Day: November 6, 2021

Casinos of tribal communities are losing millions in Ransomware attacks

The FBI issued a private industry notification (PIN) to warn of ransomware attacks that hit several tribal-owned casinos last year. A private industry notification issued by the FBI’s Cyber Division revealed that ransomware attacks hit several tribal-owned casinos causing millions of dollar losses. The attacks paralyzed the activities of the casinos shutting down their gaming …

Casinos of tribal communities are losing millions in Ransomware attacks Read More »

How a Unified Approach to Cloud Data Security Can Come To Your Aid

IT Central has put together the [best Cloud Security Companies] that offer a unified approach to cloud data security and provide a number of distinct advantages. Cloud computing is disrupting security models, leaving organizations struggling to figure out the most effective and efficient ways to mitigate risks to cloud-based digital assets. IT Central members have …

How a Unified Approach to Cloud Data Security Can Come To Your Aid Read More »

How a Unified Approach to Cloud Data Security Can Come To Your Aid

IT Central has put together the [best Cloud Security Companies] that offer a unified approach to cloud data security and provide a number of distinct advantages. Cloud computing is disrupting security models, leaving organizations struggling to figure out the most effective and efficient ways to mitigate risks to cloud-based digital assets. IT Central members have …

How a Unified Approach to Cloud Data Security Can Come To Your Aid Read More »

Slipstreaming : Business Tactics for Security & Control Implementation

One of the most frequent cybersecurity binary thinking curses is that just because senior leadership in organizations won’t do every single thing the security team wants then that must mean leadership obviously doesn’t care about security. The reality is, of course, more nuanced. I’ve never seen any organization, irrespective of sector, geography or scale where …

Slipstreaming : Business Tactics for Security & Control Implementation Read More »

Slipstreaming : Business Tactics for Security & Control Implementation

One of the most frequent cybersecurity binary thinking curses is that just because senior leadership in organizations won’t do every single thing the security team wants then that must mean leadership obviously doesn’t care about security. The reality is, of course, more nuanced. I’ve never seen any organization, irrespective of sector, geography or scale where …

Slipstreaming : Business Tactics for Security & Control Implementation Read More »

Smuggler – An HTTP Request Smuggling / Desync Testing Tool

An HTTP Request Smuggling / Desync testing tool written in Python 3 Acknowledgements A special thanks to James Kettle for his research and methods into HTTP desyncs And a special thanks to Ben Sadeghipour for beta testing Smuggler and for allowing me to discuss my work at Nahamcon 2020 IMPORTANT This tool does not guarantee …

Smuggler – An HTTP Request Smuggling / Desync Testing Tool Read More »

Threat actors stole $55 million worth of cryptocurrency from bZx DeFi platform

DeFi platforms are a privileged target for crooks, threat actors have stolen $55 million from bZx DeFi platform. Threat actors have stolen $55 million worth of cryptocurrency from the bZx decentralized finance (DeFi) platform. The decentralized finance (DeFi) platforms allow users to borrow/loan and speculate on cryptocurrency price variations. Attackers obtained two private keys for …

Threat actors stole $55 million worth of cryptocurrency from bZx DeFi platform Read More »

Hard-coded Key-based SSH Authentication Flaw in Cisco Policy Suite Lets Hackers Gain Root Access

In different Cisco products to inscribe vulnerabilities, Cisco Systems has recently published some security updates. As in Cisco Policy Suite hard-coded key-based SSH authentication flaw has been detected that enables hackers to gain root access on vulnerable systems remotely. The initial flaw has been fixed by the IT giant, and it has been tracked as …

Hard-coded Key-based SSH Authentication Flaw in Cisco Policy Suite Lets Hackers Gain Root Access Read More »

How to do digital forensics of a hacked network with TCPDUMP

Digital forensics is one of the most important elements of ethical hacking, as it allows researchers to learn as much as possible about a network affected by cybercriminals. This requires tools capable of performing various specific tasks, including the analysis of network packets. On this occasion, experts from the International Institute of Cyber Security (IICS) …

How to do digital forensics of a hacked network with TCPDUMP Read More »

Samsung sued for flawed Chromebook hinges cracking displays

Samsung is being sued for selling the Samsung Chromebook Plus 2-in-1 even though they allegedly knew for years of a defect that caused displays to break. The class action lawsuit has been filed by Tony McCoy out of the U.S. District Court for the District of New Jersey and claims that Samsung concealed the defect of the …

Samsung sued for flawed Chromebook hinges cracking displays Read More »

Philips Tasy EMR healthcare infomatics solution vulnerable to SQL injection

The Philips Tasy EMR comprehensive healthcare informatics solution is affected by two critical SQL injection vulnerabilities. The Philips Tasy EMR is a comprehensive healthcare informatics solution that is used by thousands of hospitals and healthcare infrastructures, mainly in South America. The product is affected by two critical SQL injection vulnerabilities, tracked as CVE-2021-39375 and CVE-2021-39376 respectively. Both issues …

