Cyber Security

Cyber Security - Word Cloud
Cyber Security - Word Cloud
  • Cristy Davis Powerball Donation Lottery Scam
    A “Cristy Davis ” Powerball Donation Lottery Scam I Googled this text message / SMS I just received today. Wondering what this was all about, and smelled a scam, and sure enough, it was after some quick checks. This scam started to be reported back in March 2021, maybe earlier. The scam persisted and was […]
  • Common Crypto Scams and How to Avoid Them
    Ever heard of rug pulls and pig butchering? Be more intelligent than the scammers and learn how common crypto scams work in detail. The US Federal Bureau of Investigation (FBI) estimates that, between January and March 2022, more than US$1.3 billion dollars in cryptocurrencies were stolen by cybercriminals. It is a significant amount, given that by […]
  • Just Open It
    “Just open it, you don’t need a password.” What is phishing? Phishing attacks are counterfeit communications that appear to come from a trustworthy source but can compromise all types of data sources. Attacks can facilitate access to your online accounts and personal data, obtain permissions to modify and compromise connected systems–such as point of sale terminals […]
  • Data Mining – Identity Theft.
    Warning Signs of Identity Theft What Do Thieves Do With Your Information? Once identity thieves have your personal information, they can drain your bank account, run up charges on your credit cards, open new utility accounts, or get medical treatment on your health insurance. An identity thief can file a tax refund in your name […]
  • World’s top password manager LastPass says it was hacked.
    The CEO of password-manager company LastPass said Thursday that it was recently hacked, but the company sees no evidence the incident exposed any customer data or passwords. “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code […]
  • Apple Releases Security Updates for Multiple Products
    Apple has released security updates to address vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari. An attacker could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible: MacOS […]
  • Researchers Hacked SpaceX Operated Starlink Satellite Using a $25 Modchip.
    In a hacking attempt carried out by a security researcher, Lennert Wouters, at the Belgian university KU Leuven, the Starlink satellite-based internet system operated by SpaceX was successfully hacked.  The most shocking thing is that it cost him approx 25 dollars only to make a homemade circuit board to hack the system. A series of […]
  • Multi-Factor Authentication: Who Has It and How to Set It Up
    Don’t let scammers get their hands on your sensitive information. Here’s how to secure your online accounts with multi-factor authentication (MFA), and two-factor authentication (2FA). The 2014 Heartbleed bug exposed millions of internet logins to scammers thanks to one itty-bitty piece of code. Our security nightmares have only gotten progressively worse in the years since. What’s the […]
  • Security Domains
    Definition(s):   A domain that implements a security policy and is administered by a single authority.Source(s):CNSSI 4009-2015 from CNSSP 24, CNSSI 1253F Attachment 3NIST SP 800-137 under Security Domain from CNSSI 4009NIST SP 800-172 from CNSSI 4009-2015 – AdaptedNIST SP 800-172A from CNSSI 4009-2015 – AdaptedNIST SP 800-53 Rev. 5 from CNSSI 4009-2015NIST SP 800-171 Rev. 2 from CNSSI 4009 – Adapted An environment or context includes a set of system resources and […]
  • Network Monitoring
    Stop! Hey! What’s that sound? THERE’S SOMETHING HAPPENING HERE WHAT IT IS AIN’T EXACTLY CLEAR THERE’S A MAN WITH A GUN OVER THERE TELLING ME I GOT TO BEWARE I THINK IT’S TIME WE STOP, CHILDREN, WHAT’S THAT SOUND EVERYBODY LOOK WHAT’S GOING DOWN THERE’S BATTLE LINES BEING DRAWN NOBODY’S RIGHT IF EVERYBODY’S WRONG YOUNG […]
  • Yanluowang Ransomware Operators hacked Cisco to Steal Internal Data
    Recent reports indicate that Cisco’s corporate network was infected with ransomware from the Yanluowang group in late May.  Under the threat of leaking stolen files to the online world, the threat actor attempted to intimidate the victims into making a financial sacrifice: ransom. An employee’s Box folder linked to a compromised account was only accessible […]
  • Top 19 Kali Linux tools for vulnerability assessments
    Kali Linux is a free operating system and helps conduct vulnerability assessments and penetration tests. Kali Linux has many tools that can help with vulnerability assessment and network discovery.  There are 19 great tools in Kali Linux for conducting vulnerability assessments and finding security loopholes across various environments. What is a vulnerability assessment tool? A vulnerability […]
  • Random phone callers – Waste of our time
    I don’t know about you, but my phone number gets scammed, fake calls, all illegitimate calls to say the least. I just got five today. I am a professional, so I need to pick up random phone numbers that call for business. But it is a waste of time. SERIOUSLY. This spam Robo killer “stuff” […]
  • What is Remote Access Trojan (RAT)?
