Christiaan

470 Flips | 1 Magazine | 1 Like | 3 Followers | @christiaan008 | Keep up with Christiaan on Flipboard, a place to see the stories, photos, and updates that matter to you. Flipboard creates a personalized magazine full of everything, from world news to life’s great moments. Download Flipboard for free and search for “Christiaan”

Tech-support scammers revive bug that sends Chrome users into a panic

Similar bugs reportedly affect Firefox and other browsers, too.<p>Con artists pushing tech-support scams are once again exploiting a Chrome bug that can …

IT security

Ph0Neutria - A Malware Zoo Builder That Sources Samples Straight From The Wild

ph0neutria is a malware zoo builder that sources samples straight from the wild. Everything is stored in Viper for ease of access and …

Linux

Banks ordered to show tech back-up plans

<b>UK banks have been told to explain how they would cope with a technology failure or cyber-attack.</b><p>The Bank of England and the Financial Conduct Authority have given financial firms three months to detail how they would respond if their systems failed.<p>Some TSB customers were left unable to access …

Bank of England

After Strava, Polar is Revealing the Homes of Soldiers and Spies

Polar, a fitness app, is revealing the homes and lives of people exercising in secretive locations, such as intelligence agencies, military bases and …

Heart Rates

When an insider rides Pegasus into the dark web

The white hat cybersecurity sector, specifically the Israeli cybersecurity firm NSO Group, experienced what happens when a well-motivated employee …

Cybersecurity

Trackerjacker - Like Nmap For Mapping Wifi Networks You'Re Not Connected To, Plus Device Tracking

Like nmap for mapping wifi networks you're not connected to. Maps and tracks wifi networks and devices through raw 802.11 monitoring.<br>PyPI page: …

Wi-Fi

Blue Team fundamentals Part Two: Windows Processes.

In part one I touched on logging and the importance of working with what you have already got, rather than trying to reinvent the wheel. There is no …

The $12,000 Intersection between Clickjacking and XSS

One of the more challenging tasks in web app pentesting is approaching an application that has limited interaction. It’s very easy to give up after …

Cybersecurity

You Can Bypass Authentication on HPE iLO4 Servers With 29 "A" Characters

Details and public exploit code have been published online for a severe vulnerability affecting Hewlett Packard Integrated Lights-Out 4 (HP iLO 4) …

Information Security

DoublePulsar exploit targeting Windows Embedded devices

Recent reports indicate a new wave of footprinting and implantation by a modified version of DoublePulsar, an alleged NSA tool leaked by the Russian …

Cybersecurity

Delving deep into VBScript

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our …

Cybersecurity

Geodo Malware Targets Patriots with Phishing Attack on Eve of American Independence Day Holiday

By Brendan Griffin and Max Gannon A classic phishing technique involves timing attacks to match major holidays and other global and regional events. …

Phishing

To crypt, or to mine – that is the question

Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting …

Cybersecurity

Malware “WellMess” Targeting Linux and Windows

Some malware is designed to run on multiple platforms, and most commonly they are written in Java. For example, Adwind malware (introduced in a past …

Cybersecurity

Malware-Traffic-Analysis.net - 2018-07-03 - Emotet infection traffic with Zeus Panda Banker

2018-07-03 - EMOTET INFECTION TRAFFIC WITH ZEUS PANDA BANKER<p>ASSOCIATED FILES:<p>2018-07-03-Emotet-malspam-12-email-examples.txt (11,850 …

Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor

<i>by Loseway Lu</i>Despite being around for decades, cybercriminals are still using malicious macro to deliver malware, albeit in more creative ways to …

Cybersecurity

mkcert

mkcert is a simple tool for making locally-trusted development certificates. It requires no configuration.<p>Using certificates from real CAs for …

Linux

Masc - A Web Malware Scanner

A malware (web) scanner developed during CyperCamp Hackathon 2017.<p><b>Features</b><p>At the moment, there are some features avaiable for any type of website …

Linux

New macro-less technique to distribute malware

One of the most common and effective infection vectors, especially for businesses, is the use of malicious Office documents. This year alone, we …

Cybersecurity

Mozilla Announces Root Store Policy Update

<b>Mozilla announced on Monday that its Root Store Policy for Certificate Authorities (CAs) has been updated to version 2.6.</b><p>The Root Store Policy …

Information Security

"Bedrijven moeten voorkomen dat desktops elkaar besmetten"

Welcome To The OWASP Application Security Verification Standard (ASVS) Web App - Release Name: Marbles

The OWASP Application Security Verification Standard (ASVS) is a community-effort to establish a framework of security requirements and controls that …

DevOps

Where we go, we don't need files: Analysis of fileless malware "Rozena"

Fileless malware leverages exploits to run malicious commands or launch scripts directly from memory using legitimate system tools such as Windows …

Cybersecurity

Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site

<i>by Jindrich Karasek and Loseway Lu</i>The practicality of cryptocurrency mining on devices connected to the internet of things (IoT) is often a …

Cybersecurity

Awesome Windows Domain Hardening

A curated list of awesome Security Hardening techniques for Windows.<p>Created by gepeto42 and PaulWebSec but highly inspired from PyroTek3 …

DNS Security: Hacking and Defending the Domain Name System

DNS Security: Hacking and Defending the Domain Name System [Allan Liska] on . *FREE* shipping on qualifying offers. DNS Security: Hacking and …

Information Security

A Dark Web Analysis of the Bank of Montreal and Simplii Financial Breach

Here is our analysis of how the hacker performed this breach and tried to extort these bank branches based on the digital breadcrumbs this hacker …

Bay Street

NSA-Linked Implant Patched to Work on Windows Embedded

<b>DoublePulsar, one of the hacking tools the Shadow Brokers supposedly stole from the National Security Agency (NSA)-linked Equation Group, can now run</b> …

Malware

Rat breaches bank ATM in India, eats $18,000 worth of cash | Reuters

GUWAHATI, India (Reuters) - When bank technicians in India were finally summoned to investigate why an ATM (automated teller machine) had not been working for days, they began to smell a rat.<p>What they found inside the ATM was almost $18,000 worth of shredded Indian rupee notes and one dead rodent …

India

Powershell-RAT – Gmail Exfiltration RAT

Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail …

Information Security