Philips Tasy EMR healthcare infomatics solution vulnerable to SQL injection Read More »

OneDrive reaches end of support on Windows 7, 8 in January

Microsoft has announced that the OneDrive desktop application will reach the end of support on legacy Windows 7, 8, and 8.1 starting with January 1, 2022. OneDrive is a file hosting and synchronization service enabling Microsoft customers to access their files from the cloud on all their devices, from anywhere. “In order to focus resources on …

OneDrive reaches end of support on Windows 7, 8 in January Read More »

To Catch a Hacker in My Home Lab – Atreides

Introduction This blog post will walk you through how to answer the questions that are contained in my Atreides scenario located here: https://github.com/medmondson44/dune/tree/main/atreides. The Jupyter Notebook file is located there. The blog post will go through the initial access vector, situational awareness commands that were run, persistence mechanism used, how privilege escalation to System was …

To Catch a Hacker in My Home Lab – Atreides Read More »

Two providers in Colorado and Alabama report breaches, and a benefits administrator in Georgia also reports a cyberattack

The Urology Center of Colorado (TUCC) On September 8, TUCC detected an attack that began September 7.  Their investigation revealed that patients’ name and one or more of the following data elements may have been date of birth, Social Security number, address, phone number, email address, medical record number, diagnosis, treating physician, insurance provider, treatment …

Two providers in Colorado and Alabama report breaches, and a benefits administrator in Georgia also reports a cyberattack Read More »

Update on impact of the Washington Central Unified Union School District ransomware attack

On October 28, this site noted a report that Washington Central Unified Union School District in Vermont had been the victim of an as-yet-unconfirmed ransomware attack. The district has now issued a notification that makes clear that personal and health information of students and personnel may have been accessed or acquired. Their announcement also indicates …

Update on impact of the Washington Central Unified Union School District ransomware attack Read More »

Supreme Court will hear a challenge to expand Fourth Amendment rights

Kelsey Reichmann reports:  In a Friday afternoon orders list, the high court declined to hear a challenge to its precedent in Bevins but instead will hear a narrower challenge in the case asking the court to expand the precedent. The case, Erik Egbert v. Robert Boule, involves a border patrol agent who harassed a bed-and-breakfast owner near the …

Supreme Court will hear a challenge to expand Fourth Amendment rights Read More »

America’s Largest Teachers’ Unions Push Vaccine Mandates That Will Usher in Technocratic Digital ID

This one could be filed in the “Be Careful What You Wish For” files.  John Klyczek reports: Back in February 2021, the American Federation of Teachers (AFT) and the National Education Association (NEA) lobbied the Centers for Disease Control (CDC) to extend COVID restrictions that perpetuate public education’s reliance on privatization, specifically from Big Tech …

America’s Largest Teachers’ Unions Push Vaccine Mandates That Will Usher in Technocratic Digital ID Read More »

Hacker steals $55 million from bZx DeFi platform

A hacker has stolen an estimated $55 million worth of cryptocurrency assets from bZx, a decentralized finance (DeFi) platform that allows users to borrow, loan, and speculate on cryptocurrency price variations. “A bZx developer was sent a phishing email to his personal computer with a malicious macro in a Word document that was disguised as …

Hacker steals $55 million from bZx DeFi platform Read More »

White hat hackers earn over $1 Million at Pwn2Own Austin 2021

The Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, and participants earned $1,081,250 for 61 zero-day flaws. Trend Micro’s Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total of $1,081,250 for 61 zero-day exploits. The participants compromised NAS devices, mobile phones, printers, routers, and speakers from Canon, Cisco, HP, NETGEAR, …

White hat hackers earn over $1 Million at Pwn2Own Austin 2021 Read More »

House approves massive infrastructure plan that includes $1.9 billion for cybersecurity

The U.S. House of Representatives on Friday approved $1.2 trillion infrastructure bill that will investment nearly $2 billion in cybersecurity efforts throughout the federal government. The final vote, after a day of painstaking negotiations among congressional Democrats, was 228-206. Thirteen Republicans joined the majority of Democrats to support the measure; six Democrats voted against it. …

House approves massive infrastructure plan that includes $1.9 billion for cybersecurity Read More »

Teen Slang and Texting Acronyms Parents Should Know

If you pick up your teen’s phone on any given day, chances are the next stop you make will be Google. That’s because, if you’re like most parents, you’re beyond baffled by texting language kids use.   It’s okay, you are not alone if you feel out of the loop. As parents, we’re not invited to the party—and that’s …

Teen Slang and Texting Acronyms Parents Should Know Read More »