Data Privacy Issues Trigger Soul Searching in Tech Industry

NEW YORK – For the tech industry, Facebook’s Cambridge Analytica scandal has led to a wave of self-examination when it comes to the culture around data collection and utilization – and what the price is for bad data privacy policies. While regulatory efforts, fines and consumer public sentiment...

Nextcloud: Github wikis are editable by anyone

Github wikis on the following projects https://github.com/nextcloud/fulltextsearch https://github.com/nextcloud/nextcloudpi https://github.com/nextcloud/spreed https://github.com/nextcloud/ocsms https://github.com/nextcloud/nextcloud-snap https://github.com/nextcloud/passman can be edited by any...

Domain Hunter - Checks Expired Domains For Categorization/Reputation And Archive.org History To Determine Good Candidates For Phishing And C2 Domain Names

Domain name selection is an important aspect of preparation for penetration tests and especially Red Team engagements. Commonly, domains that were used previously for benign purposes and were properly categorized can be purchased for only a few dollars. Such domains can allow a team to bypass...

How to Shop Online Like a Security Pro

'Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here's a quick refresher course on how to make it through the next few weeks without getting snookered...

Open Source IPS: Suricata

Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection IDS, inline intrusion prevention IPS, network security monitoring NSM and offline pcap processing. Suricata inspects the network traffic usi...

PoC Exploit Compromises Microsoft Live Accounts via Subdomain Hijacking

A proof-of-concept PoC attack details how an attacker can gain access a victim’s Microsoft Live webmail session, without having the person’s credentials. It relies upon the hijack of a Microsoft-owned Live.com website subdomain. The PoC, developed by CyberInt, demonstrates what it characterizes a...

Don’t Overlook Qualys Malware Detection

Cyber criminals are constantly looking for opportunities to infect legitimate websites with malware. They can use infected websites to cryptomine, steal data, hijack systems, deface pages, and do other damage to harm a company’s reputation and impact their users. This can result in lost revenue,...

How Digital Extortion Impacts Today’s Enterprises

By now, many enterprise decision-makers are familiar with the concept of digital extortion, particularly in the form of ransomware. These encryption-based attacks lock users out of their sensitive and valuable data, applications and operating systems. Attackers demand a ransom in the form of...

Mozilla Firefox < 57 Multiple Vulnerabilities

Binary data 700322.prm...

Carrier Grade Security Means … Using Carrier Grade Security

It’s a common mistake in enterprises to copy-paste security solutions from a peer. Strategies can be recycled, but sadly with even very similar businesses almost always have radically different IT and security requirements. I recall one hospital that looked at a nearly identical peer hospital tha...

Bitfi research receives Pwnie Award for ‘lamest vendor response’

The Pwnie Awards is an annual celebration of the achievements of security researchers and the security community. It's also an opportunity to roast vendors for lame responses to security concerns. The ceremony took place last night, August 8th, 2018 in Las Vegas at the BlackHat USA security...

Yelp: Unauthorized Use of Victim Credit Card

SUMMARY Yelp user's credit cards are at risk of being compromised There's a way by which a malicious attacker can make unauthorized purchases from the victim's credit card. Just by getting the victim to some external website and clicking on it, the victim would have eventually paid for some...

TalosIntelligence.com is rolling out a new dispute system

At Cisco Talos, we need customers to be able to provide feedback at all times, whether it be about false positives, false negatives, or missed categories. Because we deal with an abundance of data across our platforms — such as IPS alerts, AMP alerts and more — feedback helps us test the efficacy...

Excerpts from Modern Bank Heists – Data Gathering

Carbon Black recently published a report on how to gather data to improve the security posture of your enterprise. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps enterprises address their endpoint security challenges, check out our weekly Cb Defense Live Demo...

Augur: A miner can manipulate the gas reporting bond

Not entirely confident I've understood this system correctly, apologies if it's wrong and feel free to stop reading if you run into an obvious mistake... Summary: add summary of the vulnerability By creating a market with themselves as designated reporter and setting a very high gas price for the...

Internet Safety Month: How to manage your child’s online presence

When you hear the term "reputation risk management," you might think of a buzzword used in the business sector. Reputation risk management is a term used to describe how companies identify potential risks that may harm their reputation and mitigate them before they blow off. As companies grow, so...

Did my comment on your blog get lost?

If you ever feel bad about your job because of mindless tasks you must perform day after day, or if you're bothered by the fact that your chosen work pays crap, produces nothing useful, and helps no one: have a look at blog comment spammers and breathe a sigh of relief. They make almost any job...

Grab: Subdomain Takeover Via Insecure CloudFront Distribution cdn.grab.com

Good day, I truly hope it treats you awesomely on your side of the screen : I have found that your website cdn.grab.com is pointed via a cname to a cloudfront instance cdn.grab.com = .cloudfront.net This was not registered on Amazon Aws Cloudfront. I was able to take over the domain: See my POC P...

Actionable Threat Intelligence, Tailored to You

We are very excited to be launching the next generation of our Client Reputation product. This update takes Client Reputation a huge step further in providing our customers with truly actionable intelligence tailored for them. It computes an even better assessment of the real risk that every...

Introducing Web Security Analytics

Every security team knows that the success of any security product relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application, or worse - legitimate traffic being blocked. In addition, it...