-

Google & Amazon Replace Apple as Phishers' Favorite Brands

(Tuesday August 04, 2020)
Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.

SQLMAP - Automatic SQL Injection Tool 1.4.8

(Tuesday August 04, 2020)
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system,...

Documalis Free PDF Editor 5.7.2.26 / Documalis Free PDF Scanner 5.7.2.122 Buffer Overflow

(Tuesday August 04, 2020)
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.

Gantt-Chart For Jira 5.5.4 Cross Site Scripting

(Tuesday August 04, 2020)
Gantt-Chart for Jira versions 5.5.4 and below suffer from a cross site scripting vulnerability.

Twitter Could Face $250M FTC Fine Over Improper Data Use

(Tuesday August 04, 2020)
The potential FTC fine comes after Twitter last year acknowledged that user emails and phone numbers were being used for targeted advertising.

Gantt-Chart For Jira 5.5.3 Missing Privilege Check

(Tuesday August 04, 2020)
Gantt-Chart for Jira versions 5.5.3 and below misses a privilege check which allows an attacker to read and write the module configuration for other users.

These 10 IoT devices pose the biggest risk to your organisation

(Tuesday August 04, 2020)
By Richard Orange, Regional Director of UK&I at Forescout Connected devices continue to transform the way organisations operate in every industry. From healthcare and retail to manufacturing and financial services, Internet of Things (IoT) devices are omnipresent and positively impact the bottom line of many organisations. But an increase in connected devices also means an […] The post These 10 IoT devices pose the biggest risk to your organisation [https://www.itsecurityguru.org/2020/08/04/these-10-iot-devices-pose-the-biggest-risk-to-your-organisation/] appeared first on IT Security Guru...

Red Hat Security Advisory 2020-3247-01

(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3247-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. Issues addressed include code execution and cross site scripting vulnerabilities.

Red Hat Security Advisory 2020-3308-01

(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3308-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of...

Red Hat Security Advisory 2020-3306-01

(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3306-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of...

Red Hat Security Advisory 2020-3305-01

(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3305-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and...

Red Hat Security Advisory 2020-3303-01

(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3303-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and...

Red Hat Security Advisory 2020-3302-01

(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3302-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2020-3298-01

(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3298-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2020-3299-01

(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3299-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2020-3297-01

(Tuesday August 04, 2020)
Red Hat Security Advisory 2020-3297-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Ubuntu Security Notice USN-4298-2

(Tuesday August 04, 2020)
Ubuntu Security Notice 4298-2 - USN-4298-1 fixed several vulnerabilities in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

c-ares 1.16.0 Use-After-Free

(Tuesday August 04, 2020)
c-ares version 1.16.0 has an issue where ares_destroy() with pending ares_getaddrinfo() leads to a use-after-free condition.

Mocha Telnet Lite For iOS 4.2 Denial Of Service

(Tuesday August 04, 2020)
Mocha Telnet Lite for iOS version 4.2 denial of service proof of concept exploit.

Daily Expenses Management System 1.0 SQL Injection

(Tuesday August 04, 2020)
Daily Expenses Management System version 1.0 suffers from a remote SQL injection vulnerability.

RTSP For iOS 1.0 Denial Of Service

(Tuesday August 04, 2020)
RTSP for iOS version 1.0 denial of service proof of concept exploit.

Pi-hole 4.3.2 Remote Code Execution

(Tuesday August 04, 2020)
Pi-hole version 4.3.2 authenticated remote code execution exploit.

70% of large businesses consider remote working a security hazards: The experts have their say

(Tuesday August 04, 2020)
A survey conducted by AT&T found that 70% of large businesses think that their security posture is being damaged by remote working, leaving them more vulnerable to cyberattack- This is what the experts think. Remote working has made us all ask difficult questions of ourselves. While the initial kneejerk decisions to deploy a  remote workforce […] The post 70% of large businesses consider remote working a security hazards: The experts have their say [https://www.itsecurityguru.org/2020/08/04/70-of-large-businesses-consider-remote-working-a-security-hazards-the-experts-have-their-say/] appea

Securing IoT as a Remote Workforce Strategy

(Tuesday August 04, 2020)
Digital transformation with Internet of Things devices offers organizations a way forward in the era of COVID-19. Optimizing this approach for the future will need to start with security.