    Remote access trojans (RATs) are malware designed to allow an attacker to remotely control an infected computer. Once the RAT runs on a compromised system, the attacker can send commands to it and receive data back in response. 2022 Security ReportDemo Endpoint RAT Protection How Does a Remote Access Trojan Work? RATS can infect computers […]
  • 20JUL2022 – Apple Security Updates Released.
    Nearly every operating system update contains fixes for security vulnerabilities, and the latest releases are no exception. Find out what has been patched by iOS 15.6, macOS 12.5, and others. Apple doesn’t disclose or confirm security issues until an investigation has occurred and patches are made available. On Wednesday, Apple released a slew of updates for its devices […]
  • What is Smishing and How to Defend Against it?
    Smishing meaning and definition Smishing is a phishing cybersecurity attack carried out over mobile text messaging, also known as SMS phishing. As a variant of phishing, victims are deceived into giving sensitive information to a disguised attacker. SMS phishing can be assisted by malware or fraud websites. It occurs on many mobile text messaging platforms, […]
  • Ongoing ‘Roaming Mantis’ Smishing Campaign Hits Over 70,000 Users in France
    A Chinese threat actor named Roaming Mantis has been targeting Android users in France with the MoqHao malware in a new smishing campaign, security researchers with Sekoia warn. The campaign uses phishing SMS messages containing an embedded malicious link to trick unsuspecting victims into downloading malware on their Android devices or accessing a phishing page […]
  • Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
    A new ransomware family dubbed ‘HavanaCrypt’ disguises itself as a Google software update app, using a Microsoft web hosting service IP address as its command and control server to circumvent detection. Detailed by security researchers at Trend Micro in a report, the ransomware is the latest in a series of malware that poses as a legitimate […]
  • Lithuanian Energy Firm Disrupted by DDoS Attack
    Lithuanian energy company Ignitis Group was hit by what it described as its “biggest cyber-attack in a decade” on Saturday when numerous distributed denial of service (DDoS) attacks were aimed at it, disrupting its digital services and websites.  Pro-Russian hacking group Killnet claimed responsibility for the attack on its Telegram channel on Saturday, making this […]
  • Signal for Mobile/Desktop
    Or visit signal.org/install from your phone Signal for Desktop Download for Windows Not on Windows? Signal for Mac Signal for Linux – Debian-based distros
  • IT Army of Ukraine
    The IT Army of Ukraine (Ukrainian: IT-армія України) is a volunteer cyberwarfare organization created at the end of February 2022 to fight against the digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022.[1][3] The group also conducts offensive cyberwarfare operations and Ukrainian government cyber official Victor Zhora said its enlisted hackers would only attack […]
  • Why is everyone getting hacked on Facebook?
