All about Security, News, Events and Incidents

Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.

  1. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,496
    Messages:
    2,111
    Likes Received:
    4,379
    Trophy Points:
    281
  2. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    8,997
    Messages:
    10,837
    Likes Received:
    8,140
    Trophy Points:
    931
    jclausius, Mr. Fox and Dr. AMK like this.
  3. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    31,807
    Messages:
    26,596
    Likes Received:
    48,999
    Trophy Points:
    931
    [​IMG]

    MICROSOFT, SECURITY
    Windows 10 themes can be abused to steal Windows accounts bleepingcomputer.com

    Specially crafted Windows 10 themes and theme packs can be used in 'Pass-the-Hash' attacks to steal Windows account credentials from unsuspecting users.

    Windows allows users to create custom themes that contain customized colors, sounds, mouse cursors, and the wallpaper that the operating system will use.

    Custom themes can be used to steal Windows passwords
    This weekend security researcher Jimmy Bayne (@bohops) revealed that specially crafted Windows themes could be used to perform Pass-the-Hash attacks.

    Pass-the-Hash attacks are used to steal Windows login names and password hashes by tricking a user into accessing a remote SMB share that requires authentication.

    When trying to access the remote resource, Windows will automatically try to login to the remote system by sending the Windows user's login name and an NTLM hash of their password.

    In a Pass-the-Hash attack, the sent credentials are harvested by the attackers, who then attempt to dehash the password to access the visitors' login name and password.

    Windows users can then switch between different themes as desired to change the appearance of the operating system.
     
    jclausius, Vasudev and Dr. AMK like this.
  4. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    8,997
    Messages:
    10,837
    Likes Received:
    8,140
    Trophy Points:
    931
  5. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,496
    Messages:
    2,111
    Likes Received:
    4,379
    Trophy Points:
    281
    Major Security Patch For Windows 10 That FIXES 129 Security Vulnerabilities
     
    jclausius, Vasudev and Papusan like this.
  6. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,496
    Messages:
    2,111
    Likes Received:
    4,379
    Trophy Points:
    281
    [​IMG]

    New Linux Malware Steals Call Details from VoIP Softswitch Systems

    Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata. "The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, ...

    Read More

    [​IMG]
    New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

    Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of ...

    Read More

    [​IMG]
    Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange

    Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars. Eterbase, which has now entered ...

    Read More

    [​IMG]
    A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption

    IT help desks everywhere are having to adjust to the 'new normal' of supporting mainly remote workers. This is a major shift away from visiting desks across the office and helping ones with traditional IT support processes. Many reasons end-users may contact the helpdesk. However, password related ...

    Read More

    [​IMG]
    New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

    A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a ...

    Read More
     
  7. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    31,807
    Messages:
    26,596
    Likes Received:
    48,999
    Trophy Points:
    931
    SECURITY, GAMING
    Razer data leak exposes personal information of gamers bleepingcomputers.com | September 12, 202
    Gaming hardware manufacturer Razer has suffered a data leak after an unsecured database for their online store was exposed online...

    What should affected Razer customers do?

    If threat actors accessed this data, they could use the information in targeted phishing campaigns to gather more sensitive information such as passwords and credit card details.

    While it is not known if any threat actors accessed the exposed data before it was secured, it is vital for those affected to be diligent against potential spear-phishing campaigns.

    If you have ever purchased anything from Razer's online store, be cautious of any emails that state they are from the gaming company.

    Furthermore, if you receive an email claiming to be from Razer, be sure to only log in at razer.com and not at other sites.
     
    6730b, Mr. Fox, jclausius and 3 others like this.
  8. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    34,006
    Messages:
    36,807
    Likes Received:
    61,122
    Trophy Points:
    931
    I am glad to say that has never happened, and probably never will. But, that has nothing whatsoever to do with the data leak.
    upload_2020-9-15_21-8-29.png
    upload_2020-9-15_21-10-5.png
     
    Dr. AMK likes this.
  9. cfe

    cfe Notebook Geek

    Reputations:
    218
    Messages:
    75
    Likes Received:
    150
    Trophy Points:
    41
  10. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    31,807
    Messages:
    26,596
    Likes Received:
    48,999
    Trophy Points:
    931
    Microsoft don't trust own AV security. Hence they now have removed the download option feature.

    MICROSOFT, SECURITY
    Microsoft removes Windows Defender ability after security concerns bleepingcomputer.com

    Microsoft has removed the ability to download files using Windows Defender after it was demonstrated how it could be used by attackers to download malware onto a computer...
     
    cfe, jclausius, Vasudev and 1 other person like this.
Loading...

Share This Page