Users Advised to Reset Passwords After Zello Data Breach

(Tuesday August 04, 2020)
Zello, a popular push-to-talk app, has disclosed a data breach that could have potentially allowed malicious actors to gain access to users’ email addresses and hashed passwords. Zello boasts 140 million users worldwide, and facilitates real-time communications for frontline workers, transportation services and friends. The app allows people to use their phone as a walkie-talkie […]

It’s Official: COVID-19 Creates a Larger Surface Area for Cyberattacks

(Tuesday August 04, 2020)
Ever since it was declared a global pandemic, experts have warned that COVID-19 will put increased strain on security teams by creating more variables and attack surfaces. Now, according to VMware Carbon Black, it is official. Their most recent Global Incident Response Report, revealed that COVID-19 continues to create a larger surface area for cyberattacks. […] The post It’s Official: COVID-19 Creates a Larger Surface Area for Cyberattacks [https://www.itsecurityguru.org/2020/08/04/its-official-covid-19-creates-a-larger-surface-area-for-cyberattacks/] appeared first on IT Security Guru...

Apple Knocked Off Perch as Most Imitated Brand for Phishing Attacks

(Tuesday August 04, 2020)
COVID-19 pandemic spurs spoofing preference changes, plus a surge in email-based attacks.

Podcast: Learning to ‘Speak the Language’ of OT Security Teams

(Tuesday August 04, 2020)
Andrew Ginter, VP Industrial Security at Waterfall Security Solutions, talks about the differing priorities between IT and OT security teams as industrial control systems become connected.

GandCrab ransomware hacker arrested in Belarus

(Tuesday August 04, 2020)
Suspect is alleged to have extorted more than 1000 people, mostly in India, US, Ukraine, UK, Germany, France, Italy and Russia.

Kerberos Double-Hop Workarounds

(Tuesday August 04, 2020)
red team double hop

FBI Warns of Rise in Online Shopping Scams

(Tuesday August 04, 2020)
The FBI’s latest Public Service Announcement warns Internet users about a surge in online shopping scams. According to complaints received by the bureau, more and more online shoppers are being directed to fraudulent websites via social media and online search engines. These bogus vendors are actually making the most of the health crisis, social distancing […]

Sifter 9.2

(Tuesday August 04, 2020)
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Car Rental Management System 1.0 Remote Code Execution

(Tuesday August 04, 2020)
Car Rental Management System version 1.0 unauthenticated remote code execution exploit.

Interior Design Platform Confirms Data Breach after Data of 1.3 Million Users is Posted Online

(Tuesday August 04, 2020)
Havenly, the online interior design and home decorating platform has disclosed a data breach after a data breach broker leaked 1.3 million user records for free on a popular hacking forum. ShinyHunters, a well-known seller of stolen data breach records, last month started listing various company databases on the dark web. The trove of combined […]

Car Rental Management System 1.0 Cross Site Scripting

(Tuesday August 04, 2020)
Car Rental Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Bracing for the security data explosion

(Tuesday August 04, 2020)
Intelligence is our first line of defense, and we must improve the collection capabilities and analysis of intelligence to protect the security of the United States and its allies. — (Insider Story)

9 container security tools, and why you need them

(Tuesday August 04, 2020)
The advent of containers has changed not only how applications are deployed, but how IT shops do their daily business. Containers offer many well-documented benefits that span the full breadth of a modern IT department and the full lifecycle of applications. Securing containers, however, requires a mix of specialized and traditional security tools. We describe some of the most popular container security tools below, but first let’s look at the security challenges containers present.(Insider Story)

