May 2019 – Security

How to Find Identifying Information from a Phone Number Using OSINT Tools

May 31, 2019 by Kody

Kody

Phone numbers often contain clues to the owner's identity and can bring up a lot of data during an OSINT investigation. Starting with a phone number, we can search through a large number of online databases with only a few clicks to discover information about a phone number. It can…

Hacking Windows 10: How to Turn Compromised Windows PCs into Web Proxies

May 31, 2019 by tokyoneon

tokyoneon

A hacker with privileged access to a Windows 10 computer can configure it to act as a web proxy, which allows the attacker to target devices and services on the network through the compromised computer. The probes and attacks appear to originate from the Windows 10 computer, making it difficult…

Hacking Windows 10: How to Turn Windows PCs into Web Proxies

May 31, 2019 by tokyoneon

tokyoneon

NY Investigates Exposure of 885 Million Mortgage Documents

May 31, 2019 by BrianKrebs

BrianKrebs

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. [NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial…

Podcast Episode 18: Scaling a WordPress Agency with Entrepreneur Verious Smith

May 31, 2019 by Kathy Zant

Kathy Zant

At WordCamp Orange County, Mark interviewed Verious Smith from Philoveracity Design, a digital agency in southern California. Verious has also been the lead organizer of WordCamp Riverside and runs WordPress meetups to give back to the community. Mark and Verious talk about the challenges of entrepreneurship, growing from freelancer to…

Join Cloudflare India Forum in Bangalore on 6 June 2019!

May 31, 2019 by Tingting (Teresa) Huang

Tingting (Teresa) Huang

Please join us for an exclusive gathering to discover the latest in cloud solutions for Internet Security and Performance.Cloudflare Bangalore MeetupThursday, 6 June, 2019: 15:30 - 20:00Location: the Oberoi (37-39, MG Road, Yellappa Garden, Yellappa Chetty Layout, Sivanchetti Gardens, Bengalore)We will discuss the newest security trends and introduce serverless solutions.We…

How to Create Packets from Scratch with Scapy for Scanning & DoSing

May 30, 2019 by Kody

Kody

By using almost any packet-crafting tool, a hacker can perform denial-of-service (DoS) attacks. With the power to create just about any packet with any characteristics, a hacker can easily find one that will take down a host or network. Nmap and Hping are effective packet manipulation tools, but there's also…

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors

May 30, 2019 by BrianKrebs

BrianKrebs

Canadian government regulators are using the country’s powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software. In March 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) — Canada’s equivalent of the U.S. Federal Communications Commission…

How to Hack Together a YouTube Playing Botnet Using Chromecasts

May 30, 2019 by Hoid

Hoid

Imagine being able to play a video instantly on hundreds of thousands of devices across the globe. It's totally possible, as long as all of those devices have a Chromecast plugged in. When Chromecasts are left exposed to the internet, hackers can use add them to a botnet that can…

Cloudflare Repositories FTW

May 30, 2019 by Guest Author

Guest Author

This is a guest post by Jim “Elwood” O’Gorman, one of the maintainers of Kali Linux. Kali Linux is a Debian based GNU/Linux distribution popular amongst the security research communities.Kali Linux turned six years old this year!In this time, Kali has established itself as the de-facto standard open source penetration…

Podcast Episode 17: 3 Severe WordPress Plugin Vulnerabilities

May 29, 2019 by Kathy Zant

Kathy Zant

Mikey Veenstra joins us to talk about three WordPress plugins with severe vulnerabilities affecting well over 150,000 WordPress installations. Two plugins have been patched, one has not. With Mark under deadline for a film project, Mikey also talks some security news with Kathy. We cover a Docker vulnerability, anatomy of…

Critical Vulnerability Patched in Popular Convert Plus Plugin

May 29, 2019 by Mikey Veenstra

Mikey Veenstra

Description: Unauthenticated Administrator Creation CVSS v3.0 Score: 10.0 (Critical) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Plugin: Convert Plus Plugin Slug: convertplug Affected Versions: <= 3.4.2 Patched Version: 3.4.3 On Friday May 24th, our Threat Intelligence team identified a vulnerability present in Convert Plus, a commercial WordPress plugin with an estimated 100,000…

Should Failing Phish Tests Be a Fireable Offense?

May 29, 2019 by BrianKrebs

BrianKrebs

Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for…

Know Your Limitations

May 29, 2019July 31, 2019 by Richard Bejtlich

Richard Bejtlich

At the end of the 1973 Clint Eastwood movie Magnum Force, after Dirty Harry watches his corrupt police captain explode in a car, he says "a man's got to know his limitations."I thought of this quote today as the debate rages about compromising municipalities and other information technology-constrained yet personal…

Some thoughts about Kerberos Golden Tickets

May 29, 2019 by Andrea Fortuna

Andrea Fortuna

Recently i’ve worked on a cybersecurity incident that involved the use of Silver Tickets on Kerberos. I think may be useful a brief recap about this attack technique. What is Kerberos? Kerberos authentication is currently the default authorization technology used by Microsoft Windows: introduced in Windows 2000, has becoming a…

1 2 3 … 6 Next »