One of the most transformative changes in the IT industry over the last decade has been the adoption of public cloud (IaaS) services such as AWS, Azure and GCP.
Not following cybersecurity best practices could not only cost online users but also cost cybercriminals. Yes, sometimes hackers don’t take best security measures to keep their infrastructure safe.
Because the election gods know how to build drama, the later a state’s polls close on Tuesday night, the more exciting its primaries seem to be. While the primaries profiled in Part I of this week’s election preview are somewhat tame, things start to get interesting at 9 p.m. Eastern, really heat up at 10 p.m. and finally culminate with California at 11 p.m. (California is the subject of Part III in this series).
We all know how easy it is for users to connect to open Wi-Fi networks in public places. Well, it is equally straightforward for criminals to position themselves near poorly protected access points – where they can intercept network traffic and compromise user data.
Here is another interesting file that I found while hunting. It is a malicious Windows batch file (.bat) which helps to exploit a freshly compromised system (or… to be used by a rogue user). I don’t have a lot of information about the file origin, I found it on VT (SHA256: 1a611b3765073802fb9ff9587ed29b5d2637cf58adb65a337a8044692e1184f2). The script is very simple and relies on standard windows system tools and external utilities downloaded when neede.
Here is an overview of the available options. This should give you a good overview of the batch capabilities:
Exploitation - Add User Account - Show/hide User Account - Enable Telent Service - Enable Psexec Service - Enable Remote Desktop Service - Remote Login bypass backdoor (setch.exe or utilman.exe) - EternalBlue - MS1710-Psexec Backdoor - Meterpreter - Cmd_shell - Vnc_Powershell - Winvnc - JRrat - Download/Execute ps1_script - Download/Execute - Post_exploits_script command shell - Persis - Ammyy Admin Trojan - Radmin Gather - Mimikatz - Mimikittenz - Hashdump - Wifi Password Dump - Sherlock (Local privilege escalation vulnerabilities Scanner) - Chrome Passwd Dump - Firefox Passwd Dump - Powerup (Vulns Founder) - Get System info - Get IPAddress - Arp Scan - Port Scanner - Get Shares List - Get Net View - Netstat - Get Process - Scan MS17-010 Vulnerablity - MS1710-Psexec_Scanner - Port Forword Privsec - MS11-046 - Invoke-BypassUAC - Invoke-WScriptBypassUAC - Invoke-MS16032 - Invoke-MS16135 - Invoke-EventVwrBypass - Invoke-EnvBypass - Invoke-FodHelperBypass - Invoke-SDCLTBypass - Invoke-PsUACme - UAC-TokenMagic - EventVwrBypass (Win=7,8,8.1,10) Tools - Install Python27 - Install Ruby187 Proxy Tunnel - Setup Proxy Tunnle - Delete Proxy Tunnle - Show All Proxy Tunnle Update
A group of Apple developers recently banded together as a group called “The Developers Union” in order to plead with Apple, en masse, to allow them to offer free trials of their apps to end users. While not a traditional union with dues, it represented the first time a large group of developers pushed back at Apple’s control of the App Store’s policies. Today, it seems, the developers are having their voices heard.
The VPNFilter botnet that compromised more than 500,000 routers and network-attached storage devices from around the world was recently disrupted, but is trying to make a comeback in Ukraine.
Apple’s annual developer conference, WWDC, started this afternoon down in San Jose — kicking off with a keynote as it does every year where it announced a bunch of updates to all of its major operating systems. We’ve wrapped up all the big announcements from its keynote below, and there will be plenty more information to come in over the next few days.
Google’s reCaptcha used to identify human customers can be subverted by automation through HTTP parameter pollution according to security researcher Andres Riancho who discovered the problem. Ryan Wilk, VP of Customer Success at NuData Security commented below.
revelations from the trove of classified documents he disclosed are still trickling out
Botnet operators can be as clueless about security as their victims, according to Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in IoT security.
New report shows that cybercriminals are concentrating their efforts on banks, government, and healthcare
Continuity has been expanded with Continuity Camera, leveraging your phone’s camera to instantly add photos and scans to programs that request them. It also includes a Mac version of the Apple News aggregation app that debuted on iOS two years ago, including the Stocks feature and new sidebar that were shown off for the updated iPad version of News earlier in the Keynote. Voice Memos is also being brought to the Mac, as is Home, the HomeKit app from iOS. Apple also announced a collection of heightened security features for macOS, including protection by default of camera access, microphone access, your mail database, message history, and other private data.
Any organization that handles the data of individuals in Europe, including any U.S-based company that does business there, must now comply with the General Data Protection Regulation (GDPR).
Y Combinator, the popular startup accelerator program, has never been shy about experimenting. Now, in its latest trial, the outfit is launching what it’s calling a Series A program. The idea is to help alums that maybe picked up seed funding after one of YC’s famous Demo Day presentations but that could use some help thinking through how much to raise in Series A funding, and from whom.
The United States must harness its technical know-how to defend energy infrastructure from advanced hacking, Energy Secretary Rick Perry said Monday, touting his department’s investments in cybersecurity research and development.
1000ch — dwebp-bin
aerospike — aerospike-client-nodejs