ACE - Automated, Collection, and Enrichment Platform

The Automated Collection and Enrichment ACE platform is a suite of tools for threat hunters to collect data from many endpoints in a network and automatically enrich the data. The data is collected by running scripts on each computer without installing any software on the target. ACE supports...

Vulchain Scanner: 5 basic principles

New Year holidays in Russia lasts 10 days this year! Isn't it an excellent opportunity to start a new project? So, I decided to make my own active network vulnerability scanner - Vulchain. Why? Well, first of all, it's fun. You can make the architecture from scratch, see the difficulties invisibl...

Google Cracks Down On Nosy Android Apps

Google is cracking down on unwanted and harmful Android apps with a new effort that will show warnings on applications and on third-party websites distributing apps that collect personal data without user consent. The effort is an expansion of the Google Safe Browsing team’s mission to enforce th...

HP Silently Installs Telemetry Bloatware On Your PC—Here's How to Remove It

Do you own a Hewlett-Packard HP Windows PC or laptop? Multiple HP customers from around the world are reporting that HP has started deploying a "spyware" onto their laptops—without informing them or asking their permission. The application being branded as spyware is actually a Windows Telemetry...

CVE-2017-9316

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device...

Web Privacy Measurement Framework: OpenWPM

Web Privacy Measurement is the observation of websites and serves to detect, characterize and quantify privacy-impacting behaviors. Applications of Web Privacy Measurement include the detection of price discrimination, targeted news articles and new forms of browser fingerprinting. Although...

World’s top websites record all your browsing movements

By Waqas It is a widely known fact that a majority of This is a post from HackRead.com Read the original post: World’s top websites record all your browsing movements...

Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement

The security researchers at Princeton are posting You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, an...

Another preinstalled app found on OnePlus that could collect user data

By Waqas A couple of days ago it was reported that an This is a post from HackRead.com Read the original post: Another preinstalled app found on OnePlus that could collect user data...

ALPINE-CVE-2017-16820

The csnmpreadtable function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash or potentially have other impact...

Network Interference Detection Tool: ooniprobe

OONI, the Open Observatory of Network Interference, is a global observation network which aims is to collect high quality data using open methodologies, using Free and Open Source Software FL/OSS to share observations and data about the various types, methods, and amounts of network tampering in...

Privacy Clouds Form Over Mantistek Gaming Keyboard

Allegations a keylogger is embedded in the software of a popular gaming keyboard are dogging PC peripheral maker Mantistek. The Chinese manufacturer is facing a blizzard of accusations that its popular GK2 Mechanical Gaming Keyboard has spyware installed and is sending keystroke data back to the...

[SECURITY] Fedora 25 Update: check-mk-1.2.8p26-1.fc25

check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a new approach for collecting data from operating systems and network compone nts. It obsoletes NRPE, checkbyssh, NSClient, and checksnmp and it has many benefits, the most important are a significant reduction of CPU usag...

Veeam ONE Business Shows Irrelevant Data

Challenge Veeam ONE Business View shows outdated data or no data at all Cause Veeam ONE Reporter collection task has stuck or failed Solution Running data collection manually You can run data collection for Veeam ONE Reporter and Veeam ONE Business View manually. This can be necessary when...

Veeam ONE: SQL Express Maximum Database Size Limitation

Challenge When the Veeam ONE database is located in a SQL Express instance, if the database reaches the maximum allowed size, Veeam ONE will not be able to continue data collection, thus affecting data accuracy and alarm generation. Cause If you choose to host the Veeam ONE database on Microsoft...

Traditional OSINT Swiss Army Knife: Belati

Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose. This tools is inspired by Foca and Datasploit for OSINT. What Belati can do? WhoisIndonesian TLD Support Banner Grabbing Subdomain Enumeration Service Scanning for all Subdomain Machine W...

OnePlus Secretly Collects Way More Data Than It Should — Here’s How to Disable It

There is terrible news for all OnePlus lovers. Your OnePlus handset, running OxygenOS—the company's custom version of the Android operating system, is collecting way more data on its users than it requires. A recent blog post published today by security researcher Christopher Moore on his website...

BloodHound - Six Degrees of Domain Admin

BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks can...

The Data Tinder Collects, Saves, and Uses

Under European law, service providers like Tinder are required to show users what information they have on them when requested. This author requested, and this is what she received: Some 800 pages came back containing information such as my Facebook "likes," my photos from Instagram even after I...

CVE-2017-10793

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive...