Security & Hacktivism
1.5K views | +0 today
Follow
Security & Hacktivism
Internet and Systems Security Risks
Your new post is loading...
Your new post is loading...
Scooped by Joaquín Herrero Pintado
Scoop.it!

TechNet SAMRi10 - Hardening SAM Remote Access in Windows 10/Server 2016

"SAMRi10" tool is a short PowerShell (PS) script which alters remote SAM access default permissions on Windows 10 & Windows Server 2016.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Abusing of Protocols to Load Local Files, bypass the HTML5 Sandbox, Open Popups and more - Broken Browser

Abusing of Protocols to Load Local Files, bypass the HTML5 Sandbox, Open Popups and more - Broken Browser | Security & Hacktivism | Scoop.it
On October 25th, the fellows @MSEdgeDev twitted a link that called my attention because when I click
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Tú eres: Dónde tú estás. ( O cómo tu ubicación dice quién y cómo eres) #privacidad #datos

Tú eres: Dónde tú estás. ( O cómo tu ubicación dice quién y cómo eres) #privacidad #datos | Security & Hacktivism | Scoop.it
Blog personal de Chema Alonso, consultor de seguridad en Informática 64, sobre seguridad, hacking, hackers, Cálico Electrónico y sus paranoias.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender - The Citizen Lab

This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

New hacking technique imperceptibly changes memory virtual servers

New hacking technique imperceptibly changes memory virtual servers | Security & Hacktivism | Scoop.it
For the first time ever a team of Dutch hacking experts, led by cyber security professor Herbert Bos at Vrije Universiteit Amsterdam, managed to alter the memory of virtual machines in the cloud without a software bug, usin
Joaquín Herrero Pintado's insight:
With the new attack technique Flip Feng Shui (FSS), an attacker rents a virtual machine on the same host as the victim. This can be done by renting many virtual machines until one of them lands next to the victim. A virtual machine in the cloud is often used to run applications, test new software, or run a website. There are public (for everyone), community (for a select group) and private (for one organization accessible) clouds. The attacker writes a memory page that he knows exists in the victim on the vulnerable memory location and lets it deduplicate. As a result, the identical pages will be merged into one in order to save space (the information is, after all, the same). That page is stored in the same part of the memory of the physical computer. The attacker can now modify the information in the general memory of the computer. This can be done by triggering a hardware bug dubbed Rowhammer, which causes flip bits from 0 to 1 or vice versa, to seek out the vulnerable memory cells and change them.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Your battery status is being used to track you online

Your battery status is being used to track you online | Security & Hacktivism | Scoop.it
Battery status indicators are being used to track devices, say researchers from Princeton University – meaning warnings of privacy exposure have come to pass
Joaquín Herrero Pintado's insight:
the battery status indicator really is being used in the wild to track users. By running a specially modified browser, Steve Engelhard and Arvind Narayanan found two tracking scripts that used the API to “fingerprint” a specific device, allowing them to continuously identify it across multiple contexts.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Verifying SSL/TLS certificates manually

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

50+ vulnerabilities found in popular home gateway modems/routers

50+ vulnerabilities found in popular home gateway modems/routers | Security & Hacktivism | Scoop.it
A researcher has unearthed over fifty vulnerabilities in five home gateway modems/routers used by many ISPs around the world.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Low-cost IMSI catcher for 4G/LTE networks tracks phones’ precise locations

Low-cost IMSI catcher for 4G/LTE networks tracks phones’ precise locations | Security & Hacktivism | Scoop.it
$1,400 device can track users for days with little indication anything is amiss.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

» Should you pay a hacker’s ransom?

