Clik here to view.
ArsTechnica: Security Content: Cisco kills leaked CIA 0-day that let...
Cisco Systems has patched a critical flaw that even novice hackers could exploit using Central Intelligence Agency attack tools that were recently leaked to the Internet.As previously reported, the...
View ArticleClik here to view.
Un informático en el lado del mal: Pentesting Windows: Buscar...
Una vez que se está en una máquina comprometida en un proceso de auditoría podemos necesitar escalar privilegios en la máquina. En este blog ya hemos visto diferentes herramientas que ayudan a realizar...
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Wednesday, May...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSANS Internet Storm Center, InfoCON: green: OAuth, and It's High Time for...
After Bojans recent story on the short-lived Google Docs OAuth issues last week (https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/), I got to thinking. The compromise...
View ArticleClik here to view.
KPNC: vulnerability in… WinCalc (Win7, x64)
I will never go out of business in this country. thanks to Microsoft. who would have thought that wincalcis vulnerable? I have not checked all systems yet, so this is my configuration: Windows 7...
View ArticleClik here to view.
PandaLabs: PowerLocker
PowerLocker, also called PrisonLocker, is a new family of ransomware which in addition to encrypting files on the victim’s computer (as with other such malware) threatens to block users’ computers...
View ArticleClik here to view.
/dev/random: Identifying Sources of Leaks with the Gmail “+” Feature
For years, Google is offering two nice features with his gmail.com platform to gain more power of your email address. You can play with the “+” (plus) sign or “.” (dot) to create more email addresses...
View ArticleClik here to view.
ArsTechnica: Security Content: Macron campaign team used honeypot accounts to...
Enlarge/ Newly elected French president Emmanuel Macron poses with a woman for a selfie. (credit: PATRICK KOVARIK / Getty Images)The failed effort by Russian attackers to influence the outcome of the...
View ArticleSANS Internet Storm Center, InfoCON: green: Read This If You Are Using a...
I love it when people write tools to pull data from this site, and we try to accommodateautomated tools like this with our API. but sometimes, scripts go bad and we keep having cases were scripts pull...
View ArticleFortinet FortiGuard Blog: Security Research News in Brief - April 2017 Edition
Welcome back to our monthly review of some of the most interesting security research publications. Previous edition: March 2017 What happened to your home? IoT Hacking and Forensic with 0-day from...
View ArticleClik here to view.
Un informático en el lado del mal: Fear the FOCA: Descargar FOCA y el plugin...
Nuestra querida FOCA Final Version sigue siendo una de las herramientas más populares, y las descargas de la misma siguen siendo muchísimas. Si te has leído el libro de Pentesting con FOCA, sabrás que...
View ArticleClik here to view.
Didier Stevens: Crack A ZIP Password, And Fly To Dubai …
We had to crack a password protected ZIP file, to discover that just few hours later, we would fly to Dubai for our NVISO team building event.This inspired me to update my zipdump.py tool. This tool...
View ArticleSANS Internet Storm Center, InfoCON: green: Seamless Campaign using Rig...
IntroductionOn Wednesday 2017-05-10, @thlnk3r tweeted about Rig exploit kit (EK) activity. @DynamicAnalysis has already posted an analysis of this traffic on malwarebreakdown.com (always a good read),...
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Thursday, May...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear blog readers, it's been several years since I last posted a quality update, further sharing actionable intelligence with the security community. As, it's been several years since I last posted a...
View ArticleFortinet FortiGuard Blog: Byline: Security Platform vs. Security Fabric
Far too often, security tools are wrapped in marketing language that doesn’t always effectively communicate—or sometimes, even intentionally obscures—what a device or tool is able to do. Visit any...
View ArticleClik here to view.
ArsTechnica: Security Content: HP laptops covertly log user keystrokes,...
Enlarge/ Keyloggers like this one surreptitiously store passwords and other confidential data entered into a computer. (credit: infosectoday.com)HP is selling more than two dozen models of laptops and...
View ArticleFortinet FortiGuard Blog: Deep Analysis of Esteemaudit
A Windows 2003 RDP Zero Day Exploit In this blog, the FortiGuard team takes a look at Esteemaudit, which is an exploit that was included in the set of cybertools leaked by the hacker group known as...
View ArticleFortinet FortiGuard Blog: White House Announces New Cybersecurity Executive...
President Trump just signed a new cybersecurity Executive Order that has important implications, not only for federal agencies, but for Critical Infrastructures as well.
View ArticleClik here to view.
Didier Stevens: Quickpost: ZIP Password Cracking With John The Ripper
Here is how to crack a ZIP password with John the Ripper on Windows:First you generate the hash with zip2john:Then you run john:In this example, I use a specific pot file (the cracked password list)....
View Article