👍1
Uber attack methodology: simplified with infographic 1. The hacker socially engineered an Uber employee to steal their credentials. 2. They then accessed Uber's VPN with the stolen credentials to connect to Uber's internal network. 3. While scanning Uber's internal network, the hacker discovered a shared network folder that contained PowerShell scripts. 4. The hacker identified a PowerShell script that included the username and password for an administrative user of a Privileged Access Management (PAM) tool, which stores secrets (e.g. credentials, keys, etc.). For Uber, this contained secrets for many internal systems and applications. 5. The hacker used secrets stored in PAM tools to access Uber's systems and applications. With control of this account, the attacker claimed, they were able to gain access tokens for Uber's cloud infrastructure, including Amazon Web Services, Google's GSuite, VMware's vSphere dashboard, the authentication manager Duo, and the critical identity and access management service OneLogin. 6. The hacker then taunted Uber by posted in their company slack instance, notifying them of the hack. Image credit : hacker Associates. Disclaimer: (This post has been shared only for technology education & knowledge sharing purpose. Image & Info has been taken from above mentioned source and credited to the author. There is no endorsement of any products or service.) Keep learning 📚 and keep growing 📈
10 Internet Security Myths That You Need To Forget
1️⃣This can’t happen to me, only important or rich people are targeted.
2️⃣ Install this/that security application and you’ll be fine.
3️⃣ I don’t need security programs because I don’t access unsafe locations.
4️⃣ I set some strong and complex passwords to my accounts, so I’ll be OK.
5️⃣ Internet security is expensive.
6️⃣ I only open emails from my friends, so I should be fine.
7️⃣ I download and access information from trusted sources. This keeps me safe.
8️⃣ My social networks are safe places. Friends will be friends.
9️⃣ I don’t have important information or sensitive data on my system. Why should I worry?
🔟 In case I get infected, I will see that for sure.
1️⃣This can’t happen to me, only important or rich people are targeted.
2️⃣ Install this/that security application and you’ll be fine.
3️⃣ I don’t need security programs because I don’t access unsafe locations.
4️⃣ I set some strong and complex passwords to my accounts, so I’ll be OK.
5️⃣ Internet security is expensive.
6️⃣ I only open emails from my friends, so I should be fine.
7️⃣ I download and access information from trusted sources. This keeps me safe.
8️⃣ My social networks are safe places. Friends will be friends.
9️⃣ I don’t have important information or sensitive data on my system. Why should I worry?
🔟 In case I get infected, I will see that for sure.
Best free password management applications:
1️⃣ https://lastpass.com/
2️⃣ https://www.passwordbox.com/
3️⃣ https://identitysafe.norton.com/
4️⃣https://www.wwpass.com/products/blackbook-pass-word-manager/
1️⃣ https://lastpass.com/
2️⃣ https://www.passwordbox.com/
3️⃣ https://identitysafe.norton.com/
4️⃣https://www.wwpass.com/products/blackbook-pass-word-manager/
Lastpass
#1 Password Manager & Vault App with Single-Sign On & MFA Solutions - LastPass
Go beyond saving passwords with the best password manager! Generate strong passwords and store them in a secure vault. Now with single-sign on (SSO) and adaptive MFA solutions that integrate with over 1,200 apps.
👍5
> https://github.com/htr-tech/nexphisher
> https://github.com/xHak9x/SocialPhish
> https://github.com/wifiphisher/wifiphisher
> https://github.com/htr-tech/zphisher
> https://github.com/Cyber-Anonymous/Dark-Phish
> https://github.com/KasRoudra/PyPhisher
> https://github.com/Ignitetch/AdvPhishing
> https://github.com/SanatNayak/HackCam
> https://github.com/SanatNayak/GreyHat
> https://github.com/xHak9x/SocialPhish
> https://github.com/wifiphisher/wifiphisher
> https://github.com/htr-tech/zphisher
> https://github.com/Cyber-Anonymous/Dark-Phish
> https://github.com/KasRoudra/PyPhisher
> https://github.com/Ignitetch/AdvPhishing
> https://github.com/SanatNayak/HackCam
> https://github.com/SanatNayak/GreyHat
GitHub
GitHub - htr-tech/nexphisher: Advanced Phishing tool
Advanced Phishing tool. Contribute to htr-tech/nexphisher development by creating an account on GitHub.
#ApplePay transactions are safer. Why?
* Apple never saves actual card numbers with it nor transfers them during the transactions. Card numbers flow only once during the onboarding of the new card to apple pay, in order to convert into DPan to be stored in a mobile chip.
* Google saves the actual card number on its server whereas #apple just saves a digital Pan (DPAN) in the phone chip which has no relevance even if leaked.
* Google sends a card number to Bank in every transaction from its server every time to complete the transaction.
On the positive side neither your iPhone nor google phone save your actual card number on a phone chip!!
* Apple never saves actual card numbers with it nor transfers them during the transactions. Card numbers flow only once during the onboarding of the new card to apple pay, in order to convert into DPan to be stored in a mobile chip.
* Google saves the actual card number on its server whereas #apple just saves a digital Pan (DPAN) in the phone chip which has no relevance even if leaked.
* Google sends a card number to Bank in every transaction from its server every time to complete the transaction.
On the positive side neither your iPhone nor google phone save your actual card number on a phone chip!!