Page 35 of 35 FirstFirst ... 25272829303132333435
Results 851 to 866 of 866
  1. #851
    Thailand Expat raycarey's Avatar
    Join Date
    Jan 2006
    Last Online
    @
    Posts
    14,332
    Quote Originally Posted by harrybarracuda View Post
    enter your password at haveibeenpwned.com
    enter your email address

  2. #852
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    Quote Originally Posted by raycarey View Post
    enter your email address

    Doh! Yes email address

    <mental note: Drink coffee before posting>

  3. #853
    Thailand Expat
    Latindancer's Avatar
    Join Date
    Mar 2010
    Last Online
    Today @ 09:54 AM
    Location
    Australia
    Posts
    12,791
    I love these TD moments of extreme irony

  4. #854
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    Quote Originally Posted by Latindancer View Post
    I love these TD moments of extreme irony
    Actually you could enter your password and it wouldn't do any harm, but don't expect a ton of results.

    For that you need to use this:

    How Secure Is My Password?


  5. #855
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    EasyJet hit by cyberattack where email and travel details for 9million customers stolen

    EASYJET has been targeted in a cyber attack, which has resulted in hackers accessing millions of customers contact and travel information.

    The airline, which has currently grounded all of its flights in response to the
    coronavirus pandemic, said it has now blocked the unauthorised access. A company investigation found that the email address and travel details of about 9million customers were accessed. The hackers also accessed the credit card details of more than 2,000 customers.



    https://www.express.co.uk/news/uk/1284201/easyjet-airline-cyber-attack-latest-travel-news-customers-details-emails-hacked

  6. #856
    Thailand Expat
    Latindancer's Avatar
    Join Date
    Mar 2010
    Last Online
    Today @ 09:54 AM
    Location
    Australia
    Posts
    12,791
    I got an email the other day which caught my eye because the subject line was the password I use to log on to my desktop computer.
    Some little shit said he had video footage of me wanking and the website details, and wanted Bitcoin.....but I have my camera unplugged unless actually using it.
    I suppose it was some Facebook or other link I clicked on. Somehow they got my email address and computer password.

    We think we know it all about this kind of thing, but it pays to read something by experts and keep it in mind.

    Phishing Scams & Attacks - How to Protect Yourself | Kaspersky

  7. #857
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    Quote Originally Posted by Latindancer View Post
    I got an email the other day which caught my eye because the subject line was the password I use to log on to my desktop computer.
    Some little shit said he had video footage of me wanking and the website details, and wanted Bitcoin.....but I have my camera unplugged unless actually using it.
    I suppose it was some Facebook or other link I clicked on. Somehow they got my email address and computer password.

    We think we know it all about this kind of thing, but it pays to read something by experts and keep it in mind.

    Phishing Scams & Attacks - How to Protect Yourself | Kaspersky

    It's called "Sextortion" and they're a bunch of chancers.

    Enter your email address at haveibeenpwned.com and see where they got your password from.

  8. #858
    Newbie

    Join Date
    Jan 2020
    Last Online
    Yesterday @ 05:41 AM
    Posts
    24
    Massive spying on users of Google's Chrome shows new security weakness

    "A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions."

    Exclusive: Massive spying on users of Google's Chrome shows new security weakness - Reuters

  9. #859
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    If your Netgear Router is on this list (and it includes some relatively recent models), you need to check for new firmware to fix identified vulnerabilities. Details in the link.

    NETGEAR is aware of multiple security vulnerabilities on the following products:


    • AC1450
    • D6220
    • D6300
    • D6400
    • D7000v2
    • D8500
    • DC112A
    • DGN2200
    • DGN2200M
    • DGN2200v4
    • DGND3700
    • EX3700
    • EX3800
    • EX3920
    • EX6000
    • EX6100
    • EX6120
    • EX6130
    • EX6150
    • EX6200
    • EX6920
    • EX7000
    • LG2200D
    • MBM621
    • MBR1200
    • MBR1515
    • MBR1516
    • MBR624GU
    • MBRN3000
    • MVBR1210C
    • R4500
    • R6200
    • R6200v2
    • R6250
    • R6300
    • R6300v2
    • R6400
    • R6400v2
    • R6700
    • R6700v3
    • R6900
    • R6900P
    • R7000
    • R7000P
    • R7100LG
    • R7300
    • R7850
    • R7900
    • R8000
    • R8300
    • R8500
    • RS400
    • WGR614v10
    • WGR614v8
    • WGR614v9
    • WGT624v4
    • WN2500RP
    • WN2500RPv2
    • WN3000RP
    • WN3100RP
    • WN3500RP
    • WNCE3001
    • WNDR3300
    • WNDR3300v2
    • WNDR3400
    • WNDR3400v2
    • WNDR3400v3
    • WNDR3700v3
    • WNDR4000
    • WNDR4500
    • WNDR4500v2
    • WNR1000v3
    • WNR2000v2
    • WNR3500
    • WNR3500L
    • WNR3500Lv2
    • WNR3500v2
    • WNR834Bv2
    • XR300


    NETGEAR strongly recommends that you download the latest firmware as soon as a firmware update or firmware hotfix is available for your product. See the following table for a list of products with firmware fixes available for one or more vulnerabilities.

    https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders

  10. #860
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    Another warning to check your router firmware and make sure it's up to date, regardless of brand.

    If it isn't supported any more, get rid.


    Popular home routers plagued by critical security flaws | WeLiveSecurity

  11. #861
    Newbie

    Join Date
    Jan 2020
    Last Online
    Yesterday @ 05:41 AM
    Posts
    24
    If the news about router security flaws has you thinking it's time for a new, more secure router, techradar.com recently posted this list of 2020's best:
    Best secure router of 2020: keep your router and devices safe at home or work | TechRadar

  12. #862
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    Time to update Chrome if you haven't got it doing it automagically:

    Original release date: July 14, 2020
    Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

    And as an added bonus, if you have a Microsoft Network in your office, tell your IT staff to look for a WORMABLE, critical DNS Server patch.


  13. #863
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online

    An OPSEC error by an Iranian threat actor has laid bare the inner workings of the hacking group by providing a rare insight into the "behind-the-scenes look into their methods."

    IBM's X-Force Incident Response Intelligence Services (IRIS) got hold of nearly five hours worth of video recordings of the state-sponsored group it calls ITG18 (also called Charming Kitten, Phosphorous, or
    APT35) that it uses to train its operators.

    Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist.

    "Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the
    researchers said.

    The IBM researchers said they found the videos on a virtual private cloud server that was left exposed due to a misconfiguration of security settings. The server, which was also found to host several ITG18 domains earlier this year, held more than 40 gigabytes of data.

    The discovered video files show that ITG18 had access to the targets' email and social media credentials obtained via
    spear-phishing, using the information to log in to the accounts, delete notifications of suspicious logins so as not to alert the victims, and exfiltrate contacts, photos, and documents from Google Drive.

    "The operator was also able to sign into victims' Google Takeout (takeout.google.com), which allows a user to export content from their Google Account, to include location history, information from Chrome, and associated Android devices," the researchers noted.

    Besides this, the videos — captured using Bandicam's screen-recording tool — also show that the actors behind the operation plugged the victims' credentials to Zimbra's email collaboration software intending to monitor and manage the compromised email accounts.

    Outside of email accounts, the researchers said they found the attackers employing a long list of compromised usernames and passwords against at least 75 different websites ranging from banks to video and music streaming to something as trivial as pizza delivery and baby products.
    Other clips showed the ITG18 group leveraging dummy Yahoo! accounts, which include a phone number with Iran's country code (+98), using them to send the phishing emails, some of which bounced back, suggesting the emails did not reach the victim's inbox.

    "During the videos where the operator was validating victim credentials, if the operator successfully authenticated against a site that was set up with multi-factor authentication (MFA) they paused and moved on to another set of credentials without gaining access," the researchers said.

    ITG18 has a long history of targeting the U.S. and the Middle Eastern military, diplomatic, and government personnel for intelligence gathering and espionage to serve Iran's geopolitical interests.

    If anything, the discovery emphasizes the need to secure your accounts by using stronger passwords, turning on two-factor authentication, and reviewing and limiting access to third-party apps.

    "The compromise of personal files of members of the Greek and U.S. Navy could be in support of espionage operations related to numerous proceedings occurring in the Gulf of Oman and Arabian Gulf," IBM X-Force researchers concluded. "The group has shown persistence in its operations and consistent creation of new infrastructure despite multiple public disclosures and broad reporting on its activity."

    Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online

  14. #864
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    If you are using any of these VPN's, ditch them immediately.

    They've all been caught logging copious amounts of user data when they claimed they don't.

    UFO VPN
    FAST VPN
    Free VPN
    Super VPN
    Flash VPN
    Secure VPN
    Rabbit VPN

  15. #865
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    Google will soon introduce biometric authentication to the Chrome Autofill feature on Android devices, in a bid to make conducting online purchases via its browser more convenient and secure.

    Users will still need to input their information manually when using a credit card for the first time but, for future purchases, Chrome for Android will allow users to bypass CVV checks and authenticate transactions using face ID or fingerprint alone.

    Google Chrome
    will also apply a similar process to logging into online services. The new touch-to-fill feature will bring up a list of accounts attached to the webpage a user is currently browsing and allow them to verify their identity using biometrics.

    Previously, an unauthorized third party with access to a device could gain entry to the owner’s online accounts via the Autofill feature (which required no additional authentication). Using biometrics, however, puts paid to this possibility - unless twins are involved, of course.

    For security conscious users, the common advice was never to use a browser’s autofill function and opt for a secure password manager instead. But with the imminent upgrade to Chrome for Android, it’s possible account credentials will be just as safe stored in-browser.

    To ensure sensitive biometric information remains secure, Chrome utilizes the WebAuthn standard when registering fingerprint and facial data. Google has also assured users that biometric data will always remain on-device, never transmitted to the cloud.

    The new feature also significantly reduces the risk of falling victim to elaborate phishing scams. While a fake landing page hosted on an illegitimate domain might deceive an unwitting user, the browser itself will not be so easy to dupe.

    Already available on Chrome for Mac and Windows, biometric authentication is set to land on Android devices within the next few weeks.

    You’ll never need a password manager again, thanks to this new Chrome update | TechRadar

  16. #866
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    67,623
    The chinkies are blocking new secure traffic because they can't snoop on their citizens.

    I'm sure Vlad will be following.

    China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI | ZDNet

Page 35 of 35 FirstFirst ... 25272829303132333435

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •