Page 35 of 44 FirstFirst ... 252728293031323334353637383940414243 ... LastLast
Results 851 to 875 of 1081
  1. #851
    Thailand Expat raycarey's Avatar
    Join Date
    Jan 2006
    Last Online
    @
    Posts
    15,054
    Quote Originally Posted by harrybarracuda View Post
    enter your password at haveibeenpwned.com
    enter your email address

  2. #852
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Quote Originally Posted by raycarey View Post
    enter your email address

    Doh! Yes email address

    <mental note: Drink coffee before posting>

  3. #853
    I'm in Jail

    Join Date
    Mar 2010
    Last Online
    14-12-2023 @ 11:54 AM
    Location
    Australia
    Posts
    13,986
    I love these TD moments of extreme irony

  4. #854
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Quote Originally Posted by Latindancer View Post
    I love these TD moments of extreme irony
    Actually you could enter your password and it wouldn't do any harm, but don't expect a ton of results.

    For that you need to use this:

    How Secure Is My Password?


  5. #855
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    EasyJet hit by cyberattack where email and travel details for 9million customers stolen

    EASYJET has been targeted in a cyber attack, which has resulted in hackers accessing millions of customers contact and travel information.

    The airline, which has currently grounded all of its flights in response to the
    coronavirus pandemic, said it has now blocked the unauthorised access. A company investigation found that the email address and travel details of about 9million customers were accessed. The hackers also accessed the credit card details of more than 2,000 customers.



    https://www.express.co.uk/news/uk/1284201/easyjet-airline-cyber-attack-latest-travel-news-customers-details-emails-hacked

  6. #856
    I'm in Jail

    Join Date
    Mar 2010
    Last Online
    14-12-2023 @ 11:54 AM
    Location
    Australia
    Posts
    13,986
    I got an email the other day which caught my eye because the subject line was the password I use to log on to my desktop computer.
    Some little shit said he had video footage of me wanking and the website details, and wanted Bitcoin.....but I have my camera unplugged unless actually using it.
    I suppose it was some Facebook or other link I clicked on. Somehow they got my email address and computer password.

    We think we know it all about this kind of thing, but it pays to read something by experts and keep it in mind.

    Phishing Scams & Attacks - How to Protect Yourself | Kaspersky

  7. #857
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Quote Originally Posted by Latindancer View Post
    I got an email the other day which caught my eye because the subject line was the password I use to log on to my desktop computer.
    Some little shit said he had video footage of me wanking and the website details, and wanted Bitcoin.....but I have my camera unplugged unless actually using it.
    I suppose it was some Facebook or other link I clicked on. Somehow they got my email address and computer password.

    We think we know it all about this kind of thing, but it pays to read something by experts and keep it in mind.

    Phishing Scams & Attacks - How to Protect Yourself | Kaspersky

    It's called "Sextortion" and they're a bunch of chancers.

    Enter your email address at haveibeenpwned.com and see where they got your password from.

  8. #858
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    Massive spying on users of Google's Chrome shows new security weakness

    "A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions."

    Exclusive: Massive spying on users of Google's Chrome shows new security weakness - Reuters

  9. #859
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    If your Netgear Router is on this list (and it includes some relatively recent models), you need to check for new firmware to fix identified vulnerabilities. Details in the link.

    NETGEAR is aware of multiple security vulnerabilities on the following products:


    • AC1450
    • D6220
    • D6300
    • D6400
    • D7000v2
    • D8500
    • DC112A
    • DGN2200
    • DGN2200M
    • DGN2200v4
    • DGND3700
    • EX3700
    • EX3800
    • EX3920
    • EX6000
    • EX6100
    • EX6120
    • EX6130
    • EX6150
    • EX6200
    • EX6920
    • EX7000
    • LG2200D
    • MBM621
    • MBR1200
    • MBR1515
    • MBR1516
    • MBR624GU
    • MBRN3000
    • MVBR1210C
    • R4500
    • R6200
    • R6200v2
    • R6250
    • R6300
    • R6300v2
    • R6400
    • R6400v2
    • R6700
    • R6700v3
    • R6900
    • R6900P
    • R7000
    • R7000P
    • R7100LG
    • R7300
    • R7850
    • R7900
    • R8000
    • R8300
    • R8500
    • RS400
    • WGR614v10
    • WGR614v8
    • WGR614v9
    • WGT624v4
    • WN2500RP
    • WN2500RPv2
    • WN3000RP
    • WN3100RP
    • WN3500RP
    • WNCE3001
    • WNDR3300
    • WNDR3300v2
    • WNDR3400
    • WNDR3400v2
    • WNDR3400v3
    • WNDR3700v3
    • WNDR4000
    • WNDR4500
    • WNDR4500v2
    • WNR1000v3
    • WNR2000v2
    • WNR3500
    • WNR3500L
    • WNR3500Lv2
    • WNR3500v2
    • WNR834Bv2
    • XR300


