Exploring Kali Linux Alternatives: Getting Started with Pentoo for Advanced Software Installations
Kali Linux is probably the most well-known hacking distribution among penetration testers. However, there are alternative distros which offer versatility and advanced package management systems that are absolutely worth considering. One such distribution is Pentoo, a Gentoo-based operating system created by Grimmlin and maintained by Rick Farina (aka "Zero_Chaos"), a…
How to Take Control of Sonos IoT Devices with Python
Many popular IoT devices have terrible security. For instance, a hacker who's on the same Wi-Fi network as a Sonos speaker can assume direct control over the device's behavior. If an IoT device doesn't secure the messages used to control it over a network, it's easy for somebody to write…
Secret Service: Theft Rings Turn to Fuze Cards
Street thieves who specialize in cashing out stolen credit and debit cards increasingly are hedging their chances of getting caught carrying multiple counterfeit cards by relying on Fuze Cards, a smartcard technology that allows users to store dozens of cards on a single device, the U.S. Secret Service warns. A…
Google Public DNS now supports DNS-over-TLS
Posted by Marshall Vale, Product Manager and Puneet Sood, Software EngineerGoogle Public DNS is the world’s largest public Domain Name Service (DNS) recursive resolver, allowing anyone to convert Internet domain names like www.example.com into Internet addresses needed by an email application or web browser. Just as your search queries can…
Patch Tuesday, January 2019 Edition
Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few…
My Social Media Detox, part 1: Facebook account
Right after new year’s, I’ve decided to start a process of “social media detox”: one of my 2019 goals is to find more time left to read, study and watch movies. Of course social networks are main candidates to get excluded from my daily routine, without excluding privacy implication! So,…
Dirt-Cheap, Legit, Windows Software: Pick Two
Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction, mainly because you may not have full control over who has access…
“Town of Salem” leak: more than 2 million password hashes are already cracked
…and are available to download. Personal details of 7.6 million users of BlankMediaGames game “Town of Salem” has been stolen by an unknown attacker. Town of Salem is a browser-based game that challenges players on their ability to convincingly lie as well as detect when other players are lying. The…
New Windows 10 build silences Cortana, brings passwordless accounts
The latest Insider build of Windows 10, 18309, expands the use of a thing that Microsoft has recently introduced: passwordless Microsoft accounts. It's now possible to create a Microsoft account that uses a one-time code delivered over SMS as its primary authenticator, rather than a conventional password. In the new…
Apple Phone Phishing Scams Getting Better
A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an…
Bay Area: Join us 1/9 to talk about personal data security in 2019
Enlarge / Askhan Soltani has worked with the FTC and as an independent researcher, exploring data privacy issues. Recently, he testified about Facebook's privacy policies before the US and UK governments. (credit: Ashkan Soltani) The Cambridge Analytica scandal. Data breaches at hotels, banks, rideshare companies, and hospitals. Facial recognition. DNA…
Tactical Nmap for Beginner Network Reconnaissance
When it comes to attacking devices on a network, you can't hit what you can't see. Nmap gives you the ability to explore any devices connected to a network, finding information like the operating system a device is running and which applications are listening on open ports. This information lets…
Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack
Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over…
Happy 9th Birthday, KrebsOnSecurity!
Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com! This past year featured some 150 blog posts, but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed their knowledge, wit and…
Improving request debugging in Cloudflare Workers
At Cloudflare, we are constantly looking into ways to improve development experience for Workers and make it the most convenient platform for writing serverless code.As some of you might have already noticed either from our public release notes, on cloudflareworkers.com or in your Cloudflare Workers dashboard, there recently was a…