Microsoft shares new threat intelligence, security guidance during global crisis

Ready or not, much of the world was thrust into working from home, which means more people and devices are now accessing sensitive corporate data across home networks. Defenders are working round the clock to secure endpoints and ensure the fidelity of not only those endpoints, but also identities, email, and applications, as people are using whatever device they need to get work done. This isn’t something anyone, including our security professionals, were given time to prepare for, yet many customers have been thrust into a new environment and challenged to respond quickly. Microsoft is here to help lighten the load on defenders, offer guidance on what to prioritize to keep your workforce secure, and share resources about the built-in protections of our products.

How To Use Portspoof (Cyber Deception)

Hello and welcome, and in this video, we’re going to be talking a little bit about Portspoof, a fantastic utility that takes your unused TCP IP ports and turns them into something different whenever an attacker actually goes about trying to scan them. This video is part of the Active Defense and Cyber Deception class that we run at Wild West Hackin’ Fest in San Diego and in Deadwood and also I run in Black Hat.

Businesses Need To Stay On The Front Foot: Expert Advise

With cyber criminals threatening to hold hospitals to ransom and the increased threat of criminals using the Coronavirus outbreak to launch online attacks, individuals and businesses need to ensure they are protecting their personal data and are dedicated to all aspects of security.  

Credential Dumping: SAM

In this article, were learn how passwords are stored in windows and out of the methods used to hash passwords in SAM, we will focus on LM and NTLM authentications. And then we learn how to dump these credential hashes from SAM.

Malware Concealed Under SSL Certificates

Cybercriminals are increasingly relying on SSL certificates to lull people into a false sense of security when clicking malicious links. The assumption that HTTPS links and the accompanying lock icon protect employees from attack can threaten businesses without sufficient SSL inspection. Nearly 52% of the top 1 million websites were available over HTTPS in 2019, Menlo Security researchers report. Nearly all (96.7%) user-initiated online visits are served over HTTPS; however, only 57.7% of URLs in emails are HTTPS links. This means a web proxy or next-gen firewall — which many businesses have long relied on for online access visibility and control, researchers note — could miss the threats present on malicious websites if SSL inspection is not enabled.

NASA under attack

NASA has seen “significantly increasing” malicious activity from both nation-state hackers and cybercriminals targeting the US space agency’s systems and personnel working from home during the COVID-19 pandemic. Mitigation tools and measures set in place by NASA’s Security Operations Center (SOC) successfully blocked a wave of cyberattacks, the agency reporting double the number of phishing attempts, an exponential increase in malware attacks, and double the number of malicious sites being blocked to protect users from potential malicious attacks.

10 tips for Zoom security and privacy

With social distancing and quarantine measures implemented around the globe, people quickly started searching for effective means of communicating with each other. With its reported ease of use and attractive pricing, Zoom quickly rose in popularity — and people quickly figured out that Zoom’s developers weren’t fully prepared for the level of scrutiny it would receive.