Technology & Security News

By ItsAllAboutTheBytes.com | Tech news and Solutions , Cisco info and tutorials. www.itsallaboutthebytes.com

Backdoored images downloaded 5 million times finally removed from Docker Hub

17 images posted by a single account over 10 months may have generated $90,000.<p>A single person or group may have made as much as $90,000 over 10 …

Docker

Time to cover your webcam? This stealthy spyware records video and audio

Sneaky malware is highly targeted and goes out the way to avoid detection - and nobody knows how it infects its victims.<p>What is malware?<p>Cyber attacks …

An Intro to Web Scraping with lxml and Python

Why should you even bother learning how to web scrape? If your job doesn't require you to learn it, then let me give you some motivation. What if you …

Changes to PCI Compliance are Coming June 30. Is Your Ecommerce Business Ready?

In 2015, the Payment Card Industry (PCI) updated their standards for encrypting online and ecommerce transactions. For years the SSL and TLS 1.0 protocols were enough, but as hackers have gotten savvier the industry has been forced to adapt. To that end, businesses processing payments online must …

Information Security

Google patches reCAPTCHA bypass vulnerability

The security flaw allowed attackers to circumvent the reCAPTCHA bot protection system.<p>Google has resolved a security vulnerability in reCAPTCHA which …

Information Security

Sonic and ultrasonic attacks damage hard drives and crash OSes

Sounds played over off-the-shelf or embedded speakers often require a reboot.<p>Attackers can cause potentially harmful hard drive and operating system …

FireEye Offers Free Tool to Detect Malicious Remote Logins

Open source GeoLogonalyzer helps to weed out hackers exploiting stolen credentials to log into their targets.

Jira bug exposed private server keys at major companies, researcher finds

A major TV network, a UK cell giant, and one US government agency are among the companies affected.<p>Several tech giants and major companies are …

Splunk playbook Objectives

This playbook deploys configuration changes to setup a Splunk cluster with independent components.<p>Configure all splunk nodes with common …

Set up your own malware analysis lab with VirtualBox, INetSim and Burp - Christophe Tafani-Dereeper

1. Creating the virtual machines<p>Here are two links you can use to download Ubuntu and Windows 7 virtual machine images.<p><b>Ubuntu</b> (victim machine 1 and …

Hack the Box Challenge: Jeeves Walkthrough

Hello Friends!! Today we are going to solve another CTF Challenge “Jeeves”. This VM is also developed by Hack the Box, Jeeves is a Retired Lab and …

Airpydump - Analyze Wireless Packets On The Fly. Currently Supporting Three Working Modes (Reader, Live, Stealth)

Analyze Wireless Packets on the fly. Currently supporting three working Modes (Reader, Live, Stealth)<b><br>Description</b>airpydump is a wireless packet …

Student awarded $36,000 for remote execution flaw in Google App Engine

The discovery was made by a university student who was not aware of how dangerous the vulnerability was.<p>Google has awarded a young cybersecurity …

Whoisleak - This Tool Queries The Emails That Registered The Domain And Verifies If They Were Leaked In Some Data Leak

This tool queries the emails that registered the domain and verifies if they were leaked in some data leak.<b><br>To install</b><b><br>Usage Example</b><b><br>Contact /</b> …

Solar-powered devices pull water vapor straight out of thin air in Australia

People across Australia may soon drink clean water pulled straight out of thin air. The water will be supplied by an array of solar-powered devices …

Portable

This malware is harvesting saved credentials in Chrome, Firefox browsers

Researchers say the new Vega Stealer malware is currently being used in a simple campaign but has the potential to go much further.<p>Vega Stealer …

Critical PGP and S/MIME bugs can reveal encrypted emails—uninstall now [Updated]

The flaws can expose emails sent in the past and "pose an immediate threat."<p><i>The research for this post is now public. See this post for details. A</i> …

Simulating Advanced Persistent Threat Group Activity - Red Flare Security

Advanced Persistent Threats (APT) groups are elite adversaries that combine multiple advanced attack vectors with stealth to avoid detection. APT …

Who wants to go threat hunting?

I’ve been a lot of things in my professional career including paramedic, accountant, computer trainer, PC/network technician, VP of IT, consultant …

Here Is What We Should Teach All Software Developers About Security

I've received this question a couple of weeks ago and I believe it's valuable enough to spread my thoughts on the subject here as well.<p>Having been a …

4 Changes You Need to Make Now to Comply With the EU's Tough New Data Law

Non-compliance can lead to hefty fines whether your company is based in the European Union or not.<p>5 min read<p>You have probably heard about the European Union’s (EU) General Data Protection Regulation (GDPR) Rules. Even if your company isn't based in the EU, these regulations will apply to you if you …

SQL Injection 101: How to Fingerprint Databases & Perform General Reconnaissance for a More Successful Attack

Know thy enemy — wise words that can be applied to many different situations, including database hacking. It is essential to performing adequate …

5 ways to install automated smart windows blinds in your home

It's one thing to have your lights, music and television switch on with voice commands or the tap of a smartphone app, but to give your home a truly …

Microsoft Releases a "Windows Command Reference" For Over 250 Console Commands

Microsoft released a 948 page PDF titled the "Windows Command Reference" that contains documentation on over 250 Windows console commands. For each …

Signal could get kicked out of Amazon Web Services

Encrypted messaging service Signal received a curious email from Amazon Web Services. The representative at Amazon is saying that Signal is violating the terms of service by using domain fronting to avoid censorship.<p>Signal isn’t necessarily the most popular messaging app. But chances are you’ve …

Stop Using WhatsApp If You Care About Your Privacy

Privacy has always been a key feature and popular selling point for the messaging app WhatsApp. Company co-founder Jan Koum grew up in the Soviet …

Microsoft is reportedly working on a leaner Windows 10 (again)

Microsoft’s first attempt to create a lighter version of Windows 10 – which it dubbed Windows 10 S – didn’t go so well, because it did away with the platform’s best feature: its ability to run a crapton of legacy apps. Now, it’s taking another shot with Windows 10 Lean.<p>That’s from the folks at …

Police take down the world's largest DDoS-for-hire service

The internet might be slightly safer against distributed denial of service attacks in the near future... slightly. Police in twelve countries have taken down WebStresser, believed to be the world's largest service for paid DDoS attacks. The joint campaign (Operation Power Off) seized WebStresser's …