Deep Fake: Deep Trouble

(Tuesday August 04, 2020)
According to a new report from University College London (UCL), fake audio or video content has been ranked as the most worrying use of artificial intelligence in terms of its potential applications for crime or terrorism. Deep fakes will most likely come to fruition on social media as memes, however their future can be much […] The post Deep Fake: Deep Trouble [https://www.itsecurityguru.org/2020/08/04/deep-fake-deep-trouble/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

A Gentle Introduction to Hypervisor Memory Introspection - what it is and how you can use it to secure/monitor your VMs

(Tuesday August 04, 2020)
Hypervisor memory introspection (HVMI) has been around for quite some time now, and there are several open-source projects utilizing virtual-machine introspection (VMI), one way or another…

1 in 5 Businesses Would Consider Sabotaging a Competitor’s Online Business

(Tuesday August 04, 2020)
The digital era has brought a multitude of opportunities, and unique challenges for businesses. Industrial espionage and sabotage has always been a threat to corporations, but the digital age presents new tools and weapons. Acts of online sabotage may involve discrediting a business’s products/service with negative (and often fake) reviews, as well as running a […] The post 1 in 5 Businesses Would Consider Sabotaging a Competitor’s Online Business [https://www.itsecurityguru.org/2020/08/04/1-in-5-businesses-would-consider-sabotaging-a-competitors-online-business/] appeared first on IT...

US Government Warns of a New Strain of Chinese 'Taidoor' Virus

(Tuesday August 04, 2020)
Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks. Named "Taidoor," the malware has done an 'excellent' job of compromising systems as early as 2008, with the actors deploying it on victim networks for stealthy remote access. "[The] FBI has

CTF WriteUp - Binary Exploitation [pwnable.tw] - Tcache Tear

(Tuesday August 04, 2020)
#Linux [/tags/Linux/]CTF [/tags/CTF/]pwnable [/tags/pwnable/]Exploitation [/tags/Exploitation/]pwnable-tw [/tags/pwnable-tw/]Heap Exploitation [/tags/Heap-Exploitation/] Binary Exploitation [pwnable.tw] - CAOV__ [/2020/07/12/binary-exploitation-pwnable-tw-caov/] COMMENTS Please enable JavaScript to view the comments powered by Disqus. [//disqus.com/?ref_noscript] CATALOGUE RECENT 2020-07-18 Binary Exploitation [pwnable.tw] - Tcache...

Technical analysis of Firefox "Browser Lock" bug CVE-2020-15654 and its predecessors

(Tuesday August 04, 2020)
Start a Sophos demo in less than a minute. See exactly how our solutions work in a full environment without a commitment. Learn More STAY CONNECTED © 1997 - 2020 Sophos Ltd. All rights reserved Powered by WordPress.com VIP

11 Hot Startups to Watch at Black Hat USA

(Monday August 03, 2020)
A sneak peek at the up-and-coming organizations to check out on the Black Hat USA virtual show floor.

Robocall Legal Advocate Leaks Customer Data

(Monday August 03, 2020)
A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

FBI Warns on New E-Commerce Fraud

(Monday August 03, 2020)
A wave of new, fraudulent websites has popped up to take advantage of the rise in online shopping during the coronavirus pandemic.

DHS Urges 'Highest Priority' Attention on Old Chinese Malware Threat

(Monday August 03, 2020)
"Taidoor" is a remote access tool that has been used in numerous cyber espionage campaigns since at least 2008.

TikTok: Logs, Logs , Logs

(Monday August 03, 2020)
We are in 2020 and the US president is about to ban TikTok, a video-sharing social network mobile app, because “it poses a risk to US national security”. At the same time, Microsoft started…

New 'Nanodegree' Program Provides Hands-On Cybersecurity Training

(Monday August 03, 2020)
Emerging streamlined curriculum programs aim to help narrow the skills gap.

