] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

(Sunday December 08, 2019)
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit. - 0vercl0k/CVE-2019-11708

Global Offshore Corporate Networks Exposed in Massive Data Leak - UNICORN RIOT

(Sunday December 08, 2019)
Your Alternative Media

DevSecOps: From Theory to Practice

(Sunday December 08, 2019)
DevSecOps is a hot buzzword but it is tricky to implement. An experienced professional shares 5 practical tips to help you really put the Sec in DevOps

High performance WordPress login bruteforcer

(Sunday December 08, 2019)
High performance WordPress login bruteforcer with automatic concurrency for maximum amount of tries per second. - leo-lb/wpbrute-rs

Tunneling traffic through MySQL service (or your mysqld is my new SOCKS5)

(Saturday December 07, 2019)
Description of how to pivot though the MySQL service. Turning MySQL into a SOCKS5 that can be used by proxychains.

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

(Saturday December 07, 2019)
A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as "Sodinokibi" or "rEvil" to be installed on computers at more than 100 dentistry businesses that rely on the company for a range of services -- including network security, data backup and voice-over-IP phone service.

[threat hunting] badsec.io - An online domain permutation, certificate transparency lookup utility

(Saturday December 07, 2019)
badsec.io - domain analysis and security tooling

Amazon battles leaky S3 buckets with a new security tool

(Saturday December 07, 2019)
A new AWS feature is supposed to help avoid accidental misconfigurations that could result in sensitive data being exposed, a company’s brand being damaged, and even – potentially – put its customers at risk. Read more in my article on the Bitdefender Business Insights blog.

HackTheBox: Wall -Writeup by Khaotic

(Saturday December 07, 2019)
December 7, 2019 JUMP AHEAD: ENUM – GETTING A REV. SHELL – ROOT – RESOURCES – SHOUTOUT TL;DR; To solve this machine we enumerate open ports – finding ports 80 and 22 open. Enumerating the directories on the webserver, we find /monitoring/. Fuzzing the request HTTP verb for /monitoring/ tells us of /centreon. Going to /centreon, we are presented with a login interface. Using the Centreon API, we are able to brute-force the password (where the username is the default). Using the...

Start them early!

(Saturday December 07, 2019)

Storing passwords in plaintext actually makes sense

(Saturday December 07, 2019)
[/] [|] [|] Log in [/session/new] [|] Sign up [/signup] By using Twitter’s services you agree to our Cookie Use our partners operate globally and use cookies, including for analytics, personalisation, and ads. [Practical Pentest Labs] [/ppentestlabs?p=i] PRACTICAL PENTEST LABS [/ppentestlabs?p=s] @ppentestlabs [/ppentestlabs?p=s] We dont allow users to pick passwords so that we dont store any of your sensitive information. Instead, passwords are randomly...

OkayCMS 2.3.4 Remote Code Execution

(Friday December 06, 2019)
OkayCMS versions 2.3.4 and below suffer from remote code execution vulnerability.

SiteVision 4.x / 5.x Remote Code Execution

(Friday December 06, 2019)
SiteVision suffers from an issue where attackers may execute arbitrary code as root on the target server after gaining access to a low-privilege account. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.

Newly discovered Mac malware uses “fileless” technique to remain stealthy

(Friday December 06, 2019)
In-memory infection makes it harder for end-point protection to detect it.

SiteVision 4.x / 5.x Insufficient Module Access Control

(Friday December 06, 2019)
SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.

FBI recommends that you keep your IoT devices on a separate network

(Friday December 06, 2019)
The FBI also recommends changing factory-set (default) passwords and not allowing an IoT device's accompanying mobile app to gain access to too many smartphone permissions.

Email Voted a Weak Link for Election Security, with DMARC Lagging

(Friday December 06, 2019)
Most counties are not protected from impersonation-based spearphishing attacks.

How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC

(Friday December 06, 2019)
Money meant to fund an Israeli startup wound up directly deposited to the scammers.

We thought they were potatoes but they were beans (from Service Account to SYSTEM again)

(Friday December 06, 2019)
  This post has been written by me and two friends: @splinter_code and 0xea31 This is the "unintended" result of a research we did on Juicypotato exploit in order to find a possible bypass on restrictions MS applied in latest Windows versions. We all know that, up to Windows 2016 and Windows 10 1803, it's…

Google Chrome portal element fuzzing

(Friday December 06, 2019)

Feds Crack Down on Money Mules, Warn of BEC Scams

(Friday December 06, 2019)
Authorities say they have halted over 600 domestic money mules – exceeding the 400 money mules stopped last year.

News Wrap: Authorities Target Evil Corp., Imminent Monitor, Money Mules

(Friday December 06, 2019)
In this past week, the authorities have cracked down on various BEC scams and cybercrime gangs.

Data Center Provider CyrusOne Confirms Ransomware Attack

(Friday December 06, 2019)
The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.

Senators Call for End to Controversial NSA Program

(Friday December 06, 2019)
The program for collecting telephone call metadata has faced increased scrutiny and restrictions since Edward Snowden revealed its existence in 2013.

Microsoft Research Team finds Password Reuse Rampant

(Friday December 06, 2019)
What if I told you that 1.5% of publicly leaked passwords were still being used to sign in to Microsoft accounts? It doesn’t sound like much, but it actually equates to 44 million users still using leaked passwords for their Microsoft accounts. This is what the Microsoft research team found when it performed a scan […] The post Microsoft Research Team finds Password Reuse Rampant [https://www.itsecurityguru.org/2019/12/06/microsoft-research-team-finds-password-reuse-rampant/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?

(Friday December 06, 2019)
Passwordless authentication advocates see 2020 as a potential turning point year for the technology. But can the industry get off the dime?

Linux Bug Opens Most VPNs to Hijacking

(Friday December 06, 2019)
In a coffee-shop scenario, attackers can hijack "secure" VPN sessions of those working remotely, injecting data into their TCP streams.

Yachtcontrol 2019-10-06 Remote Code Execution

(Friday December 06, 2019)
Yachtcontrol versions dated 2019-10-06 suffer from an unauthenticated remote code execution vulnerability.

Symantec Endpoint Protection Information Disclosure / Privilege Escalation

(Friday December 06, 2019)
A malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Symantec Endpoint Protection versions 14.x below 14.2 (RU1) and 12.x below 12.1 (RU6 MP10) are affected. Symantec Endpoint Protection Small Business Edition versions 12.x below 12.1 (RU6 MP10c) are affected.

Quentyn Taylor – Rant of the Week

(Friday December 06, 2019)
Quentyn Taylor, Director of Information Security at Canon Europe Ltd. has shared his Rant of the Week with the Guru! The post Quentyn Taylor – Rant of the Week [https://www.itsecurityguru.org/2019/12/06/quentyn-taylor-rant-of-the-week/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

...

(Friday December 06, 2019)

Security In 5: Episode 638 - Tools, Tips and Tricks - Flan Scan

(Friday December 06, 2019)
This week's tools, tips, and tricks talk about a new free tool from Cloudflare called Flan Scan. Flan Scan is a lightweight security vulnerability scanner for your network. Introducing Flan Scan. Flan Scan Git Repo. Be aware, be safe. Sign-Up For FREE security awareness training here. Become A Patron! Patreon Page *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five Don't forget to subscribe to the Security In Five Newsletter. —————— Where you can find Security In Five —————— Security In Five Reddit Channel r/SecurityInFive Binary Blogger Website Security In Five Website Security In Five Podcast Page - Podcast RSS Twitter @securityinfive iTunes, YouTube, TuneIn, iHeartRadio, Spotify, Stitcher Email -bblogger@protonmail.com

Security In 5: Episode 637 - IoT Strikes Again - Kids Smartwatch Leaking Personal Data

