M. von Dach

1,152 Flips | 1 Magazine | 3 Likes | 1 Following | 1,946 Followers | @illubaba | Penetration Tester, Ethical Hacker

JavaScript Coinhive in Excel

Timeline:<p>This morning, I read that Microsoft announced that they have added JavaScript functions into the insiders preview build of Excel.<p>Like most …

Drupwn – Drupal Enumeration Tool & Security Scanner

Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.Drupwn Drupal …

Volkswagen and Audi Cars Vulnerable to Remote Hacking

A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are …

Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts

Introduction<p>Last week, I was hunting around the Windows Operating System for interesting scripts and binaries that may be useful for future …

IT must patch against Total Meltdown now: The source code is on GitHub

A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it's freely available.<p>Building a slide deck, pitch, or …

How To Surf China's Internet Freely Despite The Latest Ban

If you’re a common netizen in China, the 2018 ban on unauthorized virtual private networks means it’s harder now than ever to look at blocked websites such as Facebook, Wikipedia and YouTube. Chinese officials worry those sites and others from overseas may contain anti-government ideas.<p>Chinese …

China

Russia's Telegram block tests Putin's ability to control the web

On Sunday, April 22, paper planes started gliding through the sky from tower blocks in Moscow. The planes used in the small-scale protest mimicked …

“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers

Bug patched in March is still being exploited to take full control of servers.<p>Attackers are mass-exploiting a recently fixed vulnerability in the …

Russia Accidentally Sabotages Its Internet

It’s the latest Kremlin attempt to clamp down on Russians’ online activity. And it blocked almost 16 million IP addresses belonging to Amazon and …

Cyber criminals earn $1.5 trillion through Amazon, Facebook and Instagram exploitation

The exploitation of companies like Amazon, Facebook and Instagram has caused a $1.5 trillion boom in cyber crime, according to new research.<p>The study …

Social Media

Kaspersky Lab Open-Sources its Threat-Hunting Tool

3/28/2018<br>10:23 AM<p>50%<p>50%<p>'KLara' was built to speed up and automate the process of identifying malware samples.<p>Kaspersky Lab is now offering its …

Chrome Is Scanning Files on Your Computer, and People Are Freaking Out

Some cybersecurity experts and regular users were surprised to learn about a Chrome tool that scans Windows computers for malware. But there’s no reason to freak out about it.<p>The browser you likely use to read this article scans practically all files on your Windows computer. And you probably had …

Over 20 Million Users Installed Malicious Ad Blockers From Chrome Store

If you have installed any of the below-mentioned Ad blocker extension in your Chrome browser, you could have been hacked. A security researcher has …

How To: Automate Brute-Force Attacks for Nmap Scans

Using Hydra, Ncrack, and other brute-forcing tools to crack passwords for the first time can be frustrating and confusing. To ease into the process, …

Inside the Unnerving Supply Chain Attack That Corrupted CCleaner

In September, security researchers at Cisco Talos and Morphisec made a worst nightmare-type disclosure: the ubiquitous computer cleanup tool CCleaner …

Yahoo and AOL are analysing users' emails, pictures and financial data

<b>The owner of Yahoo and AOL, Verizon’s Oath, has updated its privacy policy for the two services and, considering the ongoing Facebook scandal, you</b> …

Zuckerberg admits Facebook tracks non-users, sparking new outrage

Facebook CEO Mark Zuckerberg has revealed the world’s largest social network doesn't just collect the information of its users - it also tracks …

200,000 Cisco Network Switches Reportedly Hacked

sponsored by<p>What Remediation Steps Should Be Taken? Geetha Nandikotkur (AsiaSecEditor) • April 9, 2018<p>Over 200,000 Cisco network switches worldwide …

26 of the 115 most popular VPNs are secretly keeping tabs on you

A recent investigation into 115 of the world’s most popular VPN services revealed that many are antithetical to their stated claims. To build trust, providers make promises not to track users through logs or other identifying information. But as a popular VPN comparison site found out, this isn’t …

Facebook Really Is Spying on You, Just Not Through Your Mic

“Can I try the Cole Haans in a size 8?” Later that night on Facebook: An advertisement for Cole Haan pumps.<p>OK, maybe a coincidence.<p>“What’s the best high-tech scale?” my wife asks aloud. Five minutes later on Instagram: An ad for scales.<p>Wait, are they listening?<p>“Get the little red Sudafed pills,” my …

Privacy

The Leaked NSA Spy Tool That Hacked the World

An elite Russian hacking team, a historic ransomware attack, an espionage group in the Middle East, and countless small time cryptojackers all have …

Hardcoded Password Found in Cisco Software

Cisco released 22 security advisories yesterday, including two alerts for critical fixes, one of them for a hardcoded password that can give …

Russians suspected of new German attack may 'have been inside system for a year'

German intelligence services and federal specialists are investigating "an IT security incident".<p><i>Video: Australia blames Russia for NotPetya …

German Politics

Firefox Configuration Guide for Privacy Freaks and Performance Buffs

See the revision history at the end of this document for a list of changes.<p>Introduction<p>Many of us are aware of the immense threats to our privacy and …

Facebook employees are next-level paranoid the company is watching them

A recent <i>Wired</i> profile details the lengths at which Facebook employees are willing to go to ensure the company isn’t monitoring their communications.<p>The piece examines two years of Facebook’s struggles, detailing everything from its Trending Topics debacle, to the dismissal, acceptance, and regret …

Employment

A Hacker Has Wiped a Spyware Company’s Servers—Again

"I don't want to live in a world where younger generations grow up without privacy."<p>Last year, a vigilante hacker broke into the servers of a company that sells spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done …

FedEx customer information exposed in data breach

An unsecured FedEx server was breached, exposing thousands of customers' personal information, a prominent security research firm discovered earlier …

Security

Hackers could bypass Lenovo's fingerprint scanner using a hardcoded password - Are you affected?

The company detailed the security flaw discovered in its Fingerprint Manager Pro software in a security advisory last week.<p>Lenovo has disclosed a …

How To: Inject Coinhive Miners into Public Wi-Fi Hotspots

Coinhive, a JavaScript cryptocurrency miner, was reportedly discovered on the BlackBerry Mobile website. It was placed there by hackers who exploited …

Upcoming Windows 10 update will reveal what data Microsoft is collecting about you

When Windows 10 was first released, the OS was received well enough on its merits but users were quick to voice concerns regarding Microsoft's new …