Discovering contents of folders in Windows without permissions, (Tue, Feb 18th)Tue, 18 Feb 2020 19:21:56 GMT I recently noticed an interesting side effect of the way in which Windows handles local file permissions, which makes it possible for a non-privileged user to brute-force contents of a folder for which they don't have read access (e.g. Read or List folder contents) permissions. It is possible that it is a known technique, however as I didn't find any write-ups on it anywhere, I thought Iɽ share it here.
curl and SSPI, (Mon, Feb 17th)Mon, 17 Feb 2020 18:09:24 GMT There&#;x26;#;39;s an interesting comment on Xavier&#;x26;#;39;s diary entry "Keep an Eye on Command-Line Browsers" (paraphrasing): a proxy with authentication will prevent wget and curl to access the Internet because they don&#;x26;#;39;t do integrated authentication.
SOAR or not to SOAR?, (Sun, Feb 16th)Sun, 16 Feb 2020 17:22:50 GMT Security, Orchestration, Automation and Response (SOAR) allow organizations to collect data about security threats from multiple sources to automate an appropriate response on repetitive tasks. As an analyst you need to juggle and pivot several times a day between multiple tools and devices to evaluate a huge amount information and deal with flood of repetitive tasks such as alerts, tickets, email, threat intelligence data, etc. The end goal is to centralize everything in one location to improve analysis using captured institutionalized knowledge.
bsdtar on Windows 10, (Sat, Feb 15th)Sat, 15 Feb 2020 19:23:47 GMT Reading Xavier&#;x26;#;39;s diary entry "Keep an Eye on Command-Line Browsers", I wondered when exactly curl was introduced in Windows 10?
Keep an Eye on Command-Line Browsers, (Fri, Feb 14th)Fri, 14 Feb 2020 06:26:15 GMT For a few weeks, I'm searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type ‘curl.exe' on your Windows 10 host:
BlueKeep Flaw Plagues Outdated Connected Medical DevicesWed, 19 Feb 2020 20:29:59 +0000 More than 55 percent of medical imaging devices - including MRIs, XRays and ultrasound machines - are powered by outdated Windows versions, researchers warn.
SMS Attack Spreads Emotet, Steals Bank CredentialsWed, 19 Feb 2020 16:00:06 +0000 A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.
Latest Tax Scams Target Apps and Tax-Prep WebsitesWed, 19 Feb 2020 12:03:13 +0000 Traditional e-mail based scams are also in the mix this year, one in particular that uses the legitimate app TeamViewer to take over victims’ systems.
Ring Mandates 2FA After Rash of HacksTue, 18 Feb 2020 20:09:56 +0000 Ring outlined new security and data privacy measures, Tuesday, following backlash of the connected doorbell in the past year.
Hackers Were Inside Citrix for Five MonthsWed, 19 Feb 2020 15:55:04 +0000 Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.
Encoding Stolen Credit Card Data on BarcodesTue, 18 Feb 2020 18:00:29 +0000 Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service, the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.
Pay Up, Or We’ll Make Google Ban Your AdsMon, 17 Feb 2020 14:13:06 +0000 A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google's AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher's ads with so much bot and junk traffic that Google's automated anti-fraud systems suspend the user's AdSense account for suspicious traffic.