security

I got a hold of 6 cameras without the dvr. All brand new, bought part of the 8 camera system. Selling the cameras for $5 each. See pic for model # Heat: Blackbird0147 SOLD!

A USB stick containing sensitive security files for the Heathrow airport was found on a London street and handed over to The Sunday Mirror. According to the Mirror there were at least 174 documents on the stick and none of them were encypted or password protected. Airport authorities say that...

Security startup Cryptonite dropped out of stealth late last week with a micro-segmentation-based technology designed to prevent hacker reconnaissance and lateral movement. Their new appliance, CryptoniteNXT, works by obfuscating network topology. The appliance changes a static network into a...

In the latest round of Kaspersky drama, the AP is reporting that Kaspersky's anti-virus software had automatically scraped powerful digital surveillance tools off an NSA server. Kaspersky is stating that the filles were immediately deleted, "If we see confidential or classified information, it...

CCleaner can now update itself, without your permission. As of version 5.36 CCleaner has an 'Emergency Updater' security feature that allows us to force a software update in a worse-case scenario. without user permission! http://www.piriform.com/news/release-announcements/2017/10/24/ccleaner-v536

Google launched the $49 Home Mini last week, but it had one small flaw, recording every sound in your home 24/7 and sending it to Google servers. An Android Police writer noticed his new Home Mini he had received at the Made by Google October 4th launch event was waking up thousands of times a...

The latest reports from the massive Equifax hack is that the stolen records included 10.9 million driver's licenses from U.S. citizens. While your driver's license isn't exactly personal identification, having that information makes it that much easier to impersonate you. Equifax is also now...

Patrick Wardle a former NSA hacker showed off a zero-day exploit in macOS High Sierra that allows an attacker to steal every password stored in the Keychain without needing a master login password. He reported the bug to Apple earlier this month, but the patch did not make it into the release of...

Using the iPhone Control Center in iOS 11 to toggle off Wi-Fi and Bluetooth doesn't actually turn them off, and security researchers aren't happy. Instead when toggling the buttons in the Control Center the deice will disconnect from Wi-Fi and Bluetooth accessories. While this may sound like a...

Security researchers have uncovered an Android banking malware hiding on Google Play hidden in other apps. A game called "Bubble Shooter Wild Life" and an app named "Earn Real Money Gift Cards" in the Google Play Store using time delays and code obfuscation before installing the trojan on the...

A group of researchers from Israel's Ben-Gurion University of the Negev have shown how aftermarket parts for smartphones such as replacement screens could be used to attack the device, or impersonate the user and exfiltrate data. The group has demonstrated that because most phones do not have a...

Researchers at Brigham Young University have learned that most users of popular messaging apps Facebook Messenger, What’sApp and Viber are leaving themselves exposed to fraud or other hacking because they don’t know about or aren’t using important security options. Even though What’sApp and...

Carbon Black's Cb Defense Software may be sending your companies private information to third parties. In a blog post today, DirectDefense, a security consultancy claims Carbon Black's Cb Response protection software would, once installed for a customer, spew sensitive data to third parties...

Privacy researchers have accused Hotspot Shield VPN of logging user data and selling it to advertisers. In a complaint to the Federal Trade Commission (FTC), the Center for Democracy & Technology (CDT) requests a government investigation into the data security and data sharing practices of...

Microsoft is claiming that seven out of ten Windows 10 users have opted for the full telemetry settings since the Creators Update. What the blog post from Marisa Rogers, Windows Privacy officer fails to notice, is that means 29%, or 145 million people didn't just click through the default...

In a press release from the US Department of Justice, a Russian citizen Maxim Senakh was sentenced to 46 months in prison for conspiracy to commit wire fraud and to violate the Computer Fraud and Abuse Act. Senakh was using malware to infect tens of thousands of servers in order to generate...

On July 31st it was reported that HBO had "recently experienced a cyber incident, which resulted in the compromise of proprietary information." Now the hackers have launched their website called WinterLeak, where they claim to have stolen 1.5 terabytes of data, and have uploaded it for anyone to...

In a brief Blog post today, Microsoft has announced the "Windows Bounty Program." Microsoft have been offering bug bounties since 2012, but are now extending the program to all features of the Windows Insider Preview including Windows Defender Application Guard, and Edge. I was not aware of...

I recently came across these terms and it got my interest. Would be great if anyone can help me understand this service and suggest how I can use it for personal use?

Another day, another security breach. This time a cloud server owned by NICE systems, a third party vendor for Verizon, is to blame as reported by UpGuard. While the culprits look to now have a lot of your personal information, the PIN numbers on the accounts where not compromised. Still...

