PRINT
PRINT
SEND MAIL
SEND MAIL

Month: July 2018

Active DirectoryMacNEW TOOLSResponderSMBSMB RelayUsernames

Ridrelay – Quick And Easy Way To Get Domain Usernames While On An Internal Network

Enumerate usernames on a domain where you have no creds by using SMB Relay with low priv. Quick and easy way to get domain usernames while on an internal network.How it worksRidRelay combines the SMB Relay attack, common lsarpc based queries and RID cycling to get a list of domain usernames. It takes these steps:Spins up an SMB server and waits for an incoming SMB connectionThe incoming credentials are relayed to a specified target, creating a connection with the context of the relayed userQueries are…

Cyber ThreatsEDITOR’S NEWS

Mimecast acquires Israeli cybersecurity vendor Solebit for $88m

UK data security company Mimecast Ltd. today announced that it has acquired Israeli cybersecurity company Solebit for $88 million. This will mean the Herzilya based company will now become Mimecast’s Isreal development centre. Solebit provides a fast, accurate and computationally efficient approach for the identification and isolation of zero-day malware and unknown threats in data files as well as links to external resources. Mimecast says that the acquired cybersecurity technology will enhance its cyber resilience platform architecture and that Solebit provides powerful threat protection to help…

Cyber ThreatsTOP 10 STORIES

Chinese “hackers” are sending malware via snail mail

In what amounts to one of the simplest but most baffling forms of social engineering,  hackers from China have taken to sending CDs full of malware to state officials, leading the Multi-State Information Sharing and Analysis Center, a government security outfit, to release a warning detailing the scam. The trick is simple: a package arrives with a Chinese postmark containing a rambling message and a small CD. The CD, in turn, contains a set of Word files that include script-based malware. These scripts run…

Cyber ThreatsTOP 10 STORIES

How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign

Security researchers at Check Point have lifted the lid on the infrastructure and methods of an enormous “malvertising” and banking trojan campaign. The operation delivered malicious adverts to millions worldwide, slinging all manner of nasties including crypto-miners, ransomware and banking trojans. View Full Story ORIGINAL SOURCE: The Register The post How hack on 10,000 WordPress sites was used to launch an epic malvertising campaign appeared first on IT SECURITY GURU.

DistributedDoSDoS Test ToolGoldenEyeNEW TOOLS

GoldenEye v1.2.0 – Layer 7 (KeepAlive+NoCache) DoS Test Tool

GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!GoldenEye is a HTTP DoS Test Tool.Attack Vector exploited: HTTP Keep Alive + NoCacheUsage USAGE: ./goldeneye.py <url> [OPTIONS] OPTIONS: Flag Description Default -u, --useragents File with user-agents to use (default: randomly generated) -w, --workers Number of concurrent workers (default: 50) -s, --sockets Number of concurrent sockets (default: 30) -m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get) -d, --debug Enable Debug Mode [more verbose output] (default: False) -n, --nosslcheck Do not…

Cyber ThreatsEDITOR’S NEWS

Most common web-based vulnerabilities still prevalent after nine years

Analysis of vulnerabilities discovered by NCC Group researchers over the last nine years found that instances of common web-based vulnerabilities have largely refused to fall over during this time, with cross-site scripting (XSS) vulnerabilities appearing the most frequently.   The global cyber security and risk mitigation expert found that despite this type of vulnerability being understood across the industry for decades, XSS flaws, which enable attackers to inject malicious scripts into websites or victim browsers, still account for 18% of all bugs logged.  …

Cyber ThreatsEDITOR’S NEWS

UK Card Fraud Falls 8 Percent in 2017 as Criminals Seek New Battlegrounds

Silicon Valley analytic software firm FICO today released its annual interactive map which reveals changes in card fraud across Europe. Based on data from Euromonitor International and UK Finance, the map shows which countries have made significant gains in the fight against payments card fraud in 2017. France and the UK achieved reductions of 6 and 8 percent, respectively, for the biggest reductions in net fraud losses. This is despite losses across the 19 countries surveyed rising by €30 million, or 2 percent.  …

Cyber ThreatsEDITOR’S NEWS

ICO reveals fivefold increase in personal data breach reports

The Information Commissioner’s Office (ICO) has revealed a big rise in the number of self-reported personal data breach notifications in the first full month following the introduction of the new General Data Protection Regulation (GDPR). During a webinar for data controllers posted on the ICO website, Laura Middleton, head of the ICO’s personal data breach reporting team revealed there were 1,792 personal data breaches notified to the ICO in June, following the introduction of the GDPR on 25 May 2018. This was a 173…

Cyber ThreatsTOP 10 STORIES

Cosco Systems Fully Recovered from Cyber Attack

China’s state-run COSCO Shipping Lines said Monday its network applications in the Americas have been completely recovered after the company’s operations had been hit by a cyberattack last week. View Full Story ORIGINAL SOURCE: American Shipper The post Cosco Systems Fully Recovered from Cyber Attack appeared first on IT SECURITY GURU.