Certificate Transparency: a bird’s-eye view

(Monday August 03, 2020)
Certificate Transparency (CT) is a still-evolving technology for detecting incorrectly issued certificates on the web. It’s cool and interesting, but complicated. I’ve given talks about CT, I’ve worked on Chrome’s CT implementation, and I’m actively involved in tackling ongoing deployment challenges – even so, I still sometimes lose track of how the pieces fit together. I find it easy to forget how the system defends against particular attacks, or what the purpose of some particular mechanism is.

Google Updates Ad Policies to Counter Influence Campaigns, Extortion

(Monday August 03, 2020)
Starting Sept. 1, Google will crack down on misinformation, a lack of transparency and the ability to amplify or circulate politically influential content.

Why Data Ethics Is a Growing CISO Priority

(Monday August 03, 2020)
With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.

Netgear Won’t Patch 45 Router Models Vulnerable to Serious Flaw

(Monday August 03, 2020)
Almost two months after a high-severity flaw was disclosed - and seven months after it was first reported - Netgear has yet to issue fixes for 45 of its router models.

Omdia Cybersecurity Accelerator Analysts to Take Part in Black Hat USA 2020

(Monday August 03, 2020)
Analysts will participate in the Black Hat Briefings, taking place Aug. 4-6, discussing cybersecurity research, offering exclusive video presentations, and meeting with vendors and attendees.

Red Hat Security Advisory 2020-3285-01

(Monday August 03, 2020)
Red Hat Security Advisory 2020-3285-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an XML injection vulnerability.

Red Hat Security Advisory 2020-3284-01

(Monday August 03, 2020)
Red Hat Security Advisory 2020-3284-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an XML injection vulnerability.

Red Hat Security Advisory 2020-3286-01

(Monday August 03, 2020)
Red Hat Security Advisory 2020-3286-01 - PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Issues addressed include an XML injection vulnerability.

Garmin Pays Up to Evil Corp After Ransomware Attack — Reports

(Monday August 03, 2020)
The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.

Travel Management Firm CWT Pays $4.5M to Ransomware Attackers

(Monday August 03, 2020)
Attackers claimed to steal two terabytes of files including financial reports, security files, and employees' personal data.

Microsoft Joins Open Source Security Foundation

(Monday August 03, 2020)
We're excited to announce that that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The post Microsoft Joins Open Source Security Foundation [https://www.microsoft.com/security/blog/2020/08/03/microsoft-open-source-security-foundation-founding-member-securing-open-source-software/] appeared first on Microsoft Security.

Russian Hackers Allegedly Behind Document Leak Preceding Britain’s 2019 Elections

(Monday August 03, 2020)
The leak of classified U.S and UK trade documents in the run-up to Britain’s 2019 elections were allegedly stolen by Russian hackers. The documents were supposedly accessed from the email inbox of former trade minister, Liam Fox, between July 12 and October 21, revealed Reuters. Whilst choosing not to name the Russian organisation responsible, the […] The post Russian Hackers Allegedly Behind Document Leak Preceding Britain’s 2019 Elections [https://www.itsecurityguru.org/2020/08/03/russian-hackers-allegedly-behind-document-leak-preceding-britains-2019-elections/] appeared first on IT...

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

(Monday August 03, 2020)
With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com - and why they are the "holy grail" for attackers.

Dridex – From Word to Domain Dominance

(Monday August 03, 2020)
August 3, 2020 Are you familiar with the pyramid of pain The idea is that to make life harder for attackers we need to push up the pyramid in our defenses. If they have a playbook, then they will keep using it until we break it.   We see a good example of this in our Dridex sample. We executed a malicious Word doc in our honeypot which later elevated to multiple Empire shells across the domain as well as additional Dridex installations. The threat actors used well known tools, moved...

A Patriotic Solution to the Cybersecurity Skills Shortage

(Monday August 03, 2020)
Why now is the right time for the security industry to invest in the human capital that will make technology better, smarter, and safer.

Implementing Secure Biometric Authentication on Mobile Applications

(Monday August 03, 2020)
Nowadays, almost every mobile device has a biometric sensor that allows developers to implement local authentication and also store sensitive data securely through dedicated APIs. Biometric authentication is generally more secure than classic username/password approach. Anyway it must be considered that a wrong implementation could allow an attacker to easily bypass authentication mechanisms by using hooking techniques which can be performed with tools like Frida, Objection, and other...

UK Finance Reveals Top 10 Covid-19 Scams to be on the Lookout For

(Monday August 03, 2020)
The last seven months have been a scary rollercoaster ride. On top of COVID-19 becoming a global health crisis, and the ensuing economic and political impact, cyber criminals are having a field day taking advantage of the pandemic. From petty scams to full-on cyber-attacks, the threat landscape has evolved to accommodate a wave of coronavirus-related […]

Meetup Critical Flaws Allow ‘Group’ Takeover, Payment Theft

(Monday August 03, 2020)
Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup "Groups."

A Pentesters Guide - Part 5 (Unmasking WAFs and Finding the Source) - NaviSec Delta

(Monday August 03, 2020)
In this article I am going to detail a non-exhaustive overview of bypassing WAFs by identifying a misconfigured underlying server.

COVID-19: Latest Security News & Commentary

(Monday August 03, 2020)
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

How Should I Securely Destroy/Discard My Devices?

(Monday August 03, 2020)
While it is possible to do data destruction in-house, doing it correctly and at scale can be tedious.

Aged Care Operators in Australia Under Threat of Ransomware Attacks

(Monday August 03, 2020)
The Sydney Morning Herald has announced yet another cyberattack in a string of attacks targeted at Australian organisations and critical infrastructure. Suspected to be the work of an overseas actor, Regis, the aged care operator, is the latest to be affected. Already struggling with the coronavirus outbreak, the company now has to deal with the […] The post Aged Care Operators in Australia Under Threat of Ransomware Attacks [https://www.itsecurityguru.org/2020/08/03/aged-care-operators-in-australia-under-threat-of-ransomware-attacks/] appeared first on IT Security Guru...

1.3 Million Havenly Accounts Leaked on Online

(Monday August 03, 2020)
The hacking group, ShinyHunters, recently leaked the databases of 18 companies for free. Among the 386 million user records exposed, 1.3million were users from the US-based interior design website, Havenly. The leaked data included login names, full names, MD5 hashed passwords, email address and phone numbers, among others. BleepingComputer had reported the breach to Havenly […] The post 1.3 Million Havenly Accounts Leaked on Online [https://www.itsecurityguru.org/2020/08/03/1-3-million-havenly-accounts-leaked-on-online/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Data Leak Reveals Higher Death Toll in Iran Than Initially Reported

(Monday August 03, 2020)
An anonymous source has recently revealed to the BBC that the number of deaths in Iran from COVID-19 is actually triple that of Iran’s government claims. While the health ministry had reported 14,405 deaths, the records appear to show up to 42,000 deaths. The data leaked included details of daily admissions to hospitals across the […] The post Data Leak Reveals Higher Death Toll in Iran Than Initially Reported [https://www.itsecurityguru.org/2020/08/03/data-leaks-reveal-higher-death-toll-in-iran-than-initially-reported/] appeared first on IT Security Guru...

US DOJ Charges Three Young Men for Alleged Roles in July Twitter Hack

(Monday August 03, 2020)
Last week, the US Department of Justice (DOJ) charged three men for their alleged roles in one of the largest Twitter breaches in history, which led to the hijacking of 130 high-profile accounts of politicians, celebrities and musicians. According to a Florida affidavit, two Florida residents and one UK national were responsible for the hack, […]

PCI compliance: 4 steps to properly scope a PCI assessment

(Monday August 03, 2020)
Any organization that accepts, processes, stores or transmits payment cards must show they’re compliant with the Payment Card Industry Data Security Standard (), and to do that, the organization must undergo an annual PCI assessment.(Insider Story)