(Friday December 06, 2019)
Internet of Things strikes again! This time a kid's smartwatch was found to be leaking kid's personal data. This episode talks about this and the overall caution during the gift-giving season for devices with Internet-enabled capabilities. Be aware, be safe. Sign-Up For FREE security awareness training here. Become A Patron! Patreon Page *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five Don't forget to subscribe to the Security In Five Newsletter. —————— Where you can find Security In Five —————— Security In Five Reddit Channel r/SecurityInFive Binary Blogger Website Security In Five Website Security In Five Podcast Page - Podcast RSS Twitter @securityinfive iTunes, YouTube, TuneIn, iHeartRadio, Spotify, Stitcher Email -bblogger@protonmail.com

Trend Micro Deep Security Agent 11 Arbitrary File Overwrite

(Friday December 06, 2019)
Trend Micro Deep Security Agent 11 suffers from an arbitrary file overwrite vulnerability.

Integard Pro NoJs 2.2.0.9026 Remote Buffer Overflow

(Friday December 06, 2019)
Integard Pro NoJs version 2.2.0.9026 suffers from a remote buffer overflow vulnerability.

Verot 2.0.3 Remote Code Execution

(Friday December 06, 2019)
Verot version 2.0.3 suffers from a remote code execution vulnerability.

crt.sh wrapper with golang

(Friday December 06, 2019)
This tool shows the result of crt.sh. Contribute to famasoon/crtsh development by creating an account on GitHub.

Facebook Alleges Company Infiltrated User Accounts for Ad Fraud

(Friday December 06, 2019)
Facebook has paid over $4 million to victims to reimburse them for the unauthorized ads purchased using their ad accounts.

Success Enablers or Silent Killers?

(Friday December 06, 2019)
These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.

GitHub - dhondta/dronesploit: Drone pentesting framework console

(Friday December 06, 2019)
Drone pentesting framework console. Contribute to dhondta/dronesploit development by creating an account on GitHub.

Inject arbitrary code during MITM attack using MITMf

(Friday December 06, 2019)
A MITM attack is an attack where the attacker secretly relays and possibly alters the communication between two parties that are directly communicating with each other.

HackerOne Bug Bounty Website Hacked

(Friday December 06, 2019)
HackerOne Bug Bounty Website Hacked[HackerOne Bug Bounty Website Hacked]A hacker managed to compromise HackerOne, a company that itself pays white hat hackers to find security breaches for other companies. The hacker, identified only by the pseudonym haxta4ok00, figured out a way to compromise the HackerOne website and gain access to resources that allowed him to get information on other programs running on the […]

FBI announces $5 million bounty for information on Russian hackers behind Dridex attacks

(Friday December 06, 2019)
The U.S. Department of Justice has announced that the State Department, in partnership with the FBI, have set a reward of up to $5 million for information that can lead to the arrest and conviction of two Russian hackers. Maksim V. Yakubets, 32, and Igor Turashev, 38, are allegedly responsible for several high-profile international computer […]

HTTP Request Smuggling + IDOR

(Friday December 06, 2019)
05/12/2019 HTTP REQUEST SMUGGLING or HTTP DESYNC is one of the trendy vulnerabilities of the moment and one of my favorites, because it allows you to greatly increase the severity of most common bugs. Here, in this first of a series of HTTP Request Smuggling chained vulnerabilities I've found, I'll explain how I chained it with a inoffensive IDOR to retrieve some user highly confidential information. Everything is redacted and highly modified to not disclose this bug bounty program's...