With the massive WannaCry ransomware outbreak over the last few days, and the fact that Microsoft actually released a patch that prevents its attack vector back in March, the question many are asking is, why on earth don't organizations just update their software? It's not that difficult...

I was watching FBI Director James Comey talk last week on TV during his Congressional hearing, and he revealed that almost 50% of its current investigations were in some way hampered by encrypted devices. Orrin Hatch went on to suggest that back doors could be inserted into these devices...

Last week Intel let us all know that its Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability products have an "elevation of privilege" issue that basically allows a "hacker" to enter a blank password into the AMT's web browser interface. This...

If you recall, back in 2014 Home Depot "allowed" 56 million of it customers' credit card information to be stolen. Apparently now you don't even have to "hack" into Home Depot to get some of its customers' information, Home Depot will just put it online for everyone to see. Just because you...

Dark Reading has an article up regarding a Dtex Systems report indicating that 95% of all organizations have employees actively trying to bypass their corporate security measures at work. The report also shows that users are more frequently attempting to use private VPN services or TOR browsers...

Brickerbot is a new strain of malware that intentionally bricks unsecured Linux BusyBox-based IoT devices. Unsecured devices are typically placed into service without changing the default password, thus allowing anyone that can Google the default password for a product line to take control of...

Looks like big brother is at it again in the UK, which shouldn't be surprising considering it is the land of CCTV. The debate between privacy and security is not a new one, which has been highlighted by both the Apple FBI decryption case as well as the many conflicts between WhatsApp and the...

If you use VMWare's DaaS, vCenter, vROps or Hyperic, right about now would be a good time to apply the latest patch for VMware Security Advisory VMSA-2017-0004.3, which allows for remote code execution and complete system compromise. Personally I wouldn't want to leave vCenter 6.0 or 6.5...

Canadian vibrator manufacturer, We-Vibe, has been fined $4 million Canadian dollars for tracking their customer's sexual activity without permission. Not only did they track their sexual activity illegally, the IoT device was open to hacks. Customers that used the associated app with the...

200,000 WiFi cameras are currently online and open to hacking due to a Chinese firm's intentional installation of a backdoor into the firmware at the production factory. To be exact there are seven potential backdoor hacks that can be performed on these cameras to exploit them. These cameras...

As we have covered countless times before, there are many security problems in the world of connected cars. Now there is a new one to worry about. Apparently for fear of owners getting locked out of their cars by valet's or others accidentally resetting the cars connections, car makers have...

Logic Supply announced today that they have reset their user passwords after their website was breached on Monday. Yep, you read that right. On Monday, two days ago. Contrast this with some companies who see it fit to inform their users more than three years after the fact. I think I'm more...

Agnitum finally shut their doors for good on 31 december 2016. After so many years of great software, from version 4 onwards, I am stuck without a good professional firewall. They gave me 2 years worth of Kaspersky, but that's not much to cheer for. Seems all software these days is geared for...

I came across a very interesting article over The Register that attempts to digest and summarize this document recently released by Google. Revealed last Friday, the document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary's operations, none...

I'm looking at my TRCA list to guard against man-in-the-middle attacks. It's too large to post here, of course, and mostly they look legit, but are there any rogue CAs for which I should look out? Ones that have caught my eye are 'NO LIABILITY ACCEPTED (c)97 Verisign' and a couple which start...

I found an infographic via reddit and found it really interesting. What do you guys think about it?

Greetings, I have seen this at multiple workplaces. It goes like this: 1) Adobe Reader and Microsoft Office are included on dedicated VDIs and terminal servers/RDS 2) Everything works fine, users are able to open documents without any problems from local server drives as well as mapped...

We have spent days on this and have gotten no where. Here's the deal. I need to disable ICMP, at a minimum ping/echo, responses from the management IP to all non-local subnets. So in other words, lets say a random ESXi server's IP is 10.10.10.101/24. I need all hosts on 10.10.10.x/24 to...

Greetings! This is a learning opportunity for me. At the present time the client has a Netgear AC1900 DD-WRT router with an HP server running DHCP, DNS, AD/DC, file server, print server, Quickbooks server functions. All the workstations connect via 5GHz Wi-Fi. Owner has agreed to grant access...

I am also needing the version number of SSH / OpenSSH in the latest HPE image of ESXi. Nevermind. I wasn't able to run the HPE image as a VM (need real HP hardware), and in vanilla ESXI 6 VMware removed the -v version parameter from SSH. They should get a slap on the wrist. My purpose here on...