» Should you pay a hacker’s ransom? | Security & Hacktivism | Scoop.it
Related Posts:Kansas Heart Hospital hit by ransomwareJournal Times editorial: Paying ransom to computer hackers…TX: Alto city office battle
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Clever Attack Uses the Sound of a Computer’s Fan to Steal Data

Clever Attack Uses the Sound of a Computer’s Fan to Steal Data | Security & Hacktivism | Scoop.it
By controlling the speed of a computer's internal fans, researchers show how they can steal passwords and other data from "air-gapped" machines.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Surveillance Evasion

Surveillance Evasion | Security & Hacktivism | Scoop.it
In this article, I’m going to discuss various ways in which people can protect themselves from hostile surveillance. The first thing to understand here is that hostile surveillance isn’t in and of itself the top threat you should be worried about.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Creando un Ransomeware desde 0 con Python

Creando un Ransomeware desde 0 con Python | Security & Hacktivism | Scoop.it
Creando un Ransomeware desde 0 con Python Antes de comenzar a escribir, espero que no mal interpreten mis intenciones de libre enseñanza, se que es un peligroso este tipo de artículos y que en manos equivocadas puede causar daño a personas y organizaciones,...
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say

Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say | Security & Hacktivism | Scoop.it
Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in texts.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

El ataque de denegación de servicios a Twitter, Spotify o Netflix ya tiene autores

El ataque de denegación de servicios a Twitter, Spotify o Netflix ya tiene autores | Security & Hacktivism | Scoop.it
El pasado viernes, Twitter, Spotify, Paypal, Netflix Reddit, Github y populares diarios norteamericanos dejaron de prestar servicio durante horas. La causa, un ataque de denegación distribuido de servicios, más conocido como DDoS.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

TpmInitUACBypass – A tool to Bypass User Account Control(UAC) on Windows 8.1 x64 & Windows 10 x64. – Security List Network™

TpmInitUACBypass – A tool to Bypass User Account Control(UAC) on Windows 8.1 x64 & Windows 10 x64. – Security List Network™ | Security & Hacktivism | Scoop.it
TpmInitUACBypass – A tool to Bypass User Account Control(UAC) on Windows 8.1 x64 & Windows 10 x64. | Security List Network™
Joaquín Herrero Pintado's insight:
When TpmInit.exe starts, it first tries to load the wbemcomn.dll within C:\Windows\System32\wbem. This DLL cannot be found in that folder, so it tries to load the DLL again, but then in C:\Windows\System32. This tool exploits this DLL loading vulnerability.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

ssh-audit is a tool for ssh server auditing. – Security List Network™

ssh-audit is a tool for ssh server auditing. – Security List Network™ | Security & Hacktivism | Scoop.it
ssh-audit is a tool for ssh server auditing. | Security List Network™
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

It’s scary how many things in your house can be hacked

It’s scary how many things in your house can be hacked | Security & Hacktivism | Scoop.it
Donald Trump may think he’s wreaking havoc when he tells the Russians to hack into Hillary Clinton’s e-mail, but America’s vulnerabilities go way...
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Dark Web OSINT With Python and OnionScan: Part One | Automating OSINT Blog

Dark Web OSINT With Python and OnionScan: Part One | Automating OSINT Blog | Security & Hacktivism | Scoop.it
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

Qué datos recopila Pokémon Go y cómo gestionar la privacidad en el juego

Qué datos recopila Pokémon Go y cómo gestionar la privacidad en el juego | Security & Hacktivism | Scoop.it
La información no sólo es poder, sino que en muchos casos suele significar "negocio". Así lo reconocen directamente en Pokémon Go, donde d
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

OK, panic—newly evolved ransomware is bad news for everyone

OK, panic—newly evolved ransomware is bad news for everyone | Security & Hacktivism | Scoop.it
Crypto-ransomware has turned every network intrusion into a potential payday.
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

When a nation is hacked: Understanding the ginormous Philippines data breach

Remember when OPM got breached last year? There was a lot of excitement in various parts of the world (namely the US) because here we had a government department (Office of Personnel Management), and they’d just lost 21.5 million records!
more...
No comment yet.
Scooped by Joaquín Herrero Pintado
Scoop.it!

He Was a Hacker for the NSA and He Was Willing to Talk. I Was Willing to Listen.

He Was a Hacker for the NSA and He Was Willing to Talk. I Was Willing to Listen. | Security & Hacktivism | Scoop.it
Redirecting internet traffic from entire countries was one of the "ridiculously cool" projects undertaken by an NSA hacker who spoke with The Intercept.
more...
No comment yet.