Privacy Analysis of Tiktok’s App and Website

(Friday December 06, 2019)
__ 05 Dezember 2019 __ PRIVACY ANALYSIS OF TIKTOK’S APP AND WEBSITE I DID A DETAILED PRIVACY CHECK OF THE TIKTOK APP AND WEBSITE. TIKTOK COMMITS MULTIPLE BREACHES OF LAW, TRUST, TRANSPARENCY AND DATA PROTECTION. HERE ARE ALL TECHNICAL AND LEGAL DETAILS. YOU CAN READ A LESS TECHNICAL ARTICLE ABOUT IT AT THE SÜDDEUTSCHE ZEITUNG (GERMAN). This is my setup: I used mitmproxy to route all app traffic for analysis. See in this video how device information, usage time and watched...

Stealthy MacOS Malware Tied to Lazarus APT

(Friday December 06, 2019)
Researcher discovered a MacOS trojan hiding behind a fake crypto trading platform believed to be the work of the state-sponsored North Korean hackers behind WannaCry.

Webinar: How to Detect Sophisticated Attackers with Tactical Analytics (Intrusion detection examples included)

(Friday December 06, 2019)
Webinar hosted by eLearnSecurity describing why establishing a Tactical Analytics capability is of paramount importance when dealing with the current and ever-evolving threat landscape.

Mac users targetted by Lazarus ‘fileless’ Trojan

(Friday December 06, 2019)
The Lazarus hacking group are trying to sneak a ‘fileless’ Trojan on to Apple computers, disguised as a fake cryptocurrency trading program.

US parents file class action against TikTok over children’s privacy

(Friday December 06, 2019)
Collecting children's data without their guardians' consent is illegal under COPPA and already earned TikTok a huge fine.

Instagram trying to protect kids by getting dates of birth from new users

(Friday December 06, 2019)
It's about showing age-appropriate content, it said. Though staying safe from child-privacy lawsuits doesn't hurt, either.

OpenBSD devs patch authentication bypass bug

(Friday December 06, 2019)
One of the internet's most popular free operating systems allowed attackers to bypass its authentication controls.

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

(Friday December 06, 2019)
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating

Apple Confirms iPhone Regularly Gathers Location Data, But Says It Doesn’t Leave the Phone

(Friday December 06, 2019)
Apple Confirms iPhone Regularly Gathers Location Data, But Says It Doesn’t Leave the Phone[Apple Confirms iPhone Regularly Gathers Location Data, But Says It Doesn’t Leave the Phone]Apple confirmed that their latest iPhone 11 phones come with a feature that requires regular geolocation checks, but the company said that information doesn’t leave the phone. Security researcher Brian Krebs noticed that the latest iPhone 11 was making geolocation check seven when all apps that would require it had that feature disabled. The only […]

8 common pen testing mistakes and how to avoid them

(Friday December 06, 2019)
One of the most effective ways to uncover flaws and weaknesses in your security posture is to have a third party carry out planned attacks on your system. Penetration testing is all about exposing gaps in your defenses so that they can be plugged before someone with malicious intent can take advantage. There are several different types of pen test designed to target different aspects of your organization. From network infrastructure to applications to devices to employees, there are many potential avenues of attack for a criminal targeting your business. A good pen testing partner will...

$5 Million Bounty set by US For Hacker behind Zeus Banking Thefts

(Friday December 06, 2019)
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says. The US State Department in collaboration with the US Department of Justice and the FBI Thursday announced an unprecedented $5 million reward for information leading to the arrest […] The post $5 Million Bounty set by US For Hacker behind Zeus Banking Thefts [https://www.itsecurityguru.org/2019/12/06/5-million-bounty-set-by-us-for-hacker-behind-zeus-banking-thefts/] appeared first on IT Security Guru...

