Kategorie

Security experts say the incident shows that cybercriminals are using ransomware to hit companies where it hurts.

The United States Department of Justice today disclosed the identities of two Russian hackers and charged them for developing and distributing the Dridex banking Trojan using which the duo stole more than $100 million over a period of 10 years. Maksim Yakubets, the leader of 'Evil Corp' hacking group, and his co-conspirator Igor Turashev primarily distributed Dridex — also known as 'Bugat'

Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration.

Listen now!

Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle.

The AdKoob malware that sneakily peeks at how much you're spending on ads is back.

Today, we will be continuing with our exploration of Hack the Box (HTB) machines as seen in previous articles. This walkthrough is of an HTB machine named Popcorn. HTB is an excellent platform that hosts machines belonging to multiple OSes. It also has some other challenges as well. Individuals have to solve the puzzle (simple […]

The post Hack the Box (HTB) machines walkthrough series — Popcorn appeared first on Infosec Resources.

Hack the Box (HTB) machines walkthrough series — Popcorn was first posted on December 5, 2019 at 11:31 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Former Dutch city council member Mitchel van der K invaded hundreds of iCloud accounts “frequently and repeatedly”.

Python developers have once again fallen victim to malicious software libraries lurking in their favourite package manager.

HackerOne has paid out $20,000 to a bounty hunter who discovered a session cookie issue, due to "human error," on the bug bounty platform.

Android’s December 2019 updates arrived this week, patching a small list of system and Qualcomm flaws across the operating system’s two patch levels.

The authentication bypass (CVE-2019-19521) is remotely exploitable.

Yodel's mobile parcel delivery app was leaking people's delivery data to others using the app, a security researcher discovered.

The spyware gave complete control of victimized computers, sold for as little as$25, and was bought by 14,500 hackers worldwide.

Canonical has published a new security advisory today where the company behind the popular Ubuntu Linux operating system apologizes for a regression introduced by the latest Intel microcode firmware update.

Red Hat and CentOS have announced the availability of important kernel security updates for their Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system series that address two security vulnerabilities and numerous other bugs. Learn more:

Introduction In this article, we will discuss drive-by compromise attacks: exactly what they are and the different forms they can take. We will also see examples of how they are executed, how to detect them and how they can be mitigated against. Finally, we will take a look at the common Advanced Persistent Threat (APT) […]

The post MITRE ATT&CK: Drive-by compromise appeared first on Infosec Resources.

MITRE ATT&CK: Drive-by compromise was first posted on December 5, 2019 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction to the FTP protocol The File Transfer Protocol (FTP), as its name suggests, is designed for transferring files between computers. It is used for a variety of different purposes, but a common one is transferring pages to/from a remote web server. One of the issues with FTP is that it is a completely plaintext […]

The post Network Traffic Analysis for IR: FTP Protocol with Wireshark appeared first on Infosec Resources.

Network Traffic Analysis for IR: FTP Protocol with Wireshark was first posted on December 5, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Aviatrix, a supplier of open source enterprise virtual private networks (VPNs) to customers including BT, Nasa and Shell, has patched a serious vulnerability in its client that could have given an attacker escalation privileges on a machine to which they already had access. Learn more about this vulnerability and its implications for Linux users in an informative Computer Weekly article:

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group,