    NETGEAR strongly recommends that you download the latest firmware as soon as a firmware update or firmware hotfix is available for your product. See the following table for a list of products with firmware fixes available for one or more vulnerabilities.

    https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders

  10. #860
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Another warning to check your router firmware and make sure it's up to date, regardless of brand.

    If it isn't supported any more, get rid.


    Popular home routers plagued by critical security flaws | WeLiveSecurity

  11. #861
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    If the news about router security flaws has you thinking it's time for a new, more secure router, techradar.com recently posted this list of 2020's best:
    Best secure router of 2020: keep your router and devices safe at home or work | TechRadar

  12. #862
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Time to update Chrome if you haven't got it doing it automagically:

    Original release date: July 14, 2020
    Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

    And as an added bonus, if you have a Microsoft Network in your office, tell your IT staff to look for a WORMABLE, critical DNS Server patch.


  13. #863
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online

    An OPSEC error by an Iranian threat actor has laid bare the inner workings of the hacking group by providing a rare insight into the "behind-the-scenes look into their methods."

    IBM's X-Force Incident Response Intelligence Services (IRIS) got hold of nearly five hours worth of video recordings of the state-sponsored group it calls ITG18 (also called Charming Kitten, Phosphorous, or
    APT35) that it uses to train its operators.

    Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist.

    "Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the
    researchers said.

    The IBM researchers said they found the videos on a virtual private cloud server that was left exposed due to a misconfiguration of security settings. The server, which was also found to host several ITG18 domains earlier this year, held more than 40 gigabytes of data.

    The discovered video files show that ITG18 had access to the targets' email and social media credentials obtained via
    spear-phishing, using the information to log in to the accounts, delete notifications of suspicious logins so as not to alert the victims, and exfiltrate contacts, photos, and documents from Google Drive.

    "The operator was also able to sign into victims' Google Takeout (takeout.google.com), which allows a user to export content from their Google Account, to include location history, information from Chrome, and associated Android devices," the researchers noted.

    Besides this, the videos — captured using Bandicam's screen-recording tool — also show that the actors behind the operation plugged the victims' credentials to Zimbra's email collaboration software intending to monitor and manage the compromised email accounts.

    Outside of email accounts, the researchers said they found the attackers employing a long list of compromised usernames and passwords against at least 75 different websites ranging from banks to video and music streaming to something as trivial as pizza delivery and baby products.
    Other clips showed the ITG18 group leveraging dummy Yahoo! accounts, which include a phone number with Iran's country code (+98), using them to send the phishing emails, some of which bounced back, suggesting the emails did not reach the victim's inbox.

    "During the videos where the operator was validating victim credentials, if the operator successfully authenticated against a site that was set up with multi-factor authentication (MFA) they paused and moved on to another set of credentials without gaining access," the researchers said.

    ITG18 has a long history of targeting the U.S. and the Middle Eastern military, diplomatic, and government personnel for intelligence gathering and espionage to serve Iran's geopolitical interests.

    If anything, the discovery emphasizes the need to secure your accounts by using stronger passwords, turning on two-factor authentication, and reviewing and limiting access to third-party apps.

    "The compromise of personal files of members of the Greek and U.S. Navy could be in support of espionage operations related to numerous proceedings occurring in the Gulf of Oman and Arabian Gulf," IBM X-Force researchers concluded. "The group has shown persistence in its operations and consistent creation of new infrastructure despite multiple public disclosures and broad reporting on its activity."

    Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online

  14. #864
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    If you are using any of these VPN's, ditch them immediately.

    They've all been caught logging copious amounts of user data when they claimed they don't.

    UFO VPN
    FAST VPN
    Free VPN
    Super VPN
    Flash VPN
    Secure VPN
    Rabbit VPN

  15. #865
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    None of these free VPNs are really "free." They have to make their money somehow. If you have to use a VPN, then pay for one.