Company sued by Facebook for Running Bad Ads

(Friday December 06, 2019)
In a lawsuit filed today, Facebook alleges that a Chinese company used malware to compromise user accounts to run deceptive ads on the social media platform. The end goal of compromising Facebook accounts was distribution of deceptive ads for counterfeit goods and diet pills. Source: Bleeping Computer The post Company sued by Facebook for Running Bad Ads [https://www.itsecurityguru.org/2019/12/06/company-sued-by-facebook-for-running-bad-ads/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Ransomware attack at Shakespeare Theatre

(Friday December 06, 2019)
A ransomware attack over the weekend has taken down the ticketing system and patron database for the New Jersey Shakespeare Theatre and has also affected at least one other organization in the Madison area.  This could not come at a worse time for the Theatre as they were getting ready to begin their first scheduled performance of Charles […] The post Ransomware attack at Shakespeare Theatre [https://www.itsecurityguru.org/2019/12/06/ransomware-attack-at-shakespeare-theatre/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

HackerOne Cookie leak allows access to vulnerability reports

(Friday December 06, 2019)
Bug bounty platform provider HackerOne Tuesday disclosed that one of its own security analysts mistakenly sent a session cookie to a white-hat researcher on Nov. 24, allowing the researcher to take over the analyst’s account and access vulnerability reports on a number of companies. The researcher, known in the HackerOne community as haxta4ok00, promptly reported the error […] The post HackerOne Cookie leak allows access to vulnerability reports [https://www.itsecurityguru.org/2019/12/06/hackerone-cookie-leak-allows-access-to-vulnerability-reports/] appeared first on IT Security Guru...

CyrusOne attacked by evil ransomware

(Friday December 06, 2019)
Data center provider CyrusOne was reportedly hit with a combination ransomware/data breach involving the REvil (aka Sodinokibi) ransomware. Details are scarce, but ZDNet reported the attack took place on December 4. A screenshot of the ransom note indicated all the files were locked and that the threat actors would allow one file to be decrypted for free […] The post CyrusOne attacked by evil ransomware [https://www.itsecurityguru.org/2019/12/06/cyrusone-attacked-by-evil-ransomware/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Cesanta Mongoose 6.16 - Integer overflow

(Friday December 06, 2019)
DO MINH TUAN Read more posts [/author/do/] by this author. [/author/do/] DO MINH TUAN [/author/do/] 6 Dec 2019 • 4 min read [Cesanta Mongoose 6.16 - Integer overflow] CYSTACK ADVISORY ID CSA-2019-04 CVE IDS SEVERITY Critical CVSS V3 BASE 9.8 SYNOPSIS CyStack Security discovered an integer overflow vulnerability in the implementation of MQTT protocol in the Cesanta Mongoose Library version 6.16. By exploiting the vulnerability, a remote, unauthenticated...

Microsoft Skype For Business DNS Query

(Friday December 06, 2019)
Microsoft Skype for Business latest versions affected from external service interaction (DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker wants.

Facebook Sued Hong Kong Firm for Hacking Users and Ad Fraud Scheme

(Friday December 06, 2019)
Following its efforts to take legal action against those misusing its social media platform, Facebook has now filed a new lawsuit against a Hong Kong-based advertising company and two Chinese individuals for allegedly abusing its ad platform to distribute malware and Ad fraud. Facebook filed the lawsuit on Thursday in the Northern District of California against ILikeAd Media International

Local Priv Esc in Aviatrix VPN client

(Friday December 06, 2019)
Aviatrix, an enterprise VPN company with customers including Nasa, Shell and BT, has recently patched a vulnerability uncovered by Immersive Labs researcher and content engineer Alex Seymour.

Scam alert

(Friday December 06, 2019)

Creating a Rootkit to Learn C

(Friday December 06, 2019)
Background InformationThis post is my solution for the last assignment in my Learning-C repository. I thought a good way to cap off a repo designed to introduce people to very basic C programming would be to take those very basic techinques and make a simple yet powerful security related program, namely a malicious shared library rootkit.

Two Russian Nationals Engaged in Cybercrime Scheme That Infected Tens of Thousands of Computers - Want to know how Bugat and Dridex works? - Spambrella

(Thursday December 05, 2019)
Turashev and Yakubets were both indicted in the Western District of Pennsylvania on conspiracy to commit fraud, wire fraud, and bank fraud - Dridex malware

Broadcom CA Privileged Access Manager 2.8.2 Remote Command Execution

(Thursday December 05, 2019)
Broadcom CA Privileged Access Manager version 2.8.2 suffers from a remote command execution vulnerability.