    Social media scams are just one of the many ways cybercriminals are taking advantage of people online these days. If your social media networks are anything like mine, you’ve noticed an uptick in people getting “hacked” lately. Maybe you’ve got a weird Facebook message from someone you hadn’t spoken with in a while. Maybe your […]
  • China lured graduate jobseekers into digital espionage
    Chinese university students have been lured to work at a secretive technology company that masked the true nature of their jobs: researching Western targets for spying and translating hacked documents as part of Beijing’s industrial-scale intelligence regime. The Financial Times has identified and contacted 140 potential translators, mostly recent graduates who have studied English at […]
  • Amazon fixes high-severity vulnerability in Android Photos app
    Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store. Amazon Photos is an image and video storage application that enables users to seamlessly share their snaps with up to five family members, offering powerful management and organization features. […]
  • Scam Warning – Razerbit
    This weekend I got a Discord PM saying I won 4.14 ETH (Approx 5k USD). Obviously, I know it’s a scam, but I signed up for their wallet/exchange to see what’s up. I’ve smelled enough scams out, I felt this was one. Everyone wants to “win the lottery”, but this was just too good to […]
  • TryHackMe : RootMe CTF Writeup (Detailed)
    1. Reconnaissance 2. Popping a reverse shell !!! 2.1. Making the connection 3. Reading user flag 4. Privilege Escalation 4.1. Hunting for SUID binaries 4.2. Getting root shell and reading the flag Let’s dive in!! Task 1- Deploy the machine Create a directory for your CTF machine on Desktop and a directory for Nmap Task 2- Reconnaissance Nmap Scan : nmap -sC […]
  • Hacker Steals Database of Hundreds of Verizon Employees
    The database contains information that could be used in social engineering and SIM swapping attacks. A hacker has obtained a database including hundreds of Verizon employees’ full names, email addresses, corporate ID numbers, and phone numbers. It’s unclear if all the data is accurate or up to date. The motherboard confirmed that at least some […]
  • OSI Layers & Related Attacks
  • FBI: Compromised US academic credentials available on various cybercrime forums
    The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that threat actors can use to launch attacks against individuals […]
  • Are spy agencies ready for open-source intelligence?
    Competition brings improvement, and the intelligence community is facing no shortage of competition. As the Russia-Ukraine war and its troop movements provide a proving ground for open-source intelligence (OSINT) — the approach of using public information from anyone to produce intelligence — it’s clear that spy agencies are no longer the sole or even the timeliest source of information […]
  • Fixed: Your current security settings do not allow this file to be downloaded
    If you are trying to download some programs or some drivers, an error occurs saying “Your current security settings do not allow this file to be downloaded“. You can try the solutions below to fix this issue. Solution 1: Change the security setting of the IE browser Follow the steps below: 1. Open Internet Explorer. 2. Click Tools in the […]
  • Beginning with Nessus on Kali Linux
    Kali Linux, a Linux distribution designed specifically for penetration testing, comes prepackaged with many pen test tools. Nessus® provides a penetration tester with a wealth of capabilities that will assist in the engagement, such as: Identifying local and remote vulnerabilities Configuration and compliance audits Checking for default credentials Web application scanning Nessus isn’t installed on […]
  • Brute Force – Cyber Attack
    Definition(s):  A method of accessing an obstructed device by attempting multiple combinations of numeric/alphanumeric passwords.Source(s):NIST SP 800-101 Rev. 1  A method of accessing an obstructed device through attempting multiple combinations of numeric/alphanumeric passwords.Source(s):NIST SP 800-72  In cryptography, an attack that involves trying all possible combinations to find a match.Source(s):NIST SP 1800-21B under Brute-Force Attack from NISTIR 8053  In […]
  • The time it takes a hacker to brute force your password in 2022
    Funny but true story… So I walked through Khol’s today to return an Amazon package as Khol’s locally accepts Amazon package returns, and I tried my best to navigate the store with Zero interruption as I was on a mission. As I was passing the checkout cashier, who warmly greeted me when I entered, I […]
  • Common Network tools – ping, telnet, netstat and arp
    ping (Packet Internet Gropper) The Ping command allows a user to ping another network IP address. Ping command sends ICMP ECHO_REQUEST packets to other hosts, and this command can help determine the connectivity to the remote host. This is similar to playing “Marco Polo” in a body of water. Simple ping command syntax is ping […]
  • Norton 360 Deluxe vs Bitdefender Total Security | Best antivirus for PC
    I’ll be specifically comparing the Norton 360 Deluxe plan, their second most expensive, to Bitdefender’s most expensive Total Security plan. Why do you ask? Because they both claim to offer the same level of protection and supplemental features so, by and large, they’re almost identical packages…or so I thought… 🔥 Bitdefender vs Norton: Malware protection: […]
  • To Win the Next War, the Pentagon Needs Nerds
    Data scientists, coders, and other techies could prove decisive in future conflicts—if Uncle Sam can recruit them. When Russia invaded Ukraine, the U.S. Department of Defense (DoD) turned to a team of machine learning (ML) and artificial intelligence (AI) experts to make sense of an avalanche of information about the conflict. These tech experts crafted […]
  • How Important Cybersecurity Really Is Today?
    How Important Cybersecurity Really Is Today? In the world of the internet and ever-evolving technology standards, cybersecurity has quickly become a top concern and priority for individuals and companies worldwide. Network and web hackers always aim to penetrate the protection of businesses to steal personal and sensitive data.  Since the number of attempts is continuously […]
  • What is Phishing?
    No, we are not talking about going on a fishing charter in the Florida Keys, we are focusing on a Cyber Security phenomenon that is “Today’s New Normal”, and no we are not talking about the Covid-19 term, this is a Cyber Security Term that is defined as: phishing noun Definition of phishing : a scam by […]
  • How To Generate 4096-bit Secure ssh Key with ssh-keygen
    Ssh is a secure protocol used to manage remote systems like Linux, BSD, UNIX, network devices event windows operating systems. The traffic between systems is encrypted. Ssh uses asymmetric keys in order to encrypt and make traffic invisible to the others who reside between systems in the network. The encryption power comes from key bit […]
  • How To Set up SSH Keys on a Linux / Unix System
    I recently read that SSH keys provide a secure way of logging into a Linux and Unix-based server. How do I set up SSH keys on a Linux or Unix-based system? In SSH for Linux/Unix, how do I set up public-key authentication? This page explains a public key and shows you how to set up […]
  • Why a Vulnerability Scan is Not Enough to Keep Business Running Smoothly
    Today’s cybersecurity threat landscape is so vast and complex that it’s impossible to manage threats manually. Vulnerability management is a typical example: tech teams wrestle with many vulnerabilities across apps, networks, and endpoints. A 2019 Kaspersky report outlines the size of the challenge. The security firm identified over 24 million unique malicious malware objects in 2019. […]
  • Russian Hackers Tried Attacking Ukraine’s Power Grid with Industroyer2 Malware
    On Tuesday, the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed that it thwarted a cyberattack by Sandworm, a hacking group affiliated with Russia’s military intelligence, to sabotage the operations of an unnamed energy provider in the country. “The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated computing […]
  • Okta Hack Exposes A Huge Hole In Tech Giant Security: Their Call Centers
    Under Costa Rica’s sunny skies, in a pastel-colored office space northwest of the capital San José, employees are beavering away in their cubicles, answering calls and providing tech support for customers. They work for a little-known outsourcing firm called Sykes. Most people have never heard of the company, even though it’s now part of Sitel […]
  • Stuxnet
    Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built […]
  • Kali Linux 2022.1 Release (Visual Updates, Kali Everything ISOs, Legacy SSH)
    Just announced from Kali, their new 2022.1 release is available for a dist-upgrade or a fresh install! “Today, we are pushing out the first Kali Linux release of the new year with Kali Linux 2022.1, and just in time for Valentine’s Day! This release brings various visual updates and tweaks to existing features and is ready to be downloaded or upgraded if […]
  • TRYHACKME.COM’s Advent of Christmas 3!
    TryHackMe launches Advent of Cyber – set to attract over 30,000 participants! TRYHACKME.COM’s Advent of Chrismas 3! All exercises in Advent of Cyber follow a fun Christmas story. This year, the elf McSkidy needs your help to hack back and undo the grinch’s malicious activities. Each day in December, a new (beginner-friendly) task will be […]
  • What is end-to-end encryption & how does it work?
    Over the past few years, the vulnerability of social networks like Facebook or messaging apps like Chat has given rise to using end-to-end encrypted platforms to protect communications. Today, platforms like WhatsApp, Signal, and PreVeil use end-to-end encryption to protect the exchanges of users’ data. Yet what is end-to-end encryption, and how does it work? […]
  • THE PENTAGON’S ARMY OF NERDS
    Why the military needs Silicon Valley, now more than ever The pentagon is not the most inviting place for first-time visitors, and it was no different for Chris Lynch. When he rode the escalator out of the Pentagon metro station, Lynch was greeted by guard dogs and security personnel wearing body armor and toting machine guns. […]
  • KYC, Know Your Customer in banking
    KYC (Know Your Customer) is today a significant element in the fight against financial crime and money laundering, and customer identification is the most critical aspect as it is the first step to better perform in the other stages of the process. The global anti-money laundering (AML) and countering the financing of terrorism (CFT) landscape raise tremendous stakes […]
  • I registered for the CompTIA Security+ SY0-501 Today.
    “CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.” – CompTIA So I registered for the CompTIA Security+ 501 exam today to test in a few days. I prepared a good deal last fall (2020) but became busy. For those who […]
  • Colonial Pipeline Company – Ransomware – Gasoline Shortage
    Why are people filling plastic bags and taking ill-thought-out plans with gasoline in the North-Eastern region of the United States of America? The VPN account, which has since been deactivated, didn’t use multifactor authentication, an essential cybersecurity tool, allowing the hackers to breach Colonial’s network using just a compromised username and password. It’s not known […]
  • Holiday Hack Challenge – 2020
    Holiday Hack Challenge – 2020 So Zack of ZP Enterprises’ and a friend of ZP Enterprises signed up for the SAN’s Holiday Hack Challenge of 2020. And what an exciting and fun way to ethically hack, not cause damage or a loss of life; but also learn a few things. Some were, well, rudimentary, and […]
  • Ukraine – Kyiv (Kiev) – Digital Forensics
    o, I have decided to start documenting my Cyber Security skills and what I can bring to the table for a situation. This one is going to be a work in progress, so bear with me here.
  • CompTIA Certification Bundle Giveaway
    CompTIA Certification Bundle Giveaway Enter to win a CompTIA Exam Prep Bundle (valued up to $699)! What’s Included? CompTIA Study Guide, 12-Month CertMaster Practice License, Exam Voucher of Your Choice, and a Retake Voucher, just in case!  Exams Winners Can Choose From? CySA+ (CS0-002), PenTest+ (PT0-001), Security+ (SY0-501), Network+ (N10-007), Server+, Project+,  A+ Core 1 (220-1001), A+ […]
  • TCP vs UDP
    Here, we will compare these two protocols’ main characteristics, and we will look at TCP Protocol (Transmission Control Protocol) and UDP Protocol (User Datagram Protocol). This comparison is very important and, generally, a question asked in Network Engineering, Cyber Security, or Infrastructure interviews. It also is important for students and security certification tets and is a simple […]
  • OSI Model And 7 Layers Of OSI Model Explained
    The Open Systems Interconnection model (OSI model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to its underlying internal structure and technology. Its goal is the interoperability of diverse communication systems with standard protocols. The model partitions a communication system into abstraction layers. The original version of the […]
  • How To Use Proxy chains with Kali Linux
    Proxy chains are open source software for Linux systems and come pre-installed with Kali Linux, the tool redirects TCP connections through proxies like TOR, SOCKS, and HTTP (S), allowing us to chain proxy servers. With proxy chains, we can hide the IP address of the source traffic and evade IDS and firewalls. We can use […]
  • Edward Snowden – Collection of interviews
  • MoqHao Banking Trojan Targets South Korean Android Users
    McAfee security researchers reveal that a recently spotted Android banking Trojan targeting South Korean users via SMS phishing messages (smishing) was linked to an infection campaign from two years ago. The mobile phishing messages attempt to lure users into executing malware by claiming to link to a leaked private picture or posing as a Chrome […]
  • The U.S. Government Needs to Hire More Geeks
    Randy Watson is choking back tears. He is a proud and grizzled Vietnam veteran, standing in front of an audience of hundreds. With the help of his daughter, Randy has just driven 1,100 miles from his home in Joplin, Missouri to Washington, DC to tell the story of how he almost died. But as he […]
  • How to Find Any Website’s Vulnerabilities with Nikto
    Before attacking any website, it’s critical to do good reconnaissance. A few minutes of recon can save you hours on a hack. Simply trying various attacks without first finding which attacks the site is vulnerable to is pure foolishness. There are a number of tools and applications to find vulnerabilities in websites, but one of the […]
  • Vulnerability Scanning with Nexpose
    ​One of the keys to success as a hacker, pentester, or cyber warrior is finding vulnerabilities or flaws in the target system they exploit when they hack. There are several ways, including various Web application vulnerability testers such as Nikto and searching through vulnerability databases such as www.securityfocus.com. There is a method to be more specific. What if […]