    Flash VPN, UFO VPN, and five other services leaked 1.2TB of private information

  16. #866
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Google will soon introduce biometric authentication to the Chrome Autofill feature on Android devices, in a bid to make conducting online purchases via its browser more convenient and secure.

    Users will still need to input their information manually when using a credit card for the first time but, for future purchases, Chrome for Android will allow users to bypass CVV checks and authenticate transactions using face ID or fingerprint alone.

    Google Chrome
    will also apply a similar process to logging into online services. The new touch-to-fill feature will bring up a list of accounts attached to the webpage a user is currently browsing and allow them to verify their identity using biometrics.

    Previously, an unauthorized third party with access to a device could gain entry to the owner’s online accounts via the Autofill feature (which required no additional authentication). Using biometrics, however, puts paid to this possibility - unless twins are involved, of course.

    For security conscious users, the common advice was never to use a browser’s autofill function and opt for a secure password manager instead. But with the imminent upgrade to Chrome for Android, it’s possible account credentials will be just as safe stored in-browser.

    To ensure sensitive biometric information remains secure, Chrome utilizes the WebAuthn standard when registering fingerprint and facial data. Google has also assured users that biometric data will always remain on-device, never transmitted to the cloud.

    The new feature also significantly reduces the risk of falling victim to elaborate phishing scams. While a fake landing page hosted on an illegitimate domain might deceive an unwitting user, the browser itself will not be so easy to dupe.

    Already available on Chrome for Mac and Windows, biometric authentication is set to land on Android devices within the next few weeks.

    You’ll never need a password manager again, thanks to this new Chrome update | TechRadar

  17. #867
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    The chinkies are blocking new secure traffic because they can't snoop on their citizens.

    I'm sure Vlad will be following.

    China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI | ZDNet

  18. #868
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    Quote Originally Posted by harrybarracuda View Post
    The chinkies are blocking new secure traffic because they can't snoop on their citizens.

    I'm sure Vlad will be following.

    China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI | ZDNet
    This terminology can be confusing for those who aren't into IT. Here are a few paragraphs from the article that provide a little more clarity:

    "The Chinese government has deployed an update to its national censorship tool, known as the Great Firewall (GFW), to block encrypted HTTPS connections that are being set up using modern, interception-proof protocols and technologies.

    The ban has been in place for at least a week, since the end of July, according to a joint report published this week by three organizations tracking Chinese censorship -- iYouPort, the University of Maryland, and the Great Firewall Report. Through the new GFW update, Chinese officials are only targeting HTTPS traffic that is being set up with new technologies like TLS 1.3 and ESNI (Encrypted Server Name Indication). Other HTTPS traffic is still allowed through the Great Firewall, if it uses older versions of the same protocols -- such as TLS 1.1 or 1.2, or SNI (Server Name Indication)."

  19. #869
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    If it's not the chinkies, it's the russkies....

    Russia is targeting Linux with Drovorub malware

    The NSA has issued a warning about a new round of cyberattacks by Russia. This time, the GRU (Główny Zarząd Wywiadowczy, the Russian General Staff Main Intelligence Directorate) is targeting Linux machines.

    To orchestrate the attacks, the GRU is using a malware suite called Drovorub. The suite is made up of four modules and uses a variety of techniques to hide itself and evade detection.

    The National Security Agency does not say how long the malware has been in circulation for, but points out that the Russian GRU 85th GTsSS responsible for deploying it has been seen operating under various names including Fancy Bear, APT28 and Strontium. Drovorub is concerning not only because of the steps it takes to hide itself, but also because of the root level privileges it is able to obtain.

    The NSA describes the malware:

    Drovorub is a Linux malware toolset consisting of an implant coupled with a kernel module rootkit, a file transfer and port forwarding tool, and a Command and Control (C2) server. When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor-controlled C2 infrastructure (T1071.0011); file download and upload capabilities (T1041); execution of arbitrary commands as "root" (T1059.004); and port forwarding of network traffic to other hosts on the network (T1090). The kernel module rootkit uses a variety of means to hide itself and the implant on infected devices (T1014), and persists through reboot of an infected machine unless UEFI secure boot is enabled in "Full" or "Thorough" mode.