BeeGFS 7.1.3 Privilege Escalation

(Thursday December 05, 2019)
BeeGFS versions 7.1.3 and below suffer from a privilege escalation vulnerability.

Qualys Security Advisory - OpenBSD Authentication Bypass / Privilege Escalation

(Thursday December 05, 2019)
Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities.

Ransomware Attack Hits Data Center Provider CyrusOne: Report

(Thursday December 05, 2019)
Security experts say the incident shows that cybercriminals are using ransomware to hit companies where it hurts.

Red Hat Security Advisory 2019-4111-01

(Thursday December 05, 2019)
Red Hat Security Advisory 2019-4111-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2019-4107-01

(Thursday December 05, 2019)
Red Hat Security Advisory 2019-4107-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2019-4108-01

(Thursday December 05, 2019)
Red Hat Security Advisory 2019-4108-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Ubuntu Security Notice USN-4214-1

(Thursday December 05, 2019)
Ubuntu Security Notice 4214-1 - It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.

Red Hat Security Advisory 2019-4109-01

(Thursday December 05, 2019)
Red Hat Security Advisory 2019-4109-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP55. Issues addressed include deserialization and null pointer vulnerabilities.

Red Hat Security Advisory 2019-4110-01

(Thursday December 05, 2019)
Red Hat Security Advisory 2019-4110-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP55. Issues addressed include deserialization and null pointer vulnerabilities.

VPN Flaw Allows Criminal Access to Everything on Victims' Computers

(Thursday December 05, 2019)
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.

US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts

(Thursday December 05, 2019)
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.

With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future

(Thursday December 05, 2019)
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.

Apple Explains Mysterious iPhone 11 Location Requests

(Thursday December 05, 2019)
KrebsOnSecurity ran a story this week that puzzled over Apple's response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user's location even when all applications and system services are individually set never to request this data. Today, Apple disclosed that this behavior is tied to the inclusion of a new short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it.

FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware

(Thursday December 05, 2019)
The United States Department of Justice today disclosed the identities of two Russian hackers and charged them for developing and distributing the Dridex banking Trojan using which the duo stole more than $100 million over a period of 10 years. Maksim Yakubets, the leader of 'Evil Corp' hacking group, and his co-conspirator Igor Turashev primarily distributed Dridex — also known as 'Bugat'

10 Security 'Chestnuts' We Should Roast Over the Open Fire

(Thursday December 05, 2019)
These outdated security rules we all know (and maybe live by) no longer apply.

SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit

(Thursday December 05, 2019)
Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.

Trivial SecureWorks Red Cloak Agent Local Bypass

(Thursday December 05, 2019)
At the time of discovery, my (then) employer was using a suite of SecureWorks services, with a product called Red Cloak being a core component. In short, Red Cloak is used to outsource the huge task…

AT&T, Verizon Subscribers Exposed as Mobile Bills Turn Up on the Open Web

(Thursday December 05, 2019)
Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration.

Chepy 1.3.0 released now with basic pcap support, and many more new improvements!

(Thursday December 05, 2019)
Chepy is a python lib/cli equivalent of the awesome CyberChef tool. - securisec/chepy

A graph-based tool for visualizing effective access and resource relationships in AWS environments

(Thursday December 05, 2019)
Craig Koorn, 4 December 2019 If you’ve ever looked into AWS security, you’ll know that getting it right is far from easy. If you don’t believe me, just search for anything along the lines of “S3 leaks” and look at the hits you get for recent weeks, months, or years – this is hardly a new problem. Why? The short answer is that getting the fundamentals right in AWS is hard. By fundamentals I don’t mean the deploying the latest and greatest elastic-something-or-other – I mean...