Clik here to view.
The off-brand 'military-grade' x86 processors, in the library, with the...
Black HatA forgotten family of x86-compatible processors still used in specialist hardware, and touted for "military-grade security features," has a backdoor that malware and rogue users can exploit...
View ArticleClik here to view.
Audit Windows AD security group changes with Azure Log Analytics
I’ve recently been asked to analyze admin behavior in an onprem windows AD forest. Question was if I knew of a cloud-based solution that could do the job. Me: “Hold my beer…!” Windows Server Active...
View ArticleAnti-Phishing Training vs. Software: Does Security Awareness Training Work?
Due to the increasing advances in today’s technology, endpoint protection, and security software solutions are becoming even better at protecting your data. However, while this software is becoming...
View ArticleCrestron Touchscreens Could Spy on Hotel Rooms and Meetings
The connected devices you think about the least are sometimes the most insecure. That's the takeaway from new research to be presented at the DefCon hacking conference Friday by Ricky Lawshae, an...
View ArticleClik here to view.
Millions of Android Devices Are Vulnerable Out of the Box
Android smartphones from Asus, LG, Essential, and ZTE are the focus of a new analysis about firmware bugs introduced by manufacturers and carriers. Joan Cros Garcia/Corbis/Getty Images Security...
View ArticleThe Phishing Response Playbook
Introduction As we know, Phishing remains one of the most well-known forms of Cyber-attacks to date. Although this form of threat has been in existence for a long time, the Cyber attacker of today has...
View ArticleVulnerable Smart City Devices Can Be Exploited To Cause Panic, Chaos
False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn. Earlier this year, many residents in Hawaii were thrown into a...
View ArticleHow to Detect & Prevent Payroll Phishing Attacks
Tax season is always the favorite time of the year for adversaries aiming to gain access to payroll data, but this year phishing schemes have surfaced earlier and in greater quantity than usual. A...
View ArticleBritish security expert mods USB-C Apple charger to deliver malware
Why it matters:USB-C has been hailed as a speedy communication interface and a conveniently reversible jack that plugs into your device for charging. Add to that the ease of Plug 'n' Play-type...
View ArticleHackers on new “secure” phone networks can bill your account for their...
I have good news! The infamous SS7 networks used by mobile operators to interoperate, e.g. when you’re roaming ― which were built on trust, essentially devoid of security, and permitted rampant fraud,...
View ArticleClik here to view.
深入解析由黑客组织DarkHydrus使用的Powershell恶意软件
你可能还会记得我之前写过一篇关于MuddyWaterAPT组织使用他们定制的Powershell恶意软件攻击中东组织的博文(好吧,如果你还没有看过,你可以点击 这里 进行查看)。在这篇博文中,我分析了恶意的VBA宏和高度混淆的PowerShell代码。你猜怎么着,现在又有另一个组织使用定制的Powershell恶意软件攻击了中东组织,尽管这次在感染方式上有所不同。这个组织被PaloAlto...
View ArticleClik here to view.
【安全帮】研究人员演示对三星手机的Meltdown攻击
摘要: 江苏侦破全国首例单位非法获取公民信息案,10万条业主信息泄露近日,盐城警方根据一市民举报装修推销骚扰电话顺藤摸瓜,调查发现一家装饰公司非法购买公民个人信息,同时将非法贩卖小区业主等个人信息10万余条的2名男子抓获。近日,警方对装饰公司罚款10万元,这也是盐城警... 江苏侦破全国首例单位非法获取公民信息案, 10 万条业主信息泄露...
View ArticleHow to Prevent CEO Fraud 10 Tips
CEO fraud scams are on the rise. They aren’t that different than other phishing emails, except most get it and think it’s from the boss. The FBI labels these type of attacks as BEC (Business Email...
View ArticleHow to Detect and Prevent Direct Deposit Phishing Scams
The same digital revolution that’s ushered in an era of business innovation has been as much of a boon for the enterprising criminal set. Moreover, organizations know that this revolution has a price...
View ArticleSecurity awareness, training, and education
Learning is a continuum: it starts with awareness, builds to training, and evolves into education. We can use the definitions provided by NIST for further clarity. Awareness the ability of the user to...
View ArticleClik here to view.
How to Detect and Prevent Secure Document Phishing Attacks
Secure document phishing attacks are some of the latest in client endpoint exploits that have been plaguing the computing world. While these phishing attempts may fool the uninformed, by reading this...
View ArticleClik here to view.
外媒爆料:朝鲜黑客频现,6月袭击韩国交易所5次
据cryptonews8月10日报道,一群恶意软件分析师称,今年6月份韩国一家加密货币交易所阻止了来自朝鲜的一系列黑客攻击。 黑客攻击未遂 媒体Newspim援引总部位于首尔的网络安全组织IssueMakersLab的消息,朝鲜黑客曾在6月1日、14日、15日、21日和25日多次对一家(未具体透露名称的)韩国交易所发动攻击。...
View ArticleClik here to view.
从攻防角度谈黑客与程序员
常言道:“未知攻,焉知防”,然,“知攻未必知防”! 01 ― 黑客的敌人是程序员 黑客所要攻破的任何一款产品,无论是网站、软件还是IoT硬件产品,这些都是由程序员开发的,所以他们要攻破的其实是程序员的安全思维缺陷。 所以说,黑客的敌人是程序员。但如果黑客本身就是程序员呢? 02 ― 会开发的黑客:知己知彼,百战不殆...
View ArticleClik here to view.
OpenTSDB远程命令执行漏洞分析 -【CVE-2018-12972】
OpenTSDB远程命令执行漏洞分析 -【CVE-2018-12972】 相关背景 Opentsdb是基于Hbase的分布式的,可伸缩的时间序列数据库。官方提供了一个web界面来提供对查询数据进行可视化分析,其背后的绘图由Gnuplot支持。其Github地址为: https://github.com/OpenTSDB/opentsdb...
View ArticleClik here to view.
极棒首次亮相DEF CON 世界超脑黑客揭秘AI安全尖端议题
美国当地时间8月10日,GeekPwn(极棒)2018在美国拉斯维加斯举办。作为中国网络安全界最前沿、最具活力的黑客赛事GeekPwn(极棒)首次登陆全球最具影响力的黑客大会DEF CON,与DEF CON最为知名的CTF大赛同场举办,吸引了数千名全球安全技术爱好者关注,展现了一场中西黑客文化碰撞的脑洞盛宴。...
View Article