    System administrators are advised to upgrade to Linux Kernel 3.7 or later in order to avoid being susceptible to attack, as well as taking precautions to ensure that only modules with valid digital signatures are loaded.


    More details can be found in the NSA's
    advisory notice.

    https://betanews.com/2020/08/14/russia-malware-linux-drovorub/?utm_source=feedburner&utm_medium=feed&utm_campaig n=Feed+-+bn+-+BetaNews+Latest+News+Articles



  20. #870
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Microsoft will bid farewell to Internet Explorer and legacy Edge in 2021


    Microsoft will end support for Internet Explorer 11 across its Microsoft 365 apps and services next year. In exactly a year, on August 17th, 2021, Internet Explorer 11 will no longer be supported for Microsoft’s online services like Office 365, OneDrive, Outlook, and more. Microsoft is also ending support for Internet Explorer 11 with the Microsoft Teams web app later this year, with support ending on November 30th.


    While it’s still going to take some time to pry enterprise users of Internet Explorer 11 away, Microsoft is hoping that the new Internet Explorer legacy mode in the Chromium-based Microsoft Edge browser will help. It will continue to let businesses access old sites that were specifically built for Internet Explorer, until Microsoft fully drops support for Internet Explorer 11 within Windows 10. Microsoft’s move to stop supporting Internet Explorer 11 with its main web properties is a good first step, though.

    Microsoft will bid farewell to Internet Explorer and legacy Edge in 2021 - The Verge

  21. #871
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    I haven't really fallen in love with MS Edge either. Wonder if it's going to be on the chopping block in the next few years as well. With the speed of technological change, one never really knows what surprises the next decade holds.

  22. #872
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Fucking chinkies at it again. Don't buy that bargain shit chinky phone off Lazada, it's a false economy.

    There are plenty of markets around the world that might not have a population that’s willing to shell out $1,000 for a smartphone. This is why there are companies that purely make cheap Android phones to sell to the masses. Obviously there are compromises when you make a cheap phone, such as using less premium materials or using lower-end hardware.
    Unfortunately, it also seems that in some cases, you might end up compromising on security as well. According to a report from BuzzFeed News, it seems that there are cheap Chinese Android smartphones being sold in regions such as Africa where it has been discovered that these phones actually come preloaded with malware that will steal your money.
    Money-Stealing Malware Found Preloaded On Cheap Android Phones | Ubergizmo

  23. #873
    Member

    Join Date
    Jan 2020
    Last Online
    01-08-2023 @ 11:33 PM
    Posts
    510
    I feel like Africans in Africa are getting the short end of the stick much of the time. While their leaders seem to think that China and its technology are the solution, the reality on the ground doesn't quite measure up, does it.

  24. #874
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    If you think you had dodgy Internet yesterday, it wasn't just you....

    A CenturyLink BGP routing mistake has led to a ripple effect across the Internet that led to outages for numerous Internet-connected services such as Cloudflare, Amazon, Garmin, Steam, Discord, Blizzard, and many more.
    These outages started at approximately 6 AM EST, when customers began reporting a wide-scale outage in the USA affecting CenturyLink services.

    When performing searches on Twitter, there was a sudden influx of complaints about poor performance or outages on numerous connected services such as Blizzard, Steam, Discord, Roblox, Cloudflare, Hulu, Slink, Reddit, Amazon AWS, and many more.


    CenturyLink states that their Level3 CA3 data center is causing this outage and are investigating the issue.
    "Our technical teams are investigating an issue affecting some services in the CA3 data center. Ensuring the reliability of our services is our top priority. We will continue to provide status updates as this incident progresses. If you need further support, please contact us at help@ctl.io," CenturyLink's status page states.
    This outage has since been resolved, and services are slowly recovering, with some areas taking longer than others.
    Just a moment...

  25. #875
    Thailand Expat
    Join Date
    Oct 2015
    Last Online
    16-07-2021 @ 10:31 PM
    Posts
    14,636
    Quote Originally Posted by harrybarracuda View Post
    Another warning to check your router firmware and make sure it's up to date, regardless of brand.

    If it isn't supported any more, get rid.


    Popular home routers plagued by critical security flaws | WeLiveSecurity
    holly shit, one of my home router is listed there, thank god I am no fuckwit and know how to harden a network like a proper netadmin, unlike other fuckwits who can only report what they see, not what they can do

Page 35 of 44 FirstFirst ... 252728293031323334353637383940414243 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •