OSINT Parte I - Todo lo que sabe Google de nosotros - Follow The White Rabbit
https://www.fwhibbit.es/osint-parte-i-todo-lo-que-sabe-google-de-nosotros
https://www.fwhibbit.es/osint-parte-i-todo-lo-que-sabe-google-de-nosotros
fwhibbit.es
OSINT Parte I – Todo lo que sabe Google de nosotros
Buenas,En esta mi segunda entrada del blog, quería comenzar una serie de entradas sobre la técnica OSINT (Open Source Intelligent).En la actualidad la información…
Google Collects Android Location Data Even When Location Service Is Disabled—No option to opt out.
https://amp.thehackernews.com/thn/2017/11/android-location-tracking.html
https://amp.thehackernews.com/thn/2017/11/android-location-tracking.html
The Hacker News
Google Collects Android Location Data Even When Location Service Is Disabled
Google has been caught collecting location data on every Android device owner since the beginning of this year, even when location services are disabled
Usando un archivo scf malicioso dentro de un recurso compartido para obtener los hashes de los usuarios.
http://www.hackplayers.com/2017/11/usando-un-archivo-scf-malicioso-dentro.html
http://www.hackplayers.com/2017/11/usando-un-archivo-scf-malicioso-dentro.html
Hackplayers
Usando un archivo scf malicioso dentro de un recurso compartido para obtener los hashes de los usuarios
Durante un test de intrusión es posible encontrarse con un recurso de red de un servidor Windows con permisos de escritura para todos. A pa...
DNS Data Exfiltration - How it works
https://community.infoblox.com/t5/Community-Blog/DNS-Data-Exfiltration-How-it-works/ba-p/3664
https://community.infoblox.com/t5/Community-Blog/DNS-Data-Exfiltration-How-it-works/ba-p/3664
Infoblox
DNS Data Exfiltration - How it works
One thing that never ceases to amaze me is just how creative people can be when they are sufficiently motivated. And one of the greatest motivational tools of all time seems to be having to pay for internet, or things on the internet. As legend has it,…
Vulnerability Note VU#817544
Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
https://www.kb.cert.org/vuls/id/817544
Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
https://www.kb.cert.org/vuls/id/817544
www.kb.cert.org
CERT Coordination Center
The Vulnerability Notes Database provides information about software vulnerabilities.
Forwarded from tpx Security ⠠⠵
Kali Linux
Kali Linux 2017.3 Release | Kali Linux Blog
We are pleased to announce the immediate availability of Kali Linux 2017.3, which includes all patches, fixes, updates, and improvements since our last release. In this release, the kernel has been updated to 4.13.10 and it includes some notable improvements:…
Uber Hacked: Information of 57 Million Users Accessed in Covered-Up Breach
http://www.securityweek.com/uber-hacked-information-57-million-users-accessed-covered-breach
http://www.securityweek.com/uber-hacked-information-57-million-users-accessed-covered-breach
SecurityWeek
Uber Hacked: Information of 57 Million Users Accessed in Covered-Up Breach
Uber said that hackers accessed the personal data of 57 million of its users in a data breach that had been covered up by the company for more than a year.
Múltiples vulnerabilidades en Samba
Fecha de publicación: 22/11/2017
Importancia: 5 - Crítica
Recursos afectados:
Samba 3.6.0 en adelante
https://www.certsi.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-samba-0
Fecha de publicación: 22/11/2017
Importancia: 5 - Crítica
Recursos afectados:
Samba 3.6.0 en adelante
https://www.certsi.es/alerta-temprana/avisos-seguridad/multiples-vulnerabilidades-samba-0
CERTSI
Múltiples vulnerabilidades en Samba
Se han encontrado dos vulnerabilidades en los servidores Samba que podrían permitir a un atacante comprometer dichos servidores.
Intel-SA-00086 Detection Tool
Version: 1.0.0.128 (Latest)
Date: 11/16/2017
https://downloadcenter.intel.com/download/27150
Version: 1.0.0.128 (Latest)
Date: 11/16/2017
https://downloadcenter.intel.com/download/27150
Forwarded from Una al día
Publicadas dos vulnerabilidades en Samba, con posible ejecución remota de código
http://unaaldia.hispasec.com/2017/11/publicadas-dos-vulnerabilidades-en.html
http://unaaldia.hispasec.com/2017/11/publicadas-dos-vulnerabilidades-en.html
Hispasec
Publicadas dos vulnerabilidades en Samba, con posible ejecución remota de código
Boletín de noticias de seguridad informática unaaldia, ofrecido por Hispasec
SWORD dropbox: A $15 OpenWRT based DIY disposable pen-test tool.
https://t.co/tDgsMGDh3E
https://t.co/tDgsMGDh3E
Medium
SWORD dropbox: A $15 OpenWRT based DIY disposable pen-test tool.
If you haven’t heard of Hak5 products, they inspire a lot of passion. Hackers and pentesters love. Popping up in popular shows like Mr…
Acer, Dell, Fujitsu, HP, Lenovo, Panasonic Impacted by Intel ME Security Bugs.
https://www.bleepingcomputer.com/news/hardware/acer-dell-fujitsu-hp-lenovo-panasonic-impacted-by-intel-me-security-bugs/
https://www.bleepingcomputer.com/news/hardware/acer-dell-fujitsu-hp-lenovo-panasonic-impacted-by-intel-me-security-bugs/
BleepingComputer
Acer, Dell, Fujitsu, HP, Lenovo, Panasonic Impacted by Intel ME Security Bugs
Acer, Dell, Fujitsu, HP, Lenovo, and Panasonic have officially confirmed that products incorporating Intel chipsets are affected by eight security flaws that allow hackers to take over devices.
Sysmon 6.20 released
> adds the ability to change the Sysmon service and driver names to foil malware that use them to detect its presence
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
> adds the ability to change the Sysmon service and driver names to foil malware that use them to detect its presence
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Docs
Sysmon - Sysinternals
Monitors and reports key system activity via the Windows event log.
Usan scripts keyloggers para espiar usuarios en la web
#espionaje #seguridad_web
http://blog.segu-info.com.ar/2017/11/usan-scripts-keyloggers-para-espiar.html
#espionaje #seguridad_web
http://blog.segu-info.com.ar/2017/11/usan-scripts-keyloggers-para-espiar.html
blog.segu-info.com.ar
Usan scripts keyloggers para espiar usuarios en la web
Se ha hecho público un nuevo estudio de la Princeton University’s Centre for Information Technology Policy (CITP) en el que se demostraba c...